From bc5f58777e13beb649bcb02495512fda48758aa1 Mon Sep 17 00:00:00 2001 From: Ingo Bauersachs Date: Sun, 15 Aug 2021 20:24:36 +0200 Subject: [PATCH 01/12] Import dnssecjava Closes #172 --- EXAMPLES.md | 66 + README.adoc | 335 ++++ README.md | 295 ---- TODO.dnssec.md | 69 + src/main/java/org/xbill/DNS/dnssec/R.java | 70 + .../java/org/xbill/DNS/dnssec/SMessage.java | 327 ++++ .../java/org/xbill/DNS/dnssec/SRRset.java | 107 ++ .../org/xbill/DNS/dnssec/SecurityStatus.java | 35 + .../dnssec/validator/ByteArrayComparator.java | 34 + .../DNS/dnssec/validator/DnsSecVerifier.java | 162 ++ .../DNS/dnssec/validator/FindKeyState.java | 36 + .../dnssec/validator/JustifiedSecStatus.java | 35 + .../xbill/DNS/dnssec/validator/KeyCache.java | 167 ++ .../xbill/DNS/dnssec/validator/KeyEntry.java | 162 ++ .../DNS/dnssec/validator/NSEC3ValUtils.java | 700 +++++++++ .../validator/ResponseClassification.java | 39 + .../dnssec/validator/TrustAnchorStore.java | 101 ++ .../xbill/DNS/dnssec/validator/ValUtils.java | 906 +++++++++++ .../dnssec/validator/ValidatingResolver.java | 1382 +++++++++++++++++ src/main/resources/messages.properties | 50 + .../org/xbill/DNS/dnssec/AlwaysOffline.java | 11 + .../org/xbill/DNS/dnssec/MessageReader.java | 87 ++ .../org/xbill/DNS/dnssec/PrepareMocks.java | 13 + src/test/java/org/xbill/DNS/dnssec/RTest.java | 49 + .../org/xbill/DNS/dnssec/ResolveExample.java | 57 + .../java/org/xbill/DNS/dnssec/TestBase.java | 286 ++++ .../DNS/dnssec/TestBogusReasonMessage.java | 26 + .../java/org/xbill/DNS/dnssec/TestCNames.java | 157 ++ .../java/org/xbill/DNS/dnssec/TestDNames.java | 174 +++ .../org/xbill/DNS/dnssec/TestInvalid.java | 146 ++ .../xbill/DNS/dnssec/TestKeyCacheUsage.java | 30 + .../org/xbill/DNS/dnssec/TestNSEC3NoData.java | 108 ++ .../java/org/xbill/DNS/dnssec/TestNoData.java | 39 + .../xbill/DNS/dnssec/TestNonExistence.java | 110 ++ .../DNS/dnssec/TestPartiallyInvalid.java | 40 + .../org/xbill/DNS/dnssec/TestPositive.java | 67 + .../org/xbill/DNS/dnssec/TestPriming.java | 244 +++ .../java/org/xbill/DNS/dnssec/TestRRsig.java | 36 + .../org/xbill/DNS/dnssec/TestSMessage.java | 144 ++ .../DNS/dnssec/TestTrustAnchorLoading.java | 135 ++ .../org/xbill/DNS/dnssec/TestUnsigned.java | 47 + .../org/xbill/DNS/dnssec/TestWildcard.java | 168 ++ .../xbill/DNS/dnssec/unbound/rpl/Check.java | 9 + .../org/xbill/DNS/dnssec/unbound/rpl/Rpl.java | 24 + .../DNS/dnssec/unbound/rpl/RplParser.java | 277 ++++ .../DNS/dnssec/unbound/rpl/UnboundTests.java | 1030 ++++++++++++ .../validator/TestAlgorithmSupport.java | 118 ++ .../validator/TestByteArrayComparator.java | 31 + .../DNS/dnssec/validator/TestKeyCache.java | 125 ++ .../TestNormallyUnreachableCode.java | 75 + .../dnssec/validator/TestNsec3ValUtils.java | 136 ++ .../TestNsec3ValUtilsPublicKeyLoading.java | 82 + .../validator/TestTrustAnchorStore.java | 94 ++ .../DNS/dnssec/validator/TestValUtils.java | 401 +++++ .../Knsec3.ingotronic.ch.+007+16758.private | 13 + .../Knsec3.ingotronic.ch.+007+62417.private | 13 + src/test/resources/messages.properties | 2 + .../testLongBogusReasonIsSplitCorrectly | 121 ++ .../testCNameToExternalUnsignedVoid | 103 ++ .../testCNameToInvalidSigned | 236 +++ .../testCNameToInvalidSignedNsec3 | 275 ++++ .../testCNameToSignedA | 122 ++ .../testCNameToSignedAExternal | 234 +++ .../testCNameToSignedMX | 120 ++ .../testCNameToSignedNsec3 | 161 ++ .../testCNameToSubSigned | 258 +++ .../testCNameToUnsignedA | 205 +++ .../testCNameToUnsignedMX | 197 +++ .../testCNameToUnsignedNsec3 | 240 +++ .../testCNameToUnsignedVoid | 234 +++ .../testCNameToVoidExternalInvalidTld | 122 ++ .../testCNameToVoidExternalValidTld | 182 +++ .../testCNameToVoidNsec3 | 163 ++ .../testCNameToVoid_1 | 122 ++ .../testCNameToVoid_2 | 124 ++ .../testCNameToVoid_3 | 126 ++ .../testDNameChain | 165 ++ .../testDNameDirectQueryIsValid | 120 ++ ...estDNameInNsecIsUnderstood_Rfc6672_5_3_4_1 | 215 +++ .../testDNameToExistingIsValid | 123 ++ .../testDNameToExternal | 235 +++ .../testDNameToNoDataIsValid | 121 ++ .../testDNameToNxDomainIsValid | 123 ++ .../testDNameWithFakedCnameIsInvalid | 220 +++ .../testDNameWithMultipleCnamesIsInvalid | 220 +++ .../testDNameWithNoCnameIsValid | 433 ++++++ .../testDNameWithTooLongCnameIsInvalid | 356 +++++ .../testInvalid_bogussig.dnssec | 173 +++ .../testInvalid_bogussig.nsec3 | 174 +++ .../testInvalid_sigexpired.dnssec | 173 +++ .../testInvalid_sigexpired.nsec3 | 174 +++ .../testInvalid_unknownalgorithm.dnssec | 173 +++ .../testInvalid_unknownalgorithm.nsec3 | 174 +++ .../testModifiedSignature | 97 ++ ...testReturnOriginalRcodeIfPrimaryQueryFails | 1 + ...testReturnServfailIfIntermediateQueryFails | 42 + .../testSignedBelowUnsignedBelowSigned | 247 +++ .../testSignedBelowUnsignedBelowSignedNsec3 | 248 +++ .../testUnsignedThatMustBeSigned | 117 ++ .../testUnsigned | 158 ++ .../testNoDSProofCanExistForRoot | 38 + ...testNodataApexNsec3ProofInsecureDelegation | 158 ++ .../testNodataApexNsec3WithSOAValid | 158 ++ .../testNodataNsec3ForDSMustNotHaveSOA | 38 + .../testNodataNsec3_1 | 158 ++ .../testNodataNsec3_2 | 158 ++ .../testNodataNsec3_3 | 158 ++ .../testNodataNsec3_4 | 197 +++ ...stNsec3ClosestEncloserIsInsecureDelegation | 197 +++ .../testFakedNoDataNsec3WithNsecs | 293 ++++ .../testFakedNoDataNsec3WithoutNsecs | 295 ++++ ...testDoubleLabelABelowSignedBeforeZoneNsec3 | 161 ++ ...stDoubleLabelABelowSignedNsec3MissingNsec3 | 297 ++++ .../testNoDataOnENT | 118 ++ .../testNoDataWithInvalidNsecSignature | 215 +++ .../testNonExisting_1 | 43 + .../testNonExisting_2 | 120 ++ .../testNonExisting_3 | 161 ++ .../testNonExisting_4 | 120 ++ .../testNonExisting_5 | 161 ++ .../testNxDomainWithInvalidNsecSignature | 217 +++ .../testSignedNodata_1 | 118 ++ .../testSignedNodata_2 | 157 ++ .../testSignedNodata_3 | 118 ++ .../testSignedNodata_4 | 157 ++ .../testSignedNodata_5 | 120 ++ .../testSignedNodata_6 | 161 ++ .../testValidExising | 159 ++ .../testValidExisingNoType | 157 ++ .../testValidNonExising | 159 ++ .../testCDonQueryDoesntDoAnything | 120 ++ ...testValidAnswerToDifferentQueryTypeIsBogus | 120 ++ .../testValidExising | 120 ++ .../testValidNonExising | 128 ++ ...estDnskeyPrimeResponseWithEmptyAnswerIsBad | 23 + ...skeyPrimeResponseWithInvalidSignatureIsBad | 63 + ...yPrimeResponseWithMismatchedAlgorithmIsBad | 43 + ...yPrimeResponseWithMismatchedFootprintIsBad | 43 + .../testDnskeyPrimeResponseWithWeirdHashIsBad | 43 + .../testDsNoDataWhenNsecIsFromChildApex | 276 ++++ .../testDsNoDataWhenNsecOnEntIsBad | 235 +++ ...oDataWhenOnInsecureDelegationWithWrongNsec | 237 +++ .../testDsPrimeResponseWithEmptyAnswerIsBad | 43 + .../testDsPrimeResponseWithNxDomainForTld | 43 + ...stRootDnskeyPrimeResponseWithNxDomainIsBad | 23 + .../testRRsigNodata | 1 + .../testRRsigServfail | 1 + ...testInitializingWithEmptyConfigDoesNotFail | 1 + .../testInitializingWithNonExistingFileThrows | 1 + .../testInsecureWithEmptyTrustAnchor | 23 + .../testLoadEmptyTrustAnchors | 1 + .../testLoadRootTrustAnchorWithDNSKEY | 160 ++ .../testLoadRootTrustAnchorWithInvalidDNSKEY | 43 + .../testLoadRootTrustAnchorWithInvalidDS | 43 + .../testLoadRootTrustAnchors | 1 + .../testLoadRootTrustAnchorsAlongWithGarbage | 1 + .../testLoadRootTrustAnchorsFromFile | 1 + .../testUnsignedBelowSignedTldNsec3NoOptOut | 106 ++ .../testUnsignedBelowSignedTldNsec3OptOut | 110 ++ .../testUnsignedBelowSignedZoneBind | 138 ++ .../testUnsignedBelowUnsignedZone | 138 ++ .../testDsNodataFromWildcardNsecChild | 158 ++ .../testDsNodataFromWildcardNsecCovered | 120 ++ .../testLabelCountInSignaturesNotAllSame | 298 ++++ ...tExpandedFromWildcardWhenNonWildcardExists | 219 +++ ...ndedFromWildcardWhenNonWildcardExistsNsec3 | 297 ++++ .../testNodataWilcardWithoutCe | 217 +++ .../testPositiveWithInvalidNsecSignature | 219 +++ .../testSynthesisUsesCorrectWildcard | 219 +++ .../testSynthesisUsesCorrectWildcardNodata | 215 +++ ...estSynthesisUsesCorrectWildcardNodataNsec3 | 297 ++++ .../testAlgIsUnknown_eccgost | 139 ++ .../testAlgIsUnknown_rsamd5 | 139 ++ .../testDigestIdIsUnknown | 158 ++ .../testEd_ed25519 | 112 ++ .../testEd_ed448 | 111 ++ .../testInvalidIterationCountMarksInsecure | 161 ++ .../testNsec3ClosestEncloserIsDelegation | 535 +++++++ ...stNsec3ClosestEncloserIsInsecureDelegation | 197 +++ .../testNsec3NodataChangedToNxdomainIsBogus | 293 ++++ .../testNsec3WithoutClosestEncloser | 297 ++++ .../testNsecEcdsa256 | 161 ++ .../testNsecEcdsa384 | 161 ++ .../testTooLargeIterationCountMustThrow | 1 + .../testPublicKeyLoadingException | 161 ++ ...eastOneDigestSupportedWithOnlyNonDSRecords | 1 + ...tOneSupportedAlgorithmWithOnlyNonDSRecords | 1 + .../testDsNoDataWhenNsecProvesDs | 239 +++ ...asSignedNsecsWithoutSignedSigsReturnsFalse | 1 + .../testLongestCommonNameRootIsRoot | 1 + .../testNameErrorWhenNsecIsLastAndQnameBefore | 217 +++ ...ErrorWhenNsecIsLastAndQnameDifferentDomain | 217 +++ ...tNameErrorWhenNsecIsLastAndQnameIsZoneApex | 217 +++ .../testNameErrorWhenNsecIsNotFromApex | 118 ++ ...stNameErrorWhenResultIsFromDelegationPoint | 217 +++ .../testNoDataOfDSForRoot | 41 + .../testNoDataOnEntWithWrongNsec | 217 +++ .../testNoDataWhenDSResultIsFromChild | 157 ++ .../testNoDataWhenNsecHasCname | 217 +++ .../testNoDataWhenNsecProvesExistence | 217 +++ .../testNoDataWhenResultIsFromDelegationPoint | 373 +++++ .../testNoDataWhenWcNsecIsForDifferentName | 217 +++ .../testNoDataWhenWcNsecProvesCname | 217 +++ .../testNoDataWhenWcNsecProvesType | 217 +++ .../testNsecProvesNoDS | 1 + .../testNsecProvesNoDSWithDSPresentForRoot | 1 + .../testNsecProvesNoDSWithSOAForNonRoot | 1 + src/test/resources/trust_anchors | 3 + .../resources/trust_anchors_dnskey_invalid | 2 + src/test/resources/trust_anchors_empty | 1 + src/test/resources/trust_anchors_invalid | 2 + src/test/resources/trust_anchors_test | 13 + src/test/resources/unbound/val_adbit.rpl | 174 +++ src/test/resources/unbound/val_adcopy.rpl | 173 +++ src/test/resources/unbound/val_anchor_nx.rpl | 220 +++ .../resources/unbound/val_anchor_nx_nosig.rpl | 218 +++ src/test/resources/unbound/val_ans_dsent.rpl | 247 +++ src/test/resources/unbound/val_ans_nx.rpl | 249 +++ src/test/resources/unbound/val_any.rpl | 203 +++ src/test/resources/unbound/val_any_cname.rpl | 164 ++ src/test/resources/unbound/val_any_dname.rpl | 207 +++ .../resources/unbound/val_cname_loop1.rpl | 146 ++ .../resources/unbound/val_cname_loop2.rpl | 155 ++ .../resources/unbound/val_cname_loop3.rpl | 168 ++ .../resources/unbound/val_cnameinsectopos.rpl | 292 ++++ .../resources/unbound/val_cnamenx_dblnsec.rpl | 179 +++ .../resources/unbound/val_cnamenx_rcodenx.rpl | 237 +++ src/test/resources/unbound/val_cnameqtype.rpl | 231 +++ .../resources/unbound/val_cnametocloser.rpl | 105 ++ .../unbound/val_cnametocloser_nosig.rpl | 98 ++ .../unbound/val_cnametocnamewctoposwc.rpl | 211 +++ .../resources/unbound/val_cnametodname.rpl | 233 +++ .../unbound/val_cnametodnametocnametopos.rpl | 421 +++++ .../resources/unbound/val_cnametoinsecure.rpl | 139 ++ .../resources/unbound/val_cnametonodata.rpl | 233 +++ .../unbound/val_cnametonodata_nonsec.rpl | 265 ++++ .../resources/unbound/val_cnametonsec.rpl | 191 +++ src/test/resources/unbound/val_cnametonx.rpl | 237 +++ .../resources/unbound/val_cnametooptin.rpl | 195 +++ .../resources/unbound/val_cnametooptout.rpl | 112 ++ src/test/resources/unbound/val_cnametopos.rpl | 233 +++ .../resources/unbound/val_cnametoposnowc.rpl | 265 ++++ .../resources/unbound/val_cnametoposwc.rpl | 239 +++ .../resources/unbound/val_cnamewctonodata.rpl | 237 +++ .../resources/unbound/val_cnamewctonx.rpl | 241 +++ .../resources/unbound/val_cnamewctoposwc.rpl | 245 +++ src/test/resources/unbound/val_deleg_nons.rpl | 271 ++++ .../resources/unbound/val_dnametoolong.rpl | 258 +++ src/test/resources/unbound/val_dnametopos.rpl | 264 ++++ .../resources/unbound/val_dnametoposwc.rpl | 241 +++ src/test/resources/unbound/val_dnamewc.rpl | 268 ++++ .../resources/unbound/val_ds_afterprime.rpl | 181 +++ src/test/resources/unbound/val_ds_cname.rpl | 205 +++ .../resources/unbound/val_ds_cnamesub.rpl | 278 ++++ .../unbound/val_ds_cnamesubbogus.rpl | 277 ++++ src/test/resources/unbound/val_ds_gost.rpl | 208 +++ .../unbound/val_ds_gost_downgrade.rpl | 249 +++ src/test/resources/unbound/val_ds_sha2.rpl | 205 +++ .../unbound/val_ds_sha2_downgrade.rpl | 229 +++ .../val_ds_sha2_downgrade_override.rpl | 226 +++ .../resources/unbound/val_ds_sha2_lenient.rpl | 229 +++ src/test/resources/unbound/val_dsnsec.rpl | 287 ++++ src/test/resources/unbound/val_entds.rpl | 278 ++++ src/test/resources/unbound/val_faildnskey.rpl | 170 ++ .../resources/unbound/val_faildnskey_ok.rpl | 180 +++ src/test/resources/unbound/val_fwdds.rpl | 231 +++ .../resources/unbound/val_keyprefetch.rpl | 215 +++ .../unbound/val_keyprefetch_verify.rpl | 249 +++ src/test/resources/unbound/val_mal_wc.rpl | 152 ++ .../resources/unbound/val_negcache_ds.rpl | 216 +++ .../resources/unbound/val_negcache_dssoa.rpl | 256 +++ .../resources/unbound/val_negcache_nodata.rpl | 167 ++ .../resources/unbound/val_negcache_nta.rpl | 121 ++ .../unbound/val_negcache_nxdomain.rpl | 110 ++ .../resources/unbound/val_noadwhennodo.rpl | 153 ++ src/test/resources/unbound/val_nodata.rpl | 150 ++ src/test/resources/unbound/val_nodata_ent.rpl | 156 ++ .../resources/unbound/val_nodata_entnx.rpl | 151 ++ .../resources/unbound/val_nodata_entwc.rpl | 156 ++ .../resources/unbound/val_nodata_failsig.rpl | 167 ++ .../resources/unbound/val_nodata_failwc.rpl | 72 + .../resources/unbound/val_nodata_hasdata.rpl | 164 ++ .../resources/unbound/val_nodata_zonecut.rpl | 162 ++ src/test/resources/unbound/val_nodatawc.rpl | 152 ++ .../resources/unbound/val_nodatawc_badce.rpl | 164 ++ .../resources/unbound/val_nodatawc_nodeny.rpl | 164 ++ .../resources/unbound/val_nodatawc_one.rpl | 147 ++ .../resources/unbound/val_nodatawc_wcns.rpl | 158 ++ .../unbound/val_nodatawc_wrongdeleg.rpl | 158 ++ src/test/resources/unbound/val_nokeyprime.rpl | 163 ++ .../unbound/val_nsec3_b1_nameerror.rpl | 134 ++ .../unbound/val_nsec3_b1_nameerror_noce.rpl | 144 ++ .../unbound/val_nsec3_b1_nameerror_nonc.rpl | 146 ++ .../unbound/val_nsec3_b1_nameerror_nowc.rpl | 151 ++ .../unbound/val_nsec3_b21_nodataent.rpl | 117 ++ .../unbound/val_nsec3_b21_nodataent_wr.rpl | 135 ++ .../resources/unbound/val_nsec3_b2_nodata.rpl | 117 ++ .../unbound/val_nsec3_b2_nodata_nons.rpl | 139 ++ .../resources/unbound/val_nsec3_b3_optout.rpl | 215 +++ .../unbound/val_nsec3_b3_optout_negcache.rpl | 217 +++ .../unbound/val_nsec3_b3_optout_noce.rpl | 255 +++ .../unbound/val_nsec3_b3_optout_nonc.rpl | 256 +++ .../resources/unbound/val_nsec3_b4_wild.rpl | 155 ++ .../unbound/val_nsec3_b4_wild_wr.rpl | 166 ++ .../unbound/val_nsec3_b5_wcnodata.rpl | 156 ++ .../unbound/val_nsec3_b5_wcnodata_noce.rpl | 165 ++ .../unbound/val_nsec3_b5_wcnodata_nonc.rpl | 165 ++ .../unbound/val_nsec3_b5_wcnodata_nowc.rpl | 167 ++ .../resources/unbound/val_nsec3_cname_ds.rpl | 214 +++ .../resources/unbound/val_nsec3_cname_par.rpl | 218 +++ .../resources/unbound/val_nsec3_cname_sub.rpl | 228 +++ .../val_nsec3_cnametocnamewctoposwc.rpl | 209 +++ .../unbound/val_nsec3_entnodata_optout.rpl | 202 +++ .../val_nsec3_entnodata_optout_badopt.rpl | 198 +++ .../val_nsec3_entnodata_optout_match.rpl | 202 +++ .../resources/unbound/val_nsec3_iter_high.rpl | 165 ++ .../unbound/val_nsec3_nodatawccname.rpl | 170 ++ src/test/resources/unbound/val_nsec3_nods.rpl | 221 +++ .../unbound/val_nsec3_nods_badopt.rpl | 249 +++ .../unbound/val_nsec3_nods_badsig.rpl | 238 +++ .../unbound/val_nsec3_nods_negcache.rpl | 222 +++ .../resources/unbound/val_nsec3_nods_soa.rpl | 253 +++ .../resources/unbound/val_nsec3_optout_ad.rpl | 362 +++++ .../unbound/val_nsec3_optout_cache.rpl | 280 ++++ .../resources/unbound/val_nsec3_wcany.rpl | 162 ++ .../unbound/val_nsec3_wcany_nodeny.rpl | 171 ++ src/test/resources/unbound/val_nx.rpl | 155 ++ src/test/resources/unbound/val_nx_failwc.rpl | 70 + src/test/resources/unbound/val_nx_nodeny.rpl | 165 ++ src/test/resources/unbound/val_nx_nowc.rpl | 165 ++ .../unbound/val_nx_nsec3_collision.rpl | 188 +++ .../unbound/val_nx_nsec3_collision2.rpl | 185 +++ .../unbound/val_nx_nsec3_collision3.rpl | 185 +++ .../unbound/val_nx_nsec3_collision4.rpl | 185 +++ .../unbound/val_nx_nsec3_hashalg.rpl | 161 ++ .../unbound/val_nx_nsec3_nsecmix.rpl | 167 ++ .../resources/unbound/val_nx_nsec3_params.rpl | 164 ++ .../resources/unbound/val_nx_overreach.rpl | 166 ++ .../resources/unbound/val_pos_truncns.rpl | 151 ++ src/test/resources/unbound/val_positive.rpl | 154 ++ .../resources/unbound/val_positive_nosigs.rpl | 181 +++ .../resources/unbound/val_positive_wc.rpl | 162 ++ .../unbound/val_positive_wc_nodeny.rpl | 169 ++ src/test/resources/unbound/val_qds_badanc.rpl | 224 +++ src/test/resources/unbound/val_qds_oneanc.rpl | 224 +++ src/test/resources/unbound/val_qds_twoanc.rpl | 225 +++ .../resources/unbound/val_refer_unsignadd.rpl | 353 +++++ src/test/resources/unbound/val_referd.rpl | 176 +++ src/test/resources/unbound/val_referglue.rpl | 301 ++++ src/test/resources/unbound/val_rrsig.rpl | 170 ++ src/test/resources/unbound/val_secds.rpl | 214 +++ .../resources/unbound/val_secds_nosig.rpl | 232 +++ .../resources/unbound/val_spurious_ns.rpl | 155 ++ .../resources/unbound/val_stub_noroot.rpl | 86 + src/test/resources/unbound/val_stubds.rpl | 230 +++ .../resources/unbound/val_ta_algo_dnskey.rpl | 185 +++ .../unbound/val_ta_algo_dnskey_dp.rpl | 186 +++ .../resources/unbound/val_ta_algo_missing.rpl | 175 +++ .../unbound/val_ta_algo_missing_dp.rpl | 189 +++ src/test/resources/unbound/val_twocname.rpl | 135 ++ .../resources/unbound/val_unalgo_anchor.rpl | 153 ++ src/test/resources/unbound/val_unalgo_dlv.rpl | 284 ++++ src/test/resources/unbound/val_unalgo_ds.rpl | 203 +++ .../resources/unbound/val_unsec_cname.rpl | 362 +++++ src/test/resources/unbound/val_unsecds.rpl | 194 +++ .../unbound/val_unsecds_negcache.rpl | 195 +++ .../resources/unbound/val_unsecds_qtypeds.rpl | 210 +++ src/test/resources/unbound/val_wild_pos.rpl | 163 ++ 368 files changed, 62903 insertions(+), 295 deletions(-) create mode 100644 README.adoc delete mode 100644 README.md create mode 100644 TODO.dnssec.md create mode 100644 src/main/java/org/xbill/DNS/dnssec/R.java create mode 100644 src/main/java/org/xbill/DNS/dnssec/SMessage.java create mode 100644 src/main/java/org/xbill/DNS/dnssec/SRRset.java create mode 100644 src/main/java/org/xbill/DNS/dnssec/SecurityStatus.java create mode 100644 src/main/java/org/xbill/DNS/dnssec/validator/ByteArrayComparator.java create mode 100644 src/main/java/org/xbill/DNS/dnssec/validator/DnsSecVerifier.java create mode 100644 src/main/java/org/xbill/DNS/dnssec/validator/FindKeyState.java create mode 100644 src/main/java/org/xbill/DNS/dnssec/validator/JustifiedSecStatus.java create mode 100644 src/main/java/org/xbill/DNS/dnssec/validator/KeyCache.java create mode 100644 src/main/java/org/xbill/DNS/dnssec/validator/KeyEntry.java create mode 100644 src/main/java/org/xbill/DNS/dnssec/validator/NSEC3ValUtils.java create mode 100644 src/main/java/org/xbill/DNS/dnssec/validator/ResponseClassification.java create mode 100644 src/main/java/org/xbill/DNS/dnssec/validator/TrustAnchorStore.java create mode 100644 src/main/java/org/xbill/DNS/dnssec/validator/ValUtils.java create mode 100644 src/main/java/org/xbill/DNS/dnssec/validator/ValidatingResolver.java create mode 100644 src/main/resources/messages.properties create mode 100644 src/test/java/org/xbill/DNS/dnssec/AlwaysOffline.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/MessageReader.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/PrepareMocks.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/RTest.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/ResolveExample.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/TestBase.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/TestBogusReasonMessage.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/TestCNames.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/TestDNames.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/TestInvalid.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/TestKeyCacheUsage.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/TestNSEC3NoData.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/TestNoData.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/TestNonExistence.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/TestPartiallyInvalid.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/TestPositive.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/TestPriming.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/TestRRsig.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/TestSMessage.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/TestTrustAnchorLoading.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/TestUnsigned.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/TestWildcard.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/unbound/rpl/Check.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/unbound/rpl/Rpl.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/unbound/rpl/RplParser.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/unbound/rpl/UnboundTests.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/validator/TestAlgorithmSupport.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/validator/TestByteArrayComparator.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/validator/TestKeyCache.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/validator/TestNormallyUnreachableCode.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/validator/TestNsec3ValUtils.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/validator/TestNsec3ValUtilsPublicKeyLoading.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/validator/TestTrustAnchorStore.java create mode 100644 src/test/java/org/xbill/DNS/dnssec/validator/TestValUtils.java create mode 100644 src/test/resources/keys/Knsec3.ingotronic.ch.+007+16758.private create mode 100644 src/test/resources/keys/Knsec3.ingotronic.ch.+007+62417.private create mode 100644 src/test/resources/messages.properties create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestBogusReasonMessage/testLongBogusReasonIsSplitCorrectly create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToExternalUnsignedVoid create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToInvalidSigned create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToInvalidSignedNsec3 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedA create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedAExternal create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedMX create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedNsec3 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSubSigned create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedA create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedMX create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedNsec3 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedVoid create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidExternalInvalidTld create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidExternalValidTld create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidNsec3 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_1 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_2 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_3 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameChain create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameDirectQueryIsValid create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameInNsecIsUnderstood_Rfc6672_5_3_4_1 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToExistingIsValid create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToExternal create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToNoDataIsValid create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToNxDomainIsValid create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithFakedCnameIsInvalid create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithMultipleCnamesIsInvalid create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithNoCnameIsValid create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithTooLongCnameIsInvalid create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_bogussig.dnssec create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_bogussig.nsec3 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_sigexpired.dnssec create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_sigexpired.nsec3 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_unknownalgorithm.dnssec create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_unknownalgorithm.nsec3 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testModifiedSignature create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testReturnOriginalRcodeIfPrimaryQueryFails create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testReturnServfailIfIntermediateQueryFails create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testSignedBelowUnsignedBelowSigned create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testSignedBelowUnsignedBelowSignedNsec3 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testUnsignedThatMustBeSigned create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestKeyCacheUsage/testUnsigned create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNoDSProofCanExistForRoot create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataApexNsec3ProofInsecureDelegation create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataApexNsec3WithSOAValid create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3ForDSMustNotHaveSOA create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_1 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_2 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_3 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_4 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNsec3ClosestEncloserIsInsecureDelegation create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNoData/testFakedNoDataNsec3WithNsecs create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNoData/testFakedNoDataNsec3WithoutNsecs create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testDoubleLabelABelowSignedBeforeZoneNsec3 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testDoubleLabelABelowSignedNsec3MissingNsec3 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNoDataOnENT create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNoDataWithInvalidNsecSignature create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_1 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_2 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_3 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_4 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_5 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNxDomainWithInvalidNsecSignature create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_1 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_2 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_3 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_4 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_5 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_6 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidExising create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidExisingNoType create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidNonExising create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testCDonQueryDoesntDoAnything create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidAnswerToDifferentQueryTypeIsBogus create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidExising create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidNonExising create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithEmptyAnswerIsBad create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithInvalidSignatureIsBad create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithMismatchedAlgorithmIsBad create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithMismatchedFootprintIsBad create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithWeirdHashIsBad create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenNsecIsFromChildApex create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenNsecOnEntIsBad create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenOnInsecureDelegationWithWrongNsec create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsPrimeResponseWithEmptyAnswerIsBad create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsPrimeResponseWithNxDomainForTld create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testRootDnskeyPrimeResponseWithNxDomainIsBad create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestRRsig/testRRsigNodata create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestRRsig/testRRsigServfail create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInitializingWithEmptyConfigDoesNotFail create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInitializingWithNonExistingFileThrows create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInsecureWithEmptyTrustAnchor create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadEmptyTrustAnchors create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithDNSKEY create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithInvalidDNSKEY create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithInvalidDS create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchors create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorsAlongWithGarbage create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorsFromFile create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedTldNsec3NoOptOut create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedTldNsec3OptOut create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedZoneBind create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowUnsignedZone create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testDsNodataFromWildcardNsecChild create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testDsNodataFromWildcardNsecCovered create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testLabelCountInSignaturesNotAllSame create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNameNotExpandedFromWildcardWhenNonWildcardExists create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNameNotExpandedFromWildcardWhenNonWildcardExistsNsec3 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNodataWilcardWithoutCe create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testPositiveWithInvalidNsecSignature create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcard create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcardNodata create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcardNodataNsec3 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testAlgIsUnknown_eccgost create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testAlgIsUnknown_rsamd5 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testDigestIdIsUnknown create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testEd_ed25519 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testEd_ed448 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testInvalidIterationCountMarksInsecure create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3ClosestEncloserIsDelegation create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3ClosestEncloserIsInsecureDelegation create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3NodataChangedToNxdomainIsBogus create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3WithoutClosestEncloser create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsecEcdsa256 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsecEcdsa384 create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testTooLargeIterationCountMustThrow create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtilsPublicKeyLoading/testPublicKeyLoadingException create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testAtLeastOneDigestSupportedWithOnlyNonDSRecords create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testAtLeastOneSupportedAlgorithmWithOnlyNonDSRecords create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testDsNoDataWhenNsecProvesDs create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testHasSignedNsecsWithoutSignedSigsReturnsFalse create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testLongestCommonNameRootIsRoot create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsLastAndQnameBefore create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsLastAndQnameDifferentDomain create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsLastAndQnameIsZoneApex create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsNotFromApex create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenResultIsFromDelegationPoint create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataOfDSForRoot create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataOnEntWithWrongNsec create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenDSResultIsFromChild create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenNsecHasCname create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenNsecProvesExistence create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenResultIsFromDelegationPoint create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenWcNsecIsForDifferentName create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenWcNsecProvesCname create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenWcNsecProvesType create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNsecProvesNoDS create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNsecProvesNoDSWithDSPresentForRoot create mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNsecProvesNoDSWithSOAForNonRoot create mode 100644 src/test/resources/trust_anchors create mode 100644 src/test/resources/trust_anchors_dnskey_invalid create mode 100644 src/test/resources/trust_anchors_empty create mode 100644 src/test/resources/trust_anchors_invalid create mode 100644 src/test/resources/trust_anchors_test create mode 100644 src/test/resources/unbound/val_adbit.rpl create mode 100644 src/test/resources/unbound/val_adcopy.rpl create mode 100644 src/test/resources/unbound/val_anchor_nx.rpl create mode 100644 src/test/resources/unbound/val_anchor_nx_nosig.rpl create mode 100644 src/test/resources/unbound/val_ans_dsent.rpl create mode 100644 src/test/resources/unbound/val_ans_nx.rpl create mode 100644 src/test/resources/unbound/val_any.rpl create mode 100644 src/test/resources/unbound/val_any_cname.rpl create mode 100644 src/test/resources/unbound/val_any_dname.rpl create mode 100644 src/test/resources/unbound/val_cname_loop1.rpl create mode 100644 src/test/resources/unbound/val_cname_loop2.rpl create mode 100644 src/test/resources/unbound/val_cname_loop3.rpl create mode 100644 src/test/resources/unbound/val_cnameinsectopos.rpl create mode 100644 src/test/resources/unbound/val_cnamenx_dblnsec.rpl create mode 100644 src/test/resources/unbound/val_cnamenx_rcodenx.rpl create mode 100644 src/test/resources/unbound/val_cnameqtype.rpl create mode 100644 src/test/resources/unbound/val_cnametocloser.rpl create mode 100644 src/test/resources/unbound/val_cnametocloser_nosig.rpl create mode 100644 src/test/resources/unbound/val_cnametocnamewctoposwc.rpl create mode 100644 src/test/resources/unbound/val_cnametodname.rpl create mode 100644 src/test/resources/unbound/val_cnametodnametocnametopos.rpl create mode 100644 src/test/resources/unbound/val_cnametoinsecure.rpl create mode 100644 src/test/resources/unbound/val_cnametonodata.rpl create mode 100644 src/test/resources/unbound/val_cnametonodata_nonsec.rpl create mode 100644 src/test/resources/unbound/val_cnametonsec.rpl create mode 100644 src/test/resources/unbound/val_cnametonx.rpl create mode 100644 src/test/resources/unbound/val_cnametooptin.rpl create mode 100644 src/test/resources/unbound/val_cnametooptout.rpl create mode 100644 src/test/resources/unbound/val_cnametopos.rpl create mode 100644 src/test/resources/unbound/val_cnametoposnowc.rpl create mode 100644 src/test/resources/unbound/val_cnametoposwc.rpl create mode 100644 src/test/resources/unbound/val_cnamewctonodata.rpl create mode 100644 src/test/resources/unbound/val_cnamewctonx.rpl create mode 100644 src/test/resources/unbound/val_cnamewctoposwc.rpl create mode 100644 src/test/resources/unbound/val_deleg_nons.rpl create mode 100644 src/test/resources/unbound/val_dnametoolong.rpl create mode 100644 src/test/resources/unbound/val_dnametopos.rpl create mode 100644 src/test/resources/unbound/val_dnametoposwc.rpl create mode 100644 src/test/resources/unbound/val_dnamewc.rpl create mode 100644 src/test/resources/unbound/val_ds_afterprime.rpl create mode 100644 src/test/resources/unbound/val_ds_cname.rpl create mode 100644 src/test/resources/unbound/val_ds_cnamesub.rpl create mode 100644 src/test/resources/unbound/val_ds_cnamesubbogus.rpl create mode 100644 src/test/resources/unbound/val_ds_gost.rpl create mode 100644 src/test/resources/unbound/val_ds_gost_downgrade.rpl create mode 100644 src/test/resources/unbound/val_ds_sha2.rpl create mode 100644 src/test/resources/unbound/val_ds_sha2_downgrade.rpl create mode 100644 src/test/resources/unbound/val_ds_sha2_downgrade_override.rpl create mode 100644 src/test/resources/unbound/val_ds_sha2_lenient.rpl create mode 100644 src/test/resources/unbound/val_dsnsec.rpl create mode 100644 src/test/resources/unbound/val_entds.rpl create mode 100644 src/test/resources/unbound/val_faildnskey.rpl create mode 100644 src/test/resources/unbound/val_faildnskey_ok.rpl create mode 100644 src/test/resources/unbound/val_fwdds.rpl create mode 100644 src/test/resources/unbound/val_keyprefetch.rpl create mode 100644 src/test/resources/unbound/val_keyprefetch_verify.rpl create mode 100644 src/test/resources/unbound/val_mal_wc.rpl create mode 100644 src/test/resources/unbound/val_negcache_ds.rpl create mode 100644 src/test/resources/unbound/val_negcache_dssoa.rpl create mode 100644 src/test/resources/unbound/val_negcache_nodata.rpl create mode 100644 src/test/resources/unbound/val_negcache_nta.rpl create mode 100644 src/test/resources/unbound/val_negcache_nxdomain.rpl create mode 100644 src/test/resources/unbound/val_noadwhennodo.rpl create mode 100644 src/test/resources/unbound/val_nodata.rpl create mode 100644 src/test/resources/unbound/val_nodata_ent.rpl create mode 100644 src/test/resources/unbound/val_nodata_entnx.rpl create mode 100644 src/test/resources/unbound/val_nodata_entwc.rpl create mode 100644 src/test/resources/unbound/val_nodata_failsig.rpl create mode 100644 src/test/resources/unbound/val_nodata_failwc.rpl create mode 100644 src/test/resources/unbound/val_nodata_hasdata.rpl create mode 100644 src/test/resources/unbound/val_nodata_zonecut.rpl create mode 100644 src/test/resources/unbound/val_nodatawc.rpl create mode 100644 src/test/resources/unbound/val_nodatawc_badce.rpl create mode 100644 src/test/resources/unbound/val_nodatawc_nodeny.rpl create mode 100644 src/test/resources/unbound/val_nodatawc_one.rpl create mode 100644 src/test/resources/unbound/val_nodatawc_wcns.rpl create mode 100644 src/test/resources/unbound/val_nodatawc_wrongdeleg.rpl create mode 100644 src/test/resources/unbound/val_nokeyprime.rpl create mode 100644 src/test/resources/unbound/val_nsec3_b1_nameerror.rpl create mode 100644 src/test/resources/unbound/val_nsec3_b1_nameerror_noce.rpl create mode 100644 src/test/resources/unbound/val_nsec3_b1_nameerror_nonc.rpl create mode 100644 src/test/resources/unbound/val_nsec3_b1_nameerror_nowc.rpl create mode 100644 src/test/resources/unbound/val_nsec3_b21_nodataent.rpl create mode 100644 src/test/resources/unbound/val_nsec3_b21_nodataent_wr.rpl create mode 100644 src/test/resources/unbound/val_nsec3_b2_nodata.rpl create mode 100644 src/test/resources/unbound/val_nsec3_b2_nodata_nons.rpl create mode 100644 src/test/resources/unbound/val_nsec3_b3_optout.rpl create mode 100644 src/test/resources/unbound/val_nsec3_b3_optout_negcache.rpl create mode 100644 src/test/resources/unbound/val_nsec3_b3_optout_noce.rpl create mode 100644 src/test/resources/unbound/val_nsec3_b3_optout_nonc.rpl create mode 100644 src/test/resources/unbound/val_nsec3_b4_wild.rpl create mode 100644 src/test/resources/unbound/val_nsec3_b4_wild_wr.rpl create mode 100644 src/test/resources/unbound/val_nsec3_b5_wcnodata.rpl create mode 100644 src/test/resources/unbound/val_nsec3_b5_wcnodata_noce.rpl create mode 100644 src/test/resources/unbound/val_nsec3_b5_wcnodata_nonc.rpl create mode 100644 src/test/resources/unbound/val_nsec3_b5_wcnodata_nowc.rpl create mode 100644 src/test/resources/unbound/val_nsec3_cname_ds.rpl create mode 100644 src/test/resources/unbound/val_nsec3_cname_par.rpl create mode 100644 src/test/resources/unbound/val_nsec3_cname_sub.rpl create mode 100644 src/test/resources/unbound/val_nsec3_cnametocnamewctoposwc.rpl create mode 100644 src/test/resources/unbound/val_nsec3_entnodata_optout.rpl create mode 100644 src/test/resources/unbound/val_nsec3_entnodata_optout_badopt.rpl create mode 100644 src/test/resources/unbound/val_nsec3_entnodata_optout_match.rpl create mode 100644 src/test/resources/unbound/val_nsec3_iter_high.rpl create mode 100644 src/test/resources/unbound/val_nsec3_nodatawccname.rpl create mode 100644 src/test/resources/unbound/val_nsec3_nods.rpl create mode 100644 src/test/resources/unbound/val_nsec3_nods_badopt.rpl create mode 100644 src/test/resources/unbound/val_nsec3_nods_badsig.rpl create mode 100644 src/test/resources/unbound/val_nsec3_nods_negcache.rpl create mode 100644 src/test/resources/unbound/val_nsec3_nods_soa.rpl create mode 100644 src/test/resources/unbound/val_nsec3_optout_ad.rpl create mode 100644 src/test/resources/unbound/val_nsec3_optout_cache.rpl create mode 100644 src/test/resources/unbound/val_nsec3_wcany.rpl create mode 100644 src/test/resources/unbound/val_nsec3_wcany_nodeny.rpl create mode 100644 src/test/resources/unbound/val_nx.rpl create mode 100644 src/test/resources/unbound/val_nx_failwc.rpl create mode 100644 src/test/resources/unbound/val_nx_nodeny.rpl create mode 100644 src/test/resources/unbound/val_nx_nowc.rpl create mode 100644 src/test/resources/unbound/val_nx_nsec3_collision.rpl create mode 100644 src/test/resources/unbound/val_nx_nsec3_collision2.rpl create mode 100644 src/test/resources/unbound/val_nx_nsec3_collision3.rpl create mode 100644 src/test/resources/unbound/val_nx_nsec3_collision4.rpl create mode 100644 src/test/resources/unbound/val_nx_nsec3_hashalg.rpl create mode 100644 src/test/resources/unbound/val_nx_nsec3_nsecmix.rpl create mode 100644 src/test/resources/unbound/val_nx_nsec3_params.rpl create mode 100644 src/test/resources/unbound/val_nx_overreach.rpl create mode 100644 src/test/resources/unbound/val_pos_truncns.rpl create mode 100644 src/test/resources/unbound/val_positive.rpl create mode 100644 src/test/resources/unbound/val_positive_nosigs.rpl create mode 100644 src/test/resources/unbound/val_positive_wc.rpl create mode 100644 src/test/resources/unbound/val_positive_wc_nodeny.rpl create mode 100644 src/test/resources/unbound/val_qds_badanc.rpl create mode 100644 src/test/resources/unbound/val_qds_oneanc.rpl create mode 100644 src/test/resources/unbound/val_qds_twoanc.rpl create mode 100644 src/test/resources/unbound/val_refer_unsignadd.rpl create mode 100644 src/test/resources/unbound/val_referd.rpl create mode 100644 src/test/resources/unbound/val_referglue.rpl create mode 100644 src/test/resources/unbound/val_rrsig.rpl create mode 100644 src/test/resources/unbound/val_secds.rpl create mode 100644 src/test/resources/unbound/val_secds_nosig.rpl create mode 100644 src/test/resources/unbound/val_spurious_ns.rpl create mode 100644 src/test/resources/unbound/val_stub_noroot.rpl create mode 100644 src/test/resources/unbound/val_stubds.rpl create mode 100644 src/test/resources/unbound/val_ta_algo_dnskey.rpl create mode 100644 src/test/resources/unbound/val_ta_algo_dnskey_dp.rpl create mode 100644 src/test/resources/unbound/val_ta_algo_missing.rpl create mode 100644 src/test/resources/unbound/val_ta_algo_missing_dp.rpl create mode 100644 src/test/resources/unbound/val_twocname.rpl create mode 100644 src/test/resources/unbound/val_unalgo_anchor.rpl create mode 100644 src/test/resources/unbound/val_unalgo_dlv.rpl create mode 100644 src/test/resources/unbound/val_unalgo_ds.rpl create mode 100644 src/test/resources/unbound/val_unsec_cname.rpl create mode 100644 src/test/resources/unbound/val_unsecds.rpl create mode 100644 src/test/resources/unbound/val_unsecds_negcache.rpl create mode 100644 src/test/resources/unbound/val_unsecds_qtypeds.rpl create mode 100644 src/test/resources/unbound/val_wild_pos.rpl diff --git a/EXAMPLES.md b/EXAMPLES.md index f25af9e16..18a0eaf31 100644 --- a/EXAMPLES.md +++ b/EXAMPLES.md @@ -122,3 +122,69 @@ for (int i = 0; i < n.labels(); i++) { System.out.println(n.getLabelString(i)); } ``` + +## DNSSEC Resolver + +```java +import java.io.*; + +import java.nio.charset.StandardCharsets; +import org.xbill.DNS.*; + +public class ResolveExample { + + static String ROOT = ". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D"; + + public static void main(String[] args) throws Exception { + // Send two sample queries using a standard resolver + SimpleResolver sr = new SimpleResolver("4.2.2.1"); + System.out.println("Standard resolver:"); + sendAndPrint(sr, "www.dnssec-failed.org."); + sendAndPrint(sr, "www.isc.org."); + + // Send the same queries using the validating resolver with the + // trust anchor of the root zone + // http://data.iana.org/root-anchors/root-anchors.xml + ValidatingResolver vr = new ValidatingResolver(sr); + vr.loadTrustAnchors(new ByteArrayInputStream(ROOT.getBytes(StandardCharsets.US_ASCII))); + System.out.println("\n\nValidating resolver:"); + sendAndPrint(vr, "www.dnssec-failed.org."); + sendAndPrint(vr, "www.isc.org."); + } + + private static void sendAndPrint(Resolver vr, String name) throws IOException { + System.out.println("\n---" + name); + Record qr = Record.newRecord(Name.fromConstantString(name), Type.A, DClass.IN); + Message response = vr.send(Message.newQuery(qr)); + System.out.println("AD-Flag: " + response.getHeader().getFlag(Flags.AD)); + System.out.println("RCode: " + Rcode.string(response.getRcode())); + for (RRset set : response.getSectionRRsets(Section.ADDITIONAL)) { + if (set.getName().equals(Name.root) && set.getType() == Type.TXT + && set.getDClass() == ValidatingResolver.VALIDATION_REASON_QCLASS) { + System.out.println("Reason: " + ((TXTRecord) set.first()).getStrings().get(0)); + } + } + } +} + +``` + +This should result in an output like +``` +Standard resolver: +---www.dnssec-failed.org. +AD-Flag: false +RCode: NOERROR +---www.isc.org. +AD-Flag: false +RCode: NOERROR + +Validating resolver: +---www.dnssec-failed.org. +AD-Flag: false +RCode: SERVFAIL +Reason: Could not establish a chain of trust to keys for [dnssec-failed.org.]. Reason: Did not match a DS to a DNSKEY. +---www.isc.org. +AD-Flag: true +RCode: NOERROR +``` diff --git a/README.adoc b/README.adoc new file mode 100644 index 000000000..ba957a1c5 --- /dev/null +++ b/README.adoc @@ -0,0 +1,335 @@ += dnsjava + +image:https://github.com/dnsjava/dnsjava/actions/workflows/build.yml/badge.svg["GitHub CI Build Status",link="https://github.com/dnsjava/dnsjava/actions/workflows/build.yml"] +image:https://codecov.io/gh/dnsjava/dnsjava/branch/master/graph/badge.svg?token=FKmcwl1Oys["codecov",link="https://codecov.io/gh/dnsjava/dnsjava"] +image:https://maven-badges.herokuapp.com/maven-central/dnsjava/dnsjava/badge.svg["Maven Central",link="https://search.maven.org/artifact/dnsjava/dnsjava"] +image:https://javadoc.io/badge/dnsjava/dnsjava.svg["Javadocs",link="https://javadoc.io/doc/dnsjava/dnsjava"] + + +== Overview + +dnsjava is an implementation of DNS in Java. +It supports almost all defined record types (including the DNSSEC types), and unknown types. +It can be used for queries, zone transfers, and dynamic updates. +It includes a cache which can be used by clients, and an authoritative only server. +It supports TSIG authenticated messages, partial DNSSEC verification, and EDNS0. It is fully thread safe. + +dnsjava was started as an excuse to learn Java. +It was useful for testing new features in BIND without rewriting the C resolver. +It was then cleaned up and extended in order to be used as a testing framework for DNS interoperability testing. +The high level API and caching resolver were added to make it useful to a wider audience. +The authoritative only server was added as proof of concept. + +== dnsjava on Github + +This repository has been a mirror of the dnsjava project at Sourceforge since 2014 to maintain the Maven build for publishing to https://search.maven.org/artifact/dnsjava/dnsjava[Maven Central]. +As of 2019-05-15, GitHub is https://sourceforge.net/p/dnsjava/mailman/message/36666800/[officially] the new home of dnsjava. + +Please use the GitHub https://github.com/dnsjava/dnsjava/issues[issue tracker] and send - well tested - pull requests. +The mailto:dnsjava-users@lists.sourceforge.net[dnsjava-users] mailing list still exists. + +== Getting started + +=== Config options + +Some settings of dnsjava can be configured via Java +https://docs.oracle.com/javase/tutorial/essential/environment/sysprop.html[system properties]: + +[cols=4*] +|=== +.2+h|Property +3+h|Explanation +h|Type +h|Default +h|Example + +.2+|dns[.fallback].server +3+|DNS server(s) to use for resolving. +Comma separated list. +Can be IPv4/IPv6 addresses or hostnames (which are resolved using Java's built in DNS support). +|String +|- +|8.8.8.8,[2001:4860:4860::8888]:853,dns.google + +.2+|dns[.fallback].search +3+|Comma separated list of DNS search paths. +|String +|- +|ds.example.com,example.com + +.2+|dns[.fallback].ndots +3+|Sets a threshold for the number of dots which must appear in a name given to resolve before an initial absolute query will be made. +|Integer +|1 +|2 + +.2+|dnsjava.options +3+|Comma separated key-value pairs, see <<_optionpairs>>. +|option list +|- +|BINDTTL,tsigfudge=1 + +.2+|dnsjava.configprovider.skipinit +3+|Set to true to disable static ResolverConfig initialization. +|Boolean +|false +|true + +.2+|dnsjava.configprovider.sunjvm.enabled +3+|Set to true to enable the reflection based DNS server lookup, see <<_limitations>>. +|Boolean +|false +|true + +.2+|dnsjava.udp.ephemeral.start +3+|First ephemeral port for UDP-based DNS queries. +|Integer +|49152 (Linux: 32768) +|50000 + +.2+|dnsjava.udp.ephemeral.end +3+|Last ephemeral port for UDP-based DNS queries. +|Integer +|65535 (Linux: 60999) +|60000 + +.2+|dnsjava.udp.ephemeral.use_ephemeral_port +3+|Use an OS-assigned ephemeral port for UDP queries. +Enabling this option is *insecure*! +Do NOT use it. +|Boolean +|false +|true + +.2+|dnsjava.lookup.max_iterations +3+|Maximum number of CNAMEs to follow in a chain. +|Integer +|16 +|20 + +.2+|dnsjava.lookup.use_hosts_file +3+|Use the system's hosts file for lookups before resorting to a resolver. +|Boolean +|true +|false + +.2+|dnsjava.disable_idn +3+|Disable parsing of Internationalized Domain Names (IDN). +|Boolean +|false +|true + +4+h|dnssec options +.2+|dnsjava.dnssec.keycache.max_ttl +3+|Maximum time-to-live (TTL) of entries in the key cache in seconds. +|Integer +|900 +|1800 + +.2+|dnsjava.dnssec.keycache.max_size +3+|Maximum number of entries in the key cache. +|Integer +|1000 +|5000 + +.2+|org.jitsi.dnssec.nsec3.iterations.N +3+a|Maximum iteration count for the NSEC3 hashing function depending on the key size N. The defaults are from https://tools.ietf.org/html/rfc5155#section-10.3[RFC5155]. +|Integer +2+a|- 1024 bit keys: 150 iterations +- 2048 bit keys: 500 iterations +- 4096 bit keys: 2500 iterations + +e.g. dnsjava.dnssec.nsec3.iterations.1024=200 + +.2+|dnsjava.dnssec.trust_anchor_file +3+|The file from which the trust anchor should be loaded. +The file must be formatted like a DNS zone master file. +It can only contain DS or DNSKEY records. +|String +|- +|/etc/dnssec-root-anchors + +.2+|dnsjava.dnssec.digest_preference +3+|Defines the preferred DS record digest algorithm if a zone has registered multiple DS records. +The list is comma-separated, the highest preference first. + +If this property is not specified, the DS record with the highest +https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml[digest ID] is chosen. +To stay compliant with the RFCs, the mandatory digest IDs must be listed in this property. + +The GOST digest requires https://www.bouncycastle.org/java.html[BouncyCastle] on the classpath. +|String +|- +|2,1,4 + +.2+|dnsjava.dnssec.harden_algo_downgrade +3+|Prevent algorithm downgrade when multiple algorithms are advertised in a zone's DS records. +If `false`, allows any algorithm to validate the zone. +|Boolean +|true +|false + +.2+|dnsjava.dnssec.algorithm_enabled.ID +3+|Enable or disable a DS/DNSKEY algorithm. +See +https://tools.ietf.org/html/rfc8624#section-3.1[RFC8624] for recommended values. +|Boolean +2+|Disable ED448: +`dnsjava.dnssec.algorithm_enabled.16=false` + +.2+|dnsjava.dnssec.digest_enabled.ID +3+|Enable or disable a DS record digest algorithm. +See +https://tools.ietf.org/html/rfc8624#section-3.3[RFC8624] for recommended values. +|Boolean +2+|Disable SHA.1: +`dnsjava.dnssec.digest_enabled.1=false` + +|=== + +[#_optionpairs] +==== dnsjava.options pairs + +The `dnsjava.options` configuration options can also be set programmatically through the `Options` class. +Please refer to the Javadoc for details. + +[cols="1,1,1,4",options=header] +|=== +| Key| Type | Default | Explanation +| BINDTTL | Boolean | false | Print TTLs in BIND format +| multiline | Boolean | false | Print records in multiline format +| noPrintIN | Boolean | false | Do not print the class of a record if it is `IN` +| tsigfudge | Integer | 300 | Sets the default TSIG fudge value (in seconds) +| sig0validity | Integer | 300 | Sets the default SIG(0) validity period (in seconds) +|=== + +=== Resolvers + +==== SimpleResolver + +Basic resolver that uses UDP by default and falls back to TCP if required. + +==== ExtendedResolver + +Resolver that uses multiple `SimpleResolver` s to send the queries. +Can be configured to query the servers in a round-robin order. +Blacklists a server if it times out. + +==== DohResolver + +Proof-of-concept DNS over HTTP resolver, e.g. to use https://dns.google/query. + +==== ValidatingResolver + +DNSSEC validating stub resolver. +Originally based on the work of the Unbound Java prototype from 2005/2006. +The Unbound prototype was stripped from all unnecessary parts, heavily modified, complemented with more than 300 unit test and found bugs were fixed. +Before the import into dnsjava, the resolver was developed as an independent library at https://github.com/ibauersachs/dnssecjava. +To migrate from dnssecjava, replace `org.jitsi` with `org.xbill.DNS` in Java packages and `org.jitsi` with `dnsjava` in property prefixes. + +Validated, secure responses contain the DNS `AD`-flag, while responses that failed validation return the `SERVFAIL`-RCode. +Insecure responses return the actual return code without the `AD`-flag set. +The reason why the validation failed or is insecure is provided as a localized string in the additional section under the record ./65280/TXT (a TXT record for the owner name of the root zone in the private query class `ValidatingResolver.VALIDATION_REASON_QCLASS`). + +The link:EXAMPLES.md[examples] contain a small demo. + +=== Migrating from version 2.1.x to v3 + +dnsjava v3 has significant API changes compared to version 2.1.x and is neither source nor binary compatible. +The most important changes are: + +- The minimum supported version is Java 8 +- Uses http://www.slf4j.org/[slf4j] for logging and thus needs `slf4j-api` +on the classpath +- The link:USAGE.md[command line tools] were moved to the `org.xbill.DNS.tools` +package +- On Windows, https://github.com/java-native-access/jna[JNA] should be on the classpath for the search path and proper DNS server finding +- The `Resolver` API for custom resolvers has changed to use +`CompletionStage` for asynchronous resolving. +The built-in resolvers are now fully non-blocking and do not start a thread per query anymore. +- Many methods return a `List` instead of an array. +Ideally, use a for-each loop. +If this is not possible, call `size()` instead of using `length`: +- Cache#findAnyRecords +- Cache#findRecords +- Lookup#getDefaultSearchPath +- Message#getSectionRRsets +- SetResponse#answers +- ResolverConfig +- RRset returns a List instead of an `Iterator`. +Ideally, modify your code to use a for-each loop. +If this is not possible, create an iterator on the returned list: +- RRset#rrs +- RRset#sigs +- Methods using `java.util.Date` are deprecated. +Use the new versions with +`java.time.Instant` or `java.time.Duration` instead +- The type hierarchy of `SMIMEARecord` changed, it now inherits from +`TLSARecord` and constants are shared +- `Record`s are no longer marked as `Serializable`. +Use the RFC defined serialization formats: +- `toString()`, `rrToString()` <-> `fromString()` +- `toWire()` <-> `fromWire()`, `newRecord()` +- `Message` and `Header` properly support `clone()` + +=== Replacing the standard Java DNS functionality + +Java versions from 1.4 to 8 can load DNS service providers at runtime. +The functionality was https://bugs.openjdk.java.net/browse/JDK-8134577[removed in JDK 9], a replacement is https://bugs.openjdk.java.net/browse/JDK-8192780[requested], but so far only a https://bugs.openjdk.java.net/browse/JDK-8263693[proposal] +has been defined. + +To load the dnsjava service provider, build dnsjava on JDK 8 and set the system property: + + sun.net.spi.nameservice.provider.1=dns,dnsjava + +This instructs the JVM to use the dnsjava service provide for DNS at the highest priority. + +=== Build + +Run `mvn package` from the toplevel directory to build dnsjava. +JDK 8 or higher is required. + +=== Testing dnsjava + +mailto:rutherfo@cs.colorado.edu[Matt Rutherford] contributed a number of unit tests, which are in the tests subdirectory. + +The hierarchy under tests mirrors the `org.xbill.DNS` classes. +To run the unit tests, execute `mvn test`. + +[#_limitations] +== Limitations + +There is no standard way to determine what the local nameserver or DNS search path is at runtime from within the JVM. +dnsjava attempts several methods until one succeeds. + +- The properties `dns.server` and `dns.search` (comma delimited lists) are checked. +The servers can either be IP addresses or hostnames (which are resolved using Java's built in DNS support). +- On Unix/Solaris, `/etc/resolv.conf` is parsed. +- On Windows, if https://github.com/java-native-access/jna[JNA] is available on the classpath, the `GetAdaptersAddresses` API is used. +- On Android the `ConnectivityManager` is used (requires initialization using `org.xbill.DNS.config.AndroidResolverConfigProvider.setContext`). +- The `sun.net.dns.ResolverConfiguration` class is queried if enabled. +As of Java 16 the JVM flag `--add-opens java.base/sun.net.dns=ALL-UNNAMED` is also required. +- If available and no servers have been found yet, https://docs.oracle.com/javase/8/docs/technotes/guides/jndi/jndi-dns.html[JNDI-DNS] is used. +- If still no servers have been found yet, use the fallback properties. +This can be used to query e.g. a well-known public DNS server instead of localhost. +- As a last resort, `localhost` is used as the nameserver, and the search path is empty. + +== Additional documentation + +Javadoc documentation can be built with `mvn javadoc:javadoc` or viewed online at https://javadoc.io/doc/dnsjava/dnsjava[javadoc.io]. +See the link:EXAMPLES.md[examples] for some basic usage information. + +== License + +dnsjava is placed under the link:LICENSE[BSD-3-Clause license]. + +== Authors + +- Brian Wellington (@bwelling), March 12, 2004 +- Various contributors, see the link:Changelog[Changelog] +- Ingo Bauersachs (@ibauersachs), current maintainer + +== Final notes + +- Thanks to Network Associates, Inc. for sponsoring some of the original dnsjava work in 1999-2000. +- Thanks to Nominum, Inc. for sponsoring some work on dnsjava from 2000 through 2017. diff --git a/README.md b/README.md deleted file mode 100644 index 4aa71a68c..000000000 --- a/README.md +++ /dev/null @@ -1,295 +0,0 @@ -[![dnsjava CI](https://github.com/dnsjava/dnsjava/actions/workflows/build.yml/badge.svg)](https://github.com/dnsjava/dnsjava/actions/workflows/build.yml) -[![codecov](https://codecov.io/gh/dnsjava/dnsjava/branch/master/graph/badge.svg?token=FKmcwl1Oys)](https://codecov.io/gh/dnsjava/dnsjava) -[![Maven Central](https://maven-badges.herokuapp.com/maven-central/dnsjava/dnsjava/badge.svg)](https://search.maven.org/artifact/dnsjava/dnsjava) -[![Javadocs](http://javadoc.io/badge/dnsjava/dnsjava.svg)](http://javadoc.io/doc/dnsjava/dnsjava) - -# dnsjava - -## Overview - -dnsjava is an implementation of DNS in Java. It supports almost all defined record -types (including the DNSSEC types), and unknown types. It can be used for -queries, zone transfers, and dynamic updates. It includes a cache which can be -used by clients, and an authoritative only server. It supports TSIG -authenticated messages, partial DNSSEC verification, and EDNS0. It is fully -thread safe. - -dnsjava was started as an excuse to learn Java. It was useful for testing new -features in BIND without rewriting the C resolver. It was then cleaned up and -extended in order to be used as a testing framework for DNS interoperability -testing. The high level API and caching resolver were added to make it useful -to a wider audience. The authoritative only server was added as proof of -concept. - -## dnsjava on Github - -This repository has been a mirror of the dnsjava project at Sourceforge -since 2014 to maintain the Maven build for publishing to -[Maven Central](https://search.maven.org/artifact/dnsjava/dnsjava). -As of 2019-05-15, Github is -[officially](https://sourceforge.net/p/dnsjava/mailman/message/36666800/) -the new home of dnsjava. - -Please use the Github [issue tracker](https://github.com/dnsjava/dnsjava/issues) -and send - well tested - pull requests. The -[dnsjava-users@lists.sourceforge.net](mailto:dnsjava-users@lists.sourceforge.net) -mailing list still exists. - -## Getting started - -### Config options -Some settings of dnsjava can be configured via -[system properties](https://docs.oracle.com/javase/tutorial/essential/environment/sysprop.html): - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PropertyTypeDefaultExample
Explanation
dns[.fallback].serverString-8.8.8.8,[2001:4860:4860::8888]:853,dns.google
DNS server(s) to use for resolving. Comma separated list. Can be IPv4/IPv6 addresses or hostnames (which are resolved using Java's built in DNS support).
dns[.fallback].searchString-ds.example.com,example.com
Comma separated list of DNS search paths.
dns[.fallback].ndotsInteger12
Sets a threshold for the number of dots which must appear in a name given to resolve before an initial absolute query will be made.
dnsjava.optionsoption list-BINDTTL,tsigfudge=1
Comma separated key-value pairs, see below.
dnsjava.configprovider.skipinitBooleanfalsetrue
Set to true to disable static ResolverConfig initialization.
dnsjava.configprovider.sunjvm.enabledBooleanfalsetrue
Set to true to enable the reflection based DNS server lookup, see limitations below.
dnsjava.udp.ephemeral.startInteger49152 (Linux: 32768)50000
First ephemeral port for UDP-based DNS queries.
dnsjava.udp.ephemeral.endInteger65535 (Linux: 60999)60000
Last ephemeral port for UDP-based DNS queries.
dnsjava.udp.ephemeral.use_ephemeral_portBooleanfalsetrue
Use an OS-assigned ephemeral port for UDP queries. Enabling this option is insecure! Do NOT use it.
dnsjava.lookup.max_iterationsInteger1620
Maximum number of CNAMEs to follow in a chain.
dnsjava.lookup.use_hosts_fileBooleantruefalse
Use the system's hosts file for lookups before resorting to a resolver.
- -#### dnsjava.options pairs -The dnsjava.options configuration options can also be set programmatically -through the `Options` class. Please refer to the Javadoc for details. - -| Key | Type | Default | Explanation | -| --- | ---- | -------| ----------- | -| BINDTTL | Boolean | false | Print TTLs in BIND format | -| multiline | Boolean | false | Print records in multiline format | -| noPrintIN | Boolean | false | Do not print the class of a record if it is `IN` | -| tsigfudge | Integer | 300 | Sets the default TSIG fudge value (in seconds) | -| sig0validity | Integer | 300 | Sets the default SIG(0) validity period (in seconds) | - -### Resolvers -dnsjava comes with several built-in resolvers: -- `SimpleResolver`: a basic resolver that uses UDP by default and falls back - to TCP if required. -- `ExtendedResolver`: a resolver that uses multiple `SimpleResolver`s to send - the queries. Can be configured to query the servers in a round-robin order. - Blacklists a server if it times out. -- `DohResolver`: a proof-of-concept DNS over HTTP resolver, e.g. to use - `https://dns.google/query`. - -The project [dnssecjava](https://github.com/ibauersachs/dnssecjava) has a -resolver that validates responses with DNSSEC. - -### Migrating from version 2.1.x to v3 -dnsjava 3 has significant API changes compared to version 2.1.x and is -neither source nor binary compatible. The most important changes are: -- The minimum supported version is Java 8 -- Uses [slf4j](http://www.slf4j.org/) for logging and thus needs `slf4j-api` - on the classpath -- The [command line tools](USAGE.md) were moved to the `org.xbill.DNS.tools` - package -- On Windows, [JNA](https://github.com/java-native-access/jna) should be - on the classpath for the search path -- The `Resolver` API for custom resolvers has changed to use - `CompletionStage` for asynchronous resolving. The built-in - resolvers are now fully non-blocking and do not start a thread per - query anymore. -- Many methods return a `List` instead of an array. Ideally, use a - for-each loop. If this isn't possible, call `size()` instead of - using `length`: - - Cache#findAnyRecords - - Cache#findRecords - - Lookup#getDefaultSearchPath - - Message#getSectionRRsets - - SetResponse#answers - - ResolverConfig -- RRset returns a List instead of an `Iterator`. Ideally, modify your - code to use a for-each loop. If this is not possible, create an iterator - on the returned list: - - RRset#rrs - - RRset#sigs -- Methods using `java.util.Date` are deprecated. Use the new versions with - `java.time.Instant` or `java.time.Duration` instead -- The type hierarchy of `SMIMEARecord` changed, it now inherits from - `TLSARecord` and constants are shared -- `Record`s are no longer marked as `Serializable`. Use the RFC defined - serialization formats: - - `toString()`, `rrToString()` <-> `fromString()` - - `toWire()` <-> `fromWire()`, `newRecord()` -- `Message` and `Header` properly support `clone()` - -### Replacing the standard Java DNS functionality - -Java versions from 1.4 to 8 can load DNS service providers at runtime. The -functionality was [removed in JDK 9](https://bugs.openjdk.java.net/browse/JDK-8134577), -a replacement is [requested](https://bugs.openjdk.java.net/browse/JDK-8192780), -but so far only a [proposal](https://bugs.openjdk.java.net/browse/JDK-8263693) -has been defined. - -To load the dnsjava service provider, build dnsjava on JDK 8 and set the system property: - - sun.net.spi.nameservice.provider.1=dns,dnsjava - -This instructs the JVM to use the dnsjava service provide for DNS at the -highest priority. - -### Build - -Run `mvn package` from the toplevel directory to build dnsjava. JDK 8 -or higher is required. - -### Testing dnsjava - -[Matt Rutherford](mailto:rutherfo@cs.colorado.edu) contributed a number of unit -tests, which are in the tests subdirectory. The hierarchy under tests -mirrors the org.xbill.DNS classes. To run the unit tests, execute -`mvn test`. - - -## Limitations - -There's no standard way to determine what the local nameserver or DNS search -path is at runtime from within the JVM. dnsjava attempts several methods -until one succeeds. - -- The properties `dns.server` and `dns.search` (comma delimited lists) are - checked. The servers can either be IP addresses or hostnames (which are - resolved using Java's built in DNS support). -- On Unix/Solaris, `/etc/resolv.conf` is parsed. -- On Windows, if [JNA](https://github.com/java-native-access/jna) is available - on the classpath, the `GetAdaptersAddresses` API is used. -- On Android the `ConnectivityManager` is used (requires initialization using - `org.xbill.DNS.config.AndroidResolverConfigProvider.setContext`). -- The `sun.net.dns.ResolverConfiguration` class is queried if enabled. As of - Java 16 the JVM flag `--add-opens java.base/sun.net.dns=ALL-UNNAMED` is also - required. -- If available and no servers have been found yet, - [JNDI-DNS](https://docs.oracle.com/javase/8/docs/technotes/guides/jndi/jndi-dns.html) is used. -- If still no servers have been found yet, use the fallback properties. This can be used to query - e.g. a well-known public DNS server instead of localhost. -- As a last resort, `localhost` is used as the nameserver, and the search - path is empty. - - -## Additional documentation - -Javadoc documentation can be built with `mvn javadoc:javadoc` or viewed online -at [javadoc.io](http://javadoc.io/doc/dnsjava/dnsjava). See the -[examples](EXAMPLES.md) for some basic usage information. - - -## License - -dnsjava is placed under the [BSD-3-Clause license](LICENSE). - -## Authors - -- Brian Wellington (@bwelling), March 12, 2004 -- Various contributors, see [Changelog](Changelog) -- Ingo Bauersachs (@ibauersachs), current maintainer - -## Final notes -- Thanks to Network Associates, Inc. for sponsoring some of the original - dnsjava work in 1999-2000. -- Thanks to Nominum, Inc. for sponsoring some work on dnsjava from 2000 through 2017. diff --git a/TODO.dnssec.md b/TODO.dnssec.md new file mode 100644 index 000000000..7f0e73a01 --- /dev/null +++ b/TODO.dnssec.md @@ -0,0 +1,69 @@ +CNAME Handling +-------------- +The CNAME handling is terribly inefficient. A recursive nameserver is required +to deliver all intermediate results in the response to the original query. The +code however still splits up the query into each part and performs a query for +each CNAME till the end of the chain is reached. +This should be changed to follow the chain in the response of the original +query, but is not so easy because the validation only has the keys for each +original query. +A possible workaround would be to synthesize the intermediate responses from +the original query. Easy for positive responses, but for NXDOMAIN - which +NSEC(3)s are to be included...? + +DNAME Handling +-------------- +A DNAME causes validation failures during priming because the synthesized +CNAME is not considered valid. Some unit-tests are failing due to this. + +API +--- +- Provide the final failure reason as a (localizable) string + +Code Coverage / Bugs +-------------------- +- The code still has some untested parts: + - Wildcard/ENT DS delegations!!! + - ANY responses, especially wildcard expansion + - Insecure NSEC3 NODATA responses + - Wildcard NODATA responses might pass too broad cases + - Behavior if all NSEC3s are not understandable + - NXDOMAIN when a NSEC would prove that a wildcard exists + - Exceptions thrown by the head resolver + - Bogus/Insecure handling of CNAME answer to DS query + - Async calling of the validator + - Passthrough without validation if the CD flag is set + - Various cases in dsReponseToKeForNodata + - longestCommonName + - Various NSEC NODATA cases + - Unsupported algorithm or digest ID cases + - NSEC3 iteration count configuration + - NSEC3 with unsupported hash algorithm + - Multiple NSEC3s for a zone + - NSEC3: proveClosestEncloser + - NSEC3: proveNodata + - NSEC3: proveNoDS + - Implement http://tools.ietf.org/html/rfc4509#section-3 to prevent downgrade attacks + - http://tools.ietf.org/html/rfc6840#section-4.3 (CNAME bit check) + - http://tools.ietf.org/html/rfc6840#section-4.4 (Insecure Delegation Proofs) + - http://tools.ietf.org/html/rfc6840#section-5.4 (Caution about Local Policy and Multiple RRSIGs) + - Refuse DNAME wildcards (RFC4597) + - Test validating against a non-Bind9 head solver + - Rate limit queries to be able to validate against Google's public resolvers + +Unit Tests +---------- +- The tests currently rely on an online connection to a recursive server and + external zones. They must be able to run offline. +- Some tests will start to fail after June 9, 2013 because the signature date + is compared against the current system time. This must be changed to take + the test authoring time. To make this possible DNSJAVA must probably be + changed. + +DNSJAVA +------- +- Fix the Maven project definition to build correctly with a local lib folder + as it is not officially distributed on Maven central +- Version 2.1.5 contains a bug in the Name constructor and needs at least + SVN rev. 1686 +- Remove local-repo once 2.1.6 appears on Maven central diff --git a/src/main/java/org/xbill/DNS/dnssec/R.java b/src/main/java/org/xbill/DNS/dnssec/R.java new file mode 100644 index 000000000..d9054f284 --- /dev/null +++ b/src/main/java/org/xbill/DNS/dnssec/R.java @@ -0,0 +1,70 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import java.text.MessageFormat; +import java.util.MissingResourceException; +import java.util.ResourceBundle; + +/** + * Utility class to retrieve messages from {@link ResourceBundle}s. + * + * @since 3.5 + */ +public final class R { + private static ResourceBundle rb; + private static boolean useNeutral; + + private R() {} + + /** + * Programmatically set the ResourceBundle to be used. + * + * @param resourceBundle the bundle to be used. + */ + public static void setBundle(ResourceBundle resourceBundle) { + R.rb = resourceBundle; + } + + /** + * If set to {@code true}, messages will not be obtained from resource bundles but formatted as + * {@code key:param1:...:paramN}. + * + * @param useNeutral {@code true} to use neutral messages, {@code false} otherwise + */ + public static void setUseNeutralMessages(boolean useNeutral) { + R.useNeutral = useNeutral; + } + + /** + * Gets a translated message. + * + * @param key The message key to retrieve. + * @param values The values that fill placeholders in the message. + * @return The formatted message. + */ + public static String get(String key, Object... values) { + if (useNeutral) { + return getNeutral(key, values); + } + + try { + if (R.rb == null) { + rb = ResourceBundle.getBundle("messages"); + } + + return MessageFormat.format(rb.getString(key), values); + } catch (MissingResourceException e) { + return getNeutral(key, values); + } + } + + private static String getNeutral(String key, Object[] values) { + StringBuilder sb = new StringBuilder(key); + for (Object val : values) { + sb.append(":"); + sb.append(val); + } + + return sb.toString(); + } +} diff --git a/src/main/java/org/xbill/DNS/dnssec/SMessage.java b/src/main/java/org/xbill/DNS/dnssec/SMessage.java new file mode 100644 index 000000000..19155faa8 --- /dev/null +++ b/src/main/java/org/xbill/DNS/dnssec/SMessage.java @@ -0,0 +1,327 @@ +// SPDX-License-Identifier: BSD-3-Clause +// Copyright (c) 2005 VeriSign. All rights reserved. +// Copyright (c) 2013-2021 Ingo Bauersachs +package org.xbill.DNS.dnssec; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.LinkedList; +import java.util.List; +import lombok.extern.slf4j.Slf4j; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Header; +import org.xbill.DNS.Message; +import org.xbill.DNS.Name; +import org.xbill.DNS.OPTRecord; +import org.xbill.DNS.RRSIGRecord; +import org.xbill.DNS.RRset; +import org.xbill.DNS.Record; +import org.xbill.DNS.Section; +import org.xbill.DNS.Type; + +/** + * This class represents a DNS message with validator state and some utility methods. + * + * @since 3.5 + */ +@Slf4j +public final class SMessage { + private static final int NUM_SECTIONS = 3; + private static final int MAX_FLAGS = 16; + private static final int EXTENDED_FLAGS_BIT_OFFSET = 4; + + private final Header header; + private Record question; + private OPTRecord oPTRecord; + private final List[] sections; + private SecurityStatus securityStatus; + private String bogusReason; + + /** + * Creates a instance of this class. + * + * @param h The header of the original message. + */ + @SuppressWarnings("unchecked") + public SMessage(Header h) { + this.sections = new List[NUM_SECTIONS]; + this.header = h; + this.securityStatus = SecurityStatus.UNCHECKED; + } + + /** + * Creates a new instance of this class. + * + * @param id The ID of the DNS query or response message. + * @param question The question section of the query or response. + */ + public SMessage(int id, Record question) { + this(new Header(id)); + this.question = question; + } + + /** + * Creates a new instance of this class. + * + * @param m The DNS message to wrap. + */ + public SMessage(Message m) { + this(m.getHeader()); + this.question = m.getQuestion(); + this.oPTRecord = m.getOPT(); + + for (int i = Section.ANSWER; i <= Section.ADDITIONAL; i++) { + for (RRset rrset : m.getSectionRRsets(i)) { + this.addRRset(new SRRset(rrset), i); + } + } + } + + /** + * Gets the header of this message. + * + * @return The header of this message. + */ + public Header getHeader() { + return this.header; + } + + /** + * Gets the question section of this message. + * + * @return The question section of this message. + */ + public Record getQuestion() { + return this.question; + } + + /** + * Gets signed RRsets for the queried section. + * + * @param section The section whose RRsets are demanded. + * @return Signed RRsets for the queried section. + */ + public List getSectionRRsets(int section) { + this.checkSectionValidity(section); + + if (this.sections[section - 1] == null) { + this.sections[section - 1] = new LinkedList<>(); + } + + return this.sections[section - 1]; + } + + private void addRRset(SRRset srrset, int section) { + this.checkSectionValidity(section); + + if (srrset.getType() == Type.OPT) { + this.oPTRecord = (OPTRecord) srrset.first(); + return; + } + + List sectionList = this.getSectionRRsets(section); + sectionList.add(srrset); + } + + private void checkSectionValidity(int section) { + if (section <= Section.QUESTION || section > Section.ADDITIONAL) { + throw new IllegalArgumentException("Invalid section"); + } + } + + /** + * Gets signed RRsets for the queried section. + * + * @param section The section whose RRsets are demanded. + * @param qtype Filter the results for these record types. + * @return Signed RRsets for the queried section. + */ + public List getSectionRRsets(int section, int qtype) { + List slist = this.getSectionRRsets(section); + + if (slist.isEmpty()) { + return Collections.emptyList(); + } + + List result = new ArrayList<>(slist.size()); + for (SRRset rrset : slist) { + if (rrset.getType() == qtype) { + result.add(rrset); + } + } + + return result; + } + + /** + * Gets the result code of the response message. + * + * @return The result code of the response message. + */ + public int getRcode() { + int rcode = this.header.getRcode(); + if (this.oPTRecord != null) { + rcode += this.oPTRecord.getExtendedRcode() << EXTENDED_FLAGS_BIT_OFFSET; + } + + return rcode; + } + + /** + * Gets the security status of this message. + * + * @return The security status of this message. + */ + public SecurityStatus getStatus() { + return this.securityStatus; + } + + /** + * Sets the security status for this message. + * + * @param status the new security status for this message. + */ + public void setStatus(SecurityStatus status) { + this.securityStatus = status; + } + + /** + * Sets the security status for this message. + * + * @param status the new security status for this message. + * @param reason Why this message's status is set as indicated. + */ + public void setStatus(SecurityStatus status, String reason) { + this.securityStatus = status; + this.bogusReason = reason; + log.debug(this.bogusReason); + } + + /** + * Gets the reason why this messages' status is bogus. + * + * @return The reason why this messages' status is bogus. + */ + public String getBogusReason() { + return this.bogusReason; + } + + /** + * Sets the security status of this message to bogus and sets the reason. + * + * @param reason Why this message's status is bogus. + */ + public void setBogus(String reason) { + this.setStatus(SecurityStatus.BOGUS); + this.bogusReason = reason; + log.debug(this.bogusReason); + } + + /** + * Gets this message as a standard DNSJAVA message. + * + * @return This message as a standard DNSJAVA message. + */ + public Message getMessage() { + // Generate our new message. + Message m = new Message(this.header.getID()); + + // Convert the header + // We do this for two reasons: + // 1) setCount() is package scope, so we can't do that, and + // 2) setting the header on a message after creating the + // message frequently gets stuff out of sync, leading to malformed wire + // format messages. + Header h = m.getHeader(); + h.setOpcode(this.header.getOpcode()); + h.setRcode(this.header.getRcode()); + for (int i = 0; i < MAX_FLAGS; i++) { + if (Flags.isFlag(i) && this.header.getFlag(i)) { + h.setFlag(i); + } + } + + // Add all the records. -- this will set the counts correctly in the + // message header. + if (this.question != null) { + m.addRecord(this.question, Section.QUESTION); + } + + for (int sec = Section.ANSWER; sec <= Section.ADDITIONAL; sec++) { + List slist = this.getSectionRRsets(sec); + for (SRRset rrset : slist) { + for (Record j : rrset.rrs()) { + m.addRecord(j, sec); + } + + for (RRSIGRecord j : rrset.sigs()) { + m.addRecord(j, sec); + } + } + } + + if (this.oPTRecord != null) { + m.addRecord(this.oPTRecord, Section.ADDITIONAL); + } + + return m; + } + + /** + * Gets the number of records. + * + * @param section The section for which the records are counted. + * @return The number of records for the queried section. + */ + public int getCount(int section) { + if (section == Section.QUESTION) { + return 1; + } + + List sectionList = this.getSectionRRsets(section); + if (sectionList.isEmpty()) { + return 0; + } + + int count = 0; + for (SRRset sr : sectionList) { + count += sr.size(); + } + + return count; + } + + /** + * Find a specific (S)RRset in a given section. + * + * @param name the name of the RRset. + * @param type the type of the RRset. + * @param dclass the class of the RRset. + * @param section the section to look in (ANSWER to ADDITIONAL) + * @return The SRRset if found, null otherwise. + */ + public SRRset findRRset(Name name, int type, int dclass, int section) { + this.checkSectionValidity(section); + + for (SRRset set : this.getSectionRRsets(section)) { + if (set.getName().equals(name) && set.getType() == type && set.getDClass() == dclass) { + return set; + } + } + + return null; + } + + /** + * Find an "answer" RRset. This will look for RRsets in the ANSWER section that match the + * <qname,qtype,qclass>, without considering CNAMEs. + * + * @param qname The starting search name. + * @param qtype The search type. + * @param qclass The search class. + * @return a SRRset matching the query. + */ + public SRRset findAnswerRRset(Name qname, int qtype, int qclass) { + return this.findRRset(qname, qtype, qclass, Section.ANSWER); + } +} diff --git a/src/main/java/org/xbill/DNS/dnssec/SRRset.java b/src/main/java/org/xbill/DNS/dnssec/SRRset.java new file mode 100644 index 000000000..b614d5ee3 --- /dev/null +++ b/src/main/java/org/xbill/DNS/dnssec/SRRset.java @@ -0,0 +1,107 @@ +// SPDX-License-Identifier: BSD-3-Clause +// Copyright (c) 2005 VeriSign. All rights reserved. +// Copyright (c) 2013-2021 Ingo Bauersachs +package org.xbill.DNS.dnssec; + +import java.util.List; +import lombok.EqualsAndHashCode; +import org.xbill.DNS.Name; +import org.xbill.DNS.RRSIGRecord; +import org.xbill.DNS.RRset; +import org.xbill.DNS.Record; + +/** + * An extended version of {@link RRset} that adds the indication of DNSSEC security status. + * + * @since 3.5 + */ +@EqualsAndHashCode( + callSuper = true, + of = {"securityStatus", "ownerName"}) +public class SRRset extends RRset { + private SecurityStatus securityStatus; + private Name ownerName; + + /** Create a new, blank SRRset. */ + public SRRset() { + super(); + this.securityStatus = SecurityStatus.UNCHECKED; + } + + /** + * Create a new SRRset with one record. + * + * @param r The record to add to the RRset. + */ + public SRRset(Record r) { + super(r); + this.securityStatus = SecurityStatus.UNCHECKED; + } + + /** + * Create a new SRRset from an existing RRset. This SRRset will contain the same internal {@link + * Record} objects as the original RRset. + * + * @param r The RRset to copy. + */ + public SRRset(RRset r) { + super(r); + this.securityStatus = SecurityStatus.UNCHECKED; + } + + /** + * Create a new SRRset from an existing SRRset. This SRRset will contain the same internal {@link + * Record} objects as the original SRRset. + * + * @param r The RRset to copy. + */ + public SRRset(SRRset r) { + super(r); + this.securityStatus = r.securityStatus; + this.ownerName = r.ownerName; + } + + /** + * Return the current security status (generally: {@link SecurityStatus#UNCHECKED}, {@link + * SecurityStatus#BOGUS}, or {@link SecurityStatus#SECURE}). + * + * @return The security status for this set, {@link SecurityStatus#UNCHECKED} if it has never been + * set manually. + */ + public SecurityStatus getSecurityStatus() { + return this.securityStatus; + } + + /** + * Set the current security status for this SRRset. + * + * @param status The new security status for this set. + */ + public void setSecurityStatus(SecurityStatus status) { + this.securityStatus = status; + } + + /** @return The "signer" name for this SRRset, if signed, or null if not. */ + public Name getSignerName() { + List sigs = sigs(); + if (!sigs.isEmpty()) { + return sigs.get(0).getSigner(); + } + + return null; + } + + @Override + public Name getName() { + return this.ownerName == null ? super.getName() : this.ownerName; + } + + /** + * Set the name of the records. + * + * @param ownerName the {@link Name} to override the original name with. + */ + public void setName(Name ownerName) { + this.ownerName = ownerName; + } +} diff --git a/src/main/java/org/xbill/DNS/dnssec/SecurityStatus.java b/src/main/java/org/xbill/DNS/dnssec/SecurityStatus.java new file mode 100644 index 000000000..399e8c7e7 --- /dev/null +++ b/src/main/java/org/xbill/DNS/dnssec/SecurityStatus.java @@ -0,0 +1,35 @@ +// SPDX-License-Identifier: BSD-3-Clause +// Copyright (c) 2005 VeriSign. All rights reserved. +// Copyright (c) 2013-2021 Ingo Bauersachs +package org.xbill.DNS.dnssec; + +/** + * Codes for DNSSEC security statuses. + * + * @since 3.5 + */ +public enum SecurityStatus { + /** UNCHECKED means that object has yet to be validated. */ + UNCHECKED, + + /** + * BOGUS means that the object (RRset or message) failed to validate (according to local policy), + * but should have validated. + */ + BOGUS, + + /** + * INDTERMINATE means that the object is insecure, but not authoritatively so. Generally this + * means that the RRset is not below a configured trust anchor. + */ + INDETERMINATE, + + /** + * INSECURE means that the object is authoritatively known to be insecure. Generally this means + * that this RRset is below a trust anchor, but also below a verified, insecure delegation. + */ + INSECURE, + + /** SECURE means that the object (RRset or message) validated according to local policy. */ + SECURE, +} diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/ByteArrayComparator.java b/src/main/java/org/xbill/DNS/dnssec/validator/ByteArrayComparator.java new file mode 100644 index 000000000..85bacd9a6 --- /dev/null +++ b/src/main/java/org/xbill/DNS/dnssec/validator/ByteArrayComparator.java @@ -0,0 +1,34 @@ +// SPDX-License-Identifier: BSD-3-Clause +// Copyright (c) 2005 VeriSign. All rights reserved. +// Copyright (c) 2013-2021 Ingo Bauersachs +package org.xbill.DNS.dnssec.validator; + +import java.util.Comparator; + +/** + * This class implements a basic comparator for byte arrays. It is primarily useful for comparing + * RDATA portions of DNS records in doing DNSSEC canonical ordering. + * + * @since 3.5 + */ +class ByteArrayComparator implements Comparator { + private static final int MAX_BYTE = 0xFF; + + /** {@inheritDoc} */ + public int compare(Object o1, Object o2) { + byte[] b1 = (byte[]) o1; + byte[] b2 = (byte[]) o2; + + if (b1.length != b2.length) { + return b1.length - b2.length; + } + + for (int i = 0; i < b1.length; i++) { + if (b1[i] != b2[i]) { + return (b1[i] & MAX_BYTE) - (b2[i] & MAX_BYTE); + } + } + + return 0; + } +} diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/DnsSecVerifier.java b/src/main/java/org/xbill/DNS/dnssec/validator/DnsSecVerifier.java new file mode 100644 index 000000000..e67eca746 --- /dev/null +++ b/src/main/java/org/xbill/DNS/dnssec/validator/DnsSecVerifier.java @@ -0,0 +1,162 @@ +// SPDX-License-Identifier: BSD-3-Clause +// Copyright (c) 2005 VeriSign. All rights reserved. +// Copyright (c) 2013-2021 Ingo Bauersachs +package org.xbill.DNS.dnssec.validator; + +import java.time.Instant; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import lombok.extern.slf4j.Slf4j; +import org.xbill.DNS.DNSKEYRecord; +import org.xbill.DNS.DNSSEC; +import org.xbill.DNS.DNSSEC.DNSSECException; +import org.xbill.DNS.RRSIGRecord; +import org.xbill.DNS.RRset; +import org.xbill.DNS.Record; +import org.xbill.DNS.Type; +import org.xbill.DNS.dnssec.SRRset; +import org.xbill.DNS.dnssec.SecurityStatus; + +/** + * A class for performing basic DNSSEC verification. The DNSJAVA package contains a similar class. + * This is a reimplementation that allows us to have finer control over the validation process. + * + * @since 3.5 + */ +@Slf4j +class DnsSecVerifier { + /** + * Find the matching DNSKEY(s) to an RRSIG within a DNSKEY rrset. Normally this will only return + * one DNSKEY. It can return more than one, since KeyID/Footprints are not guaranteed to be + * unique. + * + * @param dnskeyRrset The DNSKEY rrset to search. + * @param signature The RRSIG to match against. + * @return A List that contains one or more DNSKEYRecord objects; empty if a matching DNSKEY could + * not be found. + */ + private List findKey(RRset dnskeyRrset, RRSIGRecord signature) { + if (!signature.getSigner().equals(dnskeyRrset.getName())) { + log.trace( + "could not find appropriate key because incorrect keyset was supplied. Wanted: {}, got: {}", + signature.getSigner(), + dnskeyRrset.getName()); + return Collections.emptyList(); + } + + int keyid = signature.getFootprint(); + int alg = signature.getAlgorithm(); + List res = new ArrayList<>(dnskeyRrset.size()); + for (Record r : dnskeyRrset.rrs()) { + DNSKEYRecord dnskey = (DNSKEYRecord) r; + if (dnskey.getAlgorithm() == alg && dnskey.getFootprint() == keyid) { + res.add(dnskey); + } + } + + return res; + } + + /** + * Verify an RRset against a particular signature. + * + * @param rrset The RRset to verify. + * @param sigrec The signature record that signs the RRset. + * @param keyRrset The keys used to create the signature record. + * @param date The date against which to verify the signature. + * @return {@link SecurityStatus#SECURE} if the signature verified, {@link SecurityStatus#BOGUS} + * if it did not verify (for any reason), and {@link SecurityStatus#UNCHECKED} if verification + * could not be completed (usually because the public key was not available). + */ + private SecurityStatus verifySignature( + SRRset rrset, RRSIGRecord sigrec, RRset keyRrset, Instant date) { + List keys = this.findKey(keyRrset, sigrec); + if (keys.isEmpty()) { + log.trace("could not find appropriate key"); + return SecurityStatus.BOGUS; + } + + SecurityStatus status = SecurityStatus.UNCHECKED; + for (DNSKEYRecord key : keys) { + try { + if (!rrset.getName().subdomain(keyRrset.getName())) { + log.debug("signer name is off-tree"); + status = SecurityStatus.BOGUS; + continue; + } + + DNSSEC.verify(rrset, sigrec, key, date); + ValUtils.setCanonicalNsecOwner(rrset, sigrec); + return SecurityStatus.SECURE; + } catch (DNSSECException e) { + log.error( + "Failed to validate RRset {}/{}", rrset.getName(), Type.string(rrset.getType()), e); + status = SecurityStatus.BOGUS; + } + } + + return status; + } + + /** + * Verifies an RRset. This routine does not modify the RRset. This RRset is presumed to be + * verifiable, and the correct DNSKEY rrset is presumed to have been found. + * + * @param rrset The RRset to verify. + * @param keyRrset The keys to verify the signatures in the RRset to check. + * @param date The date against which to verify the rrset. + * @return SecurityStatus.SECURE if the rrest verified positively, SecurityStatus.BOGUS otherwise. + */ + public SecurityStatus verify(SRRset rrset, RRset keyRrset, Instant date) { + List sigs = rrset.sigs(); + if (sigs.isEmpty()) { + log.info("RRset failed to verify due to lack of signatures"); + return SecurityStatus.BOGUS; + } + + for (RRSIGRecord sigrec : sigs) { + SecurityStatus res = this.verifySignature(rrset, sigrec, keyRrset, date); + if (res == SecurityStatus.SECURE) { + return res; + } + } + + log.info("RRset failed to verify: all signatures were BOGUS"); + return SecurityStatus.BOGUS; + } + + /** + * Verify an RRset against a single DNSKEY. Use this when you must be certain that an RRset signed + * and verifies with a particular DNSKEY (as opposed to a particular DNSKEY rrset). + * + * @param rrset The rrset to verify. + * @param dnskey The DNSKEY to verify with. + * @param date The date against which to verify the rrset. + * @return SecurityStatus.SECURE if the rrset verified, BOGUS otherwise. + */ + public SecurityStatus verify(RRset rrset, DNSKEYRecord dnskey, Instant date) { + List sigs = rrset.sigs(); + if (sigs.isEmpty()) { + log.info("RRset failed to verify due to lack of signatures"); + return SecurityStatus.BOGUS; + } + + for (RRSIGRecord sigrec : sigs) { + // Skip RRSIGs that do not match our given key's footprint. + if (sigrec.getFootprint() != dnskey.getFootprint()) { + continue; + } + + try { + DNSSEC.verify(rrset, sigrec, dnskey, date); + return SecurityStatus.SECURE; + } catch (DNSSECException e) { + log.error("Failed to validate RRset", e); + } + } + + log.info("RRset failed to verify: all signatures were BOGUS"); + return SecurityStatus.BOGUS; + } +} diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/FindKeyState.java b/src/main/java/org/xbill/DNS/dnssec/validator/FindKeyState.java new file mode 100644 index 000000000..b0cfe19f1 --- /dev/null +++ b/src/main/java/org/xbill/DNS/dnssec/validator/FindKeyState.java @@ -0,0 +1,36 @@ +// SPDX-License-Identifier: BSD-3-Clause +// Copyright (c) 2005 VeriSign. All rights reserved. +// Copyright (c) 2013-2021 Ingo Bauersachs + +package org.xbill.DNS.dnssec.validator; + +import org.xbill.DNS.Name; +import org.xbill.DNS.dnssec.SRRset; + +/** + * State-object for the key-finding phase. + * + * @since 3.5 + */ +class FindKeyState { + /** The (initial) DS RRset for the following DNSKEY search and validate phase. */ + SRRset dsRRset; + + /** Iteratively holds the key during the search phase. */ + KeyEntry keyEntry; + + /** + * The name of the key to search. This is taken from the RRSIG's signer name or the query name if + * no signer name is available. + */ + Name signerName; + + /** The query class of the key to find. */ + int qclass; + + /** Sets the key name being searched for when a DS response is provably not a delegation point. */ + Name emptyDSName; + + /** The initial key name when the key search is started from a trust anchor. */ + Name currentDSKeyName; +} diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/JustifiedSecStatus.java b/src/main/java/org/xbill/DNS/dnssec/validator/JustifiedSecStatus.java new file mode 100644 index 000000000..5e71d2efc --- /dev/null +++ b/src/main/java/org/xbill/DNS/dnssec/validator/JustifiedSecStatus.java @@ -0,0 +1,35 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec.validator; + +import org.xbill.DNS.dnssec.SMessage; +import org.xbill.DNS.dnssec.SecurityStatus; + +/** + * Codes for DNSSEC security statuses along with a reason why the status was determined. + * + * @since 3.5 + */ +class JustifiedSecStatus { + SecurityStatus status; + String reason; + + /** + * Creates a new instance of this class. + * + * @param status The security status. + * @param reason The reason why the status was determined. + */ + JustifiedSecStatus(SecurityStatus status, String reason) { + this.status = status; + this.reason = reason; + } + + /** + * Applies this security status to a response message. + * + * @param response The response to which to apply this status. + */ + void applyToResponse(SMessage response) { + response.setStatus(this.status, this.reason); + } +} diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/KeyCache.java b/src/main/java/org/xbill/DNS/dnssec/validator/KeyCache.java new file mode 100644 index 000000000..5104323f8 --- /dev/null +++ b/src/main/java/org/xbill/DNS/dnssec/validator/KeyCache.java @@ -0,0 +1,167 @@ +// SPDX-License-Identifier: BSD-3-Clause +// Copyright (c) 2005 VeriSign. All rights reserved. +// Copyright (c) 2013-2021 Ingo Bauersachs +package org.xbill.DNS.dnssec.validator; + +import java.time.Clock; +import java.time.Instant; +import java.time.temporal.ChronoUnit; +import java.util.Collections; +import java.util.LinkedHashMap; +import java.util.Map; +import java.util.Properties; +import org.xbill.DNS.Name; +import org.xbill.DNS.Type; + +/** + * Cache for DNSKEY RRsets or corresponding null/bad key entries with a limited size and respect for + * TTL values. + * + * @since 3.5 + */ +final class KeyCache { + /** Name of the property that configures the maximum cache TTL. */ + public static final String MAX_TTL_CONFIG = "dnsjava.dnssec.keycache.max_ttl"; + + /** Name of the property that configures the maximum cache size. */ + public static final String MAX_CACHE_SIZE_CONFIG = "dnsjava.dnssec.keycache.max_size"; + + private static final int DEFAULT_MAX_TTL = 900; + private static final int DEFAULT_MAX_CACHE_SIZE = 1000; + + /** This is the main caching data structure. */ + private final Map cache; + + private final Clock clock; + + /** This is the maximum TTL [s] that all key cache entries will have. */ + private long maxTtl = DEFAULT_MAX_TTL; + + /** This is the maximum number of entries that the key cache will hold. */ + private int maxCacheSize = DEFAULT_MAX_CACHE_SIZE; + + /** Creates a new instance of this class. Uses the default system clock for cache eviction. */ + public KeyCache() { + this(Clock.systemUTC()); + } + + /** + * Creates a new instance of this class. + * + * @param clock The clock to use for cache eviction. + */ + public KeyCache(Clock clock) { + this.clock = clock; + this.cache = + Collections.synchronizedMap( + new LinkedHashMap() { + @Override + protected boolean removeEldestEntry(Map.Entry eldest) { + return size() >= KeyCache.this.maxCacheSize; + } + }); + } + + /** + * Initialize the cache. This implementation recognizes the following configuration parameters: + * + *
+ *
dnsjava.dnssec.keycache.max_ttl + *
The maximum TTL to apply to any cache entry. + *
dnsjava.dnssec.keycache.max_size + *
The maximum number of entries that the cache will hold. + *
+ * + * @param config The configuration information. + */ + public void init(Properties config) { + if (config == null) { + return; + } + + String s = config.getProperty(MAX_TTL_CONFIG); + if (s != null) { + this.maxTtl = Long.parseLong(s); + } + + s = config.getProperty(MAX_CACHE_SIZE_CONFIG); + if (s != null) { + this.maxCacheSize = Integer.parseInt(s); + } + } + + /** + * Find the 'closest' trusted DNSKEY rrset to the given name. + * + * @param n The name to start the search. + * @param dclass The class this DNSKEY rrset should be in. + * @return The 'closest' entry to 'n' in the same class as 'dclass'. + */ + public KeyEntry find(Name n, int dclass) { + while (n.labels() > 0) { + String k = this.key(n, dclass); + KeyEntry entry = this.lookupEntry(k); + if (entry != null) { + return entry; + } + + n = new Name(n, 1); + } + + return null; + } + + /** + * Store a {@link KeyEntry} in the cache. The entry will be ignored if it isn't a DNSKEY rrset, if + * it doesn't have the SECURE security status, or if it isn't a null-Key. + * + * @param ke The key entry to cache. + */ + public void store(KeyEntry ke) { + if (!ke.isGood() && !ke.isNull()) { + return; + } + + if (ke.getType() != Type.DNSKEY) { + return; + } + + String k = this.key(ke.getName(), ke.getDClass()); + CacheEntry ce = new CacheEntry(ke, this.maxTtl); + this.cache.put(k, ce); + } + + private String key(Name n, int dclass) { + return "K" + dclass + "/" + n; + } + + private KeyEntry lookupEntry(String key) { + CacheEntry centry = this.cache.get(key); + if (centry == null) { + return null; + } + + if (centry.expiration.isBefore(clock.instant())) { + this.cache.remove(key); + return null; + } + + return centry.keyEntry; + } + + /** Utility class to cache key entries with an expiration date. */ + private class CacheEntry { + private final Instant expiration; + private final KeyEntry keyEntry; + + CacheEntry(KeyEntry keyEntry, long maxTtl) { + long ttl = keyEntry.getTTL(); + if (ttl > maxTtl) { + ttl = maxTtl; + } + + this.expiration = clock.instant().plus(ttl, ChronoUnit.SECONDS); + this.keyEntry = keyEntry; + } + } +} diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/KeyEntry.java b/src/main/java/org/xbill/DNS/dnssec/validator/KeyEntry.java new file mode 100644 index 000000000..421649937 --- /dev/null +++ b/src/main/java/org/xbill/DNS/dnssec/validator/KeyEntry.java @@ -0,0 +1,162 @@ +// SPDX-License-Identifier: BSD-3-Clause +// Copyright (c) 2005 VeriSign. All rights reserved. +// Copyright (c) 2013-2021 Ingo Bauersachs + +package org.xbill.DNS.dnssec.validator; + +import lombok.EqualsAndHashCode; +import lombok.extern.slf4j.Slf4j; +import org.xbill.DNS.Name; +import org.xbill.DNS.Record; +import org.xbill.DNS.Type; +import org.xbill.DNS.dnssec.R; +import org.xbill.DNS.dnssec.SRRset; +import org.xbill.DNS.dnssec.SecurityStatus; + +/** + * DNSKEY cache entry for a given {@link Name}, with or without actual keys. + * + * @since 3.5 + */ +@Slf4j +@EqualsAndHashCode( + callSuper = true, + of = {"badReason", "isEmpty"}) +final class KeyEntry extends SRRset { + private String badReason; + private boolean isEmpty; + + /** + * Create a new, positive key entry. + * + * @param rrset The set of records to cache. + */ + private KeyEntry(SRRset rrset) { + super(rrset); + } + + private KeyEntry(Name name, int dclass, long ttl, boolean isBad) { + super(new SRRset(Record.newRecord(name, Type.DNSKEY, dclass, ttl))); + this.isEmpty = true; + if (isBad) { + setSecurityStatus(SecurityStatus.BOGUS); + } + } + + /** + * Creates a new key entry from actual DNSKEYs. + * + * @param rrset The DNSKEYs to cache. + * @return The created key entry. + */ + public static KeyEntry newKeyEntry(SRRset rrset) { + return new KeyEntry(rrset); + } + + /** + * Creates a new trusted key entry without actual DNSKEYs, i.e. it is proven that there are no + * keys. + * + * @param n The name for which the empty cache entry is created. + * @param dclass The DNS class. + * @param ttl The TTL [s]. + * @return The created key entry. + */ + public static KeyEntry newNullKeyEntry(Name n, int dclass, long ttl) { + return new KeyEntry(n, dclass, ttl, false); + } + + /** + * Creates a new bad key entry without actual DNSKEYs, i.e. from a response that did not validate. + * + * @param n The name for which the bad cache entry is created. + * @param dclass The DNS class. + * @param ttl The TTL [s]. + * @return The created key entry.s + */ + public static KeyEntry newBadKeyEntry(Name n, int dclass, long ttl) { + return new KeyEntry(n, dclass, ttl, true); + } + + /** + * Gets an indication if this is a null key, i.e. a proven secure response without keys. + * + * @return True is it is null, false otherwise. + */ + public boolean isNull() { + return this.isEmpty && this.getSecurityStatus() == SecurityStatus.UNCHECKED; + } + + /** + * Gets an indication if this is a bad key, i.e. an invalid response. + * + * @return True is it is bad, false otherwise. + */ + public boolean isBad() { + return this.isEmpty && this.getSecurityStatus() == SecurityStatus.BOGUS; + } + + /** + * Gets an indication if this is a good key, i.e. a proven secure response with keys. + * + * @return True is it is good, false otherwise. + */ + public boolean isGood() { + return !this.isEmpty && this.getSecurityStatus() == SecurityStatus.SECURE; + } + + /** + * Sets the reason why this key entry is bad. + * + * @param reason The reason why this key entry is bad. + */ + public void setBadReason(String reason) { + this.badReason = reason; + log.debug(this.badReason); + } + + /** + * Validate if this key instance is valid for the specified name. + * + * @param signerName the name against which this key is validated. + * @return A security status indicating if this key is valid, or if not, why. + */ + JustifiedSecStatus validateKeyFor(Name signerName) { + // signerName being null is the indicator that this response was + // unsigned + if (signerName == null) { + log.debug("no signerName"); + // Unsigned responses must be underneath a "null" key entry. + if (this.isNull()) { + String reason = this.badReason; + if (reason == null) { + reason = R.get("validate.insecure_unsigned"); + } + + return new JustifiedSecStatus(SecurityStatus.INSECURE, reason); + } + + if (this.isGood()) { + return new JustifiedSecStatus(SecurityStatus.BOGUS, R.get("validate.bogus.missingsig")); + } + + return new JustifiedSecStatus(SecurityStatus.BOGUS, R.get("validate.bogus", this.badReason)); + } + + if (this.isBad()) { + return new JustifiedSecStatus( + SecurityStatus.BOGUS, R.get("validate.bogus.badkey", this.getName(), this.badReason)); + } + + if (this.isNull()) { + String reason = this.badReason; + if (reason == null) { + reason = R.get("validate.insecure"); + } + + return new JustifiedSecStatus(SecurityStatus.INSECURE, reason); + } + + return null; + } +} diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/NSEC3ValUtils.java b/src/main/java/org/xbill/DNS/dnssec/validator/NSEC3ValUtils.java new file mode 100644 index 000000000..86911ca79 --- /dev/null +++ b/src/main/java/org/xbill/DNS/dnssec/validator/NSEC3ValUtils.java @@ -0,0 +1,700 @@ +// SPDX-License-Identifier: BSD-3-Clause +// Copyright (c) 2005 VeriSign. All rights reserved. +// Copyright (c) 2013-2021 Ingo Bauersachs +package org.xbill.DNS.dnssec.validator; + +import java.security.NoSuchAlgorithmException; +import java.security.interfaces.DSAPublicKey; +import java.security.interfaces.ECPublicKey; +import java.security.interfaces.RSAPublicKey; +import java.util.HashMap; +import java.util.List; +import java.util.ListIterator; +import java.util.Map; +import java.util.Properties; +import java.util.TreeMap; +import lombok.extern.slf4j.Slf4j; +import org.xbill.DNS.DNSKEYRecord; +import org.xbill.DNS.DNSSEC.Algorithm; +import org.xbill.DNS.DNSSEC.DNSSECException; +import org.xbill.DNS.NSEC3Record; +import org.xbill.DNS.NSEC3Record.Flags; +import org.xbill.DNS.Name; +import org.xbill.DNS.NameTooLongException; +import org.xbill.DNS.Record; +import org.xbill.DNS.TextParseException; +import org.xbill.DNS.Type; +import org.xbill.DNS.dnssec.SRRset; +import org.xbill.DNS.dnssec.SecurityStatus; +import org.xbill.DNS.utils.base32; + +/** + * NSEC3 non-existence proof utilities. + * + * @since 3.5 + */ +@Slf4j +final class NSEC3ValUtils { + private static final Name ASTERISK_LABEL = Name.fromConstantString("*"); + + private static final int MAX_ITERATION_COUNT = 65536; + + private final TreeMap maxIterations; + + /** Creates a new instance of this class. */ + NSEC3ValUtils() { + // see RFC5155#10.3 for the max iteration count + this.maxIterations = new TreeMap<>(); + this.maxIterations.put(1024, 150); + this.maxIterations.put(2048, 500); + this.maxIterations.put(4096, 2500); + } + + /** + * Loads the configuration data. Supported properties are: + * + *
    + *
  • dnsjava.dnssec.nsec3.iterations.M=N + *
+ * + * @param config The configuration data. + */ + void init(Properties config) { + boolean first = true; + for (Map.Entry s : config.entrySet()) { + String key = s.getKey().toString(); + if (key.startsWith("dnsjava.dnssec.nsec3.iterations")) { + int keySize = Integer.parseInt(key.substring(key.lastIndexOf(".") + 1)); + int iters = Integer.parseInt(s.getValue().toString()); + if (iters > MAX_ITERATION_COUNT) { + throw new IllegalArgumentException("Iteration count too high."); + } + + if (first) { + first = false; + this.maxIterations.clear(); + } + + this.maxIterations.put(keySize, iters); + } + } + } + + /** This is just a simple class to encapsulate the response to a closest encloser proof. */ + private static final class CEResponse { + private final Name closestEncloser; + private final NSEC3Record ceNsec3; + private NSEC3Record ncNsec3; + + /** + * + * + *
    + *
  • bogus if no closest encloser could be proven. + *
  • secure if a closest encloser could be proven, ce is set. + *
  • insecure if the closest-encloser candidate turns out to prove that an insecure + * delegation exists above the qname. + *
+ */ + private SecurityStatus status = SecurityStatus.UNCHECKED; + + private CEResponse(Name ce, NSEC3Record nsec3) { + this.closestEncloser = ce; + this.ceNsec3 = nsec3; + } + } + + private boolean supportsHashAlgorithm(int alg) { + return alg == NSEC3Record.SHA1_DIGEST_ID; + } + + /** + * Remove all records whose algorithm is unknown. + * + * @param nsec3s List of NSEC3 records to check. The list is modified by this method. + */ + public void stripUnknownAlgNSEC3s(List nsec3s) { + for (ListIterator i = nsec3s.listIterator(); i.hasNext(); ) { + NSEC3Record nsec3 = (NSEC3Record) i.next().first(); + if (!this.supportsHashAlgorithm(nsec3.getHashAlgorithm())) { + i.remove(); + } + } + } + + /** + * Given the name of a closest encloser, return the name *.closest_encloser. + * + * @param closestEncloser The name to start with. + * @return The wildcard name. + */ + private Name ceWildcard(Name closestEncloser) { + try { + return Name.concatenate(ASTERISK_LABEL, closestEncloser); + } catch (NameTooLongException e) { + return null; + } + } + + /** + * Given a qname and its proven closest encloser, calculate the "next closest" name. Basically, + * this is the name that is one label longer than the closest encloser that is still a subdomain + * of qname. + * + * @param qname The qname. + * @param closestEncloser The closest encloser name. + * @return The next closer name. + */ + private Name nextClosest(Name qname, Name closestEncloser) { + int strip = qname.labels() - closestEncloser.labels() - 1; + return (strip > 0) ? new Name(qname, strip) : qname; + } + + /** + * Find the NSEC3Record that matches a hash of a name. + * + * @param name The name to find. + * @param zonename The name of the zone that the NSEC3s are from. + * @param nsec3s A list of NSEC3Records from a given message. + * @return The matching NSEC3Record if one is present, null otherwise. + */ + private NSEC3Record findMatchingNSEC3(Name name, Name zonename, List nsec3s) { + base32 b32 = new base32(base32.Alphabet.BASE32HEX, false, false); + for (SRRset set : nsec3s) { + try { + NSEC3Record nsec3 = (NSEC3Record) set.first(); + byte[] hash = nsec3.hashName(name); + Name complete = new Name(b32.toString(hash), zonename); + if (complete.equals(nsec3.getName())) { + return nsec3; + } + } catch (NoSuchAlgorithmException | TextParseException e) { + log.debug("Unrecognized NSEC3 in set:" + set, e); + } + } + + return null; + } + + /** + * Given a hash and a candidate NSEC3Record, determine if that NSEC3Record covers the hash. Covers + * specifically means that the hash is in between the owner and next hashes and does not equal + * either. + * + * @param nsec3 The candidate NSEC3Record. + * @param zonename The zone name. + * @param hash The precalculated hash. + * @return True if the NSEC3Record covers the hash. + */ + private boolean nsec3Covers(NSEC3Record nsec3, Name zonename, byte[] hash) { + if (!new Name(nsec3.getName(), 1).equals(zonename)) { + return false; + } + + byte[] owner = + new base32(base32.Alphabet.BASE32HEX, false, false) + .fromString(nsec3.getName().getLabelString(0)); + byte[] next = nsec3.getNext(); + + // This is the "normal case: owner < next and owner < hash < next + ByteArrayComparator bac = new ByteArrayComparator(); + if (bac.compare(owner, hash) < 0 && bac.compare(hash, next) < 0) { + return true; + } + + // this is the end of zone case: next <= owner AND (hash > owner OR hash < next) + // Otherwise, the NSEC3 does not cover the hash. + return bac.compare(next, owner) <= 0 + && (bac.compare(hash, owner) > 0 || bac.compare(hash, next) < 0); + } + + /** + * Given a pre-hashed name, find a covering NSEC3 from among a list of NSEC3s. + * + * @param name The name to consider. + * @param zonename The name of the zone. + * @param nsec3s The list of NSEC3s present in a message. + * @return A covering NSEC3 if one is present, null otherwise. + */ + private NSEC3Record findCoveringNSEC3(Name name, Name zonename, List nsec3s) { + for (SRRset set : nsec3s) { + try { + NSEC3Record nsec3 = (NSEC3Record) set.first(); + byte[] hash = nsec3.hashName(name); + if (this.nsec3Covers(nsec3, zonename, hash)) { + return nsec3; + } + } catch (NoSuchAlgorithmException e) { + log.debug("Unrecognized NSEC3 in set:" + set, e); + } + } + + return null; + } + + /** + * Given a name and a list of NSEC3s, find the candidate closest encloser. This will be the first + * ancestor of 'name' (including itself) to have a matching NSEC3 RR. + * + * @param name The name the start with. + * @param zonename The name of the zone that the NSEC3s came from. + * @param nsec3s The list of NSEC3s. + * @return A CEResponse containing the closest encloser name and the NSEC3 RR that matched it, or + * null if there wasn't one. + */ + private CEResponse findClosestEncloser(Name name, Name zonename, List nsec3s) { + // This scans from longest name to shortest, so the first match we find + // is the only viable candidate. + // FIXME: modify so that the NSEC3 matching the zone apex need not be present + while (name.labels() >= zonename.labels()) { + NSEC3Record nsec3 = this.findMatchingNSEC3(name, zonename, nsec3s); + if (nsec3 != null) { + return new CEResponse(name, nsec3); + } + + name = new Name(name, 1); + } + + return null; + } + + /** + * Given a List of nsec3 RRs, find and prove the closest encloser to qname. + * + * @param qname The qname in question. + * @param zonename The name of the zone that the NSEC3 RRs come from. + * @param nsec3s The list of NSEC3s found the this response (already verified). + * @return A CEResponse object which contains the closest encloser name and the NSEC3 that matches + * it. + */ + private CEResponse proveClosestEncloser(Name qname, Name zonename, List nsec3s) { + CEResponse candidate = this.findClosestEncloser(qname, zonename, nsec3s); + if (candidate == null) { + log.debug("proveClosestEncloser: could not find a candidate for the closest encloser."); + candidate = new CEResponse(Name.empty, null); + candidate.status = SecurityStatus.BOGUS; + return candidate; + } + + if (candidate.closestEncloser.equals(qname)) { + log.debug("proveClosestEncloser: proved that qname existed!"); + candidate.status = SecurityStatus.BOGUS; + return candidate; + } + + // If the closest encloser is actually a delegation, then the response + // should have been a referral. If it is a DNAME, then it should have + // been a DNAME response. + if (candidate.ceNsec3.hasType(Type.NS) && !candidate.ceNsec3.hasType(Type.SOA)) { + if (!candidate.ceNsec3.hasType(Type.DS)) { + candidate.status = SecurityStatus.INSECURE; + return candidate; + } + + log.debug("proveClosestEncloser: closest encloser was a delegation!"); + candidate.status = SecurityStatus.BOGUS; + return candidate; + } + + if (candidate.ceNsec3.hasType(Type.DNAME)) { + log.debug("proveClosestEncloser: closest encloser was a DNAME!"); + candidate.status = SecurityStatus.BOGUS; + return candidate; + } + + // Otherwise, we need to show that the next closer name is covered. + Name nextClosest = this.nextClosest(qname, candidate.closestEncloser); + candidate.ncNsec3 = this.findCoveringNSEC3(nextClosest, zonename, nsec3s); + if (candidate.ncNsec3 == null) { + log.debug("Could not find proof that the closest encloser was the closest encloser"); + candidate.status = SecurityStatus.BOGUS; + return candidate; + } + + candidate.status = SecurityStatus.SECURE; + return candidate; + } + + private boolean validIterations(SRRset nsec, KeyCache keyCache) { + SRRset dnskeyRrset = keyCache.find(nsec.getSignerName(), nsec.getDClass()); + // for now, we return the maximum iterations based simply on the key + // algorithms that may have been used to sign the NSEC3 RRsets. + try { + for (Record r : dnskeyRrset.rrs()) { + DNSKEYRecord dnskey = (DNSKEYRecord) r; + int keysize; + switch (dnskey.getAlgorithm()) { + case Algorithm.RSAMD5: + return false; // obsoleted by rfc6725 + case Algorithm.RSASHA1: + case Algorithm.RSASHA256: + case Algorithm.RSASHA512: + case Algorithm.RSA_NSEC3_SHA1: + keysize = ((RSAPublicKey) dnskey.getPublicKey()).getModulus().bitLength(); + break; + case Algorithm.DSA: + case Algorithm.DSA_NSEC3_SHA1: + keysize = ((DSAPublicKey) dnskey.getPublicKey()).getParams().getP().bitLength(); + break; + case Algorithm.ECDSAP256SHA256: + case Algorithm.ECDSAP384SHA384: + keysize = + ((ECPublicKey) dnskey.getPublicKey()) + .getParams() + .getCurve() + .getField() + .getFieldSize(); + break; + case Algorithm.ECC_GOST: + keysize = 512; + break; + case Algorithm.ED25519: + keysize = 256; + break; + case Algorithm.ED448: + keysize = 456; + break; + default: + return false; + } + + Integer keyIters = this.maxIterations.floorKey(keysize); + if (keyIters == null) { + keyIters = this.maxIterations.firstKey(); + } + + keyIters = this.maxIterations.get(keyIters); + if (((NSEC3Record) nsec.first()).getIterations() > keyIters) { + return false; + } + } + + return true; + } catch (DNSSECException e) { + log.error("Could not get public key from NSEC3 record", e); + return false; + } + } + + /** + * Determine if all of the NSEC3s in a response are legally ignoreable (i.e., their presence + * should lead to an INSECURE result). Currently, this is solely based on iterations. + * + * @param nsec3s The list of NSEC3s. If there is more than one set of NSEC3 parameters present, + * this test will not be performed. + * @param dnskeyRrset The set of validating DNSKEYs. + * @return true if all of the NSEC3s can be legally ignored, false if not. + */ + public boolean allNSEC3sIgnoreable(List nsec3s, KeyCache dnskeyRrset) { + Map foundNsecs = new HashMap<>(); + ByteArrayComparator comp = new ByteArrayComparator(); + for (SRRset set : nsec3s) { + for (Record r : set.rrs()) { + NSEC3Record current = (NSEC3Record) r; + Name key = new Name(current.getName(), 1); + NSEC3Record previous = foundNsecs.get(key); + if (previous != null) { + if (current.getHashAlgorithm() != previous.getHashAlgorithm()) { + return true; + } + + if (current.getIterations() != previous.getIterations()) { + return true; + } + + if (current.getSalt() == null ^ previous.getSalt() == null) { + return true; + } + + if (current.getSalt() != null + && comp.compare(current.getSalt(), previous.getSalt()) != 0) { + return true; + } + } else { + foundNsecs.put(key, current); + } + } + } + + for (SRRset set : nsec3s) { + if (this.validIterations(set, dnskeyRrset)) { + return false; + } + } + + return true; + } + + /** + * Determine if the set of NSEC3 records provided with a response prove NAME ERROR. This means + * that the NSEC3s prove a) the closest encloser exists, b) the direct child of the closest + * encloser towards qname doesn't exist, and c) *.closest encloser does not exist. + * + * @param nsec3s The list of NSEC3s. + * @param qname The query name to check against. + * @param zonename This is the name of the zone that the NSEC3s belong to. This may be discovered + * in any number of ways. A good one is to use the signerName from the NSEC3 record's RRSIG. + * @return {@link SecurityStatus#SECURE} of the Name Error is proven by the NSEC3 RRs, {@link + * SecurityStatus#BOGUS} if not, {@link SecurityStatus#INSECURE} if all of the NSEC3s could be + * validly ignored. + */ + public SecurityStatus proveNameError(List nsec3s, Name qname, Name zonename) { + if (nsec3s == null || nsec3s.isEmpty()) { + return SecurityStatus.BOGUS; + } + + // First locate and prove the closest encloser to qname. We will use the + // variant that fails if the closest encloser turns out to be qname. + CEResponse ce = this.proveClosestEncloser(qname, zonename, nsec3s); + + if (ce.status != SecurityStatus.SECURE) { + log.debug("proveNameError: failed to prove a closest encloser."); + return ce.status; + } + + // At this point, we know that qname does not exist. Now we need to + // prove + // that the wildcard does not exist. + Name wc = this.ceWildcard(ce.closestEncloser); + NSEC3Record nsec3 = this.findCoveringNSEC3(wc, zonename, nsec3s); + if (nsec3 == null) { + log.debug("proveNameError: could not prove that the applicable wildcard did not exist."); + return SecurityStatus.BOGUS; + } + + if ((ce.ncNsec3.getFlags() & Flags.OPT_OUT) == Flags.OPT_OUT) { + log.debug("nsec3 nameerror proof: nc has optout"); + return SecurityStatus.INSECURE; + } + + return SecurityStatus.SECURE; + } + + /** + * Determine if the NSEC3s provided in a response prove the NOERROR/NODATA status. There are a + * number of different variants to this: + * + *

1) Normal NODATA -- qname is matched to an NSEC3 record, type is not present. + * + *

2) ENT NODATA -- because there must be NSEC3 record for empty-non-terminals, this is the + * same as #1. + * + *

3) NSEC3 ownername NODATA -- qname matched an existing, lone NSEC3 ownername, but qtype was + * not NSEC3. NOTE: as of nsec-05, this case no longer exists. + * + *

4) Wildcard NODATA -- A wildcard matched the name, but not the type. + * + *

5) Opt-In DS NODATA -- the qname is covered by an opt-in span and qtype == DS. (or maybe + * some future record with the same parent-side-only property) + * + * @param nsec3s The NSEC3Records to consider. + * @param qname The qname in question. + * @param qtype The qtype in question. + * @param zonename The name of the zone that the NSEC3s came from. + * @return {@link SecurityStatus#SECURE} if the NSEC3s prove the proposition, {@link + * SecurityStatus#INSECURE} if qname is under opt-out, {@link SecurityStatus#BOGUS} otherwise. + */ + public SecurityStatus proveNodata(List nsec3s, Name qname, int qtype, Name zonename) { + if (nsec3s == null || nsec3s.isEmpty()) { + return SecurityStatus.BOGUS; + } + + NSEC3Record nsec3 = this.findMatchingNSEC3(qname, zonename, nsec3s); + // Cases 1 & 2. + if (nsec3 != null) { + if (nsec3.hasType(qtype)) { + log.debug("proveNodata: Matching NSEC3 proved that type existed!"); + return SecurityStatus.BOGUS; + } + + if (nsec3.hasType(Type.CNAME)) { + log.debug("proveNodata: Matching NSEC3 proved that a CNAME existed!"); + return SecurityStatus.BOGUS; + } + + if (qtype == Type.DS && nsec3.hasType(Type.SOA) && !Name.root.equals(qname)) { + log.debug("proveNodata: apex NSEC3 abused for no DS proof, bogus"); + return SecurityStatus.BOGUS; + } else if (qtype != Type.DS && nsec3.hasType(Type.NS) && !nsec3.hasType(Type.SOA)) { + if (!nsec3.hasType(Type.DS)) { + log.debug("proveNodata: matching NSEC3 is insecure delegation"); + return SecurityStatus.INSECURE; + } + + log.debug("proveNodata: matching NSEC3 is a delegation, bogus"); + return SecurityStatus.BOGUS; + } + + return SecurityStatus.SECURE; + } + + // For cases 3 - 5, we need the proven closest encloser, and it can't + // match qname. Although, at this point, we know that it won't since we + // just checked that. + CEResponse ce = this.proveClosestEncloser(qname, zonename, nsec3s); + + // At this point, not finding a match or a proven closest encloser is a + // problem. + if (ce.status == SecurityStatus.BOGUS) { + log.debug("proveNodata: did not match qname, nor found a proven closest encloser."); + return SecurityStatus.BOGUS; + } else if (ce.status == SecurityStatus.INSECURE && qtype != Type.DS) { + log.debug("proveNodata: closest nsec3 is insecure delegation."); + return SecurityStatus.INSECURE; + } + + // Case 3: REMOVED + + // Case 4: + Name wc = this.ceWildcard(ce.closestEncloser); + nsec3 = this.findMatchingNSEC3(wc, zonename, nsec3s); + if (nsec3 != null) { + if (nsec3.hasType(qtype)) { + log.debug("proveNodata: matching wildcard had qtype!"); + return SecurityStatus.BOGUS; + } else if (nsec3.hasType(Type.CNAME)) { + log.debug("nsec3 nodata proof: matching wildcard had a CNAME, bogus"); + return SecurityStatus.BOGUS; + } + + if (qtype == Type.DS && qname.labels() != 1 && nsec3.hasType(Type.SOA)) { + log.debug("nsec3 nodata proof: matching wildcard for no DS proof has a SOA, bogus"); + return SecurityStatus.BOGUS; + } else if (qtype != Type.DS && nsec3.hasType(Type.NS) && !nsec3.hasType(Type.SOA)) { + log.debug("nsec3 nodata proof: matching wilcard is a delegation, bogus"); + return SecurityStatus.BOGUS; + } + + if (ce.ncNsec3 != null && (ce.ncNsec3.getFlags() & Flags.OPT_OUT) == Flags.OPT_OUT) { + log.debug("nsec3 nodata proof: matching wildcard is in optout range, insecure"); + return SecurityStatus.INSECURE; + } + + return SecurityStatus.SECURE; + } + + // Case 5. + // Due to forwarders, cnames, and other collating effects, we + // can see the ordinary unsigned data from a zone beneath an + // insecure delegation under an optout here */ + if (ce.ncNsec3 == null) { + log.debug("nsec3 nodata proof: no next closer nsec3"); + return SecurityStatus.BOGUS; + } + + // We need to make sure that the covering NSEC3 is opt-out. + if ((ce.ncNsec3.getFlags() & Flags.OPT_OUT) == 0) { + if (qtype != Type.DS) { + log.debug( + "proveNodata: covering NSEC3 was not opt-out in an opt-out DS NOERROR/NODATA case."); + } else { + log.debug( + "proveNodata: could not find matching NSEC3, nor matching wildcard, and qtype is not DS -- no more options."); + } + + return SecurityStatus.BOGUS; + } + + // RFC5155 section 9.2: if nc has optout then no AD flag set + return SecurityStatus.INSECURE; + } + + /** + * Prove that a positive wildcard match was appropriate (no direct match RRset). + * + * @param nsec3s The NSEC3 records to work with. + * @param qname The qname that was matched to the wildard + * @param zonename The name of the zone that the NSEC3s come from. + * @param wildcard The purported wildcard that matched. + * @return true if the NSEC3 records prove this case. + */ + public SecurityStatus proveWildcard( + List nsec3s, Name qname, Name zonename, Name wildcard) { + if (nsec3s == null || nsec3s.isEmpty() || qname == null || wildcard == null) { + return SecurityStatus.BOGUS; + } + + // We know what the (purported) closest encloser is by just looking at + // the supposed generating wildcard. + CEResponse candidate = new CEResponse(new Name(wildcard, 1), null); + + // Now we still need to prove that the original data did not exist. + // Otherwise, we need to show that the next closer name is covered. + Name nextClosest = this.nextClosest(qname, candidate.closestEncloser); + candidate.ncNsec3 = this.findCoveringNSEC3(nextClosest, zonename, nsec3s); + + if (candidate.ncNsec3 == null) { + log.debug( + "proveWildcard: did not find a covering NSEC3 that covered the next closer name to " + + qname + + " from " + + candidate.closestEncloser + + " (derived from wildcard " + + wildcard + + ")"); + return SecurityStatus.BOGUS; + } + + if ((candidate.ncNsec3.getFlags() & Flags.OPT_OUT) == Flags.OPT_OUT) { + return SecurityStatus.INSECURE; + } + + return SecurityStatus.SECURE; + } + + /** + * Prove that a DS response either had no DS, or wasn't a delegation point. + * + *

Fundamentally there are two cases here: normal NODATA and Opt-In NODATA. + * + * @param nsec3s The NSEC3 RRs to examine. + * @param qname The name of the DS in question. + * @param zonename The name of the zone that the NSEC3 RRs come from. + * @return SecurityStatus.SECURE if it was proven that there is no DS in a secure (i.e., not + * opt-in) way, SecurityStatus.INSECURE if there was no DS in an insecure (i.e., opt-in) way, + * SecurityStatus.INDETERMINATE if it was clear that this wasn't a delegation point, and + * SecurityStatus.BOGUS if the proofs don't work out. + */ + public SecurityStatus proveNoDS(List nsec3s, Name qname, Name zonename) { + if (nsec3s == null || nsec3s.isEmpty()) { + return SecurityStatus.BOGUS; + } + + // Look for a matching NSEC3 to qname -- this is the normal NODATA case. + NSEC3Record nsec3 = this.findMatchingNSEC3(qname, zonename, nsec3s); + + if (nsec3 != null) { + // If the matching NSEC3 has the SOA bit set, it is from the wrong + // zone (the child instead of the parent). If it has the DS bit set, + // then we were lied to. + if (nsec3.hasType(Type.SOA) || nsec3.hasType(Type.DS)) { + return SecurityStatus.BOGUS; + } + + // If the NSEC3 RR doesn't have the NS bit set, then this wasn't a + // delegation point. + if (!nsec3.hasType(Type.NS)) { + return SecurityStatus.INDETERMINATE; + } + + // Otherwise, this proves no DS. + return SecurityStatus.SECURE; + } + + // Otherwise, we are probably in the opt-out case. + CEResponse ce = this.proveClosestEncloser(qname, zonename, nsec3s); + if (ce.status != SecurityStatus.SECURE) { + return SecurityStatus.BOGUS; + } + + // If we had the closest encloser proof, then we need to check that the + // covering NSEC3 was opt-in -- the proveClosestEncloser step already + // checked to see if the closest encloser was a delegation or DNAME. + if ((ce.ncNsec3.getFlags() & Flags.OPT_OUT) != Flags.OPT_OUT) { + return SecurityStatus.BOGUS; + } + + // RFC5155 section 9.2: if nc has optout then no AD flag set + return SecurityStatus.INSECURE; + } +} diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/ResponseClassification.java b/src/main/java/org/xbill/DNS/dnssec/validator/ResponseClassification.java new file mode 100644 index 000000000..5ce8ecb7c --- /dev/null +++ b/src/main/java/org/xbill/DNS/dnssec/validator/ResponseClassification.java @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: BSD-3-Clause +// Copyright (c) 2005 VeriSign. All rights reserved. +// Copyright (c) 2013-2021 Ingo Bauersachs +package org.xbill.DNS.dnssec.validator; + +/** + * These are response subtypes. They are necessary for determining the validation strategy. They + * have no bearing on the iterative resolution algorithm, so they are confined here. + * + * @since 3.5 + */ +enum ResponseClassification { + /** Not a recognized subtype. */ + UNKNOWN, + + /** A postive, direct, response. */ + POSITIVE, + + /** A postive response, with a CNAME/DNAME chain. */ + CNAME, + + /** A NOERROR/NODATA response. */ + NODATA, + + /** A NXDOMAIN response. */ + NAMEERROR, + + /** A response to a qtype=ANY query. */ + ANY, + + /** A response with CNAMES that points to a non-existing type. */ + CNAME_NODATA, + + /** A response with CNAMES that points into the void. */ + CNAME_NAMEERROR, + + /** A referral, from cache with a nonRD query. */ + REFERRAL, +} diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/TrustAnchorStore.java b/src/main/java/org/xbill/DNS/dnssec/validator/TrustAnchorStore.java new file mode 100644 index 000000000..47913ac0c --- /dev/null +++ b/src/main/java/org/xbill/DNS/dnssec/validator/TrustAnchorStore.java @@ -0,0 +1,101 @@ +// SPDX-License-Identifier: BSD-3-Clause +// Copyright (c) 2005 VeriSign. All rights reserved. +// Copyright (c) 2013-2021 Ingo Bauersachs +package org.xbill.DNS.dnssec.validator; + +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; +import org.xbill.DNS.DNSKEYRecord; +import org.xbill.DNS.DNSSEC; +import org.xbill.DNS.DSRecord; +import org.xbill.DNS.Name; +import org.xbill.DNS.Record; +import org.xbill.DNS.Type; +import org.xbill.DNS.dnssec.SRRset; +import org.xbill.DNS.dnssec.SecurityStatus; + +/** + * Storage for DS or DNSKEY records that are known to be trusted. + * + * @since 3.5 + */ +public final class TrustAnchorStore { + private final Map map; + + /** Creates a new instance of this class. */ + public TrustAnchorStore() { + this.map = new HashMap<>(); + } + + /** + * Stores the given RRset as known trusted keys. Existing keys for the same name and class are + * overwritten. + * + * @param rrset The key set to store as trusted. + */ + public void store(SRRset rrset) { + if (rrset.getType() != Type.DS && rrset.getType() != Type.DNSKEY) { + throw new IllegalArgumentException("Trust anchors can only be DS or DNSKEY records"); + } + + if (rrset.getType() == Type.DNSKEY) { + SRRset temp = new SRRset(); + for (Record r : rrset.rrs()) { + DNSKEYRecord key = (DNSKEYRecord) r; + DSRecord ds = + new DSRecord(key.getName(), key.getDClass(), key.getTTL(), DNSSEC.Digest.SHA384, key); + temp.addRR(ds); + } + + rrset = temp; + } + + String k = this.key(rrset.getName(), rrset.getDClass()); + rrset.setSecurityStatus(SecurityStatus.SECURE); + SRRset previous = this.map.put(k, rrset); + if (previous != null) { + previous.rrs().forEach(rrset::addRR); + } + } + + /** + * Gets the closest trusted key for the given name or null if no match is found. + * + * @param name The name to search for. + * @param dclass The class of the keys. + * @return The closest found key for name or null. + */ + public SRRset find(Name name, int dclass) { + while (name.labels() > 0) { + String k = this.key(name, dclass); + SRRset r = this.lookup(k); + if (r != null) { + return r; + } + + name = new Name(name, 1); + } + + return null; + } + + /** Removes all stored trust anchors. */ + public void clear() { + this.map.clear(); + } + + /** Gets all trust anchors currently in use. */ + public Collection items() { + return Collections.unmodifiableCollection(this.map.values()); + } + + private SRRset lookup(String key) { + return this.map.get(key); + } + + private String key(Name n, int dclass) { + return "T" + dclass + "/" + n.canonicalize(); + } +} diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/ValUtils.java b/src/main/java/org/xbill/DNS/dnssec/validator/ValUtils.java new file mode 100644 index 000000000..0f53451f0 --- /dev/null +++ b/src/main/java/org/xbill/DNS/dnssec/validator/ValUtils.java @@ -0,0 +1,906 @@ +// SPDX-License-Identifier: BSD-3-Clause +// Copyright (c) 2005 VeriSign. All rights reserved. +// Copyright (c) 2013-2021 Ingo Bauersachs +package org.xbill.DNS.dnssec.validator; + +import java.security.Security; +import java.time.Instant; +import java.util.List; +import java.util.Properties; +import lombok.extern.slf4j.Slf4j; +import org.xbill.DNS.DClass; +import org.xbill.DNS.DNSKEYRecord; +import org.xbill.DNS.DNSSEC; +import org.xbill.DNS.DNSSEC.Algorithm; +import org.xbill.DNS.DSRecord; +import org.xbill.DNS.Message; +import org.xbill.DNS.NSECRecord; +import org.xbill.DNS.Name; +import org.xbill.DNS.NameTooLongException; +import org.xbill.DNS.RRSIGRecord; +import org.xbill.DNS.RRset; +import org.xbill.DNS.Rcode; +import org.xbill.DNS.Record; +import org.xbill.DNS.Section; +import org.xbill.DNS.Type; +import org.xbill.DNS.dnssec.R; +import org.xbill.DNS.dnssec.SMessage; +import org.xbill.DNS.dnssec.SRRset; +import org.xbill.DNS.dnssec.SecurityStatus; + +/** + * This is a collection of routines encompassing the logic of validating different message types. + * + * @since 3.5 + */ +@Slf4j +public final class ValUtils { + public static final String DIGEST_PREFERENCE = "dnsjava.dnssec.digest_preference"; + public static final String DIGEST_ENABLED = "dnsjava.dnssec.digest"; + public static final String DIGEST_HARDEN_DOWNGRADE = "dnsjava.dnssec.harden_algo_downgrade"; + public static final String ALGORITHM_ENABLED = "dnsjava.dnssec.algorithm"; + + private static final Name WILDCARD = Name.fromConstantString("*"); + + /** A local copy of the verifier object. */ + private final DnsSecVerifier verifier; + + private int[] digestPreference = null; + private Properties config = null; + private boolean digestHardenDowngrade = true; + private boolean hasGost; + private boolean hasEd25519; + private boolean hasEd448; + + /** Creates a new instance of this class. */ + public ValUtils() { + this.verifier = new DnsSecVerifier(); + hasGost = Security.getProviders("MessageDigest.GOST3411") != null; + hasEd25519 = Security.getProviders("KeyFactory.Ed25519") != null; + hasEd448 = Security.getProviders("KeyFactory.Ed448") != null; + } + + /** + * Set the owner name of NSEC RRsets to the canonical name, i.e. the name that is not + * expanded from a wildcard label. + * + * @param set The RRset to canonicalize. + * @param sig The signature that validated this RRset. + */ + public static void setCanonicalNsecOwner(SRRset set, RRSIGRecord sig) { + if (set.getType() != Type.NSEC) { + return; + } + + Record nsec = set.first(); + int fqdnLabelCount = nsec.getName().labels() - 1; // don't count the root label + if (nsec.getName().isWild()) { + --fqdnLabelCount; // don't count the wildcard label + } + + if (sig.getLabels() == fqdnLabelCount) { + set.setName(nsec.getName()); + } else if (sig.getLabels() < fqdnLabelCount) { + set.setName(nsec.getName().wild(sig.getSigner().labels() - sig.getLabels())); + } else { + throw new IllegalArgumentException("invalid nsec record"); + } + } + + /** + * Initialize the module. The recognized configuration values are: + * + *

    + *
  • {@link #DIGEST_PREFERENCE} + *
  • {@link #DIGEST_HARDEN_DOWNGRADE} + *
  • {@link #DIGEST_ENABLED} + *
  • {@link #ALGORITHM_ENABLED} + *
+ * + * @param config The configuration data for this module. + */ + public void init(Properties config) { + hasGost = Security.getProviders("MessageDigest.GOST3411") != null; + hasEd25519 = Security.getProviders("KeyFactory.Ed25519") != null; + hasEd448 = Security.getProviders("KeyFactory.Ed448") != null; + this.config = config; + String dp = config.getProperty(DIGEST_PREFERENCE); + if (dp != null) { + String[] dpdata = dp.split(","); + this.digestPreference = new int[dpdata.length]; + for (int i = 0; i < dpdata.length; i++) { + this.digestPreference[i] = Integer.parseInt(dpdata[i]); + if (!isDigestSupported(this.digestPreference[i])) { + throw new IllegalArgumentException( + "Unsupported or disabled digest ID in digest preferences"); + } + } + } + + this.digestHardenDowngrade = Boolean.parseBoolean(config.getProperty(DIGEST_HARDEN_DOWNGRADE)); + } + + /** + * Given a response, classify ANSWER responses into a subtype. + * + * @param request The original query message. + * @param m The response to classify. + * @return A subtype ranging from UNKNOWN to NAMEERROR. + */ + public static ResponseClassification classifyResponse(Message request, SMessage m) { + // Normal Name Error's are easy to detect -- but don't mistake a CNAME + // chain ending in NXDOMAIN. + if (m.getRcode() == Rcode.NXDOMAIN && m.getCount(Section.ANSWER) == 0) { + return ResponseClassification.NAMEERROR; + } + + // check for referral: nonRD query and it looks like a nodata + if (m.getCount(Section.ANSWER) == 0 && m.getRcode() != Rcode.NOERROR) { + // SOA record in auth indicates it is NODATA instead. + // All validation requiring NODATA messages have SOA in + // authority section. + // uses fact that answer section is empty + boolean sawNs = false; + for (RRset set : m.getSectionRRsets(Section.AUTHORITY)) { + if (set.getType() == Type.SOA) { + return ResponseClassification.NODATA; + } + + if (set.getType() == Type.DS) { + return ResponseClassification.REFERRAL; + } + + if (set.getType() == Type.NS) { + sawNs = true; + } + } + + return sawNs ? ResponseClassification.REFERRAL : ResponseClassification.NODATA; + } + + // root referral where NS set is in the answer section + if (m.getSectionRRsets(Section.AUTHORITY).isEmpty() + && m.getSectionRRsets(Section.ANSWER).size() == 1 + && m.getRcode() == Rcode.NOERROR + && m.getSectionRRsets(Section.ANSWER).get(0).getType() == Type.NS + && !m.getSectionRRsets(Section.ANSWER) + .get(0) + .getName() + .equals(request.getQuestion().getName())) { + return ResponseClassification.REFERRAL; + } + + // dump bad messages + if (m.getRcode() != Rcode.NOERROR && m.getRcode() != Rcode.NXDOMAIN) { + return ResponseClassification.UNKNOWN; + } + + // Next is NODATA + if (m.getCount(Section.ANSWER) == 0) { + return ResponseClassification.NODATA; + } + + // We distinguish between CNAME response and other positive/negative + // responses because CNAME answers require extra processing. + int qtype = m.getQuestion().getType(); + + // We distinguish between ANY and CNAME or POSITIVE because ANY + // responses are validated differently. + if (qtype == Type.ANY) { + return ResponseClassification.ANY; + } + + boolean hadCname = false; + for (RRset set : m.getSectionRRsets(Section.ANSWER)) { + if (set.getType() == qtype) { + return ResponseClassification.POSITIVE; + } + + if (set.getType() == Type.CNAME || set.getType() == Type.DNAME) { + hadCname = true; + if (qtype == Type.DS) { + return ResponseClassification.CNAME; + } + } + } + + if (hadCname) { + if (m.getRcode() == Rcode.NXDOMAIN) { + return ResponseClassification.CNAME_NAMEERROR; + } else { + return ResponseClassification.CNAME_NODATA; + } + } + + log.warn("Failed to classify response message:\n" + m); + return ResponseClassification.UNKNOWN; + } + + /** + * Given a DS rrset and a DNSKEY rrset, match the DS to a DNSKEY and verify the DNSKEY rrset with + * that key. + * + * @param dnskeyRrset The DNSKEY rrset to match against. The security status of this rrset will be + * updated on a successful verification. + * @param dsRrset The DS rrset to match with. This rrset must already be trusted. + * @param badKeyTTL The TTL [s] for keys determined to be bad. + * @param date The date against which to verify the rrset. + * @return a KeyEntry. This will either contain the now trusted dnskey RRset, a "null" key entry + * indicating that this DS rrset/DNSKEY pair indicate an secure end to the island of trust + * (i.e., unknown algorithms), or a "bad" KeyEntry if the dnskey RRset fails to verify. Note + * that the "null" response should generally only occur in a private algorithm scenario: + * normally this sort of thing is checked before fetching the matching DNSKEY rrset. + */ + public KeyEntry verifyNewDNSKEYs( + SRRset dnskeyRrset, SRRset dsRrset, long badKeyTTL, Instant date) { + if (!atLeastOneDigestSupported(dsRrset)) { + KeyEntry ke = + KeyEntry.newNullKeyEntry(dsRrset.getName(), dsRrset.getDClass(), dsRrset.getTTL()); + ke.setBadReason(R.get("failed.ds.nodigest", dsRrset.getName())); + return ke; + } + + if (!atLeastOneSupportedAlgorithm(dsRrset)) { + KeyEntry ke = + KeyEntry.newNullKeyEntry(dsRrset.getName(), dsRrset.getDClass(), dsRrset.getTTL()); + ke.setBadReason(R.get("failed.ds.noalg", dsRrset.getName())); + return ke; + } + + int favoriteDigestID = this.favoriteDSDigestID(dsRrset); + for (Record dsr : dsRrset.rrs()) { + DSRecord ds = (DSRecord) dsr; + if (this.digestHardenDowngrade && ds.getDigestID() != favoriteDigestID) { + continue; + } + + for (Record dsnkeyr : dnskeyRrset.rrs()) { + DNSKEYRecord dnskey = (DNSKEYRecord) dsnkeyr; + + // Skip DNSKEYs that don't match the basic criteria. + if (ds.getFootprint() != dnskey.getFootprint() + || ds.getAlgorithm() != dnskey.getAlgorithm()) { + continue; + } + + KeyEntry ke = getKeyEntry(dnskeyRrset, date, ds, dnskey); + if (ke != null) { + return ke; + } + + // If it didn't validate with the DNSKEY, try the next one! + } + } + + // If any were understandable, then it is bad. + KeyEntry badKey = KeyEntry.newBadKeyEntry(dsRrset.getName(), dsRrset.getDClass(), badKeyTTL); + badKey.setBadReason(R.get("dnskey.no_ds_match")); + return badKey; + } + + private KeyEntry getKeyEntry(SRRset dnskeyRrset, Instant date, DSRecord ds, DNSKEYRecord dnskey) { + // Convert the candidate DNSKEY into a hash using the same DS + // hash algorithm. + DSRecord keyDigest = new DSRecord(Name.root, ds.getDClass(), 0, ds.getDigestID(), dnskey); + byte[] keyHash = keyDigest.getDigest(); + byte[] dsHash = ds.getDigest(); + + // see if there is a length mismatch (unlikely) + if (keyHash.length != dsHash.length) { + return null; + } + + for (int k = 0; k < keyHash.length; k++) { + if (keyHash[k] != dsHash[k]) { + return null; + } + } + + // Otherwise, we have a match! Make sure that the DNSKEY + // verifies *with this key*. + SecurityStatus res = this.verifier.verify(dnskeyRrset, dnskey, date); + if (res == SecurityStatus.SECURE) { + log.trace("DS matched DNSKEY."); + dnskeyRrset.setSecurityStatus(SecurityStatus.SECURE); + return KeyEntry.newKeyEntry(dnskeyRrset); + } + return null; + } + + /** + * Gets the digest ID for the favorite (best) algorithm that is support in a given DS set. + * + *

The order of preference can be configured with the property {@value #DIGEST_PREFERENCE}. If + * the property is not set, the highest supported number is returned. + * + * @param dsset The DS set to check for the favorite algorithm. + * @return The favorite digest ID or 0 if none is supported. 0 is not a known digest ID. + */ + int favoriteDSDigestID(SRRset dsset) { + if (this.digestPreference == null) { + int max = 0; + for (Record r : dsset.rrs()) { + DSRecord ds = (DSRecord) r; + if (ds.getDigestID() > max + && isDigestSupported(ds.getDigestID()) + && isAlgorithmSupported(ds.getAlgorithm())) { + max = ds.getDigestID(); + } + } + + return max; + } else { + for (int preference : this.digestPreference) { + for (Record r : dsset.rrs()) { + DSRecord ds = (DSRecord) r; + if (ds.getDigestID() == preference) { + return ds.getDigestID(); + } + } + } + } + + return 0; + } + + /** + * Given an SRRset that is signed by a DNSKEY found in the key_rrset, verify it. This will return + * the status (either BOGUS or SECURE) and set that status in rrset. + * + * @param rrset The SRRset to verify. + * @param keyRrset The set of keys to verify against. + * @param date The date against which to verify the rrset. + * @return The status (BOGUS or SECURE). + */ + public SecurityStatus verifySRRset(SRRset rrset, SRRset keyRrset, Instant date) { + String rrsetName = + rrset.getName() + + "/" + + Type.string(rrset.getType()) + + "/" + + DClass.string(rrset.getDClass()); + + if (rrset.getSecurityStatus() == SecurityStatus.SECURE) { + log.trace("verifySRRset: rrset <{}> previously found to be SECURE", rrsetName); + return SecurityStatus.SECURE; + } + + SecurityStatus status = this.verifier.verify(rrset, keyRrset, date); + if (status != SecurityStatus.SECURE) { + log.debug("verifySRRset: rrset <{}> found to be BAD", rrsetName); + status = SecurityStatus.BOGUS; + } else { + log.trace("verifySRRset: rrset <{}> found to be SECURE", rrsetName); + } + + rrset.setSecurityStatus(status); + return status; + } + + /** + * Determine by looking at a signed RRset whether or not the RRset name was the result of a + * wildcard expansion. If so, return the name of the generating wildcard. + * + * @param rrset The rrset to chedck. + * @return the wildcard name, if the rrset was synthesized from a wildcard. null if not. + */ + public static Name rrsetWildcard(RRset rrset) { + List sigs = rrset.sigs(); + RRSIGRecord firstSig = sigs.get(0); + + // check rest of signatures have identical label count + for (int i = 1; i < sigs.size(); i++) { + if (sigs.get(i).getLabels() != firstSig.getLabels()) { + throw new IllegalArgumentException("failed.wildcard.label_count_mismatch"); + } + } + + // if the RRSIG label count is shorter than the number of actual labels, + // then this rrset was synthesized from a wildcard. + // Note that the RRSIG label count doesn't count the root label. + Name wn = rrset.getName(); + + // skip a leading wildcard label in the dname (RFC4035 2.2) + if (rrset.getName().isWild()) { + wn = new Name(wn, 1); + } + + int labelDiff = (wn.labels() - 1) - firstSig.getLabels(); + if (labelDiff > 0) { + return wn.wild(labelDiff); + } + + return null; + } + + /** + * Finds the longest domain name in common with the given name. + * + * @param domain1 The first domain to process. + * @param domain2 The second domain to process. + * @return The longest label in common of domain1 and domain2. The least common name is the root. + */ + public static Name longestCommonName(Name domain1, Name domain2) { + int l = Math.min(domain1.labels(), domain2.labels()); + domain1 = new Name(domain1, domain1.labels() - l); + domain2 = new Name(domain2, domain2.labels() - l); + for (int i = 0; i < l - 1; i++) { + Name ns1 = new Name(domain1, i); + if (ns1.equals(new Name(domain2, i))) { + return ns1; + } + } + + return Name.root; + } + + /** + * Is the first Name strictly a subdomain of the second name (i.e., below but not equal to). + * + * @param domain1 The first domain to process. + * @param domain2 The second domain to process. + * @return True when domain1 is a strict subdomain of domain2. + */ + public static boolean strictSubdomain(Name domain1, Name domain2) { + if (domain1.labels() <= domain2.labels()) { + return false; + } + + return new Name(domain1, domain1.labels() - domain2.labels()).equals(domain2); + } + + /** + * Determines the 'closest encloser' - the name that has the most common labels between + * domain and ({@link NSECRecord#getName()} or {@link NSECRecord#getNext()}). + * + * @param domain The name for which the closest encloser is queried. + * @param owner The beginning of the covering {@link Name} to check. + * @param next The end of the covering {@link Name} to check. + * @return The closest encloser name of domain as defined by {@code owner} and {@code + * next}. + */ + public static Name closestEncloser(Name domain, Name owner, Name next) { + Name n1 = longestCommonName(domain, owner); + Name n2 = longestCommonName(domain, next); + + return (n1.labels() > n2.labels()) ? n1 : n2; + } + + /** + * Gets the closest encloser of domain prepended with a wildcard label. + * + * @param domain The name for which the wildcard closest encloser is demanded. + * @param set The RRset containing {@code nsec} to check. + * @param nsec The covering NSEC that defines the encloser. + * @return The wildcard closest encloser name of domain as defined by nsec + * . + * @throws NameTooLongException If adding the wildcard label to the closest encloser results in an + * invalid name. + */ + public static Name nsecWildcard(Name domain, SRRset set, NSECRecord nsec) + throws NameTooLongException { + Name origin = closestEncloser(domain, set.getName(), nsec.getNext()); + return Name.concatenate(WILDCARD, origin); + } + + /** + * Determine if the given NSEC proves a NameError (NXDOMAIN) for a given qname. + * + * @param set The RRset that contains the NSEC. + * @param nsec The NSEC to check. + * @param qname The qname to check against. + * @return true if the NSEC proves the condition. + */ + public static boolean nsecProvesNameError(SRRset set, NSECRecord nsec, Name qname) { + Name owner = set.getName(); + Name next = nsec.getNext(); + + // If NSEC owner == qname, then this NSEC proves that qname exists. + if (qname.equals(owner)) { + return false; + } + + // deny overreaching NSECs + if (!next.subdomain(set.getSignerName())) { + return false; + } + + // If NSEC is a parent of qname, we need to check the type map + // If the parent name has a DNAME or is a delegation point, then this + // NSEC is being misused. + if (qname.subdomain(owner)) { + if (nsec.hasType(Type.DNAME)) { + return false; + } + + if (nsec.hasType(Type.NS) && !nsec.hasType(Type.SOA)) { + return false; + } + } + + if (owner.equals(next)) { + // this nsec is the only nsec: zone.name NSEC zone.name + // it disproves everything else but only for subdomains of that zone + return strictSubdomain(qname, next); + } else if (owner.compareTo(next) > 0) { + // this is the last nsec, ....(bigger) NSEC zonename(smaller) + // the names after the last (owner) name do not exist + // there are no names before the zone name in the zone + // but the qname must be a subdomain of the zone name(next). + return owner.compareTo(qname) < 0 && strictSubdomain(qname, next); + } else { + // regular NSEC, (smaller) NSEC (larger) + return owner.compareTo(qname) < 0 && qname.compareTo(next) < 0; + } + } + + /** + * Determine if a NSEC record proves the non-existence of a wildcard that could have produced + * qname. + * + * @param set The RRset of the NSEC record. + * @param nsec The nsec record to check. + * @param qname The qname to check against. + * @return true if the NSEC proves the condition. + */ + public static boolean nsecProvesNoWC(SRRset set, NSECRecord nsec, Name qname) { + Name ce = closestEncloser(qname, set.getName(), nsec.getNext()); + int labelsToStrip = qname.labels() - ce.labels(); + if (labelsToStrip > 0) { + Name wcName = qname.wild(labelsToStrip); + return nsecProvesNameError(set, nsec, wcName); + } + + return false; + } + + /** + * Container for responses of {@link ValUtils#nsecProvesNodata(SRRset, NSECRecord, Name, int)}. + */ + public static class NsecProvesNodataResponse { + boolean result; + Name wc; + } + + /** + * Determine if a NSEC proves the NOERROR/NODATA conditions. This will also handle the empty + * non-terminal (ENT) case and partially handle the wildcard case. If the ownername of 'nsec' is a + * wildcard, the validator must still be provided proof that qname did not directly exist and that + * the wildcard is, in fact, *.closest_encloser. + * + * @param set The RRset of the NSEC record. + * @param nsec The NSEC to check + * @param qname The query name to check against. + * @param qtype The query type to check against. + * @return true if the NSEC proves the condition. + */ + public static NsecProvesNodataResponse nsecProvesNodata( + SRRset set, NSECRecord nsec, Name qname, int qtype) { + NsecProvesNodataResponse result = new NsecProvesNodataResponse(); + if (!set.getName().equals(qname)) { + // empty-non-terminal checking. + // Done before wildcard, because this is an exact match, + // and would prevent a wildcard from matching. + + // If the nsec is proving that qname is an ENT, the nsec owner will + // be less than qname, and the next name will be a child domain of + // the qname. + if (strictSubdomain(nsec.getNext(), qname) && set.getName().compareTo(qname) < 0) { + result.result = true; + return result; + } + + // Wildcard checking: + // If this is a wildcard NSEC, make sure that a) it was possible to + // have generated qname from the wildcard and b) the type map does + // not contain qtype. Note that this does NOT prove that this + // wildcard was the applicable wildcard. + if (set.getName().isWild()) { + // the is the purported closest encloser. + Name ce = new Name(set.getName(), 1); + + // The qname must be a strict subdomain of the closest encloser, + // and the qtype must be absent from the type map. + if (strictSubdomain(qname, ce)) { + if (nsec.hasType(Type.CNAME)) { + // should have gotten the wildcard CNAME + result.result = false; + return result; + } + + if (nsec.hasType(Type.NS) && !nsec.hasType(Type.SOA)) { + // wrong parentside (wildcard) NSEC used, and it really + // should not exist anyway: + // http://tools.ietf.org/html/rfc4592#section-4.2 + result.result = false; + return result; + } + + if (nsec.hasType(qtype)) { + result.result = false; + return result; + } + } + + result.wc = ce; + result.result = true; + return result; + } + + // Otherwise, this NSEC does not prove ENT, so it does not prove + // NODATA. + result.result = false; + return result; + } + + // If the qtype exists, then we should have gotten it. + if (nsec.hasType(qtype)) { + result.result = false; + return result; + } + + // if the name is a CNAME node, then we should have gotten the CNAME + if (nsec.hasType(Type.CNAME)) { + result.result = false; + return result; + } + + // If an NS set exists at this name, and NOT a SOA (so this is a zone + // cut, not a zone apex), then we should have gotten a referral (or we + // just got the wrong NSEC). + // The reverse of this check is used when qtype is DS, since that + // must use the NSEC from above the zone cut. + if (qtype != Type.DS && nsec.hasType(Type.NS) && !nsec.hasType(Type.SOA)) { + result.result = false; + return result; + } + if (qtype == Type.DS && nsec.hasType(Type.SOA) && !Name.root.equals(qname)) { + result.result = false; + return result; + } + + result.result = true; + return result; + } + + /** + * Check DS absence. There is a NODATA reply to a DS that needs checking. NSECs can prove this is + * not a delegation point, or successfully prove that there is no DS. Or this fails. + * + * @param request The request that generated this response. + * @param response The response to validate. + * @param keyRrset The key that validate the NSECs. + * @param date The date against which to verify the response. + * @return The NODATA proof along with the reason of the result. + */ + public JustifiedSecStatus nsecProvesNodataDsReply( + Message request, SMessage response, SRRset keyRrset, Instant date) { + Name qname = request.getQuestion().getName(); + int qclass = request.getQuestion().getDClass(); + + // If we have a NSEC at the same name, it must prove one of two + // things + // -- + // 1) this is a delegation point and there is no DS + // 2) this is not a delegation point + SRRset nsecRrset = response.findRRset(qname, Type.NSEC, qclass, Section.AUTHORITY); + if (nsecRrset != null) { + // The NSEC must verify, first of all. + SecurityStatus status = this.verifySRRset(nsecRrset, keyRrset, date); + if (status != SecurityStatus.SECURE) { + return new JustifiedSecStatus(SecurityStatus.BOGUS, R.get("failed.ds.nsec")); + } + + NSECRecord nsec = (NSECRecord) nsecRrset.first(); + status = ValUtils.nsecProvesNoDS(nsec, qname); + switch (status) { + case INSECURE: // this wasn't a delegation point. + return new JustifiedSecStatus(status, R.get("failed.ds.nodelegation")); + case SECURE: // this proved no DS. + return new JustifiedSecStatus(status, R.get("insecure.ds.nsec")); + default: // something was wrong. + return new JustifiedSecStatus(status, R.get("failed.ds.nsec.hasdata")); + } + } + + // Otherwise, there is no NSEC at qname. This could be an ENT. + // If not, this is broken. + NsecProvesNodataResponse ndp = new NsecProvesNodataResponse(); + Name ce = null; + boolean hasValidNSEC = false; + NSECRecord wcNsec = null; + for (SRRset set : response.getSectionRRsets(Section.AUTHORITY, Type.NSEC)) { + SecurityStatus status = this.verifySRRset(set, keyRrset, date); + if (status != SecurityStatus.SECURE) { + return new JustifiedSecStatus(status, R.get("failed.ds.nsec.ent")); + } + + NSECRecord nsec = (NSECRecord) set.rrs().get(0); + ndp = ValUtils.nsecProvesNodata(set, nsec, qname, Type.DS); + if (ndp.result) { + hasValidNSEC = true; + if (ndp.wc != null && nsec.getName().isWild()) { + wcNsec = nsec; + } + } + + if (ValUtils.nsecProvesNameError(set, nsec, qname)) { + ce = closestEncloser(qname, set.getName(), nsec.getNext()); + } + } + + // The wildcard NODATA is 1 NSEC proving that qname does not exists (and + // also proving what the closest encloser is), and 1 NSEC showing the + // matching wildcard, which must be *.closest_encloser. + if (ndp.wc != null && (ce == null || !ce.equals(ndp.wc))) { + hasValidNSEC = false; + } + + if (hasValidNSEC) { + if (ndp.wc != null) { + SecurityStatus status = nsecProvesNoDS(wcNsec, qname); + return new JustifiedSecStatus(status, R.get("failed.ds.nowildcardproof")); + } + + return new JustifiedSecStatus(SecurityStatus.INSECURE, R.get("insecure.ds.nsec.ent")); + } + + return new JustifiedSecStatus(SecurityStatus.UNCHECKED, R.get("failed.ds.nonconclusive")); + } + + /** + * Checks if the authority section of a message contains at least one signed NSEC or NSEC3 record. + * + * @param message The message to inspect. + * @return True if at least one record is found, false otherwise. + */ + public boolean hasSignedNsecs(SMessage message) { + for (SRRset set : message.getSectionRRsets(Section.AUTHORITY)) { + if ((set.getType() == Type.NSEC || set.getType() == Type.NSEC3) && !set.sigs().isEmpty()) { + return true; + } + } + + return false; + } + + /** + * Determines whether the given {@link NSECRecord} proves that there is no {@link DSRecord} for + * qname. + * + * @param nsec The NSEC that should prove the non-existence. + * @param qname The name for which the prove is made. + * @return {@link SecurityStatus#BOGUS} when the NSEC is from the child domain or indicates that + * there indeed is a DS record, {@link SecurityStatus#INSECURE} when there is not even a prove + * for a NS record, {@link SecurityStatus#SECURE} when there is no DS record. + */ + public static SecurityStatus nsecProvesNoDS(NSECRecord nsec, Name qname) { + // Could check to make sure the qname is a subdomain of nsec + if ((nsec.hasType(Type.SOA) && !Name.root.equals(qname)) || nsec.hasType(Type.DS)) { + // SOA present means that this is the NSEC from the child, not the + // parent (so it is the wrong one) -> cannot happen because the + // keyset is always from the parent zone and doesn't validate the + // NSEC + // DS present means that there should have been a positive response + // to the DS query, so there is something wrong. + return SecurityStatus.BOGUS; + } + + if (!nsec.hasType(Type.NS)) { + // If there is no NS at this point at all, then this doesn't prove + // anything one way or the other. + return SecurityStatus.INSECURE; + } + + // Otherwise, this proves no DS. + return SecurityStatus.SECURE; + } + + /** + * Determines if at least one of the DS records in the RRset has a supported algorithm. + * + * @param dsRRset The RR set to search in. + * @return True when at least one DS record uses a supported algorithm, false otherwise. + */ + boolean atLeastOneSupportedAlgorithm(RRset dsRRset) { + for (Record r : dsRRset.rrs()) { + if (isAlgorithmSupported(((DSRecord) r).getAlgorithm())) { + return true; + } + + // do nothing, there could be another DS we understand + } + + return false; + } + + /** + * Determines if the algorithm is supported. + * + * @param alg The algorithm to check. + * @return True when the algorithm is supported, false otherwise. + */ + boolean isAlgorithmSupported(int alg) { + String configKey = ALGORITHM_ENABLED + "." + alg; + switch (alg) { + case Algorithm.RSAMD5: + return false; // obsoleted by rfc6725 + case Algorithm.DSA: + case Algorithm.DSA_NSEC3_SHA1: + if (config == null) { + return false; + } + + return Boolean.parseBoolean(config.getProperty(configKey, Boolean.FALSE.toString())); + case Algorithm.RSASHA1: + case Algorithm.RSA_NSEC3_SHA1: + case Algorithm.RSASHA256: + case Algorithm.RSASHA512: + case Algorithm.ECDSAP256SHA256: + case Algorithm.ECDSAP384SHA384: + return propertyOrTrueWithPrecondition(configKey, true); + case Algorithm.ECC_GOST: + return propertyOrTrueWithPrecondition(configKey, hasGost); + case Algorithm.ED25519: + return propertyOrTrueWithPrecondition(configKey, hasEd25519); + case Algorithm.ED448: + return propertyOrTrueWithPrecondition(configKey, hasEd448); + default: + return false; + } + } + + /** + * Determines if at least one of the DS records in the RRset has a supported digest algorithm. + * + * @param dsRRset The RR set to search in. + * @return True when at least one DS record uses a supported digest algorithm, false otherwise. + */ + boolean atLeastOneDigestSupported(RRset dsRRset) { + for (Record r : dsRRset.rrs()) { + if (isDigestSupported(((DSRecord) r).getDigestID())) { + return true; + } + + // do nothing, there could be another DS we understand + } + + return false; + } + + /** + * Determines if the digest algorithm is supported. + * + * @param digestID the algorithm to check. + * @return True when the digest algorithm is supported, false otherwise. + */ + boolean isDigestSupported(int digestID) { + String configKey = DIGEST_ENABLED + "." + digestID; + switch (digestID) { + case DNSSEC.Digest.SHA1: + case DNSSEC.Digest.SHA256: + case DNSSEC.Digest.SHA384: + if (config == null) { + return true; + } + + return Boolean.parseBoolean(config.getProperty(configKey, Boolean.TRUE.toString())); + case DNSSEC.Digest.GOST3411: + return propertyOrTrueWithPrecondition(configKey, hasGost); + default: + return false; + } + } + + private boolean propertyOrTrueWithPrecondition(String configKey, boolean precondition) { + if (!precondition) { + return false; + } + + if (config == null) { + return true; + } + + return Boolean.parseBoolean(config.getProperty(configKey, Boolean.TRUE.toString())); + } +} diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/ValidatingResolver.java b/src/main/java/org/xbill/DNS/dnssec/validator/ValidatingResolver.java new file mode 100644 index 000000000..c6615b0a2 --- /dev/null +++ b/src/main/java/org/xbill/DNS/dnssec/validator/ValidatingResolver.java @@ -0,0 +1,1382 @@ +// SPDX-License-Identifier: BSD-3-Clause +// Copyright (c) 2005 VeriSign. All rights reserved. +// Copyright (c) 2013-2021 Ingo Bauersachs +package org.xbill.DNS.dnssec.validator; + +import static java.util.concurrent.CompletableFuture.completedFuture; + +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.time.Clock; +import java.time.Duration; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Properties; +import java.util.concurrent.CompletableFuture; +import java.util.concurrent.CompletionStage; +import java.util.concurrent.atomic.AtomicInteger; +import lombok.extern.slf4j.Slf4j; +import org.xbill.DNS.CNAMERecord; +import org.xbill.DNS.DClass; +import org.xbill.DNS.DNAMERecord; +import org.xbill.DNS.EDNSOption; +import org.xbill.DNS.ExtendedFlags; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Header; +import org.xbill.DNS.Master; +import org.xbill.DNS.Message; +import org.xbill.DNS.NSECRecord; +import org.xbill.DNS.Name; +import org.xbill.DNS.NameTooLongException; +import org.xbill.DNS.Rcode; +import org.xbill.DNS.Record; +import org.xbill.DNS.Resolver; +import org.xbill.DNS.Section; +import org.xbill.DNS.TSIG; +import org.xbill.DNS.TXTRecord; +import org.xbill.DNS.Type; +import org.xbill.DNS.dnssec.R; +import org.xbill.DNS.dnssec.SMessage; +import org.xbill.DNS.dnssec.SRRset; +import org.xbill.DNS.dnssec.SecurityStatus; +import org.xbill.DNS.dnssec.validator.ValUtils.NsecProvesNodataResponse; + +/** + * This resolver validates responses with DNSSEC. + * + * @since 3.5 + */ +@Slf4j +public final class ValidatingResolver implements Resolver { + /** + * The QCLASS being used for the injection of the reason why the validator came to the returned + * result. + */ + public static final int VALIDATION_REASON_QCLASS = 65280; + + /** This is the TTL to use when a trust anchor priming query failed to validate. */ + private static final long DEFAULT_TA_BAD_KEY_TTL = 60; + + /** This is a cache of validated, but expirable DNSKEY rrsets. */ + private final KeyCache keyCache; + + /** + * A data structure holding all trust anchors. Trust anchors must be "primed" into the cache + * before being used to validate. + */ + private final TrustAnchorStore trustAnchors; + + /** The local validation utilities. */ + private final ValUtils valUtils; + + /** The local NSEC3 validation utilities. */ + private final NSEC3ValUtils n3valUtils; + + /** The resolver that performs the actual DNS lookups. */ + private final Resolver headResolver; + + /** The clock used to validate messages. */ + private final Clock clock; + + /** + * Creates a new instance of this class. + * + * @param headResolver The resolver to which queries for DS, DNSKEY and referring CNAME records + * are sent. + */ + public ValidatingResolver(Resolver headResolver) { + this(headResolver, Clock.systemUTC()); + } + + /** + * Creates a new instance of this class. + * + * @param headResolver The resolver to which queries for DS, DNSKEY and referring CNAME records + * are sent. + * @param clock the Clock to validate messages. + */ + public ValidatingResolver(Resolver headResolver, Clock clock) { + this.headResolver = headResolver; + this.clock = clock; + headResolver.setEDNS(0, 0, ExtendedFlags.DO); + headResolver.setIgnoreTruncation(false); + + this.keyCache = new KeyCache(); + this.valUtils = new ValUtils(); + this.n3valUtils = new NSEC3ValUtils(); + this.trustAnchors = new TrustAnchorStore(); + try { + init(System.getProperties()); + } catch (IOException e) { + log.error("Could not initialize from system properties", e); + } + } + + // ---------------- Module Initialization ------------------- + + /** + * Initialize the module. The only recognized configuration value is + * dnsjava.dnssec.trust_anchor_file. + * + * @param config The configuration data for this module. + * @throws IOException When the file specified in the config does not exist or cannot be read. + */ + public void init(Properties config) throws IOException { + this.keyCache.init(config); + this.n3valUtils.init(config); + this.valUtils.init(config); + + // Load trust anchors + String s = config.getProperty("dnsjava.dnssec.trust_anchor_file"); + if (s != null) { + log.debug("reading trust anchor file file: " + s); + this.loadTrustAnchors(new FileInputStream(s)); + } + } + + /** + * Load the trust anchor file into the trust anchor store. The trust anchors are currently stored + * in a zone file format list of DNSKEY or DS records. + * + * @param data The trust anchor data. + * @throws IOException when the trust anchor data could not be read. + */ + public void loadTrustAnchors(InputStream data) throws IOException { + // First read in the whole trust anchor file. + List records = new ArrayList<>(); + try (Master master = new Master(data, Name.root, 0)) { + Record mr; + while ((mr = master.nextRecord()) != null) { + records.add(mr); + } + } + + // Record.compareTo() should sort them into DNSSEC canonical order. + // Don't care about canonical order per se, but do want them to be + // formable into RRsets. + Collections.sort(records); + + SRRset currentRrset = new SRRset(); + for (Record r : records) { + // Skip RR types that cannot be used as trust anchors. + if (r.getType() != Type.DNSKEY && r.getType() != Type.DS) { + continue; + } + + // If our current set is empty, we can just add it. + if (currentRrset.size() == 0) { + currentRrset.addRR(r); + continue; + } + + // If this record matches our current RRset, we can just add it. + if (currentRrset.getName().equals(r.getName()) + && currentRrset.getType() == r.getType() + && currentRrset.getDClass() == r.getDClass()) { + currentRrset.addRR(r); + continue; + } + + // Otherwise, we add the rrset to our set of trust anchors and begin + // a new set + this.trustAnchors.store(currentRrset); + currentRrset = new SRRset(); + currentRrset.addRR(r); + } + + // add the last rrset (if it was not empty) + if (currentRrset.size() > 0) { + this.trustAnchors.store(currentRrset); + } + } + + /** + * Gets the store with the loaded trust anchors. + * + * @return The store with the loaded trust anchors. + */ + public TrustAnchorStore getTrustAnchors() { + return this.trustAnchors; + } + + /** + * For messages that are not referrals, if the chase reply contains an unsigned NS record in the + * authority section it could have been inserted by a (BIND) forwarder that thinks the zone is + * insecure, and that has an NS record without signatures in cache. Remove the NS record since the + * reply does not hinge on that record (in the authority section), but do not remove it if it + * removes the last record from the answer+authority sections. + * + * @param response: the chased reply, we have a key for this contents, so we should have + * signatures for these rrsets and not having signatures means it will be bogus. + */ + private void removeSpuriousAuthority(SMessage response) { + // if no answer and only 1 auth RRset, do not remove that one + if (response.getSectionRRsets(Section.ANSWER).isEmpty() + && response.getSectionRRsets(Section.AUTHORITY).size() == 1) { + return; + } + + // search authority section for unsigned NS records + Iterator authRrsetIterator = response.getSectionRRsets(Section.AUTHORITY).iterator(); + while (authRrsetIterator.hasNext()) { + SRRset rrset = authRrsetIterator.next(); + if (rrset.getType() == Type.NS && rrset.sigs().isEmpty()) { + log.trace( + "Removing spurious unsigned NS record (likely inserted by forwarder) {}/{}/{}", + rrset.getName(), + Type.string(rrset.getType()), + DClass.string(rrset.getDClass())); + authRrsetIterator.remove(); + } + } + } + + /** + * Given a "postive" response -- a response that contains an answer to the question, and no CNAME + * chain, validate this response. This generally consists of verifying the answer RRset and the + * authority RRsets. + * + *

Given an "ANY" response -- a response that contains an answer to a qtype==ANY question, with + * answers. This consists of simply verifying all present answer/auth RRsets, with no checking + * that all types are present. + * + *

NOTE: it may be possible to get parent-side delegation point records here, which won't all + * be signed. Right now, this routine relies on the upstream iterative resolver to not return + * these responses -- instead treating them as referrals. + * + *

NOTE: RFC 4035 is silent on this issue, so this may change upon clarification. + * + * @param request The request that generated this response. + * @param response The response to validate. + */ + private CompletionStage validatePositiveResponse(Message request, SMessage response) { + Map wcs = new HashMap<>(1); + List nsec3s = new ArrayList<>(0); + List nsecs = new ArrayList<>(0); + + return this.validateAnswerAndGetWildcards(response, request.getQuestion().getType(), wcs) + .thenCompose( + success -> { + if (Boolean.TRUE.equals(success)) { + // validate the AUTHORITY section as well - this will generally be the + // NS rrset (which could be missing, no problem) + int[] sections; + if (request.getQuestion().getType() == Type.ANY) { + sections = new int[] {Section.ANSWER, Section.AUTHORITY}; + } else { + sections = new int[] {Section.AUTHORITY}; + } + + return this.validatePositiveResponseRecursive( + response, + wcs, + nsec3s, + nsecs, + sections, + new AtomicInteger(0), + new AtomicInteger(0)); + } + + return completedFuture(false); + }) + .thenAccept( + success -> { + if (!Boolean.TRUE.equals(success)) { + return; + } + + // If this is a positive wildcard response, and we have NSEC records, + // try to use them to + // 1) prove that qname doesn't exist and + // 2) that the correct wildcard was used. + if (wcs.size() > 0) { + for (Map.Entry wc : wcs.entrySet()) { + boolean wcNsecOk = false; + for (SRRset set : nsecs) { + NSECRecord nsec = (NSECRecord) set.first(); + if (ValUtils.nsecProvesNameError(set, nsec, wc.getKey())) { + try { + Name nsecWc = ValUtils.nsecWildcard(wc.getKey(), set, nsec); + if (wc.getValue().equals(nsecWc)) { + wcNsecOk = true; + break; + } + } catch (NameTooLongException e) { + // COVERAGE:OFF -> a NTLE can only be thrown when + // the qname is equal to the NSEC owner or NSEC next + // name, so that the wildcard is appended to + // CE=qname=owner=next. This would however indicate + // that the qname exists, which is proofed not the + // be the case beforehand. + throw new IllegalStateException( + R.get("failed.positive.wildcardgeneration")); + } + } + } + + // If this was a positive wildcard response that we haven't + // already proven, and we have NSEC3 records, try to prove it + // using the NSEC3 records. + if (!wcNsecOk && !nsec3s.isEmpty()) { + if (this.n3valUtils.allNSEC3sIgnoreable(nsec3s, this.keyCache)) { + response.setStatus(SecurityStatus.INSECURE, R.get("failed.nsec3_ignored")); + return; + } + + SecurityStatus status = + this.n3valUtils.proveWildcard( + nsec3s, wc.getKey(), nsec3s.get(0).getSignerName(), wc.getValue()); + if (status == SecurityStatus.INSECURE) { + response.setStatus(status); + return; + } else if (status == SecurityStatus.SECURE) { + wcNsecOk = true; + } + } + + // If after all this, we still haven't proven the positive + // wildcard response, fail. + if (!wcNsecOk) { + response.setBogus(R.get("failed.positive.wildcard_too_broad")); + return; + } + } + } + + response.setStatus(SecurityStatus.SECURE); + }); + } + + private CompletionStage validatePositiveResponseRecursive( + SMessage response, + Map wcs, + List nsec3s, + List nsecs, + int[] sections, + AtomicInteger sectionIndex, + AtomicInteger setIndex) { + // reached the end of the sections to validate, end recursion, success + if (sectionIndex.get() >= sections.length) { + return completedFuture(true); + } + + List sectionRRsets = response.getSectionRRsets(sections[sectionIndex.get()]); + + // reached the end of the rrset in the current section, advance to next section + if (setIndex.get() >= sectionRRsets.size()) { + sectionIndex.getAndIncrement(); + setIndex.set(0); + return this.validatePositiveResponseRecursive( + response, wcs, nsec3s, nsecs, sections, sectionIndex, setIndex); + } + + SRRset set = sectionRRsets.get(setIndex.getAndIncrement()); + return this.prepareFindKey(set) + .thenCompose( + ke -> { + JustifiedSecStatus kve = ke.validateKeyFor(set.getSignerName()); + if (kve != null) { + kve.applyToResponse(response); + return completedFuture(false); + } + + SecurityStatus status = this.valUtils.verifySRRset(set, ke, this.clock.instant()); + // If anything in the authority section fails to be secure, we + // have a bad message. + if (status != SecurityStatus.SECURE) { + response.setBogus(R.get("failed.authority.positive", set)); + return completedFuture(false); + } + + if (wcs.size() > 0) { + if (set.getType() == Type.NSEC) { + nsecs.add(set); + } else if (set.getType() == Type.NSEC3) { + nsec3s.add(set); + } + } + + return this.validatePositiveResponseRecursive( + response, wcs, nsec3s, nsecs, sections, sectionIndex, setIndex); + }); + } + + private CompletionStage validateAnswerAndGetWildcards( + SMessage response, int qtype, Map wcs) { + return this.validateAnswerAndGetWildcardsRecursive(response, qtype, wcs, new AtomicInteger(0)); + } + + private CompletionStage validateAnswerAndGetWildcardsRecursive( + SMessage response, int qtype, Map wcs, AtomicInteger setIndex) { + // validate the ANSWER section - this will be the answer itself + List sectionRRsets = response.getSectionRRsets(Section.ANSWER); + + // reached the end of the answer section, success + if (setIndex.get() >= sectionRRsets.size()) { + return completedFuture(true); + } + + SRRset set = sectionRRsets.get(setIndex.get()); + // Verify the answer rrset. + return this.prepareFindKey(set) + .thenCompose( + ke -> { + JustifiedSecStatus kve = ke.validateKeyFor(set.getSignerName()); + if (kve != null) { + kve.applyToResponse(response); + return completedFuture(false); + } + + SecurityStatus status = this.valUtils.verifySRRset(set, ke, this.clock.instant()); + // If the answer rrset failed to validate, then this message is BAD + if (status != SecurityStatus.SECURE) { + response.setBogus(R.get("failed.answer.positive", set)); + return completedFuture(false); + } + + // Check to see if the rrset is the result of a wildcard expansion. + // If so, an additional check will need to be made in the authority + // section. + Name wc; + try { + wc = ValUtils.rrsetWildcard(set); + } catch (RuntimeException ex) { + response.setBogus(R.get(ex.getMessage(), set.getName())); + return completedFuture(false); + } + + if (wc != null) { + // RFC 4592, Section 4.4 does not allow wildcarded DNAMEs + if (set.getType() == Type.DNAME) { + response.setBogus(R.get("failed.dname.wildcard", set.getName())); + return completedFuture(false); + } + + wcs.put(set.getName(), wc); + } + + // Notice a DNAME that should be followed by an unsigned CNAME. + if (qtype != Type.DNAME && set.getType() == Type.DNAME) { + DNAMERecord dname = (DNAMERecord) set.first(); + if (setIndex.getAndIncrement() < sectionRRsets.size()) { + SRRset cnameSet = sectionRRsets.get(setIndex.get()); + // Validate the CNAME following a (validated) DNAME is correctly + // synthesized. + if (cnameSet.getType() == Type.CNAME && dname != null) { + if (cnameSet.size() > 1) { + response.setBogus(R.get("failed.synthesize.multiple")); + return completedFuture(false); + } + + CNAMERecord cname = (CNAMERecord) cnameSet.first(); + try { + Name expected = + Name.concatenate( + cname.getName().relativize(dname.getName()), dname.getTarget()); + if (!expected.equals(cname.getTarget())) { + response.setBogus( + R.get("failed.synthesize.nomatch", cname.getTarget(), expected)); + return completedFuture(false); + } + } catch (NameTooLongException e) { + response.setBogus(R.get("failed.synthesize.toolong")); + return completedFuture(false); + } + + cnameSet.setSecurityStatus(SecurityStatus.SECURE); + } + } + } + + setIndex.getAndIncrement(); + return this.validateAnswerAndGetWildcardsRecursive(response, qtype, wcs, setIndex); + }); + } + + /** + * Validate a NOERROR/NODATA signed response -- a response that has a NOERROR Rcode but no ANSWER + * section RRsets. This consists of verifying the authority section rrsets and making certain that + * the authority section NSEC/NSEC3s proves that the qname does exist and the qtype doesn't. + * + *

Note that by the time this method is called, the process of finding the trusted DNSKEY rrset + * that signs this response must already have been completed. + * + * @param request The request that generated this response. + * @param response The response to validate. + */ + private CompletionStage validateNodataResponse(Message request, SMessage response) { + Name intermediateQname = request.getQuestion().getName(); + int qtype = request.getQuestion().getType(); + + // Since we are here, the ANSWER section is either empty (and hence + // there's only the NODATA to validate) OR it contains an incomplete + // chain. In this case, the records were already validated before and we + // can concentrate on following the qname that lead to the NODATA + // classification + for (SRRset set : response.getSectionRRsets(Section.ANSWER)) { + if (set.getSecurityStatus() != SecurityStatus.SECURE) { + response.setBogus(R.get("failed.answer.cname_nodata", set.getName())); + return completedFuture(null); + } + + if (set.getType() == Type.CNAME) { + intermediateQname = ((CNAMERecord) set.first()).getTarget(); + } + } + + // validate the AUTHORITY section + Name qname = intermediateQname; + return this.validateNodataResponseRecursive(response, new AtomicInteger(0)) + .handleAsync( + (result, ex) -> { + if (ex != null) { + return null; + } + + // If true, then the NODATA has been proven. + boolean hasValidNSEC = false; + + // for wildcard nodata responses. This is the proven closest encloser. + Name ce = null; + + // for wildcard nodata responses. This is the wildcard NSEC. + NsecProvesNodataResponse ndp = new NsecProvesNodataResponse(); + + // A collection of NSEC3 RRs found in the authority section. + List nsec3s = new ArrayList<>(0); + + // The RRSIG signer field for the NSEC3 RRs. + Name nsec3Signer = null; + + for (SRRset set : response.getSectionRRsets(Section.AUTHORITY)) { + // If we encounter an NSEC record, try to use it to prove NODATA. + // This needs to handle the empty non-terminal (ENT) NODATA case. + if (set.getType() == Type.NSEC) { + NSECRecord nsec = (NSECRecord) set.first(); + ndp = ValUtils.nsecProvesNodata(set, nsec, qname, qtype); + if (ndp.result) { + hasValidNSEC = true; + } + + if (ValUtils.nsecProvesNameError(set, nsec, qname)) { + ce = ValUtils.closestEncloser(qname, set.getName(), nsec.getNext()); + } + } + + // Collect any NSEC3 records present. + if (set.getType() == Type.NSEC3) { + nsec3s.add(set); + nsec3Signer = set.getSignerName(); + } + } + + // check to see if we have a wildcard NODATA proof. + + // The wildcard NODATA is 1 NSEC proving that qname does not exists (and + // also proving what the closest encloser is), and 1 NSEC showing the + // matching wildcard, which must be *.closest_encloser. + if (ndp.wc != null && (ce == null || (!ce.equals(ndp.wc) && !qname.equals(ce)))) { + hasValidNSEC = false; + } + + this.n3valUtils.stripUnknownAlgNSEC3s(nsec3s); + if (!hasValidNSEC && !nsec3s.isEmpty()) { + log.debug("Validating nodata: using NSEC3 records"); + + // try to prove NODATA with our NSEC3 record(s) + if (this.n3valUtils.allNSEC3sIgnoreable(nsec3s, this.keyCache)) { + response.setStatus(SecurityStatus.BOGUS, R.get("failed.nsec3_ignored")); + return null; + } + + SecurityStatus status = + this.n3valUtils.proveNodata(nsec3s, qname, qtype, nsec3Signer); + if (status == SecurityStatus.INSECURE) { + response.setStatus(SecurityStatus.INSECURE); + return null; + } + + hasValidNSEC = status == SecurityStatus.SECURE; + } + + if (!hasValidNSEC) { + response.setBogus(R.get("failed.nodata")); + log.trace("Failed NODATA for " + qname); + return null; + } + + log.trace("successfully validated NODATA response"); + response.setStatus(SecurityStatus.SECURE); + return null; + }); + } + + private CompletionStage validateNodataResponseRecursive( + SMessage response, AtomicInteger setIndex) { + if (setIndex.get() >= response.getSectionRRsets(Section.AUTHORITY).size()) { + return completedFuture(null); + } + + SRRset set = response.getSectionRRsets(Section.AUTHORITY).get(setIndex.getAndIncrement()); + return this.prepareFindKey(set) + .thenComposeAsync( + ke -> { + JustifiedSecStatus kve = ke.validateKeyFor(set.getSignerName()); + if (kve != null) { + kve.applyToResponse(response); + return this.failedFuture(new Exception(kve.reason)); + } + + SecurityStatus status = this.valUtils.verifySRRset(set, ke, this.clock.instant()); + if (status != SecurityStatus.SECURE) { + response.setBogus(R.get("failed.authority.nodata", set)); + return this.failedFuture(new Exception("failed.authority.nodata")); + } + + return this.validateNodataResponseRecursive(response, setIndex); + }); + } + + private CompletionStage failedFuture(Throwable e) { + CompletableFuture f = new CompletableFuture<>(); + f.completeExceptionally(e); + return f; + } + + /** + * Validate a NAMEERROR signed response -- a response that has a NXDOMAIN Rcode. This consists of + * verifying the authority section rrsets and making certain that the authority section NSEC + * proves that the qname doesn't exist and the covering wildcard also doesn't exist.. + * + *

Note that by the time this method is called, the process of finding the trusted DNSKEY rrset + * that signs this response must already have been completed. + * + * @param request The request to be proved to not exist. + * @param response The response to validate. + */ + private CompletionStage validateNameErrorResponse(Message request, SMessage response) { + Name intermediateQname = request.getQuestion().getName(); + + // The ANSWER section is either empty OR it contains an xNAME chain that + // ultimately lead to the NAMEERROR response. In this case the ANSWER + // section has already been validated before and we can concentrate on + // following the xNAMEs to find the qname that caused the NXDOMAIN. + for (SRRset set : response.getSectionRRsets(Section.ANSWER)) { + if (set.getSecurityStatus() != SecurityStatus.SECURE) { + response.setBogus(R.get("failed.nxdomain.cname_nxdomain", set)); + return completedFuture(null); + } + + if (set.getType() == Type.CNAME) { + intermediateQname = ((CNAMERecord) set.first()).getTarget(); + } + } + + // validate the AUTHORITY section + Name qname = intermediateQname; + return this.validateNameErrorResponseRecursive(response, new AtomicInteger(0)) + .thenComposeAsync( + v -> { + // Validate the authority section -- all RRsets in the authority section + // must be signed and valid. + // In addition, the NSEC record(s) must prove the NXDOMAIN condition. + boolean hasValidNSEC = false; + boolean hasValidWCNSEC = false; + List nsec3s = new ArrayList<>(0); + Name nsec3Signer = null; + int previousClosestEncloseLabels = 0; + + for (SRRset set : response.getSectionRRsets(Section.AUTHORITY)) { + // If we encounter an NSEC record, try to use it to prove NODATA. + // This needs to handle the empty non-terminal (ENT) NODATA case. + if (set.getType() == Type.NSEC) { + NSECRecord nsec = (NSECRecord) set.first(); + if (ValUtils.nsecProvesNameError(set, nsec, qname)) { + hasValidNSEC = true; + } + + Name next = nsec.getNext(); + int closestEncloserLabels = + ValUtils.closestEncloser(qname, set.getName(), next).labels(); + if (closestEncloserLabels > previousClosestEncloseLabels + || (closestEncloserLabels == previousClosestEncloseLabels + && !hasValidWCNSEC)) { + hasValidWCNSEC = ValUtils.nsecProvesNoWC(set, nsec, qname); + } + + previousClosestEncloseLabels = closestEncloserLabels; + } + + if (set.getType() == Type.NSEC3) { + nsec3s.add(set); + nsec3Signer = set.getSignerName(); + } + } + + this.n3valUtils.stripUnknownAlgNSEC3s(nsec3s); + if ((!hasValidNSEC || !hasValidWCNSEC) && !nsec3s.isEmpty()) { + log.debug("Validating nxdomain: using NSEC3 records"); + + // Attempt to prove name error with nsec3 records. + if (this.n3valUtils.allNSEC3sIgnoreable(nsec3s, this.keyCache)) { + response.setStatus(SecurityStatus.INSECURE, R.get("failed.nsec3_ignored")); + return completedFuture(null); + } + + SecurityStatus status = this.n3valUtils.proveNameError(nsec3s, qname, nsec3Signer); + if (status != SecurityStatus.SECURE) { + if (status == SecurityStatus.INSECURE) { + response.setStatus(status, R.get("failed.nxdomain.nsec3_insecure")); + } else { + response.setStatus(status, R.get("failed.nxdomain.nsec3_bogus")); + } + + return completedFuture(null); + } + + // Note that we assume that the NSEC3ValUtils proofs encompass the + // wildcard part of the proof. + hasValidNSEC = true; + hasValidWCNSEC = true; + } + + if (!hasValidNSEC || !hasValidWCNSEC) { + boolean hasValidNSEC2 = hasValidNSEC; + + // Be lenient with RCODE in NSEC NameError responses + return this.validateNodataResponse(request, response) + .thenRun( + () -> { + if (response.getStatus() == SecurityStatus.SECURE) { + response.getHeader().setRcode(Rcode.NOERROR); + } else { + // If the message fails to prove either condition, it is bogus. + if (!hasValidNSEC2) { + response.setBogus( + R.get( + "failed.nxdomain.exists", response.getQuestion().getName())); + return; + } + + response.setBogus(R.get("failed.nxdomain.haswildcard")); + } + }); + } + + // Otherwise, we consider the message secure. + log.trace("successfully validated NAME ERROR response."); + response.setStatus(SecurityStatus.SECURE); + return completedFuture(null); + }) + .exceptionally(ex -> null); + } + + private CompletionStage validateNameErrorResponseRecursive( + SMessage response, AtomicInteger setIndex) { + if (setIndex.get() >= response.getSectionRRsets(Section.AUTHORITY).size()) { + return completedFuture(null); + } + + SRRset set = response.getSectionRRsets(Section.AUTHORITY).get(setIndex.getAndIncrement()); + return this.prepareFindKey(set) + .thenCompose( + ke -> { + JustifiedSecStatus kve = ke.validateKeyFor(set.getSignerName()); + if (kve != null) { + kve.applyToResponse(response); + return this.failedFuture(new Exception(kve.reason)); + } + + SecurityStatus status = this.valUtils.verifySRRset(set, ke, this.clock.instant()); + if (status != SecurityStatus.SECURE) { + response.setBogus(R.get("failed.nxdomain.authority", set)); + return this.failedFuture(new Exception("failed.nxdomain.authority")); + } + + return this.validateNameErrorResponseRecursive(response, setIndex); + }); + } + + private CompletionStage sendRequest(Message request) { + Record q = request.getQuestion(); + log.trace( + "sending request: <" + + q.getName() + + "/" + + Type.string(q.getType()) + + "/" + + DClass.string(q.getDClass()) + + ">"); + + // Send the request along by using a local copy of the request + Message localRequest = request.clone(); + localRequest.getHeader().setFlag(Flags.CD); + return this.headResolver.sendAsync(localRequest).thenApply(SMessage::new); + } + + private CompletionStage prepareFindKey(SRRset rrset) { + FindKeyState state = new FindKeyState(); + state.signerName = rrset.getSignerName(); + state.qclass = rrset.getDClass(); + + if (state.signerName == null) { + state.signerName = rrset.getName(); + } + + SRRset trustAnchorRRset = this.trustAnchors.find(state.signerName, rrset.getDClass()); + if (trustAnchorRRset == null) { + // response isn't under a trust anchor, so we cannot validate. + KeyEntry ke = + KeyEntry.newNullKeyEntry(state.signerName, rrset.getDClass(), DEFAULT_TA_BAD_KEY_TTL); + return completedFuture(ke); + } + + state.keyEntry = this.keyCache.find(state.signerName, rrset.getDClass()); + if (state.keyEntry == null + || (!state.keyEntry.getName().equals(state.signerName) && state.keyEntry.isGood())) { + // start the FINDKEY phase with the trust anchor + state.dsRRset = trustAnchorRRset; + state.keyEntry = null; + state.currentDSKeyName = new Name(trustAnchorRRset.getName(), 1); + + // and otherwise, don't continue processing this event. + // (it will be reactivated when the priming query returns). + return this.processFindKey(state).thenApply(v -> state.keyEntry); + } + + return completedFuture(state.keyEntry); + } + + /** + * Process the FINDKEY state. Generally this just calculates the next name to query and either + * issues a DS or a DNSKEY query. It will check to see if the correct key has already been + * reached, in which case it will advance the event to the next state. + * + * @param state The state associated with the current key finding phase. + */ + private CompletionStage processFindKey(FindKeyState state) { + // We know that state.keyEntry is not a null or bad key -- if it were, + // then previous processing should have directed this event to a + // different state. + int qclass = state.qclass; + Name targetKeyName = state.signerName; + Name currentKeyName = Name.empty; + if (state.keyEntry != null) { + currentKeyName = state.keyEntry.getName(); + } + + if (state.currentDSKeyName != null) { + currentKeyName = state.currentDSKeyName; + state.currentDSKeyName = null; + } + + // If our current key entry matches our target, then we are done. + if (currentKeyName.equals(targetKeyName)) { + return completedFuture(null); + } + + if (state.emptyDSName != null) { + currentKeyName = state.emptyDSName; + } + + // Calculate the next lookup name. + int targetLabels = targetKeyName.labels(); + int currentLabels = currentKeyName.labels(); + int l = targetLabels - currentLabels - 1; + + // the next key name would be trying to invent a name, so we stop here + if (l < 0) { + return completedFuture(null); + } + + Name nextKeyName = new Name(targetKeyName, l); + log.trace( + "findKey: targetKeyName = " + + targetKeyName + + ", currentKeyName = " + + currentKeyName + + ", nextKeyName = " + + nextKeyName); + + // The next step is either to query for the next DS, or to query for the + // next DNSKEY. + if (state.dsRRset == null || !state.dsRRset.getName().equals(nextKeyName)) { + Message dsRequest = Message.newQuery(Record.newRecord(nextKeyName, Type.DS, qclass)); + return this.sendRequest(dsRequest) + .thenComposeAsync(dsResponse -> this.processDSResponse(dsRequest, dsResponse, state)); + } + + // Otherwise, it is time to query for the DNSKEY + Message dnskeyRequest = + Message.newQuery(Record.newRecord(state.dsRRset.getName(), Type.DNSKEY, qclass)); + return this.sendRequest(dnskeyRequest) + .thenComposeAsync( + dnskeyResponse -> this.processDNSKEYResponse(dnskeyRequest, dnskeyResponse, state)); + } + + /** + * Given a DS response, the DS request, and the current key rrset, validate the DS response, + * returning a KeyEntry. + * + * @param response The DS response. + * @param request The DS request. + * @param keyRrset The current DNSKEY rrset from the forEvent state. + * @return A KeyEntry, bad if the DS response fails to validate, null if the DS response indicated + * an end to secure space, good if the DS validated. It returns null if the DS response + * indicated that the request wasn't a delegation point. + */ + private KeyEntry dsResponseToKE(SMessage response, Message request, SRRset keyRrset) { + Name qname = request.getQuestion().getName(); + int qclass = request.getQuestion().getDClass(); + + SecurityStatus status; + ResponseClassification subtype = ValUtils.classifyResponse(request, response); + + KeyEntry bogusKE = KeyEntry.newBadKeyEntry(qname, qclass, DEFAULT_TA_BAD_KEY_TTL); + switch (subtype) { + case POSITIVE: + // Verify only returns BOGUS or SECURE. If the rrset is bogus, + // then we are done. + SRRset dsRrset = response.findAnswerRRset(qname, Type.DS, qclass); + status = this.valUtils.verifySRRset(dsRrset, keyRrset, this.clock.instant()); + if (status != SecurityStatus.SECURE) { + bogusKE.setBadReason(R.get("failed.ds")); + return bogusKE; + } + + if (!valUtils.atLeastOneSupportedAlgorithm(dsRrset)) { + KeyEntry nullKey = KeyEntry.newNullKeyEntry(qname, qclass, dsRrset.getTTL()); + nullKey.setBadReason(R.get("insecure.ds.noalgorithms", qname)); + return nullKey; + } + + // Otherwise, we return the positive response. + log.trace("DS rrset was good."); + return KeyEntry.newKeyEntry(dsRrset); + + case CNAME: + // Verify only returns BOGUS or SECURE. If the rrset is bogus, + // then we are done. + SRRset cnameRrset = response.findAnswerRRset(qname, Type.CNAME, qclass); + status = this.valUtils.verifySRRset(cnameRrset, keyRrset, this.clock.instant()); + if (status == SecurityStatus.SECURE) { + return null; + } + + bogusKE.setBadReason(R.get("failed.ds.cname")); + return bogusKE; + + case NODATA: + case NAMEERROR: + return this.dsReponseToKeForNodata(response, request, keyRrset); + + default: + // We've encountered an unhandled classification for this + // response. + bogusKE.setBadReason(R.get("failed.ds.notype", subtype)); + return bogusKE; + } + } + + /** + * Given a DS response, the DS request, and the current key rrset, validate the DS response for + * the NODATA case, returning a KeyEntry. + * + * @param response The DS response. + * @param request The DS request. + * @param keyRrset The current DNSKEY rrset from the forEvent state. + * @return A KeyEntry, bad if the DS response fails to validate, null if the DS response indicated + * an end to secure space, good if the DS validated. It returns null if the DS response + * indicated that the request wasn't a delegation point. + */ + private KeyEntry dsReponseToKeForNodata(SMessage response, Message request, SRRset keyRrset) { + Name qname = request.getQuestion().getName(); + int qclass = request.getQuestion().getDClass(); + KeyEntry bogusKE = KeyEntry.newBadKeyEntry(qname, qclass, DEFAULT_TA_BAD_KEY_TTL); + + if (!this.valUtils.hasSignedNsecs(response)) { + bogusKE.setBadReason(R.get("failed.ds.nonsec", qname)); + return bogusKE; + } + + // Try to prove absence of the DS with NSEC + JustifiedSecStatus status = + this.valUtils.nsecProvesNodataDsReply(request, response, keyRrset, this.clock.instant()); + switch (status.status) { + case SECURE: + KeyEntry nullKey = KeyEntry.newNullKeyEntry(qname, qclass, DEFAULT_TA_BAD_KEY_TTL); + nullKey.setBadReason(R.get("insecure.ds.nsec")); + return nullKey; + case INSECURE: + return null; + case BOGUS: + bogusKE.setBadReason(status.reason); + return bogusKE; + default: + // NSEC proof did not work, try NSEC3 + break; + } + + // Or it could be using NSEC3. + List nsec3Rrsets = response.getSectionRRsets(Section.AUTHORITY, Type.NSEC3); + List nsec3s = new ArrayList<>(0); + Name nsec3Signer = null; + long nsec3TTL = -1; + if (!nsec3Rrsets.isEmpty()) { + // Attempt to prove no DS with NSEC3s. + for (SRRset nsec3set : nsec3Rrsets) { + SecurityStatus sstatus = + this.valUtils.verifySRRset(nsec3set, keyRrset, this.clock.instant()); + if (sstatus != SecurityStatus.SECURE) { + // We could just fail here as there is an invalid rrset, but + // skipping doesn't matter because we might not need it or + // the proof will fail anyway. + log.debug("skipping bad nsec3"); + continue; + } + + nsec3Signer = nsec3set.getSignerName(); + if (nsec3TTL < 0 || nsec3set.getTTL() < nsec3TTL) { + nsec3TTL = nsec3set.getTTL(); + } + + nsec3s.add(nsec3set); + } + + switch (this.n3valUtils.proveNoDS(nsec3s, qname, nsec3Signer)) { + case INSECURE: + // case insecure also continues to unsigned space. + // If nsec3-iter-count too high or optout, then treat below as unsigned + case SECURE: + KeyEntry nullKey = KeyEntry.newNullKeyEntry(qname, qclass, nsec3TTL); + nullKey.setBadReason(R.get("insecure.ds.nsec3")); + return nullKey; + case INDETERMINATE: + log.debug("nsec3s for the referral proved no delegation."); + return null; + case BOGUS: + bogusKE.setBadReason(R.get("failed.ds.nsec3")); + return bogusKE; + default: + bogusKE.setBadReason(R.get("unknown.ds.nsec3")); + return bogusKE; + } + } + + // Apparently, no available NSEC/NSEC3 proved NODATA, so this is + // BOGUS. + bogusKE.setBadReason(R.get("failed.ds.unknown")); + return bogusKE; + } + + /** + * This handles the responses to locally generated DS queries. + * + * @param request The request for which the response is processed. + * @param response The response to process. + * @param state The state associated with the current key finding phase. + */ + private CompletionStage processDSResponse( + Message request, SMessage response, FindKeyState state) { + Name qname = request.getQuestion().getName(); + + state.emptyDSName = null; + state.dsRRset = null; + + KeyEntry dsKE = this.dsResponseToKE(response, request, state.keyEntry); + if (dsKE == null) { + // DS response indicated that we aren't on a delegation point. + state.emptyDSName = qname; + } else if (dsKE.isGood()) { + state.dsRRset = dsKE; + state.currentDSKeyName = new Name(dsKE.getName(), 1); + } else { + // The reason for the DS to be not good (that is, either bad + // or null) should have been logged by dsResponseToKE. + state.keyEntry = dsKE; + if (dsKE.isNull()) { + this.keyCache.store(dsKE); + } + + // The FINDKEY phase has ended, so move on. + return completedFuture(null); + } + + return this.processFindKey(state); + } + + private CompletionStage processDNSKEYResponse( + Message request, SMessage response, FindKeyState state) { + Name qname = request.getQuestion().getName(); + int qclass = request.getQuestion().getDClass(); + + SRRset dnskeyRrset = response.findAnswerRRset(qname, Type.DNSKEY, qclass); + if (dnskeyRrset == null) { + // If the DNSKEY rrset was missing, this is the end of the line. + state.keyEntry = KeyEntry.newBadKeyEntry(qname, qclass, DEFAULT_TA_BAD_KEY_TTL); + state.keyEntry.setBadReason(R.get("dnskey.no_rrset", qname)); + return completedFuture(null); + } + + state.keyEntry = + this.valUtils.verifyNewDNSKEYs( + dnskeyRrset, state.dsRRset, DEFAULT_TA_BAD_KEY_TTL, this.clock.instant()); + + // If the key entry isBad or isNull, then we can move on to the next + // state. + if (!state.keyEntry.isGood()) { + return completedFuture(null); + } + + // The DNSKEY validated, so cache it as a trusted key rrset. + this.keyCache.store(state.keyEntry); + + // If good, we stay in the FINDKEY state. + return this.processFindKey(state); + } + + private CompletionStage processValidate(Message request, SMessage response) { + ResponseClassification subtype = ValUtils.classifyResponse(request, response); + if (subtype != ResponseClassification.REFERRAL) { + this.removeSpuriousAuthority(response); + } + + CompletionStage completionStage; + switch (subtype) { + case POSITIVE: + case CNAME: + case ANY: + log.trace("Validating a positive response"); + completionStage = this.validatePositiveResponse(request, response); + break; + + case NODATA: + log.trace("Validating a nodata response"); + completionStage = this.validateNodataResponse(request, response); + break; + + case CNAME_NODATA: + log.trace("Validating a CNAME_NODATA response"); + completionStage = + this.validatePositiveResponse(request, response) + .thenCompose( + v -> { + if (response.getStatus() != SecurityStatus.INSECURE) { + response.setStatus(SecurityStatus.UNCHECKED); + return this.validateNodataResponse(request, response); + } + + return completedFuture(null); + }); + break; + + case NAMEERROR: + log.trace("Validating a nxdomain response"); + completionStage = this.validateNameErrorResponse(request, response); + break; + + case CNAME_NAMEERROR: + log.trace("Validating a cname_nxdomain response"); + completionStage = + this.validatePositiveResponse(request, response) + .thenCompose( + v -> { + if (response.getStatus() != SecurityStatus.INSECURE) { + response.setStatus(SecurityStatus.UNCHECKED); + return this.validateNameErrorResponse(request, response); + } + + return completedFuture(null); + }); + break; + + default: + response.setStatus(SecurityStatus.BOGUS, R.get("validate.response.unknown", subtype)); + completionStage = completedFuture(null); + break; + } + + return completionStage.thenApply(v -> this.processFinishedState(request, response)); + } + + /** + * Apply any final massaging to a response before returning up the pipeline. Primarily this means + * setting the AD bit or not and possibly stripping DNSSEC data. + */ + private SMessage processFinishedState(Message request, SMessage response) { + // If the response message validated, set the AD bit. + SecurityStatus status = response.getStatus(); + String reason = response.getBogusReason(); + switch (status) { + case BOGUS: + // For now, in the absence of any other API information, we + // return SERVFAIL. + int code = response.getHeader().getRcode(); + if (code == Rcode.NOERROR || code == Rcode.NXDOMAIN) { + code = Rcode.SERVFAIL; + } + + response = ValidatingResolver.errorMessage(request, code); + break; + case SECURE: + response.getHeader().setFlag(Flags.AD); + break; + case UNCHECKED: + case INSECURE: + break; + default: + throw new IllegalArgumentException("unexpected security status"); + } + + response.setStatus(status, reason); + return response; + } + + // Resolver-interface implementation -------------------------------------- + + /** + * Forwards the data to the head resolver passed at construction time. + * + * @param port The IP destination port for the queries sent. + * @see Resolver#setPort(int) + */ + public void setPort(int port) { + this.headResolver.setPort(port); + } + + /** + * Forwards the data to the head resolver passed at construction time. + * + * @param flag true to enable TCP, false to disable it. + * @see Resolver#setTCP(boolean) + */ + public void setTCP(boolean flag) { + this.headResolver.setTCP(flag); + } + + /** + * This is a no-op, truncation is never ignored. + * + * @param flag unused + */ + public void setIgnoreTruncation(boolean flag) { + // never ignore + } + + /** + * The method is forwarded to the resolver, but always ensure that the level is 0 and the flags + * contains DO. + * + * @param version The EDNS level to use. 0 indicates EDNS0. + * @param payloadSize The maximum DNS packet size that this host is capable of receiving over UDP. + * If 0 is specified, the default (1280) is used. + * @param flags EDNS extended flags to be set in the OPT record, {@link ExtendedFlags#DO} is + * always appended. + * @param options EDNS options to be set in the OPT record, specified as a List of + * OPTRecord.Option elements. + * @see Resolver#setEDNS(int, int, int, List) + */ + public void setEDNS(int version, int payloadSize, int flags, List options) { + if (version == -1) { + throw new IllegalArgumentException("EDNS cannot be disabled"); + } + + this.headResolver.setEDNS(version, payloadSize, flags | ExtendedFlags.DO, options); + } + + /** + * Forwards the data to the head resolver passed at construction time. + * + * @param key The key. + * @see Resolver#setTSIGKey(TSIG) + */ + public void setTSIGKey(TSIG key) { + this.headResolver.setTSIGKey(key); + } + + @Override + public Duration getTimeout() { + return this.headResolver.getTimeout(); + } + + @Override + public void setTimeout(Duration duration) { + this.headResolver.setTimeout(duration); + } + + /** + * Asynchronously sends a message and validates the response with DNSSEC before returning it. + * + * @param query The query to send. + * @return A future that completes when the query is finished. + */ + @Override + public CompletionStage sendAsync(Message query) { + return this.sendRequest(query) + .thenCompose( + response -> { + response.getHeader().unsetFlag(Flags.AD); + + // If the CD bit is set, do not process the (cached) validation status. + if (query.getHeader().getFlag(Flags.CD)) { + return completedFuture(response.getMessage()); + } + + // Positive RRSIG responses cannot be validated as there are no + // signatures on signatures. Negative answers CAN be validated. + Message rrsigResponse = response.getMessage(); + if (query.getQuestion().getType() == Type.RRSIG + && rrsigResponse.getHeader().getRcode() == Rcode.NOERROR + && !rrsigResponse.getSectionRRsets(Section.ANSWER).isEmpty()) { + rrsigResponse.getHeader().unsetFlag(Flags.AD); + return completedFuture(rrsigResponse); + } + + return this.processValidate(query, response) + .thenApply( + validated -> { + Message m = validated.getMessage(); + String reason = validated.getBogusReason(); + if (reason != null) { + final int maxTxtRecordStringLength = 255; + String[] parts = + new String[reason.length() / maxTxtRecordStringLength + 1]; + for (int i = 0; i < parts.length; i++) { + int length = + Math.min((i + 1) * maxTxtRecordStringLength, reason.length()); + parts[i] = reason.substring(i * maxTxtRecordStringLength, length); + } + + m.addRecord( + new TXTRecord( + Name.root, VALIDATION_REASON_QCLASS, 0, Arrays.asList(parts)), + Section.ADDITIONAL); + } + + return m; + }); + }); + } + + /** + * Creates a response message with the given return code. + * + * @param request The request for which the response belongs. + * @param rcode The response code, @see Rcode + * @return The response message for request. + */ + private static SMessage errorMessage(Message request, int rcode) { + SMessage m = new SMessage(request.getHeader().getID(), request.getQuestion()); + Header h = m.getHeader(); + h.setRcode(rcode); + h.setFlag(Flags.QR); + + return m; + } +} diff --git a/src/main/resources/messages.properties b/src/main/resources/messages.properties new file mode 100644 index 000000000..c1630186a --- /dev/null +++ b/src/main/resources/messages.properties @@ -0,0 +1,50 @@ +# SPDX-License-Identifier: BSD-3-Clause +failed.authority.nodata=NODATA response has failed AUTHORITY rrset: {0} +failed.answer.cname_nodata=CNAME_NODATA response has failed ANSWER rrset: {0} +failed.nodata=NODATA response failed to prove NODATA status with NSEC/NSEC3 +failed.synthesize.multiple=Synthesized CNAME RRset has multiple records - that doesn't make sense. +failed.synthesize.nomatch=Synthesized CNAME target ({0}) included in answer doesn't match DNAME synthesis rules (expected {1}). +failed.synthesize.toolong=Synthesized name would be too long, thus bogus. +failed.answer.positive=Positive response has failed ANSWER rrset: {0} +failed.authority.positive=Positive response has failed AUTHORITY rrset: {0} +failed.positive.wildcardgeneration=Could not generate NSEC wildcard, resulting name would be too long. +failed.positive.wildcard_too_broad=Positive response was wildcard expansion and did not prove original data did not exist or wasn't generated by the correct wildcard. +failed.nxdomain.cname_nxdomain=CNAME_NAMEERROR response has failed ANSWER rrset: {0} +failed.nxdomain.authority=NameError response has failed AUTHORITY rrset: {0} +failed.nsec3_ignored=All NSEC3s were validated but ignored due to unknown algorithms or invalid iteration counts. +failed.nxdomain.nsec3_bogus=NSEC3 failed to proof the name error. +failed.nxdomain.nsec3_insecure=NSEC3 proofed that the target domain is under opt-out, response is insecure. +failed.nxdomain.exists=NameError response has failed to prove that {0} does not exist. +failed.nxdomain.haswildcard=NameError response has failed to prove that the covering wildcard does not exist. +dnskey.no_rrset=Missing DNSKEY RRset in response to DNSKEY query for {0}. +dnskey.no_ds_match=Did not match a DS to a DNSKEY. +dnskey.anchor_verify_failed=The DNSKEY trust anchor for {0} did not verify the DNSKEY RRset for {1}. +failed.ds=DS rrset in DS response did not verify. +failed.ds.cname=CNAME in DS response was not secure. +ds.secure=CNAME validated, proof that DS does not exist. +failed.ds.cname.nocname=Validator classified CNAME but no CNAME of {0} for DS. +failed.ds.nsec=NSEC RRset for the referral did not verify. +failed.ds.nsec.hasdata=NSEC RRset for the referral did not prove no DS. +failed.ds.nonsec=No signed NSEC/NSEC3 records for query to {0}/DS. +failed.ds.nodelegation=NSEC RRset for the referral proved not a delegation point +insecure.ds.nsec=NSEC RRset for the referral proved no DS. +failed.ds.nowildcardproof=NSEC for wildcard does not prove absence of DS. +failed.ds.nsec.ent=NSEC for empty non-terminal did not verify. +insecure.ds.nsec.ent=NSEC for empty non-terminal proved no DS. +failed.ds.nonconclusive=NSEC proof did not conclusively point to DS or no DS. +failed.ds.nsec3=NSEC3s for the referral did not prove no DS. +unknown.ds.nsec3=no DS but also no proof of that +insecure.ds.nsec3=NSEC3s for the referral proved no DS. +failed.ds.unknown=Ran out of validation options, thus bogus. +failed.ds.notype=Encountered an unhandled type ({0}) of DS response, thus bogus. +failed.ds.nodigest=No supported digest ID for DS for {0}. +failed.ds.noalg=No supported algorithm ID on DS for {0}. +validate.insecure_unsigned=Unsigned response was proved to be validly INSECURE +validate.bogus=Could not establish validation of INSECURE status of unsigned response. Reason: {0} +validate.bogus.badkey=Could not establish a chain of trust to keys for [{0}]. Reason: {1} +validate.bogus.missingsig=Could not validate RRset due to missing signature. +validate.insecure=Verified that response is INSECURE +validate.response.unknown=Response subtype is {0} and thus cannot be validated. +insecure.ds.noalgorithms=No supported algorithms in DS RRset for {0}, treating as insecure. +failed.dname.wildcard=Illegal DNAME ({0} is from a wildcard expansion). +failed.wildcard.label_count_mismatch=Label count mismatch on RRSIGs for {0} diff --git a/src/test/java/org/xbill/DNS/dnssec/AlwaysOffline.java b/src/test/java/org/xbill/DNS/dnssec/AlwaysOffline.java new file mode 100644 index 000000000..106a2b4cc --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/AlwaysOffline.java @@ -0,0 +1,11 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +@Retention(value = RetentionPolicy.RUNTIME) +@Target(value = {ElementType.METHOD}) +public @interface AlwaysOffline {} diff --git a/src/test/java/org/xbill/DNS/dnssec/MessageReader.java b/src/test/java/org/xbill/DNS/dnssec/MessageReader.java new file mode 100644 index 000000000..5dfb7f008 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/MessageReader.java @@ -0,0 +1,87 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import java.io.BufferedReader; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.Reader; +import org.xbill.DNS.DClass; +import org.xbill.DNS.Master; +import org.xbill.DNS.Message; +import org.xbill.DNS.Name; +import org.xbill.DNS.Rcode; +import org.xbill.DNS.Record; +import org.xbill.DNS.Section; +import org.xbill.DNS.Type; + +class MessageReader { + Message readMessage(Reader in) throws IOException { + BufferedReader r; + if (in instanceof BufferedReader) { + r = (BufferedReader) in; + } else { + r = new BufferedReader(in); + } + + Message m = null; + String line = null; + int section = 103; + while ((line = r.readLine()) != null) { + String[] data; + if (line.startsWith(";; ->>HEADER<<- ")) { + section = 101; + m = new Message(); + } else if (line.startsWith(";; QUESTIONS:")) { + section = 102; + } else if (line.startsWith(";; ANSWERS:")) { + section = Section.ANSWER; + line = r.readLine(); + } else if (line.startsWith(";; AUTHORITY RECORDS:")) { + section = Section.AUTHORITY; + line = r.readLine(); + } else if (line.startsWith(";; ADDITIONAL RECORDS:")) { + section = 100; + } else if (line.startsWith("####")) { + return m; + } else if (line.startsWith("#")) { + continue; + } + + switch (section) { + case 100: // ignore + break; + + case 101: // header + section = 100; + data = line.substring(";; ->>HEADER<<- ".length()).split(","); + m.getHeader().setRcode(Rcode.value(data[1].split(":\\s*")[1])); + m.getHeader().setID(Integer.parseInt(data[2].split(":\\s*")[1])); + break; + + case 102: // question + line = r.readLine(); + data = line.split(","); + Record q = + Record.newRecord( + Name.fromString(data[0].replaceAll(";;\\s*", "")), + Type.value(data[1].split("\\s*=\\s*")[1]), + DClass.value(data[2].split("\\s*=\\s*")[1])); + m.addRecord(q, Section.QUESTION); + section = 100; + break; + + default: + if (line != null && !"".equals(line)) { + Master ma = new Master(new ByteArrayInputStream(line.getBytes())); + Record record = ma.nextRecord(); + if (record != null) { + m.addRecord(record, section); + } + } + } + } + + r.close(); + return m; + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/PrepareMocks.java b/src/test/java/org/xbill/DNS/dnssec/PrepareMocks.java new file mode 100644 index 000000000..05b962bfe --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/PrepareMocks.java @@ -0,0 +1,13 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +@Retention(value = RetentionPolicy.RUNTIME) +@Target(value = {ElementType.METHOD}) +public @interface PrepareMocks { + String value(); +} diff --git a/src/test/java/org/xbill/DNS/dnssec/RTest.java b/src/test/java/org/xbill/DNS/dnssec/RTest.java new file mode 100644 index 000000000..711ed326d --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/RTest.java @@ -0,0 +1,49 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.mockito.ArgumentMatchers.anyString; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +import java.util.ResourceBundle; +import org.junit.jupiter.api.Test; +import org.mockito.stubbing.Answer; + +class RTest { + @Test + void testCustomResourceBundle() { + ResourceBundle rb = mock(ResourceBundle.class); + when(rb.getString(anyString())) + .then((Answer) invocation -> (String) invocation.getArguments()[0]); + R.setUseNeutralMessages(false); + R.setBundle(rb); + assertEquals("key", R.get("key")); + assertEquals("msg 1", R.get("msg {0}", 1)); + } + + @Test + void testExplicitNullBundle() { + R.setUseNeutralMessages(true); + assertEquals("key", R.get("key")); + assertEquals("key:1", R.get("key", 1)); + } + + @Test + void testNormal() { + R.setUseNeutralMessages(false); + R.setBundle(null); + assertEquals("no parameters", R.get("test.noparam")); + assertEquals("parameter: abc", R.get("test.withparam", "abc")); + } + + @Test + void testMissingResource() { + R.setUseNeutralMessages(false); + R.setBundle(null); + assertEquals("test.notthere.noparam", R.get("test.notthere.noparam")); + assertEquals("test.notthere.withparam:abc", R.get("test.notthere.withparam", "abc")); + assertEquals( + "test.notthere.withparam:abc:null:1", R.get("test.notthere.withparam", "abc", null, 1)); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/ResolveExample.java b/src/test/java/org/xbill/DNS/dnssec/ResolveExample.java new file mode 100644 index 000000000..1e75d0610 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/ResolveExample.java @@ -0,0 +1,57 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.nio.charset.StandardCharsets; +import org.xbill.DNS.DClass; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Message; +import org.xbill.DNS.Name; +import org.xbill.DNS.RRset; +import org.xbill.DNS.Rcode; +import org.xbill.DNS.Record; +import org.xbill.DNS.Resolver; +import org.xbill.DNS.Section; +import org.xbill.DNS.SimpleResolver; +import org.xbill.DNS.TXTRecord; +import org.xbill.DNS.Type; +import org.xbill.DNS.dnssec.validator.ValidatingResolver; + +class ResolveExample { + static String ROOT = + ". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D"; + + static void main(String[] args) throws Exception { + // Send two sample queries using a standard DNSJAVA resolver + SimpleResolver sr = new SimpleResolver("8.8.8.8"); + System.out.println("Standard resolver:"); + sendAndPrint(sr, "www.dnssec-failed.org."); + sendAndPrint(sr, "www.isc.org."); + + // Send the same queries using the validating resolver with the + // trust anchor of the root zone + // http://data.iana.org/root-anchors/root-anchors.xml + ValidatingResolver vr = new ValidatingResolver(sr); + vr.loadTrustAnchors(new ByteArrayInputStream(ROOT.getBytes("ASCII"))); + vr.loadTrustAnchors(new ByteArrayInputStream(ROOT.getBytes(StandardCharsets.US_ASCII))); + System.out.println("\n\nValidating resolver:"); + sendAndPrint(vr, "www.dnssec-failed.org."); + sendAndPrint(vr, "www.isc.org."); + } + + private static void sendAndPrint(Resolver vr, String name) throws IOException { + System.out.println("\n---" + name); + Record qr = Record.newRecord(Name.fromConstantString(name), Type.A, DClass.IN); + Message response = vr.send(Message.newQuery(qr)); + System.out.println("AD-Flag: " + response.getHeader().getFlag(Flags.AD)); + System.out.println("RCode: " + Rcode.string(response.getRcode())); + for (RRset set : response.getSectionRRsets(Section.ADDITIONAL)) { + if (set.getName().equals(Name.root) + && set.getType() == Type.TXT + && set.getDClass() == ValidatingResolver.VALIDATION_REASON_QCLASS) { + System.out.println("Reason: " + ((TXTRecord) set.first()).getStrings().get(0)); + } + } + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/TestBase.java b/src/test/java/org/xbill/DNS/dnssec/TestBase.java new file mode 100644 index 000000000..4bc292011 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/TestBase.java @@ -0,0 +1,286 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import static org.junit.jupiter.api.Assertions.fail; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +import java.io.BufferedReader; +import java.io.ByteArrayInputStream; +import java.io.File; +import java.io.FileWriter; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.StringReader; +import java.lang.reflect.Method; +import java.nio.charset.StandardCharsets; +import java.time.Clock; +import java.time.ZonedDateTime; +import java.time.format.DateTimeFormatter; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.concurrent.CompletableFuture; +import java.util.concurrent.CompletionStage; +import java.util.concurrent.ExecutionException; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.TestInfo; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.xbill.DNS.ARecord; +import org.xbill.DNS.DClass; +import org.xbill.DNS.DNSSEC.DNSSECException; +import org.xbill.DNS.Master; +import org.xbill.DNS.Message; +import org.xbill.DNS.Name; +import org.xbill.DNS.RRset; +import org.xbill.DNS.Record; +import org.xbill.DNS.Section; +import org.xbill.DNS.SimpleResolver; +import org.xbill.DNS.TXTRecord; +import org.xbill.DNS.Type; +import org.xbill.DNS.dnssec.validator.ValidatingResolver; + +public abstract class TestBase { + private static final Logger logger = LoggerFactory.getLogger(TestBase.class); + + private static final boolean offline = !Boolean.getBoolean("dnsjava.dnssec.online"); + private static final boolean partialOffline = + "partial".equals(System.getProperty("dnsjava.dnssec.offline")); + private static final boolean record = Boolean.getBoolean("dnsjava.dnssec.record"); + private boolean unboundTest = false; + private boolean alwaysOffline = false; + + private final Map queryResponsePairs = new HashMap<>(); + private final MessageReader messageReader = new MessageReader(); + private FileWriter w; + + protected static final String localhost = "127.0.0.1"; + protected ValidatingResolver resolver; + protected Clock resolverClock; + protected String testName; + + @BeforeEach + void beforeEach(TestInfo description) throws IOException, DNSSECException { + starting(description); + setup(); + } + + private void starting(TestInfo description) { + unboundTest = false; + testName = description.getTestMethod().orElseThrow(RuntimeException::new).getName(); + if (description.getDisplayName().startsWith(testName + "_")) { + testName = description.getDisplayName(); + } + resolverClock = mock(Clock.class); + + try { + // do not record or process unbound unit tests offline + alwaysOffline = description.getTestMethod().get().getAnnotation(AlwaysOffline.class) != null; + if (description + .getTestClass() + .orElseThrow(RuntimeException::new) + .getName() + .contains("unbound")) { + unboundTest = true; + return; + } + + DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ssXXX"); + String filename = + "/recordings/" + + description.getTestClass().get().getName().replace(".", "_") + + "/" + + testName; + File f = new File("./src/test/resources" + filename); + if ((record || !f.exists()) && !alwaysOffline) { + resolverClock = Clock.systemUTC(); + f.getParentFile().getParentFile().mkdir(); + f.getParentFile().mkdir(); + w = new FileWriter(f.getAbsoluteFile()); + w.write("#Date: " + ZonedDateTime.now().format(formatter)); + w.write("\n"); + } else if (offline || partialOffline || alwaysOffline) { + PrepareMocks pm = description.getTestMethod().get().getAnnotation(PrepareMocks.class); + if (pm != null) { + Method m = TestBase.this.getClass().getDeclaredMethod(pm.value()); + m.setAccessible(true); + m.invoke(TestBase.this); + } + + InputStream stream = getClass().getResourceAsStream(filename); + if (stream != null) { + BufferedReader r = new BufferedReader(new InputStreamReader(stream)); + String date = r.readLine().substring("#Date: ".length()); + when(resolverClock.instant()) + .thenReturn(ZonedDateTime.parse(date, formatter).toInstant()); + + Message m; + while ((m = messageReader.readMessage(r)) != null) { + queryResponsePairs.put(key(m), m); + } + + r.close(); + } + } + } catch (Exception e) { + System.err.println(e); + throw new RuntimeException(e); + } + } + + @AfterEach + void finished() { + try { + if (w != null) { + w.flush(); + w.close(); + w = null; + } + } catch (IOException e) { + throw new RuntimeException(e); + } + } + + @BeforeAll + static void setupClass() { + R.setBundle(null); + R.setUseNeutralMessages(true); + } + + private void setup() throws NumberFormatException, IOException, DNSSECException { + resolver = + new ValidatingResolver( + new SimpleResolver("8.8.4.4") { + @Override + public CompletionStage sendAsync(Message query) { + logger.info("---{}", key(query)); + Message response = queryResponsePairs.get(key(query)); + if (response != null) { + return CompletableFuture.completedFuture(response); + } else if ((offline && !partialOffline) || unboundTest || alwaysOffline) { + fail("Response for " + key(query) + " not found."); + } + + Message networkResult; + try { + networkResult = super.sendAsync(query).toCompletableFuture().get(); + if (w != null) { + w.write(networkResult.toString()); + w.write("\n\n###############################################\n\n"); + } + } catch (IOException | InterruptedException | ExecutionException e) { + CompletableFuture f = new CompletableFuture<>(); + f.completeExceptionally(e); + return f; + } + + return CompletableFuture.completedFuture(networkResult); + } + }, + resolverClock); + + resolver.loadTrustAnchors(getClass().getResourceAsStream("/trust_anchors")); + } + + protected void add(Message m) throws IOException { + this.add(key(m), m, true); + } + + protected void add(String query, Message response) throws IOException { + this.add(query, response, true); + } + + protected void add(String query, Message response, boolean clear) throws IOException { + queryResponsePairs.put(query, messageFromString(response.toString())); + + // reset the resolver so any cached stuff is cleared + if (!clear) { + return; + } + + try { + setup(); + } catch (NumberFormatException | DNSSECException e) { + throw new IOException(e); + } + } + + protected Message get(Name target, int type) { + return queryResponsePairs.get(key(target, type)); + } + + protected void clear() { + queryResponsePairs.clear(); + } + + protected Message createMessage(String query) throws IOException { + return Message.newQuery( + Record.newRecord( + Name.fromString(query.split("/")[0]), Type.value(query.split("/")[1]), DClass.IN)); + } + + protected Message messageFromString(String message) throws IOException { + return messageReader.readMessage(new StringReader(message)); + } + + protected String firstA(Message response) { + List sectionRRsets = response.getSectionRRsets(Section.ANSWER); + if (!sectionRRsets.isEmpty()) { + for (Record r : sectionRRsets.get(0).rrs()) { + if (r.getType() == Type.A) { + return ((ARecord) r).getAddress().getHostAddress(); + } + } + } + + return null; + } + + protected String getReason(Message m) { + for (RRset set : m.getSectionRRsets(Section.ADDITIONAL)) { + if (set.getName().equals(Name.root) + && set.getType() == Type.TXT + && set.getDClass() == ValidatingResolver.VALIDATION_REASON_QCLASS) { + StringBuilder sb = new StringBuilder(); + List strings = ((TXTRecord) set.first()).getStrings(); + for (String part : strings) { + sb.append(part); + } + + return sb.toString(); + } + } + + return null; + } + + protected boolean isEmptyAnswer(Message response) { + return response.getSectionRRsets(Section.ANSWER).isEmpty(); + } + + private String key(Name n, int t) { + return n + "/" + Type.string(t); + } + + private String key(Record r) { + return key(r.getName(), r.getType()); + } + + private String key(Message m) { + return key(m.getQuestion()); + } + + protected Record toRecord(String data) { + try { + InputStream in = new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)); + Master m = new Master(in, Name.root); + return m.nextRecord(); + } catch (IOException e) { + throw new RuntimeException(e); + } + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/TestBogusReasonMessage.java b/src/test/java/org/xbill/DNS/dnssec/TestBogusReasonMessage.java new file mode 100644 index 000000000..feacb9778 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/TestBogusReasonMessage.java @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; + +import java.io.IOException; +import org.junit.jupiter.api.Test; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Message; +import org.xbill.DNS.Rcode; + +class TestBogusReasonMessage extends TestBase { + @Test + void testLongBogusReasonIsSplitCorrectly() throws IOException { + Message response = + resolver.send( + createMessage( + "01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.isc.org./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals( + "failed.nxdomain.authority:{ isc.org. 2962 IN NSEC [01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.isc.org. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY SPF] sigs: [NSEC 5 2 3600 20160706234032 20160606234032 13953 isc.org. fnOJeQG2vOwrERAPIqAenLOosbIBT7UvmxOV8Az2ExOhlGxP2CEqZEc5NPVbidq4oZC2kHyG7x31D6LBJXeXgOuanv+uqPNe9UIiUhdj+Egf8FEWIOKp8nxgjQGiGSNbQenWjeWoR91sReFEU+Pn7NPlEI072MzEESOT8oVucx8=] }", + getReason(response)); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/TestCNames.java b/src/test/java/org/xbill/DNS/dnssec/TestCNames.java new file mode 100644 index 000000000..19eb756be --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/TestCNames.java @@ -0,0 +1,157 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import java.io.IOException; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.CsvSource; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Message; +import org.xbill.DNS.Rcode; +import org.xbill.DNS.Section; + +class TestCNames extends TestBase { + @Test + void testCNameToUnsignedA() throws IOException { + Message response = resolver.send(createMessage("cunsinged.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals(3, response.getSection(Section.ANSWER).size()); + assertEquals("insecure.ds.nsec3", getReason(response)); + } + + @Test + void testCNameToUnsignedMX() throws IOException { + Message response = resolver.send(createMessage("cunsinged.ingotronic.ch./MX")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals(2, response.getSection(Section.ANSWER).size()); + assertEquals("insecure.ds.nsec3", getReason(response)); + } + + @Test + void testCNameToSignedA() throws IOException { + Message response = resolver.send(createMessage("csigned.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals(4, response.getSection(Section.ANSWER).size()); + assertNull(getReason(response)); + } + + @Test + void testCNameToSignedMX() throws IOException { + Message response = resolver.send(createMessage("csigned.ingotronic.ch./MX")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals(2, response.getSection(Section.ANSWER).size()); + assertNull(getReason(response)); + } + + @Test + void testCNameToSignedAExternal() throws IOException { + Message response = resolver.send(createMessage("csext.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals(4, response.getSection(Section.ANSWER).size()); + assertEquals(5, response.getSection(Section.AUTHORITY).size()); + assertNull(getReason(response)); + } + + @Test + void testCNameToInvalidSigned() throws IOException { + Message response = resolver.send(createMessage("cfailed.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals( + "validate.bogus.badkey:dnssec-failed.org.:dnskey.no_ds_match", getReason(response)); + } + + @Test + void testCNameToUnsignedNsec3() throws IOException { + Message response = resolver.send(createMessage("cunsinged.nsec3.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals("insecure.ds.nsec3", getReason(response)); + } + + @Test + void testCNameToSignedNsec3() throws IOException { + Message response = resolver.send(createMessage("csigned.nsec3.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertNull(getReason(response)); + } + + @Test + void testCNameToInvalidSignedNsec3() throws IOException { + Message response = resolver.send(createMessage("cfailed.nsec3.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals( + "validate.bogus.badkey:dnssec-failed.org.:dnskey.no_ds_match", getReason(response)); + } + + @ParameterizedTest(name = "testCNameToVoid_{index}") + @CsvSource({"cvoid1,2", "cvoid2,4", "cvoid3,6"}) + void testCNameToVoid(String subdomain, int acount) throws IOException { + Message response = resolver.send(createMessage(subdomain + ".ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NXDOMAIN, response.getRcode()); + assertEquals(acount, response.getSection(Section.ANSWER).size()); + assertNull(getReason(response)); + } + + @Test + void testCNameToUnsignedVoid() throws IOException { + Message response = resolver.send(createMessage("cvoid4.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NXDOMAIN, response.getRcode()); + assertEquals("insecure.ds.nsec", getReason(response)); + } + + @Test + void testCNameToExternalUnsignedVoid() throws IOException { + Message response = resolver.send(createMessage("cvoid.dnssectest.jitsi.net./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NXDOMAIN, response.getRcode()); + assertEquals("insecure.ds.nsec3", getReason(response)); + } + + @Test + void testCNameToSubSigned() throws IOException { + Message response = resolver.send(createMessage("cssub.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertNull(getReason(response)); + } + + @Test + void testCNameToVoidExternalInvalidTld() throws IOException { + Message response = resolver.send(createMessage("cvoidext1.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NXDOMAIN, response.getRcode()); + assertEquals(2, response.getSection(Section.ANSWER).size()); + assertNull(getReason(response)); + } + + @Test + void testCNameToVoidExternalValidTld() throws IOException { + Message response = resolver.send(createMessage("cvoidext2.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NXDOMAIN, response.getRcode()); + assertNull(getReason(response)); + } + + @Test + void testCNameToVoidNsec3() throws IOException { + Message response = resolver.send(createMessage("cvoid.nsec3.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NXDOMAIN, response.getRcode()); + assertNull(getReason(response)); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/TestDNames.java b/src/test/java/org/xbill/DNS/dnssec/TestDNames.java new file mode 100644 index 000000000..b43898ed3 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/TestDNames.java @@ -0,0 +1,174 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import java.io.IOException; +import org.junit.jupiter.api.Test; +import org.xbill.DNS.DClass; +import org.xbill.DNS.DNAMERecord; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Lookup; +import org.xbill.DNS.Message; +import org.xbill.DNS.Name; +import org.xbill.DNS.RRSIGRecord; +import org.xbill.DNS.RRset; +import org.xbill.DNS.Rcode; +import org.xbill.DNS.Record; +import org.xbill.DNS.Section; +import org.xbill.DNS.Type; + +class TestDNames extends TestBase { + @Test + void testDNameToExistingIsValid() throws IOException { + Message response = resolver.send(createMessage("www.alias.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals(5, response.getSection(Section.ANSWER).size()); + assertNull(getReason(response)); + } + + @Test + void testDNameToNoDataIsValid() throws IOException { + Message response = resolver.send(createMessage("www.alias.ingotronic.ch./MX")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals(3, response.getSection(Section.ANSWER).size()); + assertNull(getReason(response)); + } + + @Test + void testDNameToNxDomainIsValid() throws IOException { + Message response = resolver.send(createMessage("x.alias.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NXDOMAIN, response.getRcode()); + assertNull(getReason(response)); + } + + @Test + void testDNameDirectQueryIsValid() throws IOException { + Message response = resolver.send(createMessage("alias.ingotronic.ch./DNAME")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must not set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertNull(getReason(response)); + for (RRset set : response.getSectionRRsets(Section.ANSWER)) { + if (set.getType() == Type.DNAME) { + DNAMERecord r = (DNAMERecord) set.first(); + assertEquals(Name.fromString("ingotronic.ch."), r.getTarget()); + } + } + } + + @Test + void testDNameWithFakedCnameIsInvalid() throws IOException { + Message m = resolver.send(createMessage("www.alias.ingotronic.ch./A")); + Message message = + messageFromString(m.toString().replaceAll("(.*CNAME\\s+)(.*)", "$1 www.isc.org.")); + add("www.alias.ingotronic.ch./A", message); + + Message response = resolver.send(createMessage("www.alias.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.synthesize.nomatch:www.isc.org.:www.ingotronic.ch.", getReason(response)); + } + + @Test + void testDNameWithNoCnameIsValid() throws IOException { + Message m = resolver.send(createMessage("www.isc.ingotronic.ch./A")); + Message message = + messageFromString(m.toString().replaceAll("(.*CNAME.*)", "").replaceAll("\n\n", "\n")); + add("www.isc.ingotronic.ch./A", message); + + Message response = resolver.send(createMessage("www.isc.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertNull(getReason(response)); + Lookup l = new Lookup("www.isc.ingotronic.ch"); + l.setResolver(resolver); + Record[] results = l.run(); + assertNotNull(results); + assertTrue(results.length >= 1); + } + + @Test + void testDNameWithMultipleCnamesIsInvalid() throws IOException { + Message m = resolver.send(createMessage("www.alias.ingotronic.ch./A")); + Message message = + messageFromString(m.toString().replaceAll("(.*CNAME.*)", "$1\n$1example.com.")); + add("www.alias.ingotronic.ch./A", message); + + Message response = resolver.send(createMessage("www.alias.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.synthesize.multiple", getReason(response)); + } + + @Test + void testDNameWithTooLongCnameIsInvalid() throws IOException { + Message m = resolver.send(createMessage("www.n3.ingotronic.ch./A")); + Message message = + messageFromString( + m.toString() + .replaceAll( + "(.*\\.)(.*CNAME)", + "IamAVeryLongNameThatExeceedsTheMaximumOfTheAllowedDomainNameSys.temSpecificationLengthByAny.NumberThatAHumanOfTheSeventiesCouldHaveImagined.InThisSmallMindedWorldThatIs.NowAfterTheMillennium.InhabitedByOverSeven.BillionPeopleInFiveConts.n3.ingotronic.ch. $2")); + add("www.n3.ingotronic.ch./A", message); + + Message response = resolver.send(createMessage("www.n3.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.synthesize.toolong", getReason(response)); + } + + @Test + void testDNameInNsecIsUnderstood_Rfc6672_5_3_4_1() throws IOException { + Message nsecs = resolver.send(createMessage("alias.ingotronic.ch./NS")); + RRset nsecSet = null; + for (RRset set : nsecs.getSectionRRsets(Section.AUTHORITY)) { + if (set.getName().equals(Name.fromString("alias.ingotronic.ch."))) { + nsecSet = set; + break; + } + } + + Message message = new Message(); + message.getHeader().setRcode(Rcode.NXDOMAIN); + message.addRecord( + Record.newRecord(Name.fromString("www.alias.ingotronic.ch."), Type.A, DClass.IN), + Section.QUESTION); + for (Record r : nsecSet.rrs()) { + message.addRecord(r, Section.AUTHORITY); + } + + for (RRSIGRecord sig : nsecSet.sigs()) { + message.addRecord(sig, Section.AUTHORITY); + } + + add("www.alias.ingotronic.ch./A", message); + + Message response = resolver.send(createMessage("www.alias.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nxdomain.exists:www.alias.ingotronic.ch.", getReason(response)); + } + + @Test + void testDNameToExternal() throws IOException { + Message response = resolver.send(createMessage("www.isc.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertNull(getReason(response)); + } + + @Test + void testDNameChain() throws IOException { + Message response = resolver.send(createMessage("www.alias.nsec3.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertNull(getReason(response)); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/TestInvalid.java b/src/test/java/org/xbill/DNS/dnssec/TestInvalid.java new file mode 100644 index 000000000..846972bfb --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/TestInvalid.java @@ -0,0 +1,146 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import java.io.IOException; +import java.net.InetAddress; +import java.time.Instant; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.ValueSource; +import org.xbill.DNS.ARecord; +import org.xbill.DNS.DClass; +import org.xbill.DNS.DNSSEC.Algorithm; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Message; +import org.xbill.DNS.Name; +import org.xbill.DNS.RRSIGRecord; +import org.xbill.DNS.Rcode; +import org.xbill.DNS.Record; +import org.xbill.DNS.Section; +import org.xbill.DNS.Type; + +class TestInvalid extends TestBase { + @ParameterizedTest(name = "testInvalid_{arguments}") + @ValueSource( + strings = { + "unknownalgorithm.dnssec", + "sigexpired.dnssec", + "bogussig.dnssec", + "unknownalgorithm.nsec3", + "sigexpired.nsec3", + "bogussig.nsec3" + }) + @AlwaysOffline + void testInvalid(String param) throws IOException { + Message response = resolver.send(createMessage(param + ".tjeb.nl./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("validate.bogus.badkey:" + param + ".tjeb.nl.:failed.ds", getReason(response)); + } + + @Test + @AlwaysOffline + void testSignedBelowUnsignedBelowSigned() throws IOException { + Message response = resolver.send(createMessage("ok.nods.ok.dnssec.tjeb.nl./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertFalse(isEmptyAnswer(response)); + assertEquals("insecure.ds.nsec", getReason(response)); + } + + @Test + @AlwaysOffline + void testSignedBelowUnsignedBelowSignedNsec3() throws IOException { + Message response = resolver.send(createMessage("ok.nods.ok.Nsec3.tjeb.nl./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertFalse(isEmptyAnswer(response)); + assertEquals("insecure.ds.nsec3", getReason(response)); + } + + @Test + void testUnsignedThatMustBeSigned() throws IOException { + Name query = Name.fromString("www.ingotronic.ch."); + + // prepare a faked, unsigned response message that must have a signature + // to be valid + Message message = new Message(); + message.addRecord(Record.newRecord(query, Type.A, DClass.IN), Section.QUESTION); + message.addRecord( + new ARecord(query, Type.A, DClass.IN, InetAddress.getByName(localhost)), Section.ANSWER); + add("www.ingotronic.ch./A", message); + + Message response = resolver.send(createMessage("www.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("validate.bogus.missingsig", getReason(response)); + } + + @Test + void testModifiedSignature() throws IOException { + Name query = Name.fromString("www.ingotronic.ch."); + + // prepare a faked, unsigned response message that must have a signature + // to be valid + Message message = new Message(); + message.addRecord(Record.newRecord(query, Type.A, DClass.IN), Section.QUESTION); + message.addRecord( + new ARecord(query, Type.A, DClass.IN, InetAddress.getByName(localhost)), Section.ANSWER); + Instant now = Instant.now(); + message.addRecord( + new RRSIGRecord( + query, + DClass.IN, + 0, + Type.A, + Algorithm.RSASHA256, + 5, + now.plusSeconds(5), + now.minusSeconds(5), + 1234, + Name.fromString("ingotronic.ch."), + new byte[] {1, 2, 3}), + Section.ANSWER); + add("www.ingotronic.ch./A", message); + + Message response = resolver.send(createMessage("www.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertTrue(getReason(response).startsWith("failed.answer.positive:{ www.ingotronic.ch.")); + } + + @Test + void testReturnServfailIfIntermediateQueryFails() throws IOException { + Message message = new Message(); + message.getHeader().setRcode(Rcode.NOTAUTH); + message.addRecord( + Record.newRecord(Name.fromString("ch."), Type.DS, DClass.IN), Section.QUESTION); + add("ch./DS", message); + + Message response = resolver.send(createMessage("www.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + // rfc4035#section-5.5 + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("validate.bogus.badkey:ch.:failed.ds.nonsec:ch.", getReason(response)); + } + + @Test + void testReturnOriginalRcodeIfPrimaryQueryFails() throws IOException { + Message message = new Message(); + message.getHeader().setRcode(Rcode.REFUSED); + message.addRecord( + Record.newRecord(Name.fromString("www.ingotronic.ch."), Type.A, DClass.IN), + Section.QUESTION); + add("www.ingotronic.ch./A", message); + + Message response = resolver.send(createMessage("www.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + // rfc4035#section-5.5 + assertEquals(Rcode.REFUSED, response.getRcode()); + assertEquals("failed.nodata", getReason(response)); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/TestKeyCacheUsage.java b/src/test/java/org/xbill/DNS/dnssec/TestKeyCacheUsage.java new file mode 100644 index 000000000..2f05743ed --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/TestKeyCacheUsage.java @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; + +import java.io.IOException; +import org.junit.jupiter.api.Test; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Message; +import org.xbill.DNS.Rcode; + +class TestKeyCacheUsage extends TestBase { + + @Test + void testUnsigned() throws IOException { + Message response = resolver.send(createMessage("www.unsigned.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals(localhost, firstA(response)); + assertEquals("insecure.ds.nsec", getReason(response)); + + // send the query a second time to ensure the cache doesn't create a wrong behavior + response = resolver.send(createMessage("www.unsigned.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals(localhost, firstA(response)); + assertEquals("insecure.ds.nsec", getReason(response)); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNSEC3NoData.java b/src/test/java/org/xbill/DNS/dnssec/TestNSEC3NoData.java new file mode 100644 index 000000000..74b016546 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/TestNSEC3NoData.java @@ -0,0 +1,108 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import java.io.IOException; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.ValueSource; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Message; +import org.xbill.DNS.RRset; +import org.xbill.DNS.Rcode; + +class TestNSEC3NoData extends TestBase { + @ParameterizedTest(name = "testNodataNsec3_{index}") + @ValueSource( + strings = { + "www.nsec3.ingotronic.ch./MX", + // get NSEC3 hashed whose name is sub.nsec3.ingotronic.ch. from the nsec3.ingotronic.ch. + // then return NODATA for the following query, "proofed" by the NSEC3 from the parent + "sub.nsec3.ingotronic.ch./A", + // get NSEC3 hashed whose name is sub.nsec3.ingotronic.ch. from the sub.nsec3.ingotronic.ch. + // then return NODATA for the following query, "proofed" by the NSEC3 from the child + "sub.nsec3.ingotronic.ch./DS", + // rfc5155#section-7.2.4 + // response does not contain next closer NSEC3, thus bogus + "a.unsigned.nsec3.ingotronic.ch./DS", + }) + @AlwaysOffline + void testNodataNsec3(String query) throws IOException { + Message response = resolver.send(createMessage(query)); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertTrue(getReason(response).startsWith("failed.nodata")); + } + + @Test + @AlwaysOffline + void testNodataApexNsec3ProofInsecureDelegation() throws IOException { + // get NSEC3 hashed whose name is sub.nsec3.ingotronic.ch. from the nsec3.ingotronic.ch. zone + // then return NODATA for the following query, "proofed" by the NSEC3 from the parent + // which has the DS flag removed, effectively making the reply insecure + Message response = resolver.send(createMessage("sub.nsec3.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertNull(getReason(response)); + } + + @Test + @AlwaysOffline + void testNodataApexNsec3WithSOAValid() throws IOException { + // get NSEC3 hashed whose name is sub.nsec3.ingotronic.ch. from the nsec3.ingotronic.ch. + // then return NODATA for the following query, "proofed" by the NSEC3 from the parent + Message response = resolver.send(createMessage("sub.nsec3.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertNull(getReason(response)); + } + + @Test + @AlwaysOffline + void testNoDSProofCanExistForRoot() throws IOException { + // ./DS can exist + resolver.getTrustAnchors().clear(); + resolver + .getTrustAnchors() + .store( + new SRRset( + new RRset( + toRecord( + ". 300 IN DS 16758 7 1 EC88DF5E2902FD4AB9E9C246BEEA9B822BD7BCF7")))); + Message response = resolver.send(createMessage("./DS")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertNull(getReason(response)); + } + + @Test + @AlwaysOffline + void testNodataNsec3ForDSMustNotHaveSOA() throws IOException { + // bogus./DS cannot coexist with bogus./SOA + resolver.getTrustAnchors().clear(); + resolver + .getTrustAnchors() + .store( + new SRRset( + new RRset( + toRecord( + "bogus. 300 IN DS 16758 7 1 A5D56841416AB42DC39629E42D12C98B0E94232A")))); + Message response = resolver.send(createMessage("bogus./DS")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertNull(getReason(response)); + } + + @Test + @AlwaysOffline + void testNsec3ClosestEncloserIsInsecureDelegation() throws IOException { + Message response = resolver.send(createMessage("a.unsigned.nsec3.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertNull(getReason(response)); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNoData.java b/src/test/java/org/xbill/DNS/dnssec/TestNoData.java new file mode 100644 index 000000000..c1b8f7944 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/TestNoData.java @@ -0,0 +1,39 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import java.io.IOException; +import org.junit.jupiter.api.Test; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Message; +import org.xbill.DNS.Rcode; + +class TestNoData extends TestBase { + @Test + void testFakedNoDataNsec3WithoutNsecs() throws IOException { + Message m = resolver.send(createMessage("www.nsec3.ingotronic.ch./A")); + Message message = + messageFromString(m.toString().replaceAll("www\\.nsec3\\.ingotronic\\.ch\\.\\s+.*", "")); + add("www.nsec3.ingotronic.ch./A", message); + + Message response = resolver.send(createMessage("www.nsec3.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertTrue(getReason(response).startsWith("failed.nodata")); + } + + @Test + void testFakedNoDataNsec3WithNsecs() throws IOException { + Message m = resolver.send(createMessage("www.nsec3.ingotronic.ch./MX")); + Message message = messageFromString(m.toString().replaceAll("type = MX", "type = A")); + add("www.nsec3.ingotronic.ch./A", message); + + Message response = resolver.send(createMessage("www.nsec3.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertTrue(getReason(response).startsWith("failed.nodata")); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNonExistence.java b/src/test/java/org/xbill/DNS/dnssec/TestNonExistence.java new file mode 100644 index 000000000..ac5034312 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/TestNonExistence.java @@ -0,0 +1,110 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import java.io.IOException; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.ValueSource; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Message; +import org.xbill.DNS.Rcode; +import org.xbill.DNS.Section; + +class TestNonExistence extends TestBase { + @ParameterizedTest(name = "testNonExisting_{index}") + @ValueSource( + strings = { + "gibtsnicht", + "gibtsnicht.ingotronic.ch", + "gibtsnicht.nsec3.ingotronic.ch", + "gibtsnicht.gibtsnicht.ingotronic.ch", + "gibtsnicht.gibtsnicht.nsec3.ingotronic.ch" + }) + void testNonExisting(String param) throws IOException { + Message response = resolver.send(createMessage(param + "./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NXDOMAIN, response.getRcode()); + assertNull(getReason(response)); + } + + @Test + void testDoubleLabelABelowSignedNsec3MissingNsec3() throws IOException { + Message m = resolver.send(createMessage("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A")); + Message message = + messageFromString(m.toString().replaceAll("L40.+nsec3\\.ingotronic\\.ch\\.\\s+300.*", "")); + add("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A", message); + + Message response = resolver.send(createMessage("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nxdomain.nsec3_bogus", getReason(response)); + } + + @Test + void testDoubleLabelABelowSignedBeforeZoneNsec3() throws IOException { + // the query name here must hash to a name BEFORE the first existing + // NSEC3 owner name + Message response = resolver.send(createMessage("alias.1gibtsnicht.nsec3.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NXDOMAIN, response.getRcode()); + assertNull(getReason(response)); + } + + @ParameterizedTest(name = "testSignedNodata_{index}") + @ValueSource( + strings = { + "www.ingotronic.ch", + "www.nsec3.ingotronic.ch", + "a.b.ingotronic.ch", + "a.b.nsec3.ingotronic.ch", + "b.d.ingotronic.ch", + "b.d.nsec3.ingotronic.ch", + }) + void testSignedNodata(String param) throws IOException { + Message response = resolver.send(createMessage(param + "./MX")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertTrue(response.getSectionRRsets(Section.ANSWER).isEmpty()); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertNull(getReason(response)); + } + + @Test + void testNxDomainWithInvalidNsecSignature() throws IOException { + Message m = resolver.send(createMessage("x.ingotronic.ch./A")); + Message message = + messageFromString( + m.toString().replaceAll("(.*\\sRRSIG\\sNSEC\\s(\\d+\\s+){6}.*\\.)(.*)", "$1 YXNkZg==")); + add("x.ingotronic.ch./A", message); + + Message response = resolver.send(createMessage("x.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertTrue(getReason(response).startsWith("failed.nxdomain.authority")); + } + + @Test + void testNoDataWithInvalidNsecSignature() throws IOException { + Message m = resolver.send(createMessage("www.ingotronic.ch./MX")); + Message message = + messageFromString( + m.toString().replaceAll("(.*\\sRRSIG\\sNSEC\\s(\\d+\\s+){6}.*\\.)(.*)", "$1 YXNkZg==")); + add("www.ingotronic.ch./MX", message); + + Message response = resolver.send(createMessage("www.ingotronic.ch./MX")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertTrue(getReason(response).startsWith("failed.authority.nodata")); + } + + @Test + void testNoDataOnENT() throws IOException { + Message response = resolver.send(createMessage("b.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/TestPartiallyInvalid.java b/src/test/java/org/xbill/DNS/dnssec/TestPartiallyInvalid.java new file mode 100644 index 000000000..c47f021ed --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/TestPartiallyInvalid.java @@ -0,0 +1,40 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import java.io.IOException; +import org.junit.jupiter.api.Test; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Message; +import org.xbill.DNS.Rcode; + +class TestPartiallyInvalid extends TestBase { + @Test + void testValidExising() throws IOException { + Message response = resolver.send(createMessage("www.partial.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals(localhost, firstA(response)); + assertNull(getReason(response)); + } + + @Test + void testValidExisingNoType() throws IOException { + Message response = resolver.send(createMessage("www.partial.ingotronic.ch./MX")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertTrue(isEmptyAnswer(response)); + assertNull(getReason(response)); + } + + @Test + void testValidNonExising() throws IOException { + Message response = resolver.send(createMessage("www.gibtsnicht.partial.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NXDOMAIN, response.getRcode()); + assertNull(getReason(response)); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/TestPositive.java b/src/test/java/org/xbill/DNS/dnssec/TestPositive.java new file mode 100644 index 000000000..aaee634e8 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/TestPositive.java @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import java.io.IOException; +import org.junit.jupiter.api.Test; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Message; +import org.xbill.DNS.Rcode; +import org.xbill.DNS.Record; +import org.xbill.DNS.Section; + +class TestPositive extends TestBase { + @Test + void testValidExising() throws IOException { + Message response = resolver.send(createMessage("www.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals(localhost, firstA(response)); + assertNull(getReason(response)); + } + + @Test + void testValidNonExising() throws IOException { + Message response = resolver.send(createMessage("ingotronic.ch./ANY")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertNull(getReason(response)); + } + + @Test + void testValidAnswerToDifferentQueryTypeIsBogus() throws IOException { + Message m = resolver.send(createMessage("www.ingotronic.ch./A")); + Message message = createMessage("www.ingotronic.ch./MX"); + for (int i = 1; i < Section.ADDITIONAL; i++) { + for (Record r : m.getSection(i)) { + message.addRecord(r, i); + } + } + + add("www.ingotronic.ch./A", message); + Message response = resolver.send(createMessage("www.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("validate.response.unknown:UNKNOWN", getReason(response)); + } + + @Test + void testCDonQueryDoesntDoAnything() throws IOException { + Message m = resolver.send(createMessage("www.ingotronic.ch./A")); + Message message = + messageFromString( + m.toString().replaceAll("(.*\\sRRSIG\\s+A\\s(\\d+\\s+){6}.*\\.)(.*)", "$1 YXNkZg==")); + add("www.ingotronic.ch./A", message); + + Message query = createMessage("www.ingotronic.ch./A"); + query.getHeader().setFlag(Flags.CD); + Message response = resolver.send(query); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertNull(getReason(response)); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/TestPriming.java b/src/test/java/org/xbill/DNS/dnssec/TestPriming.java new file mode 100644 index 000000000..7f423083f --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/TestPriming.java @@ -0,0 +1,244 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.mockito.Mockito.spy; +import static org.mockito.Mockito.when; + +import java.io.IOException; +import java.security.MessageDigestSpi; +import java.security.Provider; +import java.security.Security; +import org.junit.jupiter.api.Test; +import org.xbill.DNS.DClass; +import org.xbill.DNS.DNSKEYRecord; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Message; +import org.xbill.DNS.Name; +import org.xbill.DNS.RRset; +import org.xbill.DNS.Rcode; +import org.xbill.DNS.Record; +import org.xbill.DNS.Section; +import org.xbill.DNS.Type; + +class TestPriming extends TestBase { + @Test + void testDnskeyPrimeResponseWithEmptyAnswerIsBad() throws IOException { + Message message = new Message(); + message.addRecord(Record.newRecord(Name.root, Type.DNSKEY, DClass.IN), Section.QUESTION); + add("./DNSKEY", message); + + Message response = resolver.send(createMessage("www.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("validate.bogus.badkey:.:dnskey.no_rrset:.", getReason(response)); + } + + @Test + void testRootDnskeyPrimeResponseWithNxDomainIsBad() throws IOException { + Message message = new Message(); + message.addRecord(Record.newRecord(Name.root, Type.DNSKEY, DClass.IN), Section.QUESTION); + message.getHeader().setRcode(Rcode.NXDOMAIN); + add("./DNSKEY", message); + + Message response = resolver.send(createMessage("www.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("validate.bogus.badkey:.:dnskey.no_rrset:.", getReason(response)); + } + + @Test + void testDnskeyPrimeResponseWithInvalidSignatureIsBad() + throws IOException, NumberFormatException { + Message m = resolver.send(createMessage("./DNSKEY")); + Message message = + messageFromString( + m.toString() + .replaceAll("(.*\\sRRSIG\\sDNSKEY\\s(\\d+\\s+){6}.*\\.)(.*)", "$1 YXNkZg==")); + add("./DNSKEY", message); + + Message response = resolver.send(createMessage("www.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("validate.bogus.badkey:.:dnskey.no_ds_match", getReason(response)); + } + + @Test + @PrepareMocks("prepareTestDnskeyPrimeResponseWithMismatchedFootprintIsBad") + void testDnskeyPrimeResponseWithMismatchedFootprintIsBad() throws Exception { + try { + Message response = resolver.send(createMessage("www.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("validate.bogus.badkey:.:dnskey.no_ds_match", getReason(response)); + } finally { + Type.register(Type.DNSKEY, Type.string(Type.DNSKEY), () -> spy(DNSKEYRecord.class)); + } + } + + void prepareTestDnskeyPrimeResponseWithMismatchedFootprintIsBad() { + Type.register( + Type.DNSKEY, + Type.string(Type.DNSKEY), + () -> { + DNSKEYRecord minus1FootprintDnskey = spy(DNSKEYRecord.class); + when(minus1FootprintDnskey.getFootprint()).thenReturn(-1); + return minus1FootprintDnskey; + }); + } + + @Test + @PrepareMocks("prepareTestDnskeyPrimeResponseWithMismatchedAlgorithmIsBad") + void testDnskeyPrimeResponseWithMismatchedAlgorithmIsBad() throws Exception { + try { + Message response = resolver.send(createMessage("www.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("validate.bogus.badkey:.:dnskey.no_ds_match", getReason(response)); + } finally { + Type.register(Type.DNSKEY, Type.string(Type.DNSKEY), () -> spy(DNSKEYRecord.class)); + } + } + + void prepareTestDnskeyPrimeResponseWithMismatchedAlgorithmIsBad() { + Type.register( + Type.DNSKEY, + Type.string(Type.DNSKEY), + () -> { + DNSKEYRecord minus1AlgorithmDnskey = spy(DNSKEYRecord.class); + when(minus1AlgorithmDnskey.getAlgorithm()).thenReturn(-1); + return minus1AlgorithmDnskey; + }); + } + + static class FakeShaProvider extends Provider { + protected FakeShaProvider() { + super("FakeShaProvider", 1, "FakeShaProvider"); + put("MessageDigest.SHA", FakeSha.class.getName()); + put("MessageDigest.SHA-256", FakeSha.class.getName()); + } + + public static class FakeSha extends MessageDigestSpi { + @Override + protected void engineUpdate(byte input) {} + + @Override + protected void engineUpdate(byte[] input, int offset, int len) {} + + @Override + protected byte[] engineDigest() { + return new byte[] {1, 2, 3}; + } + + @Override + protected void engineReset() {} + } + } + + @Test + void testDnskeyPrimeResponseWithWeirdHashIsBad() throws Exception { + Provider p = new FakeShaProvider(); + try { + Security.insertProviderAt(p, 1); + Message response = resolver.send(createMessage("www.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("validate.bogus.badkey:.:dnskey.no_ds_match", getReason(response)); + } finally { + Security.removeProvider(p.getName()); + } + } + + @Test + void testDsPrimeResponseWithEmptyAnswerIsBad() throws IOException { + Message message = new Message(); + message.addRecord( + Record.newRecord(Name.fromString("ch."), Type.DS, DClass.IN), Section.QUESTION); + add("ch./DS", message); + + Message response = resolver.send(createMessage("www.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("validate.bogus.badkey:ch.:failed.ds.nonsec:ch.", getReason(response)); + } + + @Test + void testDsPrimeResponseWithNxDomainForTld() throws IOException { + Message message = new Message(); + message.addRecord( + Record.newRecord(Name.fromString("ch."), Type.DS, DClass.IN), Section.QUESTION); + message.getHeader().setRcode(Rcode.NXDOMAIN); + add("ch./DS", message); + + Message response = resolver.send(createMessage("www.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("validate.bogus.badkey:ch.:failed.ds.nonsec:ch.", getReason(response)); + } + + @Test + void testDsNoDataWhenNsecIsFromChildApex() throws IOException { + Message nsec = resolver.send(createMessage("1.sub.ingotronic.ch./NSEC")); + Record delegationNsec = null; + Record delegationNsecSig = null; + for (RRset set : nsec.getSectionRRsets(Section.AUTHORITY)) { + if (set.getName().toString().startsWith("sub.ingotronic.ch") && set.getType() == Type.NSEC) { + delegationNsec = set.first(); + delegationNsecSig = set.sigs().get(0); + break; + } + } + + Message m = createMessage("sub.ingotronic.ch./DS"); + m.getHeader().setRcode(Rcode.NOERROR); + m.addRecord(delegationNsec, Section.AUTHORITY); + m.addRecord(delegationNsecSig, Section.AUTHORITY); + add("sub.ingotronic.ch./DS", m); + + Message response = resolver.send(createMessage("sub.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("validate.bogus.badkey:sub.ingotronic.ch.:failed.ds.nsec", getReason(response)); + } + + @Test + void testDsNoDataWhenNsecOnEntIsBad() throws IOException { + Message m = resolver.send(createMessage("e.ingotronic.ch./DS")); + Message message = + messageFromString( + m.toString().replaceAll("(.*\\sRRSIG\\sNSEC\\s(\\d+\\s+){6}.*\\.)(.*)", "$1 YXNkZg==")); + add("e.ingotronic.ch./DS", message); + + Message response = resolver.send(createMessage("a.e.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("validate.bogus:failed.ds.nsec.ent", getReason(response)); + } + + @Test + void testDsNoDataWhenOnInsecureDelegationWithWrongNsec() throws IOException { + Message nsec = resolver.send(createMessage("alias.ingotronic.ch./NSEC")); + Record delegationNsec = null; + Record delegationNsecSig = null; + for (RRset set : nsec.getSectionRRsets(Section.ANSWER)) { + if (set.getName().toString().startsWith("alias.ingotronic.ch") + && set.getType() == Type.NSEC) { + delegationNsec = set.first(); + delegationNsecSig = set.sigs().get(0); + break; + } + } + + Message m = createMessage("unsigned.ingotronic.ch./DS"); + m.getHeader().setRcode(Rcode.NOERROR); + m.addRecord(delegationNsec, Section.AUTHORITY); + m.addRecord(delegationNsecSig, Section.AUTHORITY); + add("unsigned.ingotronic.ch./DS", m); + + Message response = resolver.send(createMessage("www.unsigned.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("validate.bogus:failed.ds.unknown", getReason(response)); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/TestRRsig.java b/src/test/java/org/xbill/DNS/dnssec/TestRRsig.java new file mode 100644 index 000000000..3556f02d9 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/TestRRsig.java @@ -0,0 +1,36 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; + +import java.io.IOException; +import org.junit.jupiter.api.Test; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Message; +import org.xbill.DNS.Rcode; + +class TestRRsig extends TestBase { + @Test + void testRRsigNodata() throws IOException { + Message message = createMessage("www.ingotronic.ch./RRSIG"); + add("www.ingotronic.ch./RRSIG", message); + + Message response = resolver.send(createMessage("www.ingotronic.ch./RRSIG")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nodata", getReason(response)); + } + + @Test + void testRRsigServfail() throws IOException { + Message message = createMessage("www.ingotronic.ch./RRSIG"); + message.getHeader().setRcode(Rcode.SERVFAIL); + add("www.ingotronic.ch./RRSIG", message); + + Message response = resolver.send(createMessage("www.ingotronic.ch./RRSIG")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nodata", getReason(response)); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/TestSMessage.java b/src/test/java/org/xbill/DNS/dnssec/TestSMessage.java new file mode 100644 index 000000000..fb07860e8 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/TestSMessage.java @@ -0,0 +1,144 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertThrows; + +import java.net.InetAddress; +import java.net.UnknownHostException; +import java.util.List; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.ValueSource; +import org.xbill.DNS.AAAARecord; +import org.xbill.DNS.ARecord; +import org.xbill.DNS.DClass; +import org.xbill.DNS.Message; +import org.xbill.DNS.Name; +import org.xbill.DNS.Record; +import org.xbill.DNS.Section; +import org.xbill.DNS.TextParseException; +import org.xbill.DNS.Type; + +class TestSMessage { + @Test + void testGetUndefinedSectionBelow() { + SMessage m = new SMessage(0, null); + assertThrows(IllegalArgumentException.class, () -> m.getSectionRRsets(-1)); + } + + @ParameterizedTest + @ValueSource(ints = {0, 4, 100}) + void testGetUndefinedSection(int section) { + SMessage m = new SMessage(0, null); + assertThrows(IllegalArgumentException.class, () -> m.getSectionRRsets(section)); + } + + @Test() + void testGetEmptySection() { + SMessage m = new SMessage(0, null); + List sets = m.getSectionRRsets(Section.ANSWER); + assertEquals(0, sets.size()); + } + + @Test() + void testGetEmptySectionByType() { + SMessage m = new SMessage(0, null); + List sets = m.getSectionRRsets(Section.ANSWER, Type.A); + assertEquals(0, sets.size()); + } + + @Test() + void testGetSectionByType() throws UnknownHostException { + Message m = new Message(); + Record r1 = + new ARecord(Name.root, DClass.IN, 0, InetAddress.getByAddress(new byte[] {0, 0, 0, 0})); + m.addRecord(r1, Section.ANSWER); + Record r2 = + new AAAARecord( + Name.root, + DClass.IN, + 0, + InetAddress.getByAddress(new byte[] {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1})); + m.addRecord(r2, Section.ANSWER); + SMessage sm = new SMessage(m); + List result = sm.getSectionRRsets(Section.ANSWER, Type.A); + assertEquals(1, result.size()); + assertEquals(Type.A, result.get(0).getType()); + } + + @Test() + void testRecordCountForQuestionIsOne() { + SMessage m = new SMessage(0, null); + int count = m.getCount(Section.QUESTION); + assertEquals(1, count); + } + + @Test() + void testRecordCountForEmptySectionIsZero() { + SMessage m = new SMessage(0, null); + int count = m.getCount(Section.ADDITIONAL); + assertEquals(0, count); + } + + @Test() + void testRecordCountForIsValid() throws UnknownHostException { + Message m = new Message(); + m.addRecord( + new ARecord(Name.root, DClass.IN, 0, InetAddress.getByAddress(new byte[] {0, 0, 0, 0})), + Section.ANSWER); + SMessage sm = new SMessage(m); + int count = sm.getCount(Section.ANSWER); + assertEquals(1, count); + } + + @Test() + void testAnswerSectionSearchFound() throws UnknownHostException { + Message m = new Message(); + Record r = + new ARecord(Name.root, DClass.IN, 0, InetAddress.getByAddress(new byte[] {0, 0, 0, 0})); + m.addRecord(r, Section.ANSWER); + SMessage sm = new SMessage(m); + SRRset result = sm.findAnswerRRset(Name.root, Type.A, DClass.IN); + assertEquals(r, result.first()); + } + + @Test() + void testAnswerSectionSearchNotFoundDifferentClass() throws UnknownHostException { + Message m = new Message(); + Record r = + new ARecord(Name.root, DClass.IN, 0, InetAddress.getByAddress(new byte[] {0, 0, 0, 0})); + m.addRecord(r, Section.ANSWER); + SMessage sm = new SMessage(m); + SRRset result = sm.findAnswerRRset(Name.root, Type.A, DClass.CH); + assertNull(result); + } + + @Test() + void testAnswerSectionSearchNotFoundDifferentType() throws UnknownHostException { + Message m = new Message(); + Record r = + new ARecord(Name.root, DClass.IN, 0, InetAddress.getByAddress(new byte[] {0, 0, 0, 0})); + m.addRecord(r, Section.ANSWER); + SMessage sm = new SMessage(m); + SRRset result = sm.findAnswerRRset(Name.root, Type.MX, DClass.IN); + assertNull(result); + } + + @Test() + void testAnswerSectionSearchNotFoundDifferentName() + throws UnknownHostException, TextParseException { + Message m = new Message(); + Record r = + new ARecord( + Name.fromString("asdf."), + DClass.IN, + 0, + InetAddress.getByAddress(new byte[] {0, 0, 0, 0})); + m.addRecord(r, Section.ANSWER); + SMessage sm = new SMessage(m); + SRRset result = sm.findAnswerRRset(Name.root, Type.MX, DClass.IN); + assertNull(result); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/TestTrustAnchorLoading.java b/src/test/java/org/xbill/DNS/dnssec/TestTrustAnchorLoading.java new file mode 100644 index 000000000..cd51bb897 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/TestTrustAnchorLoading.java @@ -0,0 +1,135 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.OutputStreamWriter; +import java.util.Properties; +import org.junit.jupiter.api.Test; +import org.xbill.DNS.DClass; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Message; +import org.xbill.DNS.Name; +import org.xbill.DNS.RRset; +import org.xbill.DNS.Rcode; +import org.xbill.DNS.Record; +import org.xbill.DNS.Section; +import org.xbill.DNS.Type; + +class TestTrustAnchorLoading extends TestBase { + @Test + void testLoadRootTrustAnchors() throws IOException { + assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.IN)); + assertNull(resolver.getTrustAnchors().find(Name.root, DClass.CH)); + } + + @Test + void testLoadRootTrustAnchorsFromFile() throws IOException { + resolver.getTrustAnchors().clear(); + Properties config = new Properties(); + config.put("dnsjava.dnssec.trust_anchor_file", "./src/test/resources/trust_anchors"); + resolver.init(config); + assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.IN)); + } + + @Test + void testInitializingWithEmptyConfigDoesNotFail() throws IOException { + resolver.getTrustAnchors().clear(); + Properties config = new Properties(); + resolver.init(config); + assertNull(resolver.getTrustAnchors().find(Name.root, DClass.IN)); + } + + @Test + void testInitializingWithNonExistingFileThrows() throws IOException { + resolver.getTrustAnchors().clear(); + Properties config = new Properties(); + config.put("dnsjava.dnssec.trust_anchor_file", "xyz"); + assertThrows(IOException.class, () -> resolver.init(config)); + } + + @Test + void testLoadRootTrustAnchorWithDNSKEY() throws IOException { + Message keys = resolver.send(createMessage("./DNSKEY")); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + OutputStreamWriter osw = new OutputStreamWriter(bos); + for (RRset set : keys.getSectionRRsets(Section.ANSWER)) { + if (set.getType() == Type.DNSKEY) { + for (Record r : set.rrs()) { + osw.write(r.toString()); + osw.write('\n'); + } + } + } + + osw.close(); + + resolver.getTrustAnchors().clear(); + resolver.loadTrustAnchors(new ByteArrayInputStream(bos.toByteArray())); + assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.IN)); + + Message response = resolver.send(createMessage("www.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertNull(getReason(response)); + } + + @Test + void testLoadRootTrustAnchorWithInvalidDNSKEY() throws IOException { + resolver.getTrustAnchors().clear(); + resolver.loadTrustAnchors(getClass().getResourceAsStream("/trust_anchors_dnskey_invalid")); + assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.IN)); + + Message response = resolver.send(createMessage("www.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("validate.bogus.badkey:.:dnskey.no_ds_match", getReason(response)); + } + + @Test + void testLoadRootTrustAnchorWithInvalidDS() throws IOException { + resolver.getTrustAnchors().clear(); + resolver.loadTrustAnchors(getClass().getResourceAsStream("/trust_anchors_invalid")); + assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.IN)); + + Message response = resolver.send(createMessage("www.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("validate.bogus.badkey:.:dnskey.no_ds_match", getReason(response)); + } + + @Test + void testLoadRootTrustAnchorsAlongWithGarbage() throws IOException { + resolver.getTrustAnchors().clear(); + resolver.loadTrustAnchors(getClass().getResourceAsStream("/trust_anchors_test")); + assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.IN)); + assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.CH)); + } + + @Test + void testLoadEmptyTrustAnchors() throws IOException { + resolver.getTrustAnchors().clear(); + resolver.loadTrustAnchors(getClass().getResourceAsStream("/trust_anchors_empty")); + assertNull(resolver.getTrustAnchors().find(Name.root, DClass.IN)); + } + + @Test + void testInsecureWithEmptyTrustAnchor() throws IOException { + resolver.getTrustAnchors().clear(); + resolver.loadTrustAnchors(getClass().getResourceAsStream("/trust_anchors_empty")); + assertNull(resolver.getTrustAnchors().find(Name.root, DClass.IN)); + + Message response = resolver.send(createMessage("www.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals("validate.insecure", getReason(response)); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/TestUnsigned.java b/src/test/java/org/xbill/DNS/dnssec/TestUnsigned.java new file mode 100644 index 000000000..47894b7ab --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/TestUnsigned.java @@ -0,0 +1,47 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; + +import java.io.IOException; +import org.junit.jupiter.api.Test; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Message; +import org.xbill.DNS.Rcode; + +class TestUnsigned extends TestBase { + @Test + void testUnsignedBelowSignedZoneBind() throws IOException { + Message response = resolver.send(createMessage("www.unsigned.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals(localhost, firstA(response)); + assertEquals("insecure.ds.nsec", getReason(response)); + } + + @Test + void testUnsignedBelowSignedTldNsec3NoOptOut() throws IOException { + Message response = resolver.send(createMessage("20min.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals("insecure.ds.nsec3", getReason(response)); + } + + @Test + void testUnsignedBelowSignedTldNsec3OptOut() throws IOException { + Message response = resolver.send(createMessage("yahoo.com./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals("insecure.ds.nsec3", getReason(response)); + } + + @Test + void testUnsignedBelowUnsignedZone() throws IOException { + Message response = resolver.send(createMessage("www.sub.unsigned.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals(localhost, firstA(response)); + assertEquals("insecure.ds.nsec", getReason(response)); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/TestWildcard.java b/src/test/java/org/xbill/DNS/dnssec/TestWildcard.java new file mode 100644 index 000000000..fa42b4d22 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/TestWildcard.java @@ -0,0 +1,168 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import java.io.IOException; +import java.net.InetAddress; +import org.junit.jupiter.api.Test; +import org.xbill.DNS.ARecord; +import org.xbill.DNS.DClass; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Message; +import org.xbill.DNS.Name; +import org.xbill.DNS.Rcode; +import org.xbill.DNS.Record; +import org.xbill.DNS.Section; +import org.xbill.DNS.Type; + +class TestWildcard extends TestBase { + @Test + void testNameNotExpandedFromWildcardWhenNonWildcardExists() throws IOException { + // create a faked response: the original query/response was for + // b.d.ingotronic.ch. and is changed to a.d.ingotronic.ch. + Message m = resolver.send(createMessage("b.d.ingotronic.ch./A")); + add( + "a.d.ingotronic.ch./A", + messageFromString(m.toString().replace("b.d.ingotronic.ch.", "a.d.ingotronic.ch."))); + + // a.d.ingotronic.ch./A exists, but the response is faked from *.d.ingotronic.ch. which must be + // detected by the NSEC proof + Message response = resolver.send(createMessage("a.d.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD)); + assertEquals(Rcode.SERVFAIL, response.getHeader().getRcode()); + assertEquals("failed.positive.wildcard_too_broad", getReason(response)); + } + + @Test + void testNameNotExpandedFromWildcardWhenNonWildcardExistsNsec3() throws IOException { + // create a faked response: the original query/response was for + // b.d.nsec3.ingotronic.ch. and is changed to a.d.nsec3.ingotronic.ch. + Message m = resolver.send(createMessage("b.d.nsec3.ingotronic.ch./A")); + add( + "a.d.nsec3.ingotronic.ch./A", + messageFromString( + m.toString().replace("b.d.nsec3.ingotronic.ch.", "a.d.nsec3.ingotronic.ch."))); + + // a.d.nsec3.ingotronic.ch./A exists, but the response is faked from + // *.d.nsec3.ingotronic.ch. which must be detected by the NSEC proof + Message response = resolver.send(createMessage("a.d.nsec3.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD)); + assertEquals(Rcode.SERVFAIL, response.getHeader().getRcode()); + assertEquals("failed.positive.wildcard_too_broad", getReason(response)); + } + + @AlwaysOffline + @Test + void testLabelCountInSignaturesNotAllSame() throws IOException { + Message response = resolver.send(createMessage("b.d.nsec3.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD)); + assertEquals(Rcode.SERVFAIL, response.getHeader().getRcode()); + assertEquals( + "failed.wildcard.label_count_mismatch:b.d.nsec3.ingotronic.ch.", getReason(response)); + } + + @Test + void testSynthesisUsesCorrectWildcard() throws IOException { + Message m = resolver.send(createMessage("a.wc.ingotronic.ch./A")); + Message message = + messageFromString( + m.toString().replaceAll("a\\.wc\\.ingotronic.ch\\.", "\1.sub.wc.ingotronic.ch.")); + add(Name.fromString("\1.sub.wc.ingotronic.ch.").toString() + "/A", message); + + Message response = resolver.send(createMessage("\1.sub.wc.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.positive.wildcard_too_broad", getReason(response)); + } + + @Test + void testPositiveWithInvalidNsecSignature() throws IOException { + Message m = resolver.send(createMessage("a.c.ingotronic.ch./A")); + Message message = + messageFromString( + m.toString().replaceAll("(.*\\sRRSIG\\sNSEC\\s(\\d+\\s+){6}.*\\.)(.*)", "$1 YXNkZg==")); + add("a.c.ingotronic.ch./A", message); + + Message response = resolver.send(createMessage("a.c.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertTrue(getReason(response).startsWith("failed.authority.positive")); + } + + @Test + void testNodataWilcardWithoutCe() throws IOException { + // strip the closest encloser NSEC + Message m = resolver.send(createMessage("\1.c.ingotronic.ch./MX")); + Message message = messageFromString(m.toString().replaceAll("a\\.b\\.ingotronic\\.ch.*", "")); + add(Name.fromString("\1.c.ingotronic.ch./MX").toString(), message); + + Message response = resolver.send(createMessage("\1.c.ingotronic.ch./MX")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nodata", getReason(response)); + } + + @Test + void testSynthesisUsesCorrectWildcardNodata() throws IOException { + Message m = resolver.send(createMessage("a.wc.ingotronic.ch./MX")); + Message message = + messageFromString( + m.toString().replaceAll("a\\.wc\\.ingotronic.ch\\.", "\1.sub.wc.ingotronic.ch.")); + add(Name.fromString("\1.sub.wc.ingotronic.ch.").toString() + "/MX", message); + + Message response = resolver.send(createMessage("\1.sub.wc.ingotronic.ch./MX")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nodata", getReason(response)); + } + + @Test + void testSynthesisUsesCorrectWildcardNodataNsec3() throws IOException { + Message m = resolver.send(createMessage("a.wc.nsec3.ingotronic.ch./MX")); + Message message = + messageFromString( + m.toString() + .replaceAll("a\\.wc\\.nsec3.ingotronic.ch\\.", "\1.sub.wc.nsec3.ingotronic.ch.")); + add(Name.fromString("\1.sub.wc.nsec3.ingotronic.ch.").toString() + "/MX", message); + + Message response = resolver.send(createMessage("\1.sub.wc.nsec3.ingotronic.ch./MX")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nodata", getReason(response)); + } + + @Test + void testDsNodataFromWildcardNsecChild() throws IOException { + Message m = + Message.newQuery( + Record.newRecord(Name.fromString("www.x.c.ingotronic.ch."), Type.A, DClass.IN)); + m.addRecord( + new ARecord( + Name.fromString("www.x.c.ingotronic.ch."), DClass.IN, 300, InetAddress.getLocalHost()), + Section.ANSWER); + add("www.x.c.ingotronic.ch./A", m); + + Message response = resolver.send(createMessage("www.x.c.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + } + + @Test + void testDsNodataFromWildcardNsecCovered() throws IOException { + Message m = + Message.newQuery( + Record.newRecord(Name.fromString("www.x.ce.ingotronic.ch."), Type.A, DClass.IN)); + m.addRecord( + new ARecord( + Name.fromString("www.x.ce.ingotronic.ch."), DClass.IN, 300, InetAddress.getLocalHost()), + Section.ANSWER); + add("www.x.ce.ingotronic.ch./A", m); + + Message response = resolver.send(createMessage("www.x.ce.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/unbound/rpl/Check.java b/src/test/java/org/xbill/DNS/dnssec/unbound/rpl/Check.java new file mode 100644 index 000000000..b286bd0e0 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/unbound/rpl/Check.java @@ -0,0 +1,9 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec.unbound.rpl; + +import org.xbill.DNS.Message; + +class Check { + Message query; + Message response; +} diff --git a/src/test/java/org/xbill/DNS/dnssec/unbound/rpl/Rpl.java b/src/test/java/org/xbill/DNS/dnssec/unbound/rpl/Rpl.java new file mode 100644 index 000000000..026719c2b --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/unbound/rpl/Rpl.java @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec.unbound.rpl; + +import java.time.Instant; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; +import java.util.TreeMap; +import org.xbill.DNS.Message; +import org.xbill.DNS.dnssec.SRRset; + +class Rpl { + List trustAnchors = new ArrayList<>(1); + Instant date; + String scenario; + List replays; + Map checks; + TreeMap nsec3iterations; + String digestPreference; + boolean hardenAlgoDowngrade; + boolean enableSha1; + boolean enableDsa; + boolean loadBouncyCastle; +} diff --git a/src/test/java/org/xbill/DNS/dnssec/unbound/rpl/RplParser.java b/src/test/java/org/xbill/DNS/dnssec/unbound/rpl/RplParser.java new file mode 100644 index 000000000..e6cc18eb9 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/unbound/rpl/RplParser.java @@ -0,0 +1,277 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec.unbound.rpl; + +import java.io.BufferedReader; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.lang.reflect.Field; +import java.lang.reflect.Method; +import java.text.ParseException; +import java.time.LocalDateTime; +import java.time.ZoneId; +import java.time.ZoneOffset; +import java.time.format.DateTimeFormatter; +import java.time.format.DateTimeFormatterBuilder; +import java.util.ArrayList; +import java.util.LinkedList; +import java.util.List; +import java.util.TreeMap; +import org.xbill.DNS.DClass; +import org.xbill.DNS.DNSSEC; +import org.xbill.DNS.DNSSEC.Algorithm; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Master; +import org.xbill.DNS.Message; +import org.xbill.DNS.Name; +import org.xbill.DNS.RRSIGRecord; +import org.xbill.DNS.Rcode; +import org.xbill.DNS.Record; +import org.xbill.DNS.Section; +import org.xbill.DNS.TextParseException; +import org.xbill.DNS.Type; +import org.xbill.DNS.dnssec.SRRset; +import org.xbill.DNS.dnssec.SecurityStatus; + +/** Parser for the RPL unit-test files of unbound. */ +class RplParser { + private final InputStream data; + private final List algoStrings = new ArrayList<>(); + + private enum ParseState { + Zero, + Server, + ENTRY_BEGIN, + STEP_QUERY, + STEP_CHECK_ANSWER + } + + RplParser(InputStream data) { + this.data = data; + for (Field f : Algorithm.class.getFields()) { + this.algoStrings.add(f.getName()); + } + } + + Rpl parse() throws ParseException, IOException { + BufferedReader r = new BufferedReader(new InputStreamReader(data)); + String line; + ParseState state = ParseState.Zero; + Rpl rpl = new Rpl(); + Message m = null; + int section = -1; + int step = -1; + Check check = null; + + while ((line = r.readLine()) != null) { + // comment or empty + if (line.equals("") || line.startsWith(";")) { + continue; + } + + switch (state) { + case Zero: + if (line.startsWith("server:")) { + state = ParseState.Server; + } else if (line.startsWith("SCENARIO_BEGIN")) { + rpl.scenario = line.substring(line.indexOf(" ")); + rpl.replays = new LinkedList<>(); + rpl.checks = new TreeMap<>(); + } else if (line.startsWith("ENTRY_BEGIN")) { + state = ParseState.ENTRY_BEGIN; + m = new Message(); + } else if (line.startsWith("STEP")) { + String[] data = line.split("\\s"); + step = Integer.parseInt(data[1]); + m = new Message(); + r.readLine(); + if (data[2].equals("QUERY")) { + state = ParseState.STEP_QUERY; + check = new Check(); + } else if (data[2].equals("CHECK_ANSWER")) { + state = ParseState.STEP_CHECK_ANSWER; + } + } + + break; + + case Server: + if (line.matches("\\s*trust-anchor:.*")) { + SRRset rrset = new SRRset(); + rrset.setSecurityStatus(SecurityStatus.SECURE); + rrset.addRR(parseRecord(line.substring(line.indexOf("\"") + 1, line.length() - 1))); + rpl.trustAnchors.add(rrset); + } else if (line.matches("\\s*val-override-date:.*")) { + String date = line.substring(line.indexOf("\"") + 1, line.length() - 1); + DateTimeFormatter formatter = + new DateTimeFormatterBuilder() + .appendPattern("yyyyMMddHHmmss") + .toFormatter() + .withZone(ZoneId.of("UTC")); + rpl.date = LocalDateTime.parse(date, formatter).toInstant(ZoneOffset.UTC); + } else if (line.matches("\\s*val-nsec3-keysize-iterations:.*")) { + String[] data = line.substring(line.indexOf("\"") + 1, line.length() - 1).split("\\s"); + if (data.length % 2 != 0) { + throw new ParseException("val-nsec3-keysize-iterations invalid", 0); + } + + rpl.nsec3iterations = new TreeMap<>(); + for (int i = 0; i < data.length; i += 2) { + rpl.nsec3iterations.put(Integer.parseInt(data[i]), Integer.parseInt(data[i + 1])); + } + } else if (line.matches("\\s*val-digest-preference:.*")) { + rpl.digestPreference = line.substring(line.indexOf("\"") + 1, line.length() - 1); + } else if (line.matches("\\s*harden-algo-downgrade:.*")) { + rpl.hardenAlgoDowngrade = !"no".equalsIgnoreCase(line.split(":")[1].trim()); + } else if (line.matches("\\s*fake-sha1:.*")) { + rpl.enableSha1 = "yes".equalsIgnoreCase(line.split(":")[1].trim()); + } else if (line.matches("\\s*fake-dsa:.*")) { + rpl.enableDsa = "yes".equalsIgnoreCase(line.split(":")[1].trim()); + } else if (line.matches("\\s*bouncycastle:.*")) { + rpl.loadBouncyCastle = "yes".equalsIgnoreCase(line.split(":")[1].trim()); + } else if (line.startsWith("CONFIG_END")) { + state = ParseState.Zero; + } + + break; + + case ENTRY_BEGIN: + case STEP_CHECK_ANSWER: + case STEP_QUERY: + if (line.startsWith("MATCH") || line.startsWith("ADJUST")) { + // ignore + } else if (line.startsWith("REPLY")) { + String[] flags = line.split("\\s"); + if (state != ParseState.STEP_QUERY) { + m.getHeader().setRcode(Rcode.value(flags[flags.length - 1])); + } + + for (int i = 1; i < flags.length - (state == ParseState.STEP_QUERY ? 0 : 1); i++) { + if (flags[i].equals("DO")) { + // set on the resolver, not on the message + } else { + int flag = Flags.value(flags[i]); + if (flag > -1) { + m.getHeader().setFlag(flag); + } else { + throw new ParseException(flags[i] + ": not a Flag", i); + } + } + } + } else if (line.startsWith("SECTION QUESTION")) { + section = Section.QUESTION; + } else if (line.startsWith("SECTION ANSWER")) { + section = Section.ANSWER; + } else if (line.startsWith("SECTION AUTHORITY")) { + section = Section.AUTHORITY; + } else if (line.startsWith("SECTION ADDITIONAL")) { + section = Section.ADDITIONAL; + } else if (line.startsWith("ENTRY_END")) { + if (state == ParseState.ENTRY_BEGIN) { + rpl.replays.add(m); + } else if (state == ParseState.STEP_CHECK_ANSWER) { + check.response = m; + rpl.checks.put(step, check); + check = null; + } else if (state == ParseState.STEP_QUERY) { + check.query = m; + } + + m = null; + state = ParseState.Zero; + } else { + Record rec; + if (section == Section.QUESTION) { + rec = parseQuestion(line); + } else { + rec = parseRecord(line); + } + + m.addRecord(rec, section); + } + + break; + } + } + + return rpl; + } + + private Record parseRecord(String line) throws IOException { + try { + Master ma = new Master(new ByteArrayInputStream(line.getBytes()), Name.root, 3600); + Record r = ma.nextRecord(); + if (r.getType() == Type.RRSIG) { + RRSIGRecord rr = (RRSIGRecord) r; + // unbound directly uses the DER format for DSA signatures + // instead of the format specified in rfc2536#section-3 + if (rr.getAlgorithm() == Algorithm.DSA && rr.getSignature().length > 41) { + Method dsaSignatureToDNS = + DNSSEC.class.getDeclaredMethod( + "dsaSignatureToDNS", byte[].class, int.class, int.class); + dsaSignatureToDNS.setAccessible(true); + byte[] signature = (byte[]) dsaSignatureToDNS.invoke(null, rr.getSignature(), 20, 0); + RRSIGRecord fixed = + new RRSIGRecord( + rr.getName(), + rr.getDClass(), + rr.getTTL(), + rr.getTypeCovered(), + rr.getAlgorithm(), + rr.getOrigTTL(), + rr.getExpire(), + rr.getTimeSigned(), + rr.getFootprint(), + rr.getSigner(), + signature); + Field f = getField(RRSIGRecord.class, "labels"); + f.setAccessible(true); + f.set(fixed, rr.getLabels()); + r = fixed; + } + } + + return r; + } catch (Exception ex) { + if (ex.getMessage() != null && ex.getMessage().contains("expected an integer")) { + String[] data = line.split("\\s"); + StringBuilder sb = new StringBuilder(); + for (int i = 0; i < data.length; i++) { + if (this.algoStrings.contains(data[i])) { + sb.append(Algorithm.value(data[i])); + } else { + sb.append(data[i]); + } + sb.append(' '); + } + + return parseRecord(sb.toString()); + } else { + throw new IOException(line, ex); + } + } + } + + private static Field getField(Class clazz, String fieldName) throws NoSuchFieldException { + try { + return clazz.getDeclaredField(fieldName); + } catch (NoSuchFieldException e) { + Class superClass = clazz.getSuperclass(); + if (superClass == null) { + throw e; + } else { + return getField(superClass, fieldName); + } + } + } + + private Record parseQuestion(String line) throws TextParseException { + String[] temp = line.replaceAll("\\s+", " ").split(" "); + if (Type.value(temp[2]) == -1) { + System.out.println(temp[2]); + } + + return Record.newRecord(Name.fromString(temp[0]), Type.value(temp[2]), DClass.value(temp[1])); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/unbound/rpl/UnboundTests.java b/src/test/java/org/xbill/DNS/dnssec/unbound/rpl/UnboundTests.java new file mode 100644 index 000000000..9ad6cf6b2 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/unbound/rpl/UnboundTests.java @@ -0,0 +1,1030 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec.unbound.rpl; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.mockito.Mockito.when; + +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.security.Security; +import java.text.ParseException; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Properties; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.api.Test; +import org.xbill.DNS.CNAMERecord; +import org.xbill.DNS.DNAMERecord; +import org.xbill.DNS.DNSSEC; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Message; +import org.xbill.DNS.Name; +import org.xbill.DNS.RRSIGRecord; +import org.xbill.DNS.RRset; +import org.xbill.DNS.Rcode; +import org.xbill.DNS.Record; +import org.xbill.DNS.Section; +import org.xbill.DNS.Type; +import org.xbill.DNS.dnssec.SRRset; +import org.xbill.DNS.dnssec.TestBase; +import org.xbill.DNS.dnssec.validator.ValUtils; + +class UnboundTests extends TestBase { + void runUnboundTest() throws ParseException, IOException { + InputStream data = getClass().getResourceAsStream("/unbound/" + testName + ".rpl"); + RplParser p = new RplParser(data); + Rpl rpl = p.parse(); + Properties config = new Properties(); + if (rpl.nsec3iterations != null) { + for (Entry e : rpl.nsec3iterations.entrySet()) { + config.put("dnsjava.dnssec.nsec3.iterations." + e.getKey(), e.getValue()); + } + } + + if (rpl.digestPreference != null) { + config.put(ValUtils.DIGEST_PREFERENCE, rpl.digestPreference); + } + + config.put(ValUtils.DIGEST_HARDEN_DOWNGRADE, Boolean.toString(rpl.hardenAlgoDowngrade)); + + if (rpl.enableSha1) { + config.put(ValUtils.DIGEST_ENABLED + "." + DNSSEC.Digest.SHA1, Boolean.TRUE.toString()); + } + + if (rpl.enableDsa || rpl.enableSha1) { + config.put(ValUtils.ALGORITHM_ENABLED + "." + DNSSEC.Algorithm.DSA, Boolean.TRUE.toString()); + config.put( + ValUtils.ALGORITHM_ENABLED + "." + DNSSEC.Algorithm.DSA_NSEC3_SHA1, + Boolean.TRUE.toString()); + } + + if (rpl.loadBouncyCastle) { + Security.addProvider(new BouncyCastleProvider()); + } + + for (Message m : rpl.replays) { + add(m); + } + + // merge xNAME queries into one + List copy = new ArrayList<>(rpl.replays.size()); + copy.addAll(rpl.replays); + List copiedTargets = new ArrayList<>(5); + for (Message m : copy) { + Name target = null; + for (RRset s : m.getSectionRRsets(Section.ANSWER)) { + if (s.getType() == Type.CNAME) { + target = ((CNAMERecord) s.first()).getTarget(); + } else if (s.getType() == Type.DNAME) { + target = ((DNAMERecord) s.first()).getTarget(); + } + + while (target != null) { + Message a = get(target, m.getQuestion().getType()); + if (a == null) { + a = get(target, Type.CNAME); + } + + if (a == null) { + a = get(target, Type.DNAME); + } + + if (a != null) { + target = add(m, a); + if (copiedTargets.contains(target)) { + break; + } + + copiedTargets.add(target); + rpl.replays.remove(a); + } else { + target = null; + } + } + } + } + + // promote any DS records in auth. sections to real queries + copy = new ArrayList<>(rpl.replays.size()); + copy.addAll(rpl.replays); + for (Message m : copy) { + for (RRset s : m.getSectionRRsets(Section.AUTHORITY)) { + if (s.getType() == Type.DS) { + Message ds = new Message(); + ds.addRecord(Record.newRecord(s.getName(), s.getType(), s.getDClass()), Section.QUESTION); + for (Record rr : s.rrs()) { + ds.addRecord(rr, Section.ANSWER); + } + + for (RRSIGRecord sig : s.sigs()) { + ds.addRecord(sig, Section.ANSWER); + } + + rpl.replays.add(ds); + } + } + } + + clear(); + for (Message m : rpl.replays) { + add(m); + } + + if (rpl.date != null) { + try { + when(resolverClock.instant()).thenReturn(rpl.date); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + if (rpl.trustAnchors != null) { + resolver.getTrustAnchors().clear(); + for (SRRset rrset : rpl.trustAnchors) { + resolver.getTrustAnchors().store(rrset); + } + } + + resolver.init(config); + + for (Check c : rpl.checks.values()) { + Message s = resolver.send(c.query); + Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME); + assertEquals( + c.response.getHeader().getFlag(Flags.AD), + s.getHeader().getFlag(Flags.AD), + "AD Flag must match"); + assertEquals( + Rcode.string(c.response.getRcode()), Rcode.string(s.getRcode()), "RCode must match"); + } + } + + private Name add(Message target, Message source) { + Name next = null; + target.getHeader().setRcode(source.getRcode()); + for (Record r : source.getSection(Section.ANSWER)) { + target.addRecord(r, Section.ANSWER); + if (r.getType() == Type.CNAME) { + next = ((CNAMERecord) r).getTarget(); + } else if (r.getType() == Type.DNAME) { + next = ((DNAMERecord) r).getTarget(); + } + } + + for (Record r : source.getSection(Section.AUTHORITY)) { + if (r.getType() != Type.NS) { + target.addRecord(r, Section.AUTHORITY); + } + } + + return next; + } + + static void xmain(String[] xargs) { + Map ignored = + new HashMap() { + { + put("val_faildnskey_ok.rpl", "tests an unbound specific config option"); + put("val_nsec3_nods_negcache.rpl", "we don't do negative caching"); + put("val_unsecds_negcache.rpl", "we don't do negative caching"); + put("val_negcache_dssoa.rpl", "we don't do negative caching"); + put("val_negcache_nodata.rpl", "aggressive NSEC is not supported"); + put("val_negcache_nxdomain.rpl", "aggressive NSEC is not supported"); + put("val_nsec3_b3_optout_negcache.rpl", "we don't do negative caching"); + put("val_dsnsec.rpl", "we don't do negative caching"); + put("val_refer_unsignadd.rpl", "we don't do negative caching"); + put("val_referglue.rpl", "we don't do negative caching"); + put( + "val_noadwhennodo.rpl", + "irrelevant - if we wouldn't want AD, we wouldn't be using this stuff"); + put("val_fwdds.rpl", "irrelevant, we're not a recursive resolver"); + put("val_referd.rpl", "NSEC records missing for validation, tests caching stuff"); + put("val_stubds.rpl", "tests unbound specific config (stub zones)"); + put("val_cnametonsec.rpl", "incomplete CNAME answer"); + put("val_cnametooptin.rpl", "incomplete CNAME answer"); + put("val_cnametoinsecure.rpl", "incomplete CNAME answer"); + put("val_nsec3_optout_cache.rpl", "more cache stuff"); + put("val_unsecds_qtypeds.rpl", "tests the iterative resolver"); + put("val_anchor_nx.rpl", "tests caching of NX from a parent resolver"); + put("val_anchor_nx_nosig.rpl", "tests caching of NX from a parent resolver"); + put("val_negcache_nta.rpl", "tests unbound option domain-insecure, not available here"); + } + }; + + for (String f : new File("./src/test/resources/unbound").list()) { + String comment = ignored.get(f); + if (comment != null) { + System.out.println(" @Disabled(\"" + comment + "\")"); + } + + System.out.println(" @Test"); + System.out.println( + " void " + f.split("\\.")[0] + "() throws ParseException, IOException {"); + System.out.println(" runUnboundTest();"); + System.out.println(" }"); + System.out.println(); + } + } + + @Test + void val_adbit() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_adcopy() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("tests caching of NX from a parent resolver") + @Test + void val_anchor_nx() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("tests caching of NX from a parent resolver") + @Test + void val_anchor_nx_nosig() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_ans_dsent() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_ans_nx() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_any() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_any_cname() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_any_dname() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cnameinsectopos() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cnamenx_dblnsec() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cnamenx_rcodenx() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cnameqtype() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cnametocloser() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cnametocloser_nosig() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cnametocnamewctoposwc() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cnametodname() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cnametodnametocnametopos() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("incomplete CNAME answer") + @Test + void val_cnametoinsecure() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cnametonodata() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cnametonodata_nonsec() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("incomplete CNAME answer") + @Test + void val_cnametonsec() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cnametonx() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("incomplete CNAME answer") + @Test + void val_cnametooptin() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cnametooptout() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cnametopos() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cnametoposnowc() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cnametoposwc() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cnamewctonodata() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cnamewctonx() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cnamewctoposwc() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cname_loop1() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cname_loop2() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_cname_loop3() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_dnametoolong() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_dnametopos() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_dnametoposwc() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_dnamewc() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("we don't do negative caching") + @Test + void val_dsnsec() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_ds_afterprime() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_ds_cname() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_ds_cnamesub() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_ds_cnamesubbogus() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_ds_gost() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_ds_gost_downgrade() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_ds_sha2() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_ds_sha2_downgrade() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_ds_sha2_downgrade_override() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_ds_sha2_lenient() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_entds() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_faildnskey() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("tests an unbound specific config option") + @Test + void val_faildnskey_ok() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("irrelevant, we're not a recursive resolver") + @Test + void val_fwdds() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_keyprefetch() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_keyprefetch_verify() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_mal_wc() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_negcache_ds() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("we don't do negative caching") + @Test + void val_negcache_dssoa() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("aggressive NSEC is not supported") + @Test + void val_negcache_nodata() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("tests unbound option domain-insecure, not available here") + @Test + void val_negcache_nta() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("aggressive NSEC is not supported") + @Test + void val_negcache_nxdomain() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("irrelevant - if we wouldn't want AD, we wouldn't be using this stuff") + @Test + void val_noadwhennodo() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nodata() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nodatawc() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nodatawc_badce() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nodatawc_nodeny() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nodatawc_one() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nodatawc_wcns() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nodatawc_wrongdeleg() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nodata_ent() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nodata_entnx() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nodata_entwc() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nodata_failsig() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nodata_failwc() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nodata_hasdata() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nodata_zonecut() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nokeyprime() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_b1_nameerror() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_b1_nameerror_noce() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_b1_nameerror_nonc() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_b1_nameerror_nowc() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_b21_nodataent() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_b21_nodataent_wr() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_b2_nodata() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_b2_nodata_nons() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_b3_optout() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("we don't do negative caching") + @Test + void val_nsec3_b3_optout_negcache() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_b3_optout_noce() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_b3_optout_nonc() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_b4_wild() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_b4_wild_wr() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_b5_wcnodata() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_b5_wcnodata_noce() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_b5_wcnodata_nonc() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_b5_wcnodata_nowc() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_cnametocnamewctoposwc() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_cname_ds() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_cname_par() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_cname_sub() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_entnodata_optout() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_entnodata_optout_badopt() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_entnodata_optout_match() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_iter_high() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_nodatawccname() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_nods() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_nods_badopt() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_nods_badsig() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("we don't do negative caching") + @Test + void val_nsec3_nods_negcache() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_nods_soa() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_optout_ad() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("more cache stuff") + @Test + void val_nsec3_optout_cache() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_wcany() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nsec3_wcany_nodeny() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nx() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nx_failwc() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nx_nodeny() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nx_nowc() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nx_nsec3_collision() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nx_nsec3_collision2() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nx_nsec3_collision3() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nx_nsec3_collision4() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nx_nsec3_hashalg() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nx_nsec3_nsecmix() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nx_nsec3_params() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_nx_overreach() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_positive() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_positive_nosigs() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_positive_wc() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_positive_wc_nodeny() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_pos_truncns() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_qds_badanc() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_qds_oneanc() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_qds_twoanc() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("NSEC records missing for validation, tests caching stuff") + @Test + void val_referd() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("we don't do negative caching") + @Test + void val_referglue() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("we don't do negative caching") + @Test + void val_refer_unsignadd() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_rrsig() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_secds() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_secds_nosig() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("tests unbound specific config (stub zones)") + @Test + void val_stubds() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_spurious_ns() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_stub_noroot() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_ta_algo_dnskey() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_ta_algo_dnskey_dp() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_ta_algo_missing() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_ta_algo_missing_dp() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_twocname() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_unalgo_anchor() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_unalgo_dlv() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_unalgo_ds() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_unsecds() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("we don't do negative caching") + @Test + void val_unsecds_negcache() throws ParseException, IOException { + runUnboundTest(); + } + + @Disabled("tests the iterative resolver") + @Test + void val_unsecds_qtypeds() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_unsec_cname() throws ParseException, IOException { + runUnboundTest(); + } + + @Test + void val_wild_pos() throws ParseException, IOException { + runUnboundTest(); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/validator/TestAlgorithmSupport.java b/src/test/java/org/xbill/DNS/dnssec/validator/TestAlgorithmSupport.java new file mode 100644 index 000000000..99dba4ac1 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/validator/TestAlgorithmSupport.java @@ -0,0 +1,118 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec.validator; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import java.io.IOException; +import java.security.Security; +import java.util.Properties; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.ValueSource; +import org.xbill.DNS.DClass; +import org.xbill.DNS.DNSSEC; +import org.xbill.DNS.DNSSEC.Algorithm; +import org.xbill.DNS.DNSSEC.Digest; +import org.xbill.DNS.DSRecord; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Message; +import org.xbill.DNS.Name; +import org.xbill.DNS.Rcode; +import org.xbill.DNS.dnssec.AlwaysOffline; +import org.xbill.DNS.dnssec.SRRset; +import org.xbill.DNS.dnssec.TestBase; + +class TestAlgorithmSupport extends TestBase { + @ParameterizedTest(name = "testAlgIsUnknown_{arguments}") + @ValueSource(strings = {"rsamd5", "eccgost"}) + void testAlgIsUnknown(String param) throws IOException { + Message response = resolver.send(createMessage(param + ".ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals("insecure.ds.noalgorithms:" + param + ".ingotronic.ch.", getReason(response)); + } + + @ParameterizedTest(name = "testEd_{arguments}") + @ValueSource(strings = {"ed448", "ed25519"}) + void testEd(String param) throws IOException { + try { + Security.addProvider(new BouncyCastleProvider()); + resolver.init(new Properties()); + Message response = resolver.send(createMessage(param + ".nl./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertNull(getReason(response)); + } finally { + Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME); + } + } + + @Test + void testDigestIdIsUnknown() throws IOException { + Message response = resolver.send(createMessage("unknown-alg.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals("failed.ds.nodigest:unknown-alg.ingotronic.ch.", getReason(response)); + } + + @AlwaysOffline + @Test + void testUnsupportedDigestInDigestPreference() { + Properties config = new Properties(); + config.put("dnsjava.dnssec.digest_preference", "1,2,0"); + assertThrows(IllegalArgumentException.class, () -> resolver.init(config)); + } + + @AlwaysOffline + @Test + void testFavoriteDigestNotInRRset() { + Properties config = new Properties(); + config.put("dnsjava.dnssec.digest_preference", Digest.SHA384); + ValUtils v = new ValUtils(); + v.init(config); + SRRset set = new SRRset(); + set.addRR( + new DSRecord( + Name.root, DClass.IN, 120, 1234, Algorithm.DSA, Digest.SHA1, new byte[] {1, 2, 3})); + set.addRR( + new DSRecord( + Name.root, DClass.IN, 120, 1234, Algorithm.DSA, Digest.SHA256, new byte[] {1, 2, 3})); + int digestId = v.favoriteDSDigestID(set); + assertEquals(0, digestId); + } + + @AlwaysOffline + @Test + void testOnlyUnsupportedDigestInRRset() { + ValUtils v = new ValUtils(); + SRRset set = new SRRset(); + set.addRR( + new DSRecord( + Name.root, DClass.IN, 120, 1234, Algorithm.DSA, Digest.GOST3411, new byte[] {1, 2, 3})); + int digestId = v.favoriteDSDigestID(set); + assertEquals(0, digestId); + } + + @AlwaysOffline + @Test + void testOnlyUnsupportedAlgorithmInRRset() { + ValUtils v = new ValUtils(); + SRRset set = new SRRset(); + set.addRR( + new DSRecord( + Name.root, + DClass.IN, + 120, + 1234, + 0 /*Unknown alg*/, + DNSSEC.Digest.SHA1, + new byte[] {1, 2, 3})); + int digestId = v.favoriteDSDigestID(set); + assertEquals(0, digestId); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/validator/TestByteArrayComparator.java b/src/test/java/org/xbill/DNS/dnssec/validator/TestByteArrayComparator.java new file mode 100644 index 000000000..59678ba93 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/validator/TestByteArrayComparator.java @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec.validator; + +import static org.junit.jupiter.api.Assertions.assertEquals; + +import org.junit.jupiter.api.Test; + +class TestByteArrayComparator { + private final ByteArrayComparator c = new ByteArrayComparator(); + private final byte[] b1 = new byte[] {0}; + private final byte[] b2 = new byte[] {0}; + private final byte[] b3 = new byte[] {1}; + private final byte[] b4 = new byte[] {1, 0}; + + @Test + void testEquals() { + assertEquals(0, c.compare(b1, b2)); + } + + @Test + void testLessThan() { + assertEquals(-1, c.compare(b2, b3)); + assertEquals(-1, c.compare(b1, b4)); + } + + @Test + void testGreaterThan() { + assertEquals(1, c.compare(b3, b2)); + assertEquals(1, c.compare(b4, b1)); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/validator/TestKeyCache.java b/src/test/java/org/xbill/DNS/dnssec/validator/TestKeyCache.java new file mode 100644 index 000000000..864bafd0c --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/validator/TestKeyCache.java @@ -0,0 +1,125 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec.validator; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +import java.time.Clock; +import java.time.Instant; +import java.util.Properties; +import org.junit.jupiter.api.Test; +import org.xbill.DNS.DClass; +import org.xbill.DNS.DNSKEYRecord; +import org.xbill.DNS.DSRecord; +import org.xbill.DNS.Name; +import org.xbill.DNS.TextParseException; +import org.xbill.DNS.dnssec.SRRset; +import org.xbill.DNS.dnssec.SecurityStatus; + +class TestKeyCache { + @Test + void testNullPropertiesDontFail() { + KeyCache kc = new KeyCache(); + kc.init(null); + assertNull(kc.find(Name.root, DClass.IN)); + } + + @Test + void testMaxCacheSize() throws TextParseException { + Properties p = new Properties(); + p.put(KeyCache.MAX_CACHE_SIZE_CONFIG, "1"); + KeyCache kc = new KeyCache(); + kc.init(p); + KeyEntry nkeA = KeyEntry.newNullKeyEntry(Name.fromString("a."), DClass.IN, 60); + KeyEntry nkeB = KeyEntry.newNullKeyEntry(Name.fromString("b."), DClass.IN, 60); + kc.store(nkeA); + kc.store(nkeB); + KeyEntry fromCache = kc.find(Name.fromString("a."), DClass.IN); + assertNull(fromCache); + } + + @Test + void testTtlExpiration() throws TextParseException { + Clock clock = mock(Clock.class); + Instant now = Clock.systemUTC().instant(); + when(clock.instant()).thenReturn(now); + KeyCache kc = new KeyCache(clock); + KeyEntry nkeA = KeyEntry.newNullKeyEntry(Name.fromString("a."), DClass.IN, 1); + kc.store(nkeA); + when(clock.instant()).thenReturn(now.plusSeconds(5)); + KeyEntry fromCache = kc.find(Name.fromString("a."), DClass.IN); + assertNull(fromCache); + } + + @Test + void testTtlNoLongerThanMaxTtl() throws TextParseException { + Properties p = new Properties(); + p.put(KeyCache.MAX_TTL_CONFIG, "1"); + Clock clock = mock(Clock.class); + Instant now = Clock.systemUTC().instant(); + when(clock.instant()).thenReturn(now); + KeyCache kc = new KeyCache(clock); + kc.init(p); + KeyEntry nkeA = KeyEntry.newNullKeyEntry(Name.fromString("a."), DClass.IN, 60); + kc.store(nkeA); + when(clock.instant()).thenReturn(now.plusSeconds(5)); + KeyEntry fromCache = kc.find(Name.fromString("a."), DClass.IN); + assertNull(fromCache); + } + + @Test + void testPositiveEntryExactMatch() throws TextParseException { + KeyCache kc = new KeyCache(); + KeyEntry nkeA = KeyEntry.newNullKeyEntry(Name.fromString("a.a."), DClass.IN, 60); + KeyEntry nkeB = KeyEntry.newNullKeyEntry(Name.fromString("a.b."), DClass.IN, 60); + kc.store(nkeA); + kc.store(nkeB); + KeyEntry fromCache = kc.find(Name.fromString("a.a."), DClass.IN); + assertEquals(nkeA, fromCache); + } + + @Test + void testPositiveEntryEncloserMatch() throws TextParseException { + KeyCache kc = new KeyCache(); + KeyEntry nkeA = KeyEntry.newNullKeyEntry(Name.fromString("a."), DClass.IN, 60); + KeyEntry nkeB = KeyEntry.newNullKeyEntry(Name.fromString("b."), DClass.IN, 60); + kc.store(nkeA); + kc.store(nkeB); + KeyEntry fromCache = kc.find(Name.fromString("a.a."), DClass.IN); + assertEquals(nkeA, fromCache); + } + + @Test + void testCacheOnlySecureDNSKEYs() throws TextParseException { + KeyCache kc = new KeyCache(); + + DNSKEYRecord rA = + new DNSKEYRecord(Name.fromString("a."), DClass.IN, 60, 0, 0, 0, new byte[] {0}); + SRRset setA = new SRRset(rA); + setA.setSecurityStatus(SecurityStatus.SECURE); + KeyEntry nkeA = KeyEntry.newKeyEntry(setA); + kc.store(nkeA); + + DSRecord rB = new DSRecord(Name.fromString("b."), DClass.IN, 60, 0, 0, 0, new byte[] {0}); + SRRset setB = new SRRset(rB); + KeyEntry nkeB = KeyEntry.newKeyEntry(setB); + kc.store(nkeB); + + DNSKEYRecord rC = + new DNSKEYRecord(Name.fromString("c."), DClass.IN, 60, 0, 0, 0, new byte[] {0}); + SRRset setC = new SRRset(rC); + KeyEntry nkeC = KeyEntry.newKeyEntry(setC); + kc.store(nkeC); + + KeyEntry fromCacheA = kc.find(Name.fromString("a."), DClass.IN); + assertEquals(nkeA, fromCacheA); + + KeyEntry fromCacheB = kc.find(Name.fromString("b."), DClass.IN); + assertNull(fromCacheB); + + KeyEntry fromCacheC = kc.find(Name.fromString("c."), DClass.IN); + assertNull(fromCacheC); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/validator/TestNormallyUnreachableCode.java b/src/test/java/org/xbill/DNS/dnssec/validator/TestNormallyUnreachableCode.java new file mode 100644 index 000000000..0c6ce576e --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/validator/TestNormallyUnreachableCode.java @@ -0,0 +1,75 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec.validator; + +import static org.junit.jupiter.api.Assertions.assertEquals; + +import java.net.InetAddress; +import java.net.UnknownHostException; +import java.time.Instant; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.xbill.DNS.ARecord; +import org.xbill.DNS.DClass; +import org.xbill.DNS.Message; +import org.xbill.DNS.Name; +import org.xbill.DNS.OPTRecord; +import org.xbill.DNS.RRset; +import org.xbill.DNS.Record; +import org.xbill.DNS.Section; +import org.xbill.DNS.Type; +import org.xbill.DNS.dnssec.SMessage; +import org.xbill.DNS.dnssec.SRRset; +import org.xbill.DNS.dnssec.SecurityStatus; + +/** + * These test run checks that are unable to occur during actual validations. + * + * @author Ingo Bauersachs + */ +class TestNormallyUnreachableCode { + private InetAddress localhost; + + @BeforeEach + void setUp() throws UnknownHostException { + localhost = InetAddress.getByAddress(new byte[] {127, 0, 0, 1}); + } + + @Test + void testVerifyWithoutSignaturesIsBogus() { + DnsSecVerifier verifier = new DnsSecVerifier(); + ARecord record = new ARecord(Name.root, DClass.IN, 120, localhost); + SRRset set = new SRRset(); + set.addRR(record); + RRset keys = new RRset(); + SecurityStatus result = verifier.verify(set, keys, Instant.now()); + assertEquals(SecurityStatus.BOGUS, result); + } + + @Test + void useAllEnumCode() { + assertEquals( + SecurityStatus.UNCHECKED, SecurityStatus.valueOf(SecurityStatus.values()[0].toString())); + assertEquals( + ResponseClassification.UNKNOWN, + ResponseClassification.valueOf(ResponseClassification.values()[0].toString())); + } + + @Test + void testSmessageReturnsOptRecordOfOriginal() { + int xrcode = 0xFED; + Message m = Message.newQuery(Record.newRecord(Name.root, Type.NS, DClass.IN)); + m.getHeader().setRcode(xrcode & 0xF); + m.addRecord(new OPTRecord(1, xrcode >> 4, 1), Section.ADDITIONAL); + SMessage sm = new SMessage(m); + assertEquals(m.toString(), sm.getMessage().toString()); + assertEquals(xrcode, sm.getRcode()); + } + + @Test + void testCopyMessageWithoutQuestion() { + Message m = new Message(); + m.addRecord(new ARecord(Name.root, DClass.IN, 120, localhost), Section.ANSWER); + SMessage sm = new SMessage(m); + assertEquals(m.toString(), sm.getMessage().toString()); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/validator/TestNsec3ValUtils.java b/src/test/java/org/xbill/DNS/dnssec/validator/TestNsec3ValUtils.java new file mode 100644 index 000000000..fd41c6539 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/validator/TestNsec3ValUtils.java @@ -0,0 +1,136 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec.validator; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import java.io.IOException; +import java.security.Provider; +import java.security.Security; +import java.util.Properties; +import org.junit.jupiter.api.Assumptions; +import org.junit.jupiter.api.Test; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Message; +import org.xbill.DNS.RRSIGRecord; +import org.xbill.DNS.RRset; +import org.xbill.DNS.Rcode; +import org.xbill.DNS.Record; +import org.xbill.DNS.Section; +import org.xbill.DNS.dnssec.AlwaysOffline; +import org.xbill.DNS.dnssec.TestBase; + +class TestNsec3ValUtils extends TestBase { + @Test + void testTooLargeIterationCountMustThrow() { + Properties config = new Properties(); + config.put("dnsjava.dnssec.nsec3.iterations.512", Integer.MAX_VALUE); + NSEC3ValUtils val = new NSEC3ValUtils(); + assertThrows(IllegalArgumentException.class, () -> val.init(config)); + } + + @Test + void testInvalidIterationCountMarksInsecure() throws IOException { + Properties config = new Properties(); + config.put("dnsjava.dnssec.nsec3.iterations.1024", 0); + config.put("dnsjava.dnssec.nsec3.iterations.2048", 0); + config.put("dnsjava.dnssec.nsec3.iterations.4096", 0); + resolver.init(config); + + Message response = resolver.send(createMessage("www.wc.nsec3.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals("failed.nsec3_ignored", getReason(response)); + } + + @Test + void testNsec3WithoutClosestEncloser() throws IOException { + Message m = resolver.send(createMessage("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A")); + Message message = + messageFromString( + m.toString() + .replaceAll( + "((UDUMPS9J6F8348HFHH2FAED6I9DDE0U6)|(NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P))\\.nsec3.*", + "")); + add("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A", message); + + Message response = resolver.send(createMessage("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nxdomain.nsec3_bogus", getReason(response)); + } + + @Test + void testNsec3NodataChangedToNxdomainIsBogus() throws IOException { + Message m = resolver.send(createMessage("a.b.nsec3.ingotronic.ch./MX")); + Message message = + messageFromString(m.toString().replaceAll("status: NOERROR", "status: NXDOMAIN")); + add("a.b.nsec3.ingotronic.ch./A", message); + + Message response = resolver.send(createMessage("a.b.nsec3.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nxdomain.nsec3_bogus", getReason(response)); + } + + @Test + void testNsec3ClosestEncloserIsDelegation() throws IOException { + // hash(n=9.nsec3.ingotronic.ch.,it=10,s=1234)=6jl2t4i2bb7eilloi8mdhbf3uqjgvu4s + Message cem = resolver.send(createMessage("9.nsec3.ingotronic.ch./A")); + Record delegationNsec = null; + RRSIGRecord delegationNsecSig = null; + for (RRset set : cem.getSectionRRsets(Section.AUTHORITY)) { + // hash(n=sub.nsec3.ingotronic.ch.,it=10,s=1234)=5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H + if (set.getName().toString().startsWith("5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H")) { + delegationNsec = set.first(); + delegationNsecSig = set.sigs().get(0); + break; + } + } + + Message m = resolver.send(createMessage("a.sub.nsec3.ingotronic.ch./A")); + String temp = m.toString().replaceAll("^sub\\.nsec3.*", ""); + // hash(n=sub.nsec3.ingotronic.ch.,it=11,s=4321)=8N8QLBCUIH7R2BG7DMCJ5AEE63K4KVUA + temp = temp.replaceAll("8N8QLBCUIH7R2BG7DMCJ5AEE63K4KVUA.*", ""); + Message message = messageFromString(temp); + message.addRecord(delegationNsec, Section.AUTHORITY); + message.addRecord(delegationNsecSig, Section.AUTHORITY); + add("a.sub.nsec3.ingotronic.ch./A", message); + + Message response = resolver.send(createMessage("a.sub.nsec3.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nxdomain.nsec3_bogus", getReason(response)); + } + + @Test + @AlwaysOffline + void testNsec3ClosestEncloserIsInsecureDelegation() throws IOException { + Message response = resolver.send(createMessage("a.unsigned.nsec3.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NXDOMAIN, response.getRcode()); + assertEquals("failed.nxdomain.nsec3_insecure", getReason(response)); + } + + @Test + void testNsecEcdsa256() throws IOException { + Provider[] providers = Security.getProviders("KeyFactory.EC"); + Assumptions.assumeTrue(providers != null && providers.length > 0); + + Message response = resolver.send(createMessage("www.wc.nsec3-ecdsa256.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + } + + @Test + void testNsecEcdsa384() throws IOException { + Provider[] providers = Security.getProviders("KeyFactory.EC"); + Assumptions.assumeTrue(providers != null && providers.length > 0); + + Message response = resolver.send(createMessage("www.wc.nsec3-ecdsa384.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/validator/TestNsec3ValUtilsPublicKeyLoading.java b/src/test/java/org/xbill/DNS/dnssec/validator/TestNsec3ValUtilsPublicKeyLoading.java new file mode 100644 index 000000000..a8ac5d066 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/validator/TestNsec3ValUtilsPublicKeyLoading.java @@ -0,0 +1,82 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec.validator; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.mockito.Mockito.doAnswer; +import static org.mockito.Mockito.spy; + +import java.lang.reflect.Constructor; +import java.lang.reflect.InvocationTargetException; +import java.security.PublicKey; +import java.time.Duration; +import java.util.concurrent.atomic.AtomicInteger; +import org.junit.jupiter.api.Test; +import org.mockito.stubbing.Answer; +import org.xbill.DNS.DNSKEYRecord; +import org.xbill.DNS.DNSSEC.DNSSECException; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Message; +import org.xbill.DNS.Name; +import org.xbill.DNS.Rcode; +import org.xbill.DNS.Type; +import org.xbill.DNS.dnssec.PrepareMocks; +import org.xbill.DNS.dnssec.TestBase; + +class TestNsec3ValUtilsPublicKeyLoading extends TestBase { + @Test + @PrepareMocks("prepareTestPublicKeyLoadingException") + void testPublicKeyLoadingException() throws Exception { + try { + resolver.setTimeout(Duration.ofDays(1)); + Message response = resolver.send(createMessage("www.wc.nsec3.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals("failed.nsec3_ignored", getReason(response)); + } finally { + Type.register(Type.DNSKEY, Type.string(Type.DNSKEY), () -> spy(DNSKEYRecord.class)); + } + } + + void prepareTestPublicKeyLoadingException() { + Name fakeName = Name.fromConstantString("nsec3.ingotronic.ch."); + Type.register( + Type.DNSKEY, + Type.string(Type.DNSKEY), + () -> { + DNSKEYRecord throwingDnskey = spy(DNSKEYRecord.class); + AtomicInteger invocationCount = new AtomicInteger(0); + try { + doAnswer( + (Answer) + a -> { + if (((DNSKEYRecord) a.getMock()).getName().equals(fakeName)) { + if (invocationCount.getAndIncrement() == 3) { + throwDnssecException(); + } + return (PublicKey) a.callRealMethod(); + } + return (PublicKey) a.callRealMethod(); + }) + .when(throwingDnskey) + .getPublicKey(); + } catch (DNSSECException e) { + throw new RuntimeException(e); + } + return throwingDnskey; + }); + } + + private void throwDnssecException() throws DNSSECException { + try { + Constructor c = DNSSECException.class.getDeclaredConstructor(String.class); + c.setAccessible(true); + throw c.newInstance("mock-text"); + } catch (NoSuchMethodException + | IllegalAccessException + | InvocationTargetException + | InstantiationException e) { + throw new RuntimeException(e); + } + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/validator/TestTrustAnchorStore.java b/src/test/java/org/xbill/DNS/dnssec/validator/TestTrustAnchorStore.java new file mode 100644 index 000000000..153290660 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/validator/TestTrustAnchorStore.java @@ -0,0 +1,94 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec.validator; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertIterableEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertThrows; + +import java.util.Collections; +import org.junit.jupiter.api.Test; +import org.xbill.DNS.DClass; +import org.xbill.DNS.DNSKEYRecord; +import org.xbill.DNS.DSRecord; +import org.xbill.DNS.Name; +import org.xbill.DNS.TXTRecord; +import org.xbill.DNS.TextParseException; +import org.xbill.DNS.dnssec.SRRset; + +class TestTrustAnchorStore { + @Test + void testNullKeyWhenNameNotUnderAnchor() throws TextParseException { + TrustAnchorStore tas = new TrustAnchorStore(); + SRRset anchor = tas.find(Name.fromString("asdf.bla."), DClass.IN); + assertNull(anchor); + } + + @Test + void testKeyWhenNameUnderAnchorDS() throws TextParseException { + SRRset set = + new SRRset(new DSRecord(Name.fromString("bla."), DClass.IN, 0, 0, 0, 0, new byte[] {0})); + TrustAnchorStore tas = new TrustAnchorStore(); + tas.store(set); + SRRset anchor = tas.find(Name.fromString("asdf.bla."), DClass.IN); + assertEquals(set, anchor); + } + + @Test + void testKeyWhenNameUnderAnchorDNSKEY() throws TextParseException { + SRRset set = + new SRRset( + new DNSKEYRecord(Name.fromString("bla."), DClass.IN, 0, 0, 0, 0, new byte[] {0})); + TrustAnchorStore tas = new TrustAnchorStore(); + tas.store(set); + SRRset anchor = tas.find(Name.fromString("asdf.bla."), DClass.IN); + assertEquals(set.getName(), anchor.getName()); + } + + @Test + void testInvalidAnchorRecord() throws TextParseException { + SRRset set = new SRRset(new TXTRecord(Name.fromString("bla."), DClass.IN, 0, "root")); + TrustAnchorStore tas = new TrustAnchorStore(); + assertThrows(IllegalArgumentException.class, () -> tas.store(set)); + } + + @Test + void testClear() throws TextParseException { + SRRset set = + new SRRset( + new DNSKEYRecord(Name.fromString("bla."), DClass.IN, 0, 0, 0, 0, new byte[] {0})); + TrustAnchorStore tas = new TrustAnchorStore(); + tas.store(set); + SRRset anchor = tas.find(Name.fromString("asdf.bla."), DClass.IN); + assertNotNull(anchor); + tas.clear(); + assertNull(tas.find(Name.fromString("asdf.bla."), DClass.IN)); + } + + @Test + void testCaseInsensitiveAnchor() throws TextParseException { + TrustAnchorStore tas = new TrustAnchorStore(); + SRRset set1 = + new SRRset(new DSRecord(Name.fromString("bla."), DClass.IN, 0, 0, 0, 0, new byte[] {0})); + SRRset set2 = + new SRRset(new DSRecord(Name.fromString("Bla."), DClass.IN, 0, 0, 0, 0, new byte[] {0})); + tas.store(set1); + tas.store(set2); + SRRset anchor = tas.find(Name.fromString("bla."), DClass.IN); + assertEquals(set2, anchor); + assertIterableEquals(Collections.singleton(set2), tas.items()); + } + + @Test + void testCaseInsensitiveSameSetAnchor() throws TextParseException { + TrustAnchorStore tas = new TrustAnchorStore(); + SRRset set = new SRRset(); + set.addRR(new DSRecord(Name.fromString("Bla."), DClass.IN, 0, 0, 0, 0, new byte[] {0})); + set.addRR(new DSRecord(Name.fromString("bla."), DClass.IN, 0, 0, 0, 0, new byte[] {0})); + tas.store(set); + SRRset anchor = tas.find(Name.fromString("bla."), DClass.IN); + assertEquals(set, anchor); + assertIterableEquals(Collections.singleton(set), tas.items()); + } +} diff --git a/src/test/java/org/xbill/DNS/dnssec/validator/TestValUtils.java b/src/test/java/org/xbill/DNS/dnssec/validator/TestValUtils.java new file mode 100644 index 000000000..76120e531 --- /dev/null +++ b/src/test/java/org/xbill/DNS/dnssec/validator/TestValUtils.java @@ -0,0 +1,401 @@ +// SPDX-License-Identifier: BSD-3-Clause +package org.xbill.DNS.dnssec.validator; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import java.io.IOException; +import org.junit.jupiter.api.Test; +import org.xbill.DNS.DClass; +import org.xbill.DNS.Flags; +import org.xbill.DNS.Message; +import org.xbill.DNS.NSECRecord; +import org.xbill.DNS.Name; +import org.xbill.DNS.RRset; +import org.xbill.DNS.Rcode; +import org.xbill.DNS.Record; +import org.xbill.DNS.Section; +import org.xbill.DNS.Type; +import org.xbill.DNS.dnssec.SMessage; +import org.xbill.DNS.dnssec.SecurityStatus; +import org.xbill.DNS.dnssec.TestBase; + +class TestValUtils extends TestBase { + @Test + void testLongestCommonNameRootIsRoot() { + assertEquals( + Name.root, + ValUtils.longestCommonName( + Name.fromConstantString("example.com."), Name.fromConstantString("example.net."))); + } + + @Test + void testNoDataWhenResultIsFromDelegationPoint() throws IOException { + Message nsec = resolver.send(createMessage("t.ingotronic.ch./A")); + Record delegationNsec = null; + Record delegationNsecSig = null; + for (RRset set : nsec.getSectionRRsets(Section.AUTHORITY)) { + if (set.getName().toString().startsWith("sub.ingotronic.ch")) { + delegationNsec = set.first(); + delegationNsecSig = set.sigs().get(0); + break; + } + } + + Message m = resolver.send(createMessage("sub.ingotronic.ch./MX")); + Message message = + messageFromString(m.toString().replaceAll("sub\\.ingotronic\\.ch\\.\\s+\\d+.*", "")); + message.addRecord(delegationNsec, Section.AUTHORITY); + message.addRecord(delegationNsecSig, Section.AUTHORITY); + add("sub.ingotronic.ch./MX", message); + + Message response = resolver.send(createMessage("sub.ingotronic.ch./MX")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nodata", getReason(response)); + } + + @Test + void testNameErrorWhenResultIsFromDelegationPoint() throws IOException { + Message nsec = resolver.send(createMessage("sub1.ingotronic.ch./NSEC")); + Record delegationNsec = null; + Record delegationNsecSig = null; + for (RRset set : nsec.getSectionRRsets(Section.AUTHORITY)) { + if (set.getName().toString().startsWith("sub.ingotronic.ch")) { + delegationNsec = set.first(); + delegationNsecSig = set.sigs().get(0); + break; + } + } + + Message m = createMessage("s.sub.ingotronic.ch./A"); + m.getHeader().setRcode(Rcode.NXDOMAIN); + m.addRecord(delegationNsec, Section.AUTHORITY); + m.addRecord(delegationNsecSig, Section.AUTHORITY); + add("s.sub.ingotronic.ch./A", m); + + Message response = resolver.send(createMessage("s.sub.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nxdomain.exists:s.sub.ingotronic.ch.", getReason(response)); + } + + @Test + void testNameErrorWhenNsecIsNotFromApex() throws IOException { + Message response = resolver.send(createMessage("1.www.ingotronic.ch./A")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NXDOMAIN, response.getRcode()); + assertNull(getReason(response)); + } + + @Test + void testNameErrorWhenNsecIsLastAndQnameBefore() throws IOException { + Message nsec = resolver.send(createMessage("zz.ingotronic.ch./NSEC")); + Record delegationNsec = null; + Record delegationNsecSig = null; + for (RRset set : nsec.getSectionRRsets(Section.AUTHORITY)) { + if (set.getName().toString().startsWith("z.ingotronic.ch")) { + delegationNsec = set.first(); + delegationNsecSig = set.sigs().get(0); + break; + } + } + + Message m = createMessage("y.ingotronic.ch./A"); + m.getHeader().setRcode(Rcode.NXDOMAIN); + m.addRecord(delegationNsec, Section.AUTHORITY); + m.addRecord(delegationNsecSig, Section.AUTHORITY); + add("y.ingotronic.ch./A", m); + + Message response = resolver.send(createMessage("y.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nxdomain.exists:y.ingotronic.ch.", getReason(response)); + } + + @Test + void testNameErrorWhenNsecIsLastAndQnameDifferentDomain() throws IOException { + Message nsec = resolver.send(createMessage("zz.ingotronic.ch./NSEC")); + Record delegationNsec = null; + Record delegationNsecSig = null; + for (RRset set : nsec.getSectionRRsets(Section.AUTHORITY)) { + if (set.getName().toString().startsWith("z.ingotronic.ch")) { + delegationNsec = set.first(); + delegationNsecSig = set.sigs().get(0); + break; + } + } + + Message m = createMessage("zingotronic.ch./A"); + m.getHeader().setRcode(Rcode.NXDOMAIN); + m.addRecord(delegationNsec, Section.AUTHORITY); + m.addRecord(delegationNsecSig, Section.AUTHORITY); + add("zingotronic.ch./A", m); + + Message response = resolver.send(createMessage("zingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nxdomain.exists:zingotronic.ch.", getReason(response)); + } + + @Test + void testNameErrorWhenNsecIsLastAndQnameIsZoneApex() throws IOException { + Message nsec = resolver.send(createMessage("zz.ingotronic.ch./NSEC")); + Record delegationNsec = null; + Record delegationNsecSig = null; + for (RRset set : nsec.getSectionRRsets(Section.AUTHORITY)) { + if (set.getName().toString().startsWith("z.ingotronic.ch")) { + delegationNsec = set.first(); + delegationNsecSig = set.sigs().get(0); + break; + } + } + + Message m = createMessage("ingotronic.ch./A"); + m.getHeader().setRcode(Rcode.NXDOMAIN); + m.addRecord(delegationNsec, Section.AUTHORITY); + m.addRecord(delegationNsecSig, Section.AUTHORITY); + add("ingotronic.ch./A", m); + + Message response = resolver.send(createMessage("ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nxdomain.exists:ingotronic.ch.", getReason(response)); + } + + @Test + void testNoDataWhenDSResultIsFromChild() throws IOException { + Message m = resolver.send(createMessage("samekey.ingotronic.ch./MX")); + // this test needs to have the key in the cache + add("samekey.ingotronic.ch./DS", m, false); + + Message response = resolver.send(createMessage("samekey.ingotronic.ch./DS")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nodata", getReason(response)); + } + + @Test + void testNoDataOfDSForRoot() throws IOException { + Message response = resolver.send(createMessage("./DS")); + assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); + assertEquals(Rcode.NOERROR, response.getRcode()); + assertNull(getReason(response)); + } + + @Test + void testNsecProvesNoDS() { + SecurityStatus s = + ValUtils.nsecProvesNoDS( + new NSECRecord(Name.root, DClass.IN, 0, Name.root, new int[] {Type.SOA, Type.NS}), + Name.root); + assertEquals(SecurityStatus.SECURE, s, "Root NSEC SOA and without DS must be secure"); + } + + @Test + void testNsecProvesNoDSWithDSPresentForRoot() { + SecurityStatus s = + ValUtils.nsecProvesNoDS( + new NSECRecord( + Name.root, DClass.IN, 0, Name.root, new int[] {Type.SOA, Type.NS, Type.DS}), + Name.root); + assertEquals(SecurityStatus.BOGUS, s, "Root NSEC with DS must be bogus"); + } + + @Test + void testNsecProvesNoDSWithSOAForNonRoot() throws IOException { + Name ch = Name.fromString("ch."); + SecurityStatus s = + ValUtils.nsecProvesNoDS( + new NSECRecord(ch, DClass.IN, 0, ch, new int[] {Type.SOA, Type.NS}), ch); + assertEquals(SecurityStatus.BOGUS, s, "Non-root NSEC with SOA must be bogus"); + } + + @Test + void testNoDataOnEntWithWrongNsec() throws IOException { + Message nsec = resolver.send(createMessage("alias.ingotronic.ch./NSEC")); + Record delegationNsec = null; + Record delegationNsecSig = null; + for (RRset set : nsec.getSectionRRsets(Section.ANSWER)) { + if (set.getName().toString().startsWith("alias.ingotronic.ch")) { + delegationNsec = set.first(); + delegationNsecSig = set.sigs().get(0); + break; + } + } + + Message m = createMessage("ingotronic.ch./A"); + m.getHeader().setRcode(Rcode.NOERROR); + m.addRecord(delegationNsec, Section.AUTHORITY); + m.addRecord(delegationNsecSig, Section.AUTHORITY); + add("ingotronic.ch./A", m); + + Message response = resolver.send(createMessage("ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nodata", getReason(response)); + } + + @Test + void testNoDataWhenNsecProvesExistence() throws IOException { + Message nsec = resolver.send(createMessage("www.ingotronic.ch./NSEC")); + Record delegationNsec = null; + Record delegationNsecSig = null; + for (RRset set : nsec.getSectionRRsets(Section.ANSWER)) { + if (set.getName().toString().startsWith("www.ingotronic.ch")) { + delegationNsec = set.first(); + delegationNsecSig = set.sigs().get(0); + break; + } + } + + Message m = createMessage("www.ingotronic.ch./AAAA"); + m.getHeader().setRcode(Rcode.NOERROR); + m.addRecord(delegationNsec, Section.AUTHORITY); + m.addRecord(delegationNsecSig, Section.AUTHORITY); + add("www.ingotronic.ch./AAAA", m); + + Message response = resolver.send(createMessage("www.ingotronic.ch./AAAA")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nodata", getReason(response)); + } + + @Test + void testNoDataWhenNsecHasCname() throws IOException { + Message nsec = resolver.send(createMessage("csigned.ingotronic.ch./NSEC")); + Record delegationNsec = null; + Record delegationNsecSig = null; + for (RRset set : nsec.getSectionRRsets(Section.ANSWER)) { + if (set.getName().toString().startsWith("csigned.ingotronic.ch")) { + delegationNsec = set.first(); + delegationNsecSig = set.sigs().get(0); + break; + } + } + + Message m = createMessage("csigned.ingotronic.ch./A"); + m.getHeader().setRcode(Rcode.NOERROR); + m.addRecord(delegationNsec, Section.AUTHORITY); + m.addRecord(delegationNsecSig, Section.AUTHORITY); + add("csigned.ingotronic.ch./A", m); + + Message response = resolver.send(createMessage("csigned.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nodata", getReason(response)); + } + + @Test + void testNoDataWhenWcNsecProvesType() throws IOException { + Message nsec = resolver.send(createMessage("*.c.ingotronic.ch./NSEC")); + Record delegationNsec = null; + Record delegationNsecSig = null; + for (RRset set : nsec.getSectionRRsets(Section.ANSWER)) { + if (set.getName().toString().startsWith("*.c.ingotronic.ch")) { + delegationNsec = set.first(); + delegationNsecSig = set.sigs().get(0); + break; + } + } + + Message m = createMessage("a.c.ingotronic.ch./A"); + m.getHeader().setRcode(Rcode.NOERROR); + m.addRecord(delegationNsec, Section.AUTHORITY); + m.addRecord(delegationNsecSig, Section.AUTHORITY); + add("a.c.ingotronic.ch./A", m); + + Message response = resolver.send(createMessage("a.c.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nodata", getReason(response)); + } + + @Test + void testNoDataWhenWcNsecProvesCname() throws IOException { + Message nsec = resolver.send(createMessage("*.cwv.ingotronic.ch./NSEC")); + Record delegationNsec = null; + Record delegationNsecSig = null; + for (RRset set : nsec.getSectionRRsets(Section.ANSWER)) { + if (set.getName().toString().startsWith("*.cwv.ingotronic.ch")) { + delegationNsec = set.first(); + delegationNsecSig = set.sigs().get(0); + break; + } + } + + Message m = createMessage("a.cwv.ingotronic.ch./A"); + m.getHeader().setRcode(Rcode.NOERROR); + m.addRecord(delegationNsec, Section.AUTHORITY); + m.addRecord(delegationNsecSig, Section.AUTHORITY); + add("a.cwv.ingotronic.ch./A", m); + + Message response = resolver.send(createMessage("a.cwv.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nodata", getReason(response)); + } + + @Test + void testNoDataWhenWcNsecIsForDifferentName() throws IOException { + Message nsec = resolver.send(createMessage("*.c.ingotronic.ch./NSEC")); + Record delegationNsec = null; + Record delegationNsecSig = null; + for (RRset set : nsec.getSectionRRsets(Section.ANSWER)) { + if (set.getName().toString().startsWith("*.c.ingotronic.ch")) { + delegationNsec = set.first(); + delegationNsecSig = set.sigs().get(0); + break; + } + } + + Message m = createMessage("b.d.ingotronic.ch./A"); + m.getHeader().setRcode(Rcode.NOERROR); + m.addRecord(delegationNsec, Section.AUTHORITY); + m.addRecord(delegationNsecSig, Section.AUTHORITY); + add("b.d.ingotronic.ch./A", m); + + Message response = resolver.send(createMessage("b.d.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals("failed.nodata", getReason(response)); + } + + @Test + void testDsNoDataWhenNsecProvesDs() throws IOException { + Message nsec = resolver.send(createMessage("sub1.ingotronic.ch./NSEC")); + Record delegationNsec = null; + Record delegationNsecSig = null; + for (RRset set : nsec.getSectionRRsets(Section.AUTHORITY)) { + if (set.getName().toString().startsWith("sub.ingotronic.ch")) { + delegationNsec = set.first(); + delegationNsecSig = set.sigs().get(0); + break; + } + } + + Message m = createMessage("sub.ingotronic.ch./DS"); + m.getHeader().setRcode(Rcode.NOERROR); + m.addRecord(delegationNsec, Section.AUTHORITY); + m.addRecord(delegationNsecSig, Section.AUTHORITY); + add("sub.ingotronic.ch./DS", m); + + Message response = resolver.send(createMessage("sub.ingotronic.ch./A")); + assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); + assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEquals( + "validate.bogus.badkey:sub.ingotronic.ch.:failed.ds.nsec.hasdata", getReason(response)); + } + + @Test + void testHasSignedNsecsWithoutSignedSigsReturnsFalse() { + Message m = new Message(); + m.addRecord( + new NSECRecord(Name.root, DClass.IN, 0, Name.root, new int[] {Type.A}), Section.AUTHORITY); + SMessage sm = new SMessage(m); + boolean result = new ValUtils().hasSignedNsecs(sm); + assertFalse(result); + } +} diff --git a/src/test/resources/keys/Knsec3.ingotronic.ch.+007+16758.private b/src/test/resources/keys/Knsec3.ingotronic.ch.+007+16758.private new file mode 100644 index 000000000..7639a0cff --- /dev/null +++ b/src/test/resources/keys/Knsec3.ingotronic.ch.+007+16758.private @@ -0,0 +1,13 @@ +Private-key-format: v1.3 +Algorithm: 7 (NSEC3RSASHA1) +Modulus: oG4lN/2gbJ5MfduJSQAUuuxiuSh1fUftKey6LhewMcUIG+zldhpwduzQmDT87nUo+OY2ePAxbxJLIOQqphD725gB/YRD+mcP9UZCqdXZzDRXCT+3QTZXgVQKO7imcCjLNkVlcazV5Ztf0le775vQDOn4AKrrjzmokvMeFYOIis+gr9K91sVVEriz6c88ksfc0YFu13PqQ+rtoVZgEygZ4Bl03XCxClw1ZSjl46Zoljnecxzv6sOkDJiUx78UrBJl1fZkN3rdCxroibgVVQmr+dYuru2VD+ZaSzXm4NNDInL85Z8DQgII7g30V6X2tOEk2klYTM4JuW9nIGjLjTmRmQ== +PublicExponent: AQAB +PrivateExponent: jxbOoWrYrChghxzJDNBCrRnrT8QzTmNZt7wJrtS39RwMiIO5gaZBSwEbZ7ZTJghfW+hRC3sITE3frl1zYJzjVk/07n4K94r248gf60TutkC0pG4s78AdOh+P5QZjhMQNw8EPot0KBnmXdI+F80dgwDPqXAYWha9imHa5DW082ri9dVB3Li1Z3BVMSZCH4urQq8XZRWqXw3CPSuWhKhWq+8vkE/jm+4QRIGumd4wkwdktPghl9mdm9N8uLqLd8qpJzGI40RFeSYzSpBWaMClxzaaS5gOm2ageB2KVMDq2wdCCBKVRyQpI4dHKvuRk5a+Z8m3Boi41mrK79pujbLqvgQ== +Prime1: 0+sT4VN8sT3/N4xtgukMQU5TBTyU+l3HNSw/rFM5sainiIb4bKzJwlZ/WWAuVfyOE/EFtonu60isJe0ZQqd7jSATQ8W4fKDfeaaLHfkaQVMg247qRrXscYaIs9zOgDVqUu9kLQXoiJl5YwD1eq9in7KdD7z0EM/R0ECehqK6iqk= +Prime2: wc1DoXpBTdKeBi/E5iYeaapwCTsiOEw8LEYHxZkJckUj+dGY+5aM3xUAI2BWcwD34bA7MrWBGKjZLhyItgnuahIHfVRrbDkCbpcKMywTos0tS/UcyX7PBXYMEl7/BjPrsZTmmjThukNbWs4uclnaBSO3ExDHRtxhBWnYXw9+lXE= +Exponent1: b08fXxASA6rTveKVttgf5sF0G+EJQ0Q0mTpHq4T/XdB/RtfV7ocHZns2YsSBMgr4uYK0hH+Ira67NSSHSxpba/H4DHXzBAsftm8CzViFMOCv9oLnjQKLUcnfTdHh6TelRDCXhop+7BjoyFa9mZY7kDQqCRUvgREXXHJEkeUxZBk= +Exponent2: piubHpzV26WIq2NQH8p1b0Kdd7zFVaJAQfH1/f5/NASGmVCXLLlkpm66RJr45PjikhfqWkt4mq1EMp5ytiuDyl0VIOg+h3fGVw6Yx1G2sHPer+9GNJrPZS5XoXTkk+v23rf+liBbn7rbXNvGxXO3VYrPEcDkLSUO53Ze+PsvHXE= +Coefficient: hEg3DZhCgtU4qj6r7CfDrg+p04iKb95MPCe+G3WiBTkRKmbe1KjBmOfg2+ibrs3qxSenx6BXzRpO+kfapEfoPHYMr8j6VWKd6WOnsWRQze7mvu0F0IGSWJWQATaPLP+kM2peC5bXQTGqyR+Igp1TfcQlrwR3taB9WP/xbx91Gh4= +Created: 20130326204908 +Publish: 20130326204908 +Activate: 20130326204908 diff --git a/src/test/resources/keys/Knsec3.ingotronic.ch.+007+62417.private b/src/test/resources/keys/Knsec3.ingotronic.ch.+007+62417.private new file mode 100644 index 000000000..b6db60868 --- /dev/null +++ b/src/test/resources/keys/Knsec3.ingotronic.ch.+007+62417.private @@ -0,0 +1,13 @@ +Private-key-format: v1.3 +Algorithm: 7 (NSEC3RSASHA1) +Modulus: xwBbGRNUZnpQCnRUSjMCVikBGFuHpjq1g6XoWDdR4E0UW0ND19MQS3U2RudH27wqSlU3prrtq+ViJQ3V6AOoTDMNTtHVHD79RJ2GbaGo4BGaa7cMGCONf+JeNkvK/fXRw4YUln+yZyh2UMvikMACg/GH+qzooQFpPSxzUpZwarc= +PublicExponent: AQAB +PrivateExponent: VHcxM4aB13FpEdbohAn8nueOoHERNZxLuRIteWwZo5Pz5Py7Cht7GhwpKpU2ae0HIj/jfDBxevnE26dwuKb8woN1uCpUC3NhXr3yMWl+4oF080JHUcygWKclxfdJOjSUe2wHdQeSIoFq0V4lReXouyDFC5+q5OkSEmU3RW17hFE= +Prime1: 5J6mAhSOzhlsKDPFiF0o1ch7YqhkQqr3JtKL4rEPNDon0QpJ7zhj5Dy5sg3vR5PmQ8mWc47EUznb2IsJOrV82Q== +Prime2: 3tWgR6f7hf6BadHZG5Dw1QcK8VBUYR5Eq/0SwPE0bxcUO/dzZpn3AyEOl9KynSyFBOwUr2JOGTwOwXjjMFaqDw== +Exponent1: XBjxJUtkz+/72yIoBCwLRDv0QKU3Zof68n/E7HiJeG+pFJQBfsYHr60q3WixqPMSwuIVos2zlxdq0gwIlsb/2Q== +Exponent2: Uk6X4D/U8N5b0MlZJwx3WEg8q3ufXyv984ULu0actnfQ2oGBF6HBEl/QcxW5McLy8yl8TnfCHyIG1UGgsQch0w== +Coefficient: YksGgB9xHXtFsUcA+UhxA4i6NDqfMu7jGzzcbKTVhG85hHtvnxXCP4wPzFF2Z0ew0m0V4OiOR4zk2iuKUjIHMQ== +Created: 20130326204904 +Publish: 20130326204904 +Activate: 20130326204904 diff --git a/src/test/resources/messages.properties b/src/test/resources/messages.properties new file mode 100644 index 000000000..a1d0401ff --- /dev/null +++ b/src/test/resources/messages.properties @@ -0,0 +1,2 @@ +test.noparam=no parameters +test.withparam=parameter: {0} diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestBogusReasonMessage/testLongBogusReasonIsSplitCorrectly b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestBogusReasonMessage/testLongBogusReasonIsSplitCorrectly new file mode 100644 index 000000000..b837e997f --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestBogusReasonMessage/testLongBogusReasonIsSplitCorrectly @@ -0,0 +1,121 @@ +#Date: 2016-06-07T23:59:45+02:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31158 +;; flags: qr rd ra ad cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.isc.org., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +isc.org. 1163 IN SOA ns-int.isc.org. hostmaster.isc.org. 2016060700 7200 3600 24796800 3600 +isc.org. 1163 IN RRSIG SOA 5 2 7200 20160706234032 20160606234032 13953 isc.org. bX2SRqyh180R4DME+cdbFM+brddgfJfjDOniLnuKQCeMfWgXWh9ckkYISKglhXW+UCx377dsN1W07tYSHgc5lONcE4dxGftKsKk5yl6JRS9cC/JhIFuO/4kN8yZ1+ZnT1LQvprd/sFJtwABpFOyp/kG1MXnWArkPd6Twz7/9o+w= +isc.org. 2962 IN NSEC 01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.isc.org. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY SPF +isc.org. 2962 IN RRSIG NSEC 5 2 3600 20160706234032 20160606234032 13953 isc.org. fnOJeQG2vOwrERAPIqAenLOosbIBT7UvmxOV8Az2ExOhlGxP2CEqZEc5NPVbidq4oZC2kHyG7x31D6LBJXeXgOuanv+uqPNe9UIiUhdj+Egf8FEWIOKp8nxgjQGiGSNbQenWjeWoR91sReFEU+Pn7NPlEI072MzEESOT8oVucx8= + +;; ADDITIONAL RECORDS: +. 32768 CLASS512 OPT ; payload 512, xrcode 0, version 0, flags 32768 + +;; Message size: 681 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34586 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 5080 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 5080 IN DNSKEY 256 3 8 AwEAAarQO0FTE/l6LEKFlZllJIwXuLGd3q5d8S8NH+ntOeIMN81A5wAI18g3u9w/esNkThwgXTEa2mX1iOPdTcl3yRleAExxF22lEU2E0GKY2XdYr/BxP5fojJAPRgtEGDl72NSwSnD2/a8uPNirAJZoab36Hlw41QxEl7bmCo0280mt +. 5080 IN RRSIG DNSKEY 8 0 172800 20160614235959 20160531000000 19036 . d6grk7MW27La3d35wcURuLnP5cRhM8OmrQxkuwhKg7riaG52E/1qMt9rrDz29EBWuBbiFnnsCrsteUcTQTThV0y6Uw0Iw/jdcm9LjLg1t2eTTm8JbS4sb0WWzkLecc9d+RMjuvyHa/wrJOpZSqwUloSOPnlg1/QqBBmQeNFS7lM5gcdvTGDVpP7Q4xXKgg/VxkXuBAepkTEnMxtD5ACJg28t4Eb+Sxe1AMX7N2YQ1rVuj1Z3b9mLFvLc/4u++/i2C/KZfTvmG1ev3S4ydwg1HNVqKEwj4d8iQO0TmZRzBmCdhVho8wHWez+3h3A9hUe+uo05kFY/a1ibs75AZKRCbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS512 OPT ; payload 512, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3573 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; org., type = DS, class = IN + +;; ANSWERS: +org. 4955 IN DS 9795 7 1 364DFAB3DAF254CAB477B5675B10766DDAA24982 +org. 4955 IN DS 9795 7 2 3922B31B6F3A4EA92B19EB7B52120F031FD8E05FF0B03BAFCF9F891BFE7FF8E5 +org. 4955 IN RRSIG DS 8 1 86400 20160617050000 20160607040000 60615 . Jq5yKki+K/BbgXUQYgUK7dSNWM+VXY96ZGHZt3CZSgL+nOGY1T8jMf7QXJYJ0z+G8qv3JhiofeX00QeOfTQDzXOFCXPto66SvAfHs0uVrC41pmxyQCBJOMkn6Z7LN6f4D+MFDD+gJii5bGbNh3pxe0WKTpg/Lr93s++CgprDFGY= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS512 OPT ; payload 512, xrcode 0, version 0, flags 32768 + +;; Message size: 275 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29457 +;; flags: qr rd ra ad cd ; qd: 1 an: 7 au: 0 ad: 1 +;; QUESTIONS: +;; org., type = DNSKEY, class = IN + +;; ANSWERS: +org. 364 IN DNSKEY 256 3 7 AwEAAZ+JwpM2QvhT/1EXUPyoiythOolQZGOkjyBZs95c0nXZkz4pcah/s8WWkRgyrr+peLc1P5yoBwWR10/avmNIPfgeRuwKROdCtt+pe0DME9aZIpRGA7CJY18pJR94Zb+sB5ms4CQsOE67wSZZYZt7FSVNmmVHju8vTCDlqWh22m// +org. 364 IN DNSKEY 256 3 7 AwEAAebZOMc2aV6wi03zOgdiQhZqTbD043sXt5xRsTPn9vxukojZcsa6cOIrfqPb3l57m7u5H3r8inU8QbsC/aAYV7EOeSGNcK/lQepKSR+rlvq+7iMXoXVa9dL1tRpHDjNLp6QW+ly/jbfe5nzhptfbiiq3o/uSICf7SxF+Ho+vp4MD +org. 364 IN DNSKEY 257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU= +org. 364 IN DNSKEY 257 3 7 AwEAAcMnWBKLuvG/LwnPVykcmpvnntwxfshHlHRhlY0F3oz8AMcuF8gw9McCw+BoC2YxWaiTpNPuxjSNhUlBtcJmcdkz3/r7PIn0oDf14ept1Y9pdPh8SbIBIWx50ZPfVRlj8oQXv2Y6yKiQik7bi3MT37zMRU2kw2oy3cgrsGAzGN4s/C6SFYon5N1Q2O4hGDbeOq538kATOy0GFELjuauV9guX/431msYu4Rgb5lLuQ3Mx5FSIxXpI/RaAn2mhM4nEZ/5IeRPKZVGydcuLBS8GZlxW4qbb8MgRZ8bwMg0pqWRHmhirGmJIt3UuzvN1pSFBfX7ysI9PPhSnwXCNDXk0kk0= +org. 364 IN RRSIG DNSKEY 7 1 900 20160622150242 20160601140242 9795 org. MoLhr1SsXAwR4JWiAVjbBTlPB5v3V4AGi4N8CRNgeHLcy5YhMezA10sOGNaGMxbrNlgP/lLEAblAG2OUfH2b6B6JbZ8+mGdKjxT12fKwMa3YfQ42DlYHRnDolokGdm0geL2nN3CXIU+2BTDhbIe7Y+NVVuWV+0s9SetcWMNpHkBm8kPUoHJQS/uaw9EOJ5aM1whTcvEaH+Lbk0Fp0wBleN7ERv7NwPPA+9h5PF682ZoKk2/vzRaqThRgIx/h231rw6xkcciCsDMj3/urcq1m7BoW1wWK08lteHAAjcDwdnQmeVKSIAvWRa6qYby9rQ4Mu6ORMLr7Cc4Jwec7SolvNA== +org. 364 IN RRSIG DNSKEY 7 1 900 20160622150242 20160601140242 12510 org. Rlq5SzA2zA9H61D1s7dG+J+zIUNd+r8j8HznA1z83xanFmJ/19hCtaMLWtbOgtC5eg1r1kPFY1Ddjl1s0IRHXhTFm5c7YQjYFVNrHsEA7pOcdwv2hltbQKjTgT/PfOu59RMt2NVMWPAffem0FyDlNIKbsctOe5y8Ot0wXIRugvU= +org. 364 IN RRSIG DNSKEY 7 1 900 20160622150242 20160601140242 17883 org. UrU+wrSQCkm3pVjB4YwRMwI0axgfDfwbFjJkNUG7aE8lW/wvzHX60sq7aS8NQRNqQdiR/7PAs5NZF0kuRULiT+61GVBnEVGi71SrKZayhEuINxNjh3Tu22ogzTRLAAKfm/iHWH3awDPemIM6jqSQGRHEw88gm5Kl7qP1WboQ92pkqJjXSrQmbbsSbyvdRoey2k8/oMkCaG9UVmaxWNA/9zUIOg57gscaG2bqVlE0c7xQSKC4NhuF0ns2S6xcpkl73MS7ZuN6rDhccDJbqH5VZ+QtVUn44mDe5o5Yvon0iPIz0N0mjgPPCCuBT/rVbEYFRZ/PMlyi7GQOVnwZO18Sfg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS512 OPT ; payload 512, xrcode 0, version 0, flags 32768 + +;; Message size: 1625 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44585 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; isc.org., type = DS, class = IN + +;; ANSWERS: +isc.org. 14922 IN DS 12892 5 1 982113D08B4C6A1D9F6AEE1E2237AEF69F3F9759 +isc.org. 14922 IN DS 12892 5 2 F1E184C0E1D615D20EB3C223ACED3B03C773DD952D5F0EB5C777586DE18DA6B5 +isc.org. 14922 IN RRSIG DS 7 2 86400 20160622150242 20160601140242 12510 org. KafYznIS4q2FxkDTTZpw4iCsXIO/Nx2xD9oHVwKLSD3CL8Wp/Yn3fEeUfcmwsmiA81hSN1afBuQfhCH6FY78uGYOyyx5AX9Q/Qp0JY/sKUyp6z2TODSf314Nwuy21yOD1fll4VrS4OgqtND2y0Q9d8F1A+whyJd90b7IFdvmbSs= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS512 OPT ; payload 512, xrcode 0, version 0, flags 32768 + +;; Message size: 283 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45223 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; isc.org., type = DNSKEY, class = IN + +;; ANSWERS: +isc.org. 166 IN DNSKEY 256 3 5 AwEAAbiHaDVOPBsWPvRvtfYF2AeL4NOBf+mDktCFtaxdf7h7dHBzXAW86vMMvs8CbH5Qs5gJJT4vsRYh4lUtMJLBP8TMkAkhqm+57IKvQmsLCXgBFthgy1kq01GkgiwAysf0LL1N/yR0+GEfMsmjhDxRWb1lHl1O+blG2/l52vyZ060T +isc.org. 166 IN DNSKEY 257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGrhhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy347cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQzBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyLKOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bByBNsO70aEFTd +isc.org. 166 IN RRSIG DNSKEY 5 2 7200 20160706230738 20160606230738 12892 isc.org. Ah/AXCKOGFp0EsnM605S/56wK2z7ihmIIBufPdeVzikvR/P6kmctyfUnT8gpEFAyveT8tZtLJM3OCsjvaMSh/SVZ84T4ICvDCuG8YuzWkJS6WYh1QiAZFhrC2IRhXfdbtodL0iy7kse8MsmU5fLJS2t65UGlRioCQ3ji7GCNllHeVqzW5Xj7rKBTZqj/juoHCPSmSNsTpvIBJdHCVT4mjJexlBAMyOdpXLcs9Td5OSahO+gpD6fbb0MCG7EN5B9xaqVVr4Bawdk8eu5t/sZqbdU7VZUWwIP+i93CpIQnI2eKq2VIKslrxSycyVWJz1WBqOu6Dle8dYiu11dS+W02+w== +isc.org. 166 IN RRSIG DNSKEY 5 2 7200 20160706230738 20160606230738 13953 isc.org. PbpBZU66p3fkgeLbVhRjChbNPxXVotQPs09nXOnVLiPHi0L16oqzpyAiPYDXxLZV1D+g7rUofvzU+dqD8toPXS9wXAlMk7yOuni7a0yopYyFcGGE3HUMOJAlO7RQSFNgUbebxS+h8y57jB932JjqVjGoDlfd227DqfBhlpl1o3Q= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS512 OPT ; payload 512, xrcode 0, version 0, flags 32768 + +;; Message size: 923 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToExternalUnsignedVoid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToExternalUnsignedVoid new file mode 100644 index 000000000..11351f8d8 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToExternalUnsignedVoid @@ -0,0 +1,103 @@ +#Date: 2015-01-06T22:34:53+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19653 +;; flags: qr rd ra cd ; qd: 1 an: 1 au: 6 ad: 1 +;; QUESTIONS: +;; cvoid.dnssectest.jitsi.net., type = A, class = IN + +;; ANSWERS: +cvoid.dnssectest.jitsi.net. 10800 IN CNAME void.invalid.example. + +;; AUTHORITY RECORDS: +. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2015010601 1800 900 604800 86400 +. 10800 IN RRSIG SOA 8 0 86400 20150113170000 20150106160000 16665 . R9ZOwEb5fodQQNRl4WvguyqEzOxdNPQ18nI+0R5sB2JSqG4Qz45SwW+vfnFCF01UW43/GdEfGOScrYVP2UBM8F2WOM+tHMZN0t9BbP9uszTWhzdYNCl3UKYYJiB59b8HIhKXlERPVfW2UEgIiI2VajShJnUv67W8gQO56hgTNEE= +. 10800 IN RRSIG NSEC 8 0 86400 20150113170000 20150106160000 16665 . wlEpGn1C8YZzJjIrlJp/GSud5FuLAZZj9C54DrKEl9gELWeIFJgLwkI1tcH4EhabbsNScB7SPOmVmnLkuM4Q6yJkmI1HXeBrddxniI2YEw+m9++/i19AqfDxuVYs52peKxXdEZ/sIS5JtDz3bdB44IAp2k1ue780z0xRV796vUk= +. 10800 IN NSEC abogado. NS SOA RRSIG NSEC DNSKEY +everbank. 10800 IN RRSIG NSEC 8 1 86400 20150113170000 20150106160000 16665 . QZcGZd7ZHWpt4cbDBq4y27PePP+BswDry6qVkqNkuNRd8MSHh74SvwbhyWmqjLR0agHYPOT7+gG/6hZmJ2n6EHCXAngQYWxgO6I0acqbkbEC8Ecf3WN1VUT0PD0cntMFaJUAAA0W/hcINLYMd/K8QT5SVgnfmkkZdhjqBW0fmlA= +everbank. 10800 IN NSEC exchange. NS DS RRSIG NSEC + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 703 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30978 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87381 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87381 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87381 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87381 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43389 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; net., type = DS, class = IN + +;; ANSWERS: +net. 1016 IN DS 35886 8 2 7862B27F5F516EBE19680444D4CE5E762981931842C465F00236401D8BD973EE +net. 1016 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . lvtZMm89bm5FBumG9OVTrChfGK7FuHkqEBDxT4QsR4IRE1frrHGyUSF1P9FjIpvE20dHjRvkl0llLTPNfQB97T/0QSKXVO1+mK+jM57AHPUbYZczgJ4iD4owxv50G8viJx58PSg3pGOP32CyJbgjKUxk5zbLKRnojuHT7FwdB+A= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 239 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30421 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; net., type = DNSKEY, class = IN + +;; ANSWERS: +net. 1016 IN DNSKEY 257 3 8 AQOYBnzqWXIEj6mlgXg4LWC0HP2n8eK8XqgHlmJ/69iuIHsa1TrHDG6TcOra/pyeGKwH0nKZhTmXSuUFGh9BCNiwVDuyyb6OBGy2Nte9Kr8NwWg4q+zhSoOf4D+gC9dEzg0yFdwT0DKEvmNPt0K4jbQDS4Yimb+uPKuF6yieWWrPYYCrv8C9KC8JMze2uT6NuWBfsl2fDUoV4l65qMww06D7n+p7RbdwWkAZ0fA63mXVXBZF6kpDtsYD7SUB9jhhfLQE/r85bvg3FaSs5Wi2BaqN06SzGWI1DHu7axthIOeHwg00zxlhTpoYCH0ldoQz+S65zWYi/fRJiyLSBb6JZOvn +net. 1016 IN DNSKEY 256 3 8 AQPOLFKjvGKxyqclqQ0cOL99u9IQcUcMvVOpEgMC1lbsK7juIO5jeXF10hH2PhYdZF4HvPtHetU1P5cozol6ExskddyUw33MHIMIll3ryQhsN3MWRmmMZpj2gZhKsQQ+NJ81MxfYT40W6rQkVQ7t7J3+PQsPoEUXfFDxtzIBO5OgeQ== +net. 1016 IN RRSIG DNSKEY 8 1 86400 20150111173857 20150104173357 35886 net. Ds4nPxTvsyrzL3G1+8lFLawSR9pyq1zbdvJdq2VL3SMjnarPdBdHD09A8WC5k21mm1yp9Yl4cgTP5Eb1PVOxhvcvrgMbHOdkDB5ZJP0sk6jwkTEY/abUDqC8nBdbbwVLGLhkfZCNEHPn2aYGNi2eBWRruzRS9cjAZlM0KbkPXNya+Xq0KkjsIaozkgaoDvmtqDmHoAZwxRVHryvIcB2iMAJjsLtfBR9uENb93D3fN8L+/EGkjuoyA6NEHWW3AeiTc5CK3cuF0RXrRVlC2ZlrNaBe9c2rurZDL8VHZGx/D2TIj7EcHU1Gb4Hxyb8xQYecG6PvmE5+cMYoOo7N0rCOhA== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 743 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22947 +;; flags: qr rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 +;; QUESTIONS: +;; jitsi.net., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1420580071 1800 900 604800 86400 +net. 900 IN RRSIG SOA 8 1 900 20150113213431 20150106202431 6647 net. Oo+RNWfHsZh3xLf6tXP6fvy2NVGDm83QCNw6K0k5IWv68Qlq9O9JKGbyH38fsBe9yce5KXSbMP3x/STDNNQBMuF6bqtSmFntJ04IydrFXruUQ7ZYCOXOA+qIYEH7Uaoz8GAJ2g/VCngUJQRsJVbMC1p11WlbVSufCbKRmxLjHh8= +A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 900 IN RRSIG NSEC3 8 2 86400 20150112060337 20150105045337 6647 net. S5luUHZNIAKGwCaXJrR3iMPf7zy8F01LXnIm69iMeH4iu7DjtAeYCDFk4yFch5mbuzhIbk4I3MEK2C4B6kQsQtaEO/qCbhT5JLyD0of5WDuvBumLz54RYHhv0gCSzzHt17+VM1suO58R9ciU1E/ZK7aqe55vnOFdySU9J5GtAbM= +A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 900 IN NSEC3 1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSEC3PARAM +BJLKS9K921PG1IINN15L0VRSEDGACIMT.net. 900 IN RRSIG NSEC3 8 2 86400 20150113060049 20150106045049 6647 net. vK/ekvWS+rAvJSO7MOPHSC48Dl1YEFB+9lPVij54nZgeDUva84SSATqCuzzM3feJYzATYNuqmeROq3vM2QOtbbuIltKIfryUmzo83+Im7ZLXh6lW53j0l4zsUmBvPaj4l8JJzpdrbqf7WB75664ANzv2wwXSWpV/F9PJYqVe+Hk= +BJLKS9K921PG1IINN15L0VRSEDGACIMT.net. 900 IN NSEC3 1 1 0 - BJM99D76H567GQKJV87VAIPCTVI7SD7A NS DS RRSIG + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 759 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToInvalidSigned b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToInvalidSigned new file mode 100644 index 000000000..e7341aac6 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToInvalidSigned @@ -0,0 +1,236 @@ +#Date: 2015-01-06T22:34:58+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51540 +;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 6 ad: 11 +;; QUESTIONS: +;; cfailed.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +cfailed.ingotronic.ch. 300 IN CNAME www.dnssec-failed.org. +cfailed.ingotronic.ch. 300 IN RRSIG CNAME 5 3 300 20150125010136 20141226005030 17430 ingotronic.ch. mgZy6VoaP0RNTOyEsr9QFpUoWSSCbuMi5SsJHqF/GE9q7ejF2SBBslVCufhRDrHFZHL2MO7NZGIpaYr3qQTBEuciPaNetBszGJS740pWwbz7pVENXsDUKbOr0Nyeai2aWh8EKuhk2kzAFCTguZe9w+oOZPEQYKTIHjvE5gLA7bA= +www.dnssec-failed.org. 7200 IN A 69.252.193.191 +www.dnssec-failed.org. 7200 IN A 68.87.109.242 +www.dnssec-failed.org. 7200 IN RRSIG A 5 3 7200 20150109165051 20150102134551 41118 dnssec-failed.org. JYn9DWTh8isQjK7Xbc6b85MY4Sf4ZI4HQCatS5pN0zsEYjMVcwsv+hLxPwvAVpyDb/Ew4g9Vhuph/1/3DUmfOHRMJWe8bliRSVx+zsJGwGKf6wY+XkXmnSfNwYAzgO8nONVvhUUfFdZC+PDggQei5tlnnVh+HhFOlrfJK6baM14= + +;; AUTHORITY RECORDS: +dnssec-failed.org. 1024 IN NS dns101.comcast.net. +dnssec-failed.org. 1024 IN NS dns105.comcast.net. +dnssec-failed.org. 1024 IN NS dns103.comcast.net. +dnssec-failed.org. 1024 IN NS dns104.comcast.net. +dnssec-failed.org. 1024 IN NS dns102.comcast.net. +dnssec-failed.org. 1024 IN RRSIG NS 5 2 7200 20150109165051 20150102134551 41118 dnssec-failed.org. KgBDFY0Fmua62wqbOFEEYUmqRm89/8PNWce1Gpp1BclSvzBSe4+sId64tRlKxuCKY5SJU9X3XJhWQGSokNFyZPhcxjB1HmrA0YKArrzV1gJk/07uCQQt4vhLN98abxFJ0NcY/5MsXmeRPrMrbvQSV1Mzb+WSQi6nyNfWiaH22ts= + +;; ADDITIONAL RECORDS: +dns101.comcast.net. 87424 IN A 69.252.250.103 +dns101.comcast.net. 87424 IN AAAA 2001:558:fe23:8:69:252:250:103 +dns102.comcast.net. 87424 IN A 68.87.85.132 +dns102.comcast.net. 87424 IN AAAA 2001:558:1004:7:68:87:85:132 +dns103.comcast.net. 87424 IN A 68.87.76.228 +dns103.comcast.net. 87424 IN AAAA 2001:558:1014:c:68:87:76:228 +dns104.comcast.net. 87424 IN A 68.87.68.244 +dns104.comcast.net. 87424 IN AAAA 2001:558:100a:5:68:87:68:244 +dns105.comcast.net. 87424 IN A 68.87.72.244 +dns105.comcast.net. 87424 IN AAAA 2001:558:100e:5:68:87:72:244 +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 980 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46886 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87376 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87376 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87376 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87376 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13800 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 976 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 976 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31528 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 976 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 976 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 976 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 976 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39803 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3584 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3584 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3584 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8543 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22565 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87375 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87375 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87375 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87375 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40773 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; org., type = DS, class = IN + +;; ANSWERS: +org. 1024 IN DS 21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2 +org. 1024 IN DS 21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0D90F01BA +org. 1024 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . TeNrVbBDgqdrbpdIweTad3yMLn+APxxlDpr717kqNgkOc8OxLFE/pFGzfSCYfc5hlMNB/nY1XhIJbWwvd26xOjwcB1rK3yo/Cfa5Pt4P+qV45QYW2JlatQVQPHtgMOf1KvUzXy4DlKzE5yHvHNGscfMOgIDeyWyDS8XwdrEIRR0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 275 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5431 +;; flags: qr rd ra cd ; qd: 1 an: 7 au: 0 ad: 1 +;; QUESTIONS: +;; org., type = DNSKEY, class = IN + +;; ANSWERS: +org. 900 IN DNSKEY 257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU= +org. 900 IN DNSKEY 256 3 7 AwEAAXTZXCkp3UaDofhKlicjaZR/XeMFVkRSXRZsYP9OBRFZB44675hHORNE+QAijMdWOQeQt1SUWGyeJ5SHPVirGVxt9wCCqOeMTx7WvImZAKuqUl9H5N3Wn6FRidaub7d76IjxKZbkAHhGSJSzRTuuHbyjtrJVGcJ18kZHELyIsqZ3 +org. 900 IN DNSKEY 257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU= +org. 900 IN DNSKEY 256 3 7 AwEAAawm+6jDEf5ymhSAeQKaJrF0FTdqp4T0F1SE/KSFEcd/MUaBW0J8NyrJZXQJ0I3KpvXJSk3b0Z3X8StBpngUWOa9/iePG5WaR8Edj0JENd6Cy1R7WawrtYAfQ1AWnvGTbvf0rFa2GcMfhyNKeY8UO5TWKECE4AF4C+LlGe12TICh +org. 900 IN RRSIG DNSKEY 7 1 900 20150126170632 20150105160632 9795 org. b4jnXExJ1MgfUZffo8HVtxJ73qdbrustN+U6GBtgZLNEpdDgdpf9d4unRp/tqzDFoW0QuEoYOBatPCtpX3Re12/FQ+lWkfOAatcJMYMcW7kU2q86muY44W4p1BK/DxVb2zQHJ4AO7h22dH+TcM8J3WlGrlHYy/6k+emWPC7NpumCF3ctR/w26rAU4sv0lKuPvQSr9mOf3PyX29tz61lSfu4lAcymB6vh7B3D6TMkpHyobOAD67Ne59V1IgeeHXakURM8g0P0HMg87GT4GXwqo9+Aj7oWAq9D8iIIqelOLiijKys5jTzgdbOxM2vVn+l175xJybUzrJI0huJ9zKNCvg== +org. 900 IN RRSIG DNSKEY 7 1 900 20150126170632 20150105160632 21366 org. Edm9U+AtUcNeh2NXrWaLbfNYSRJovpziT1YcCphKGmdluvZPQk6rQAv1Y+2JBhE9Xmb37cY07lr7XHHfYxLWyhrPkpaKCX4ogqhGRylamy5R8BptqvVFhMTRUUHnK4tHvfYXqbtKuh9H84giLWMQIE2ZzQC9UqTvAIrc4FVUVIuwrNR7k6N96yy68feZnH8wcY+/RkyxoxMhcbMxXnZl2V9XP7xUxwtkULQBL1fq7IHI4jmlNyrdLzZltEgMIgtTK5HpgKaDborfoAcGBYnXxiC5RkAwHH81LAlT/BbK9shiWAI+yDhakLsIpl5ajUcTcbRBtLBBMkY6+4nAnXlSfg== +org. 900 IN RRSIG DNSKEY 7 1 900 20150126170632 20150105160632 53348 org. dAW5DYEjkxzfeM83ZCupwRh50L29jdR+dWkZYgt5GLDsYnyJDmRvjnHiHvJXVlHygvytafDMNK1MBlBODwHTBU/O7u7jLMbKvDU26bJpjm7cBJEtdUny3Bfckfr+VnxmT6UgmWLy1Cu8vuMOQS0t0fIMUs7fF2gJcD2bpcX85iY= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1625 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31541 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; dnssec-failed.org., type = DS, class = IN + +;; ANSWERS: +dnssec-failed.org. 1025 IN DS 106 5 1 4F219DCE274F820EA81EA1150638DABE21EB27FC +dnssec-failed.org. 1025 IN DS 106 5 2 AE3424C9B171AF3B202203767E5703426130D76EF6847175F2EED355F86EF1CE +dnssec-failed.org. 1025 IN RRSIG DS 7 2 86400 20150126170632 20150105160632 53348 org. fl/vMVXfynaiQTcME5ZuX+yIcMFidX9ykMnK8jBHug/BQW1OvqwxknH3q1UemVhS94KnQxNG+mQmEpHUX1BcQkHt57BFlreS0ZmDJpLvCeyT/6yG5jtNLBL3Vcyc1Bwq5OegPd7A7qaCQWaeXYOTBJsVbCZRLMfsh3mq1vBasOQ= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 293 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59607 +;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; dnssec-failed.org., type = DNSKEY, class = IN + +;; ANSWERS: +dnssec-failed.org. 3600 IN DNSKEY 257 3 5 AwEAAb/f/pB/FLWoYp3j+HtldGkbUMT6caAw2rej0DZkgXVFOKn4PWi3BYjCozjEqxeramt+9b1SMuOSJ8vGKWr0YKrfyfJigsVxpsMgJ7QWcxeMACjC/oM8BPjDFBby/CgQQE63nPVX2SfDWCRhEhTOnsPZpKJvq66IHF/w+3u0IpyeplQWvO+HJ9OQPOQrstM7d/IPa7yKEtqS2nhBT0GWX2/GYhT6oE7F4vc2VF9f6MjpB/pWPzkcx636YaxG9P0QRBvzdD/Wztcbz1Scgxw5sUlIkQAzWV1mJfvXF+7NqzGcc94/kMt1VUzN2kYASRyn1ALiFPfNLz4VMUvSw5fpNS0= +dnssec-failed.org. 3600 IN DNSKEY 256 3 5 AwEAAcedvQhRqSGpERVGT4afbPjTQmRm0qipv7iYmE6L2h1toIyjdb4/qScsYfY/C29k8aGe3qdW8zMFP/Py1Lo4EZaH5oX46HsmRkb1muYZ3vGXkm3Bj9/tlrUAcmMg4VV3e68sLkhS78uMZP7cUYe72Dem89g8YdzjV64DaHzSPYXR +dnssec-failed.org. 3600 IN RRSIG DNSKEY 5 2 3600 20150109165051 20150102134551 41118 dnssec-failed.org. qnYEEspPHJthzgVkUk5IcR9Qr/8obR6wmFdHRmh01zz6q543ZMts4ItbMIVsRwHptIcw1M5vkUD0AhtM5rbwSyPOOa1jeL7WraFv6wHEruFAm2uQSiy/L525TB4/zTwML98jkICzdWVDhocV+PZjrLGRq2za7tT1mAX601rav4E= +dnssec-failed.org. 3600 IN RRSIG DNSKEY 5 2 3600 20150207135051 20141010095051 29521 dnssec-failed.org. MbRITRRHKnev1/LFG00Lfcy0DsTbCsoch5KzuNFaWu91k35zB0fxhQqwOhgsOT4nR5P/MmxYxIYp2/u5D4quq4OmkeaQCN4f9YcGXVqTj9k27m0p/1ibRPEILVzIovSplOGzOSjJMl+Vv75dB2SdEF6mBadl5oE+S/+6ZSAKJX+cRUnr4ENkAGHCoCfQ6l2juMz9KWNFrf4ym4dPbZ6DNCu31AskjqRehP7HcSstW9sg1gYXZ0Jm0oPkahHqWDMFwCr/em5BSTY+WK+ligc1OFOFkEYh9/HwIDxz4sJMeCxiTJ81xi6vTz9Llyz+pehMgxeco74gSSWS1pXE6/jhvw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 952 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToInvalidSignedNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToInvalidSignedNsec3 new file mode 100644 index 000000000..9b4f151b4 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToInvalidSignedNsec3 @@ -0,0 +1,275 @@ +#Date: 2015-01-06T22:34:58+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57536 +;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 6 ad: 11 +;; QUESTIONS: +;; cfailed.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +cfailed.nsec3.ingotronic.ch. 300 IN CNAME www.dnssec-failed.org. +cfailed.nsec3.ingotronic.ch. 300 IN RRSIG CNAME 7 4 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. XR45/Bj0H6L9GlqNLpgkmym00VqRQmuKINZ1aER3OR4OEiW2XMgKu6ta73sMYYIgr1lZv1Gz73WCFlfXU0pOOkS30y0nsVgOq2oshbHc7fJaPb5UXygCBR1o/zNMYUhX4Ebc63eh9qsNb62f2cJlm4EBHN83P1IR5ezFOuS/W1o= +www.dnssec-failed.org. 7199 IN A 68.87.109.242 +www.dnssec-failed.org. 7199 IN A 69.252.193.191 +www.dnssec-failed.org. 7199 IN RRSIG A 5 3 7200 20150109165051 20150102134551 41118 dnssec-failed.org. JYn9DWTh8isQjK7Xbc6b85MY4Sf4ZI4HQCatS5pN0zsEYjMVcwsv+hLxPwvAVpyDb/Ew4g9Vhuph/1/3DUmfOHRMJWe8bliRSVx+zsJGwGKf6wY+XkXmnSfNwYAzgO8nONVvhUUfFdZC+PDggQei5tlnnVh+HhFOlrfJK6baM14= + +;; AUTHORITY RECORDS: +dnssec-failed.org. 1023 IN NS dns105.comcast.net. +dnssec-failed.org. 1023 IN NS dns102.comcast.net. +dnssec-failed.org. 1023 IN NS dns101.comcast.net. +dnssec-failed.org. 1023 IN NS dns103.comcast.net. +dnssec-failed.org. 1023 IN NS dns104.comcast.net. +dnssec-failed.org. 1023 IN RRSIG NS 5 2 7200 20150109165051 20150102134551 41118 dnssec-failed.org. KgBDFY0Fmua62wqbOFEEYUmqRm89/8PNWce1Gpp1BclSvzBSe4+sId64tRlKxuCKY5SJU9X3XJhWQGSokNFyZPhcxjB1HmrA0YKArrzV1gJk/07uCQQt4vhLN98abxFJ0NcY/5MsXmeRPrMrbvQSV1Mzb+WSQi6nyNfWiaH22ts= + +;; ADDITIONAL RECORDS: +dns101.comcast.net. 87423 IN A 69.252.250.103 +dns101.comcast.net. 87423 IN AAAA 2001:558:fe23:8:69:252:250:103 +dns102.comcast.net. 87423 IN A 68.87.85.132 +dns102.comcast.net. 87423 IN AAAA 2001:558:1004:7:68:87:85:132 +dns103.comcast.net. 87423 IN A 68.87.76.228 +dns103.comcast.net. 87423 IN AAAA 2001:558:1014:c:68:87:76:228 +dns104.comcast.net. 87423 IN A 68.87.68.244 +dns104.comcast.net. 87423 IN AAAA 2001:558:100a:5:68:87:68:244 +dns105.comcast.net. 87423 IN A 68.87.72.244 +dns105.comcast.net. 87423 IN AAAA 2001:558:100e:5:68:87:72:244 +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 992 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50511 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87375 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87375 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87375 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87375 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43188 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 975 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 975 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49410 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 976 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 976 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 976 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 976 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19603 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3584 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3584 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3584 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29571 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14282 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16947 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54802 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87375 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87375 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87375 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87375 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19703 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; org., type = DS, class = IN + +;; ANSWERS: +org. 1023 IN DS 21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2 +org. 1023 IN DS 21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0D90F01BA +org. 1023 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . TeNrVbBDgqdrbpdIweTad3yMLn+APxxlDpr717kqNgkOc8OxLFE/pFGzfSCYfc5hlMNB/nY1XhIJbWwvd26xOjwcB1rK3yo/Cfa5Pt4P+qV45QYW2JlatQVQPHtgMOf1KvUzXy4DlKzE5yHvHNGscfMOgIDeyWyDS8XwdrEIRR0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 275 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10916 +;; flags: qr rd ra cd ; qd: 1 an: 7 au: 0 ad: 1 +;; QUESTIONS: +;; org., type = DNSKEY, class = IN + +;; ANSWERS: +org. 899 IN DNSKEY 257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU= +org. 899 IN DNSKEY 257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU= +org. 899 IN DNSKEY 256 3 7 AwEAAXTZXCkp3UaDofhKlicjaZR/XeMFVkRSXRZsYP9OBRFZB44675hHORNE+QAijMdWOQeQt1SUWGyeJ5SHPVirGVxt9wCCqOeMTx7WvImZAKuqUl9H5N3Wn6FRidaub7d76IjxKZbkAHhGSJSzRTuuHbyjtrJVGcJ18kZHELyIsqZ3 +org. 899 IN DNSKEY 256 3 7 AwEAAawm+6jDEf5ymhSAeQKaJrF0FTdqp4T0F1SE/KSFEcd/MUaBW0J8NyrJZXQJ0I3KpvXJSk3b0Z3X8StBpngUWOa9/iePG5WaR8Edj0JENd6Cy1R7WawrtYAfQ1AWnvGTbvf0rFa2GcMfhyNKeY8UO5TWKECE4AF4C+LlGe12TICh +org. 899 IN RRSIG DNSKEY 7 1 900 20150126170632 20150105160632 9795 org. b4jnXExJ1MgfUZffo8HVtxJ73qdbrustN+U6GBtgZLNEpdDgdpf9d4unRp/tqzDFoW0QuEoYOBatPCtpX3Re12/FQ+lWkfOAatcJMYMcW7kU2q86muY44W4p1BK/DxVb2zQHJ4AO7h22dH+TcM8J3WlGrlHYy/6k+emWPC7NpumCF3ctR/w26rAU4sv0lKuPvQSr9mOf3PyX29tz61lSfu4lAcymB6vh7B3D6TMkpHyobOAD67Ne59V1IgeeHXakURM8g0P0HMg87GT4GXwqo9+Aj7oWAq9D8iIIqelOLiijKys5jTzgdbOxM2vVn+l175xJybUzrJI0huJ9zKNCvg== +org. 899 IN RRSIG DNSKEY 7 1 900 20150126170632 20150105160632 21366 org. Edm9U+AtUcNeh2NXrWaLbfNYSRJovpziT1YcCphKGmdluvZPQk6rQAv1Y+2JBhE9Xmb37cY07lr7XHHfYxLWyhrPkpaKCX4ogqhGRylamy5R8BptqvVFhMTRUUHnK4tHvfYXqbtKuh9H84giLWMQIE2ZzQC9UqTvAIrc4FVUVIuwrNR7k6N96yy68feZnH8wcY+/RkyxoxMhcbMxXnZl2V9XP7xUxwtkULQBL1fq7IHI4jmlNyrdLzZltEgMIgtTK5HpgKaDborfoAcGBYnXxiC5RkAwHH81LAlT/BbK9shiWAI+yDhakLsIpl5ajUcTcbRBtLBBMkY6+4nAnXlSfg== +org. 899 IN RRSIG DNSKEY 7 1 900 20150126170632 20150105160632 53348 org. dAW5DYEjkxzfeM83ZCupwRh50L29jdR+dWkZYgt5GLDsYnyJDmRvjnHiHvJXVlHygvytafDMNK1MBlBODwHTBU/O7u7jLMbKvDU26bJpjm7cBJEtdUny3Bfckfr+VnxmT6UgmWLy1Cu8vuMOQS0t0fIMUs7fF2gJcD2bpcX85iY= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1625 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43081 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; dnssec-failed.org., type = DS, class = IN + +;; ANSWERS: +dnssec-failed.org. 1024 IN DS 106 5 1 4F219DCE274F820EA81EA1150638DABE21EB27FC +dnssec-failed.org. 1024 IN DS 106 5 2 AE3424C9B171AF3B202203767E5703426130D76EF6847175F2EED355F86EF1CE +dnssec-failed.org. 1024 IN RRSIG DS 7 2 86400 20150126170632 20150105160632 53348 org. fl/vMVXfynaiQTcME5ZuX+yIcMFidX9ykMnK8jBHug/BQW1OvqwxknH3q1UemVhS94KnQxNG+mQmEpHUX1BcQkHt57BFlreS0ZmDJpLvCeyT/6yG5jtNLBL3Vcyc1Bwq5OegPd7A7qaCQWaeXYOTBJsVbCZRLMfsh3mq1vBasOQ= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 293 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54857 +;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; dnssec-failed.org., type = DNSKEY, class = IN + +;; ANSWERS: +dnssec-failed.org. 3599 IN DNSKEY 257 3 5 AwEAAb/f/pB/FLWoYp3j+HtldGkbUMT6caAw2rej0DZkgXVFOKn4PWi3BYjCozjEqxeramt+9b1SMuOSJ8vGKWr0YKrfyfJigsVxpsMgJ7QWcxeMACjC/oM8BPjDFBby/CgQQE63nPVX2SfDWCRhEhTOnsPZpKJvq66IHF/w+3u0IpyeplQWvO+HJ9OQPOQrstM7d/IPa7yKEtqS2nhBT0GWX2/GYhT6oE7F4vc2VF9f6MjpB/pWPzkcx636YaxG9P0QRBvzdD/Wztcbz1Scgxw5sUlIkQAzWV1mJfvXF+7NqzGcc94/kMt1VUzN2kYASRyn1ALiFPfNLz4VMUvSw5fpNS0= +dnssec-failed.org. 3599 IN DNSKEY 256 3 5 AwEAAcedvQhRqSGpERVGT4afbPjTQmRm0qipv7iYmE6L2h1toIyjdb4/qScsYfY/C29k8aGe3qdW8zMFP/Py1Lo4EZaH5oX46HsmRkb1muYZ3vGXkm3Bj9/tlrUAcmMg4VV3e68sLkhS78uMZP7cUYe72Dem89g8YdzjV64DaHzSPYXR +dnssec-failed.org. 3599 IN RRSIG DNSKEY 5 2 3600 20150109165051 20150102134551 41118 dnssec-failed.org. qnYEEspPHJthzgVkUk5IcR9Qr/8obR6wmFdHRmh01zz6q543ZMts4ItbMIVsRwHptIcw1M5vkUD0AhtM5rbwSyPOOa1jeL7WraFv6wHEruFAm2uQSiy/L525TB4/zTwML98jkICzdWVDhocV+PZjrLGRq2za7tT1mAX601rav4E= +dnssec-failed.org. 3599 IN RRSIG DNSKEY 5 2 3600 20150207135051 20141010095051 29521 dnssec-failed.org. MbRITRRHKnev1/LFG00Lfcy0DsTbCsoch5KzuNFaWu91k35zB0fxhQqwOhgsOT4nR5P/MmxYxIYp2/u5D4quq4OmkeaQCN4f9YcGXVqTj9k27m0p/1ibRPEILVzIovSplOGzOSjJMl+Vv75dB2SdEF6mBadl5oE+S/+6ZSAKJX+cRUnr4ENkAGHCoCfQ6l2juMz9KWNFrf4ym4dPbZ6DNCu31AskjqRehP7HcSstW9sg1gYXZ0Jm0oPkahHqWDMFwCr/em5BSTY+WK+ligc1OFOFkEYh9/HwIDxz4sJMeCxiTJ81xi6vTz9Llyz+pehMgxeco74gSSWS1pXE6/jhvw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 952 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedA b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedA new file mode 100644 index 000000000..c2f0a963e --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedA @@ -0,0 +1,122 @@ +#Date: 2015-01-06T22:34:57+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52495 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 2 ad: 3 +;; QUESTIONS: +;; csigned.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +csigned.ingotronic.ch. 300 IN CNAME www.ingotronic.ch. +csigned.ingotronic.ch. 300 IN RRSIG CNAME 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. ZBVECD9hhC0kSJPnvROZVE5bcN7mtDOuoYEJeTJZzuVU9ipLU7QljKmz4Lxhqq/MbdkpkR9Q2IgTjoDfVFbgZeattaQxjytAmKawXSFD6MzGEC2+JxE0+d1Q0N/1i+fH4EiIFpAZ3QDJjB6DIVb2cwX6TKGeETib2eB9g6aL+Dc= +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 810 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35772 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87376 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87376 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87376 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87376 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30053 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 976 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 976 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61795 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 977 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 977 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 977 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 977 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42380 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3585 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3585 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3585 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45992 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedAExternal b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedAExternal new file mode 100644 index 000000000..55f11bec5 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedAExternal @@ -0,0 +1,234 @@ +#Date: 2015-01-06T22:35:00+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28485 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 5 ad: 11 +;; QUESTIONS: +;; csext.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +csext.ingotronic.ch. 300 IN CNAME www.isc.org. +csext.ingotronic.ch. 300 IN RRSIG CNAME 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. dtPhpp6j05dVvEsL1y2sAM58ZmRapjsRhiej8KRdJcCOdGw2OFhSYrHdYgW74hTKEEZztJ2d/9iDUv+pOcu2+chBgs2NVokLtuqLnVvRm7OdaekT3RXDZfNfhSYwWukBzl6/oewu5KyeNnOAuDAWLlbTpgCZFCGbnNMVKe2exnU= +www.isc.org. 60 IN A 149.20.64.69 +www.isc.org. 60 IN RRSIG A 5 3 60 20150204233244 20150105233244 4521 isc.org. qX9Fqzc+cUB7TUgdAPDQztt+3L7A2TxqVPTGZht3gKb1oBizum2zL3Le6lSO/DI2b526/n+l6gyT7ZtSL058wmEWhXeFlurPojBEBCWYLBkJ7OBLTqMSKzVNN1zpdUIs2RA8QqLOhSWeFkBw0bcJaDnRC2uKr0513aMVJfk5uA8= + +;; AUTHORITY RECORDS: +isc.org. 1027 IN NS ord.sns-pb.isc.org. +isc.org. 1027 IN NS sfba.sns-pb.isc.org. +isc.org. 1027 IN NS ns.isc.afilias-nst.info. +isc.org. 1027 IN NS ams.sns-pb.isc.org. +isc.org. 1027 IN RRSIG NS 5 2 7200 20150204233244 20150105233244 4521 isc.org. Olb3QQHiezY6ysFepLUtePsgyVqXgECmLMROkbaAJT5ndTyoMHy4NaX/zFc63LtvzilrS59l9x719c4Pcm37zuEEdKB1IdjtxYKzKqmCzJZ5GuSZ6XgLO2DPWoF2ws+1BVPJL2myZdoBeEu+cUxCLTsETOloSl9Jz5livJ+Xbxo= + +;; ADDITIONAL RECORDS: +ns.isc.afilias-nst.info. 1027 IN A 199.254.63.254 +ns.isc.afilias-nst.info. 1027 IN AAAA 2001:500:2c:0:0:0:0:254 +ams.sns-pb.isc.org. 1027 IN A 199.6.1.30 +ams.sns-pb.isc.org. 1027 IN AAAA 2001:500:60:0:0:0:0:30 +ord.sns-pb.isc.org. 1027 IN A 199.6.0.30 +ord.sns-pb.isc.org. 1027 IN AAAA 2001:500:71:0:0:0:0:30 +sfba.sns-pb.isc.org. 1027 IN A 149.20.64.3 +sfba.sns-pb.isc.org. 1027 IN AAAA 2001:4f8:0:2:0:0:0:19 +ams.sns-pb.isc.org. 7200 IN RRSIG A 5 4 7200 20150204233244 20150105233244 4521 isc.org. SEjuacdGLjteFKFrB0UTyTcEjEP/VtAKeNWD6DqXLA4839PAk17M1qzCf13uKBGwtb9e1xr3U/GDlIhspbSkSNOIWBzfkKiM8PXQ9kZZuYaPrrz2sz5CzzyzThkz4bq4BicQwKNi/aD/ljLaCIWZDXfZwJabo0Uz+G3QlIq18YE= +ams.sns-pb.isc.org. 7200 IN RRSIG AAAA 5 4 7200 20150204233244 20150105233244 4521 isc.org. EGLJUSGvW1gxEUglZKYLS2NmlJsPNzZQFZSORxTKIXqgF+0A2fZpk+/vkGwxiwqkOsV5Tu7kXUFzC7fIWEI7VDn/L8XKLz575upoMoGvA3bAZ/7VWXjLSXbyTFrDTP9GKSA4knIRtrIsOY+dKieSwIGV6sykBYA8ONMpPcj0sCY= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1205 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57660 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87374 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87374 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87374 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87374 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19501 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 974 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 974 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46749 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 975 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 975 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 975 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 975 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3597 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3582 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3582 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3582 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53222 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15854 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87373 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87373 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87373 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87373 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55128 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; org., type = DS, class = IN + +;; ANSWERS: +org. 1022 IN DS 21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0D90F01BA +org. 1022 IN DS 21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2 +org. 1022 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . TeNrVbBDgqdrbpdIweTad3yMLn+APxxlDpr717kqNgkOc8OxLFE/pFGzfSCYfc5hlMNB/nY1XhIJbWwvd26xOjwcB1rK3yo/Cfa5Pt4P+qV45QYW2JlatQVQPHtgMOf1KvUzXy4DlKzE5yHvHNGscfMOgIDeyWyDS8XwdrEIRR0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 275 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39672 +;; flags: qr rd ra cd ; qd: 1 an: 7 au: 0 ad: 1 +;; QUESTIONS: +;; org., type = DNSKEY, class = IN + +;; ANSWERS: +org. 898 IN DNSKEY 256 3 7 AwEAAXTZXCkp3UaDofhKlicjaZR/XeMFVkRSXRZsYP9OBRFZB44675hHORNE+QAijMdWOQeQt1SUWGyeJ5SHPVirGVxt9wCCqOeMTx7WvImZAKuqUl9H5N3Wn6FRidaub7d76IjxKZbkAHhGSJSzRTuuHbyjtrJVGcJ18kZHELyIsqZ3 +org. 898 IN DNSKEY 257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU= +org. 898 IN DNSKEY 257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU= +org. 898 IN DNSKEY 256 3 7 AwEAAawm+6jDEf5ymhSAeQKaJrF0FTdqp4T0F1SE/KSFEcd/MUaBW0J8NyrJZXQJ0I3KpvXJSk3b0Z3X8StBpngUWOa9/iePG5WaR8Edj0JENd6Cy1R7WawrtYAfQ1AWnvGTbvf0rFa2GcMfhyNKeY8UO5TWKECE4AF4C+LlGe12TICh +org. 898 IN RRSIG DNSKEY 7 1 900 20150126170632 20150105160632 9795 org. b4jnXExJ1MgfUZffo8HVtxJ73qdbrustN+U6GBtgZLNEpdDgdpf9d4unRp/tqzDFoW0QuEoYOBatPCtpX3Re12/FQ+lWkfOAatcJMYMcW7kU2q86muY44W4p1BK/DxVb2zQHJ4AO7h22dH+TcM8J3WlGrlHYy/6k+emWPC7NpumCF3ctR/w26rAU4sv0lKuPvQSr9mOf3PyX29tz61lSfu4lAcymB6vh7B3D6TMkpHyobOAD67Ne59V1IgeeHXakURM8g0P0HMg87GT4GXwqo9+Aj7oWAq9D8iIIqelOLiijKys5jTzgdbOxM2vVn+l175xJybUzrJI0huJ9zKNCvg== +org. 898 IN RRSIG DNSKEY 7 1 900 20150126170632 20150105160632 21366 org. Edm9U+AtUcNeh2NXrWaLbfNYSRJovpziT1YcCphKGmdluvZPQk6rQAv1Y+2JBhE9Xmb37cY07lr7XHHfYxLWyhrPkpaKCX4ogqhGRylamy5R8BptqvVFhMTRUUHnK4tHvfYXqbtKuh9H84giLWMQIE2ZzQC9UqTvAIrc4FVUVIuwrNR7k6N96yy68feZnH8wcY+/RkyxoxMhcbMxXnZl2V9XP7xUxwtkULQBL1fq7IHI4jmlNyrdLzZltEgMIgtTK5HpgKaDborfoAcGBYnXxiC5RkAwHH81LAlT/BbK9shiWAI+yDhakLsIpl5ajUcTcbRBtLBBMkY6+4nAnXlSfg== +org. 898 IN RRSIG DNSKEY 7 1 900 20150126170632 20150105160632 53348 org. dAW5DYEjkxzfeM83ZCupwRh50L29jdR+dWkZYgt5GLDsYnyJDmRvjnHiHvJXVlHygvytafDMNK1MBlBODwHTBU/O7u7jLMbKvDU26bJpjm7cBJEtdUny3Bfckfr+VnxmT6UgmWLy1Cu8vuMOQS0t0fIMUs7fF2gJcD2bpcX85iY= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1625 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10645 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; isc.org., type = DS, class = IN + +;; ANSWERS: +isc.org. 1027 IN DS 12892 5 1 982113D08B4C6A1D9F6AEE1E2237AEF69F3F9759 +isc.org. 1027 IN DS 12892 5 2 F1E184C0E1D615D20EB3C223ACED3B03C773DD952D5F0EB5C777586DE18DA6B5 +isc.org. 1027 IN RRSIG DS 7 2 86400 20150122163315 20150101153315 53348 org. mpNwUFgIi/ahCYVkPlQuyJ+AY6BGiRaLD4cRwBIBNnaGVeR5vHNrGPrOX32mfS38tegrfNjJS4y3icwavPeubuZwGKIja8CBRGhzzFj6JZgydRJpJ+lkKws6+vDhjQ3A8+VerV0TNs8IWXSBa+Vl4Gv+0bX5NlM4RF/7Kyd7lJA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 283 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61039 +;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; isc.org., type = DNSKEY, class = IN + +;; ANSWERS: +isc.org. 7200 IN DNSKEY 257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGrhhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy347cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQzBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyLKOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bByBNsO70aEFTd +isc.org. 7200 IN DNSKEY 256 3 5 AwEAAbJpDF4RemdHHE/HrJJhR3zpzAQ6zsHqFv0i4lCWTUf4sX+cq3vSu7fKO4QJtm97S1sbcnmHonVE3QPzLOsqsY630Wy5JzrPK3gUvQLgfIsovo2v+dosITL8WbvjU1mEXhIwfuuBhYmYSKySZ0X9gpHGhdxRd+J8M7riPfN7kHLP +isc.org. 7200 IN RRSIG DNSKEY 5 2 7200 20150204230128 20150105230128 4521 isc.org. F7Lm/p8NrLlHT1rzV09lYxakAu7fGcY9sRnZ2uLlq9d3SpXIXGUuudPg61sd1GdqrRRKiRwfXvNsmvpNL2t8B1/k3gpNUT9V/+SBkI99PKNSkXijVToCebFkCIjqgyjPXkXXFB28E8ZhUDjjYp1LAVMGsfBEnaw7NeHg4MQ3v10= +isc.org. 7200 IN RRSIG DNSKEY 5 2 7200 20150204230128 20150105230128 12892 isc.org. KFk6zXeVu/lULIjwpu5pzRonoksbZMC0Y0qr5K7SpzZK0P/pG4iEzDdSVHA8st+QxNxQ7O4aypeo2jxiJT61OfRzUhjKwopTPVRiiREDV7DFU/fEkgCYXWPlOP7w/An0NzIPc5OLxCDovQefKKgrJaA0hjrd+bTeINgLGdmra+b4FCgYusIZ9Cp+iNs/dByc6cGexce0a0JCyu/vBLnjzo0byjckZm/iiL4BPwtqlaV+NyXFgjucAoqegpSoUpAz1ozCNz9CcJ4yfA9HpWdiWLpYdO3hMt8kHJbk2DxJNkkLRdOP6ZES+3RBUgMgo0FnIYCrVC8QYYQGTO8f2cdfBw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 923 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedMX b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedMX new file mode 100644 index 000000000..7b5e97a8e --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedMX @@ -0,0 +1,120 @@ +#Date: 2015-01-06T22:34:59+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55073 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 1 +;; QUESTIONS: +;; csigned.ingotronic.ch., type = MX, class = IN + +;; ANSWERS: +csigned.ingotronic.ch. 300 IN CNAME www.ingotronic.ch. +csigned.ingotronic.ch. 300 IN RRSIG CNAME 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. ZBVECD9hhC0kSJPnvROZVE5bcN7mtDOuoYEJeTJZzuVU9ipLU7QljKmz4Lxhqq/MbdkpkR9Q2IgTjoDfVFbgZeattaQxjytAmKawXSFD6MzGEC2+JxE0+d1Q0N/1i+fH4EiIFpAZ3QDJjB6DIVb2cwX6TKGeETib2eB9g6aL+Dc= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +www.ingotronic.ch. 300 IN NSEC z.ingotronic.ch. A AAAA RRSIG NSEC +www.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 670 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4926 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87374 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87374 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87374 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87374 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65501 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 974 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 974 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20356 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 975 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 975 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 975 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 975 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52970 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3583 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3583 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3583 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24421 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedNsec3 new file mode 100644 index 000000000..65621b682 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSignedNsec3 @@ -0,0 +1,161 @@ +#Date: 2015-01-06T22:34:57+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18324 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 2 ad: 3 +;; QUESTIONS: +;; csigned.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +csigned.nsec3.ingotronic.ch. 300 IN CNAME www.ingotronic.ch. +csigned.nsec3.ingotronic.ch. 300 IN RRSIG CNAME 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. BaI9bT+Df9JqQuHHfPrcDsghZm7o1CCRXla/uzgUOBcCggW5Bk90hlXm0ih7ZIzmk764zHWNOcMJoBrCQ7XcFVIWVp+YUUVqCM6LmqPkz6rXwmeNpAS2mc04cjEg/DGEMTVo3IJLVW+kv7orci9AdWpaaZCC9oKz7aX68AlJyPc= +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 822 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10716 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87376 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87376 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87376 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87376 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47183 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 976 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 976 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24709 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 977 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 977 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 977 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 977 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44808 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3585 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3585 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3585 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43983 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59500 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23927 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSubSigned b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSubSigned new file mode 100644 index 000000000..fe50b755e --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToSubSigned @@ -0,0 +1,258 @@ +#Date: 2015-01-06T22:34:55+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20853 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 2 ad: 3 +;; QUESTIONS: +;; cssub.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +cssub.ingotronic.ch. 300 IN CNAME www.nsec3.ingotronic.ch. +cssub.ingotronic.ch. 300 IN RRSIG CNAME 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. Xmz99ucY+QTITwoo0KkCpZqmxqJp67uxfAvpOTSviID9cdQCs/LX8H5cPPOrgCxRIutuZczRKoSwt/w49Z3Kd9B2HrOfU3TY6pa7cXnG6vzV4Er/RKxdsIQJWCnzaF734FLn906exR7Cyznm+wSuubJvAiz0LMvC+SjJ9IynVx0= +www.nsec3.ingotronic.ch. 300 IN A 127.0.0.1 +www.nsec3.ingotronic.ch. 300 IN RRSIG A 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. jQhCY33aj9YTcCTHgl71PhM02o2LL6tdTy5M8TQw/Kt8D7wHxjVpu75eT9XEaM3abIqvygero5hCxyPW6IfF+FKmdx3MNigQiaB2sKu2XDNmFMbaucmVAWDRDMRY1BFavjz316JSb0rXX3XcS/ixbj9+jAm9lCXROcuzmOPB7vw= + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +nsec3.ingotronic.ch. 300 IN RRSIG NS 7 3 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. fl2Q0YQQ1TduolGLyQx8vGqSApoBbb6A+go5SLFBYQobrPfO/rb+SM8JvnlzNX/Xa7dRhDYrnfBTFUm1mCur9aIi34gu5UwDNQvt/GXY5dC3+DEy/28bTZ43UuCs+qGH9u9leFwGX4neFNl0s5B4RpxBN4is8dXMUvOda6QcsOw= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 826 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24439 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87379 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87379 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87379 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87379 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 548 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 978 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 978 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32630 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 979 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 979 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 979 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 979 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26037 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3587 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3587 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3587 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53160 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56207 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87378 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87378 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87378 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87378 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36556 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 978 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 978 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36210 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 979 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 979 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 979 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 979 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32040 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3587 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3587 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3587 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13921 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 984 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62463 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedA b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedA new file mode 100644 index 000000000..ef79a546d --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedA @@ -0,0 +1,205 @@ +#Date: 2015-01-06T22:34:54+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37558 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 3 ad: 6 +;; QUESTIONS: +;; cunsinged.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +cunsinged.ingotronic.ch. 300 IN CNAME www.20min.ch. +cunsinged.ingotronic.ch. 300 IN RRSIG CNAME 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. Oq75+uqbjTpblXzShoTm9TUViMxIS/iTdyGSi9tc4dsF/EKBtw0GyBjZA4iHNDkBPVudQ0u+aN9Zh+Mr+OgqyylCtfKKYRDRGYbPhkjs+EufU2FBoxYfPeMeaDTYXhN+prj9lla6IUkEsxZX+8SZlw/+GlJ0nVIDeN00L3U8y6Y= +www.20min.ch. 599 IN A 83.140.105.62 + +;; AUTHORITY RECORDS: +20min.ch. 3599 IN NS robotns2.second-ns.de. +20min.ch. 3599 IN NS robotns3.second-ns.com. +20min.ch. 3599 IN NS ns1.first-ns.de. + +;; ADDITIONAL RECORDS: +ns1.first-ns.de. 600 IN A 213.239.242.238 +ns1.first-ns.de. 299 IN AAAA 2a01:4f8:0:a101:0:0:a:1 +robotns2.second-ns.de. 1016 IN A 213.133.105.6 +robotns3.second-ns.com. 7199 IN A 193.47.99.3 +robotns3.second-ns.com. 599 IN AAAA 2a00:1158:4:0:0:0:add:a3 +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 467 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18340 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87379 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87379 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87379 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87379 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37899 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 979 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 979 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64743 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 980 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 980 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 980 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 980 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61336 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3588 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3588 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3588 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18907 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43839 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87379 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87379 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87379 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87379 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45479 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 979 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 979 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5536 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 980 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 980 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 980 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 980 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20532 +;; flags: qr rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 +;; QUESTIONS: +;; 20min.ch., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ch. 3600 IN SOA a.nic.ch. helpdesk.nic.ch. 2015010622 900 600 1123200 3600 +ch. 3600 IN RRSIG SOA 8 1 3600 20150205202115 20150106200400 60789 ch. gXFznlMM50NpTnKf/1GIa8PJjARc4OUJVjVzicybnZieYvXA1bXo9NnFabfSV8+ePmuvKlph1mdmXi4RWeCy75fT2DdWorJpW9/riW+4z0usW0fHNo5d7SLdxuUJGZCd22VM4y1F79crVmAftifagcsKmvDE0B8HrZ/8sH0Y6uQ= +E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch. 3600 IN RRSIG NSEC3 8 2 3600 20150124000839 20150105123019 60789 ch. HznmGWxQqbLUD5mjv8FHCwSfsNZ0fk4X6vtgyFTA81rVSQs4mUfoopvrBrYHGB0iKz/eeRCgHisH99L7uw/dWUy8h9pTQM4UFmspLjTiVHDNad6COrKnFFywV8E7CwibCd+qcdo4yGME3TbVkH1BbSvzQrUKKKe5eO/hleMvhSk= +E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch. 3600 IN NSEC3 1 1 2 A170C978 E5PB8JRENAJFIO1LLO9ELPG39F787FOL NS DS RRSIG +G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch. 3600 IN RRSIG NSEC3 8 2 3600 20150124064109 20150105123019 60789 ch. pvd/nB3QKjTbLpxM9H9xcJIwmLnNAJPsXMffmjtAjTbceZ7IfpQHmguLPyJS7awSyEOTAhKmpeaT7m4iHhFm1/X4ybZmUvRSexqskgmGzqK+39cjaPrxc+ghdiUgFSjxv36PhoyM5gYnclTqpwGuFR00HK3av9vnnEKEY7zWtmM= +G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch. 3600 IN NSEC3 1 1 2 A170C978 G6DQNPQ9VP0U8F95714HO3575MPP42V1 NS SOA RRSIG DNSKEY NSEC3PARAM + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 741 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedMX b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedMX new file mode 100644 index 000000000..5a0659f3d --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedMX @@ -0,0 +1,197 @@ +#Date: 2015-01-06T22:34:54+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20119 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 1 ad: 1 +;; QUESTIONS: +;; cunsinged.ingotronic.ch., type = MX, class = IN + +;; ANSWERS: +cunsinged.ingotronic.ch. 300 IN CNAME www.20min.ch. +cunsinged.ingotronic.ch. 300 IN RRSIG CNAME 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. Oq75+uqbjTpblXzShoTm9TUViMxIS/iTdyGSi9tc4dsF/EKBtw0GyBjZA4iHNDkBPVudQ0u+aN9Zh+Mr+OgqyylCtfKKYRDRGYbPhkjs+EufU2FBoxYfPeMeaDTYXhN+prj9lla6IUkEsxZX+8SZlw/+GlJ0nVIDeN00L3U8y6Y= + +;; AUTHORITY RECORDS: +20min.ch. 300 IN SOA ns1.first-ns.de. postmaster.20min.ch. 2014121100 600 600 86400 600 + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 311 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30770 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87379 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87379 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87379 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87379 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16869 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 979 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 979 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35599 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 980 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 980 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 980 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 980 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35095 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3588 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3588 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3588 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23106 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24914 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87379 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87379 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87379 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87379 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26910 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 979 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 979 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48955 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 980 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 980 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 980 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 980 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9000 +;; flags: qr rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 +;; QUESTIONS: +;; 20min.ch., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ch. 3600 IN SOA a.nic.ch. helpdesk.nic.ch. 2015010622 900 600 1123200 3600 +ch. 3600 IN RRSIG SOA 8 1 3600 20150205202115 20150106200400 60789 ch. gXFznlMM50NpTnKf/1GIa8PJjARc4OUJVjVzicybnZieYvXA1bXo9NnFabfSV8+ePmuvKlph1mdmXi4RWeCy75fT2DdWorJpW9/riW+4z0usW0fHNo5d7SLdxuUJGZCd22VM4y1F79crVmAftifagcsKmvDE0B8HrZ/8sH0Y6uQ= +E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch. 3600 IN RRSIG NSEC3 8 2 3600 20150124000839 20150105123019 60789 ch. HznmGWxQqbLUD5mjv8FHCwSfsNZ0fk4X6vtgyFTA81rVSQs4mUfoopvrBrYHGB0iKz/eeRCgHisH99L7uw/dWUy8h9pTQM4UFmspLjTiVHDNad6COrKnFFywV8E7CwibCd+qcdo4yGME3TbVkH1BbSvzQrUKKKe5eO/hleMvhSk= +E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch. 3600 IN NSEC3 1 1 2 A170C978 E5PB8JRENAJFIO1LLO9ELPG39F787FOL NS DS RRSIG +G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch. 3600 IN RRSIG NSEC3 8 2 3600 20150124064109 20150105123019 60789 ch. pvd/nB3QKjTbLpxM9H9xcJIwmLnNAJPsXMffmjtAjTbceZ7IfpQHmguLPyJS7awSyEOTAhKmpeaT7m4iHhFm1/X4ybZmUvRSexqskgmGzqK+39cjaPrxc+ghdiUgFSjxv36PhoyM5gYnclTqpwGuFR00HK3av9vnnEKEY7zWtmM= +G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch. 3600 IN NSEC3 1 1 2 A170C978 G6DQNPQ9VP0U8F95714HO3575MPP42V1 NS SOA RRSIG DNSKEY NSEC3PARAM + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 741 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedNsec3 new file mode 100644 index 000000000..fd36d1cb2 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedNsec3 @@ -0,0 +1,240 @@ +#Date: 2015-01-06T22:34:53+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30287 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 3 ad: 2 +;; QUESTIONS: +;; cunsinged.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +cunsinged.nsec3.ingotronic.ch. 300 IN CNAME www.20min.ch. +cunsinged.nsec3.ingotronic.ch. 300 IN RRSIG CNAME 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. rIfDPrgT5aS2eL0ZibS5jElaEZviflBjmKuzikS3r9/QXm+Ad/gO7+/cVdCjK98p4JOWW+RxowOQsL97bPhtmNQZiqUr1agKe3nLLqQw6Y+3hT74BZEcEHmi0xvzdS4syt4BdiiWkf9U7LnLZBvC4sK4d2gG1/apDJi1mOThcDw= +www.20min.ch. 600 IN A 83.140.105.62 + +;; AUTHORITY RECORDS: +20min.ch. 3600 IN NS ns1.first-ns.de. +20min.ch. 3600 IN NS robotns2.second-ns.de. +20min.ch. 3600 IN NS robotns3.second-ns.com. + +;; ADDITIONAL RECORDS: +robotns2.second-ns.de. 1017 IN A 213.133.105.6 +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 391 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35001 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87380 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87380 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87380 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87380 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37625 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 980 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 980 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31241 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 981 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 981 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 981 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 981 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14796 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3589 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3589 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3589 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47626 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22107 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34962 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11098 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87380 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87380 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87380 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87380 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14971 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 980 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 980 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17809 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 980 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 980 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 980 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 980 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51464 +;; flags: qr rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 +;; QUESTIONS: +;; 20min.ch., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ch. 3600 IN SOA a.nic.ch. helpdesk.nic.ch. 2015010622 900 600 1123200 3600 +ch. 3600 IN RRSIG SOA 8 1 3600 20150205202115 20150106200400 60789 ch. gXFznlMM50NpTnKf/1GIa8PJjARc4OUJVjVzicybnZieYvXA1bXo9NnFabfSV8+ePmuvKlph1mdmXi4RWeCy75fT2DdWorJpW9/riW+4z0usW0fHNo5d7SLdxuUJGZCd22VM4y1F79crVmAftifagcsKmvDE0B8HrZ/8sH0Y6uQ= +E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch. 3600 IN RRSIG NSEC3 8 2 3600 20150124000839 20150105123019 60789 ch. HznmGWxQqbLUD5mjv8FHCwSfsNZ0fk4X6vtgyFTA81rVSQs4mUfoopvrBrYHGB0iKz/eeRCgHisH99L7uw/dWUy8h9pTQM4UFmspLjTiVHDNad6COrKnFFywV8E7CwibCd+qcdo4yGME3TbVkH1BbSvzQrUKKKe5eO/hleMvhSk= +E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch. 3600 IN NSEC3 1 1 2 A170C978 E5PB8JRENAJFIO1LLO9ELPG39F787FOL NS DS RRSIG +G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch. 3600 IN RRSIG NSEC3 8 2 3600 20150124064109 20150105123019 60789 ch. pvd/nB3QKjTbLpxM9H9xcJIwmLnNAJPsXMffmjtAjTbceZ7IfpQHmguLPyJS7awSyEOTAhKmpeaT7m4iHhFm1/X4ybZmUvRSexqskgmGzqK+39cjaPrxc+ghdiUgFSjxv36PhoyM5gYnclTqpwGuFR00HK3av9vnnEKEY7zWtmM= +G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch. 3600 IN NSEC3 1 1 2 A170C978 G6DQNPQ9VP0U8F95714HO3575MPP42V1 NS SOA RRSIG DNSKEY NSEC3PARAM + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 741 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedVoid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedVoid new file mode 100644 index 000000000..a7f0a45e4 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToUnsignedVoid @@ -0,0 +1,234 @@ +#Date: 2015-01-06T22:34:56+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16068 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 1 ad: 1 +;; QUESTIONS: +;; cvoid4.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +cvoid4.ingotronic.ch. 300 IN CNAME gibtsnicht.unsigned.ingotronic.ch. +cvoid4.ingotronic.ch. 300 IN RRSIG CNAME 5 3 300 20150125010026 20141226003834 17430 ingotronic.ch. GJPzgBVNBOn1X/aX0VhnWdpr3eVFvil6+z2nyPo1ikIdf1hKkpt7uhC7NRpUM9+4Kapxjs+n3Om45LwXtnPrKQ4hYIJFjRoPwBgg+SZN5bFC38e1zSdZnhlSG5CVvz/E2Ga/9/Hoks87s7l3UPfW9/60GO9KTOwnr++PhL8RBa8= + +;; AUTHORITY RECORDS: +unsigned.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032601 300 60 864000 300 + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 302 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13057 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87377 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87377 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87377 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87377 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54555 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 977 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 977 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62611 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 978 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 978 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 978 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 978 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9284 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3586 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3586 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3586 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24290 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1013 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87377 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87377 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87377 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87377 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38352 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 977 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 977 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46761 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 978 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 978 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 978 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 978 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56933 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3586 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3586 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3586 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32818 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13560 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; unsigned.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +unsigned.ingotronic.ch. 300 IN NSEC v.ingotronic.ch. NS RRSIG NSEC +unsigned.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. VsO/22QJi2Ny+QZBukileDIUc4/DqPdZwNssNbylPAscz0IBrLt9zKDcI26NSMqhFRFXIZqBXJScmKJseKB+wQUscwKK5kkzUIXK/SPbLQ8MLnOUKIXUgURDKDCp6W8eHoa/51dOS0Vb1woxmzN1kQnjTTUoW5z1igN7RcYCuGQ= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 480 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidExternalInvalidTld b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidExternalInvalidTld new file mode 100644 index 000000000..94a244486 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidExternalInvalidTld @@ -0,0 +1,122 @@ +#Date: 2015-01-06T22:34:59+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6215 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 6 ad: 1 +;; QUESTIONS: +;; cvoidext1.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +cvoidext1.ingotronic.ch. 300 IN CNAME example.invalid. +cvoidext1.ingotronic.ch. 300 IN RRSIG CNAME 5 3 300 20150125010026 20141226003834 17430 ingotronic.ch. Xav60pS0YfajeVhUHndHfm+x6EwR84QywbttguX6n0aZIeh/wI4Hq9DBwGJXi69Q8yzLlnS8hL2UXKewYs4lPds0hYNDj6I01nxtUbZvsi+DDLnkQsdJ7pgWQh8L9zPDIMxOk2E6fcKD5M9DOV1ARfcXKwxUQX6cpy5xwp7/NGU= + +;; AUTHORITY RECORDS: +. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2015010601 1800 900 604800 86400 +. 10800 IN RRSIG SOA 8 0 86400 20150113170000 20150106160000 16665 . R9ZOwEb5fodQQNRl4WvguyqEzOxdNPQ18nI+0R5sB2JSqG4Qz45SwW+vfnFCF01UW43/GdEfGOScrYVP2UBM8F2WOM+tHMZN0t9BbP9uszTWhzdYNCl3UKYYJiB59b8HIhKXlERPVfW2UEgIiI2VajShJnUv67W8gQO56hgTNEE= +. 10800 IN RRSIG NSEC 8 0 86400 20150113170000 20150106160000 16665 . wlEpGn1C8YZzJjIrlJp/GSud5FuLAZZj9C54DrKEl9gELWeIFJgLwkI1tcH4EhabbsNScB7SPOmVmnLkuM4Q6yJkmI1HXeBrddxniI2YEw+m9++/i19AqfDxuVYs52peKxXdEZ/sIS5JtDz3bdB44IAp2k1ue780z0xRV796vUk= +. 10800 IN NSEC abogado. NS SOA RRSIG NSEC DNSKEY +international. 10800 IN RRSIG NSEC 8 1 86400 20150113170000 20150106160000 16665 . Bd+SEFOjCmN5pg924EOfuq15E0haMqLhX0Li2V3KDfosFYoA81Vs8Okg7Jvc5KJn1eRu4HnZlz81bIYZ9Kt5bJGoFie+5iCcnlZPBQhKTYN5M80/BepNJyrcvocFvgRDaEYv1si1cxRpLGMYDTVHHkykSNjygRTuVdP/JZ/A9LA= +international. 10800 IN NSEC investments. NS DS RRSIG NSEC + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 879 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40638 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87374 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87374 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87374 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87374 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38951 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 974 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 974 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7331 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 975 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 975 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 975 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 975 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27566 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3583 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3583 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3583 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9517 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidExternalValidTld b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidExternalValidTld new file mode 100644 index 000000000..818fc5a87 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidExternalValidTld @@ -0,0 +1,182 @@ +#Date: 2015-01-06T22:34:57+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46204 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 8 ad: 1 +;; QUESTIONS: +;; cvoidext2.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +cvoidext2.ingotronic.ch. 300 IN CNAME asdfasdfasdfasdfasdlallala.cz. +cvoidext2.ingotronic.ch. 300 IN RRSIG CNAME 5 3 300 20150125010026 20141226003834 17430 ingotronic.ch. gmo4G24J9Mvp33WaOCGbCb458CVIs/4I4Y3LKckPljSGiABf/yaQGvS9l3IzJPQnYSX8YQ4DIqlk7eusuJQY0fy2aAdOm04FwmwqUwyTmsAZLFVj3QTdKegKd5Dn6X3dkn0tey+B+f9vvAC7463cXnFBV/IH/FarIrI6k9ojzKY= + +;; AUTHORITY RECORDS: +cz. 900 IN SOA a.ns.nic.cz. hostmaster.nic.cz. 1420578481 900 300 604800 900 +cz. 900 IN RRSIG SOA 10 1 18000 20150120004808 20150106200801 12305 cz. wlLCApKp0+5n0FCqFyBqMMhIT3Ed0PZL096UZE52b6kbc1vlZMrJTVegCNAfqHA5lncr5IDiH74MRycOHXrASZbjRkrSlD/65Q6078U0eyUeMfkdTGtpbG4O9MIoYz2ZOYA+cm46kihukqqyL8TYW4k6tPPz38wM0ZtOOm6os68= +38GIO0D33Q2JTSPH3U5Q11N5T26Q7Q4K.cz. 900 IN RRSIG NSEC3 10 2 900 20150115154919 20150103133802 12305 cz. PJPc+o6k8nLCNnQLA7TsWdzq48+QO864/hWGqVRSCi9ukLgGDMKqv+jElAfWaUEC5+VjcqVFbPN4axf3f3YrujByVEeEh7w4xyszNT1PXuW8aRzxQY25w56qZg/0RS7u3iPqTTXD326C0YSviz9U+cUS01SDDG/VykuYNZ4HFW0= +38GIO0D33Q2JTSPH3U5Q11N5T26Q7Q4K.cz. 900 IN NSEC3 1 0 10 67B58E8C9BC9DB56 38GKDLFFUNLEL0AGNO2LSLVJVKI68LAG NS +8EFHGTJ1KPPOHHCDUN98RE9MQIJPGRTJ.cz. 900 IN RRSIG NSEC3 10 2 900 20150116070317 20150102073803 12305 cz. zOjazMb7y7VNKVJ0lV/GZWqzuQry0BGluA0L/r3jclBMei61EOK5OzZYz8w/rWbvYVD0bbRoicE2xnkfzABZU94vz+b62jYZQCbMymg53rYv3fiqIsxryxpZFxT/uJaHKpjN0qFUFbeWF6zSdx5LuH2d7dKK0GvQHm75YKljoXw= +8EFHGTJ1KPPOHHCDUN98RE9MQIJPGRTJ.cz. 900 IN NSEC3 1 0 10 67B58E8C9BC9DB56 8EFJ4IJ3TL227ELEVRADBRR79O7OI5GU NS DS RRSIG +FT1N74TQU0J7F46PTJVFUISFDM2FASQ9.cz. 900 IN RRSIG NSEC3 10 2 900 20150116012634 20150103003759 12305 cz. DuInt8AROXCbNdXO8QTeha9mLCaa/yw+6OhWNrRf65ZduFNSz+HVsAOK2XTmDoLUbrqGWzVSLS+ICJHYld40A8ApKEziLg5Kml5sLdZqQ/B3eFKAlCs085ZVqTRn7CtcSNFlO99nbcrLFum7Bd791XqNObAUuWULgEoknq/CqVc= +FT1N74TQU0J7F46PTJVFUISFDM2FASQ9.cz. 900 IN NSEC3 1 0 10 67B58E8C9BC9DB56 FT1N8G39QDVVI8P5NMEPU90HLCN2JE96 NS SOA RRSIG DNSKEY NSEC3PARAM + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1229 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4951 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87377 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87377 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87377 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87377 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30086 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 977 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 977 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44855 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 978 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 978 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 978 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 978 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30639 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3586 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3586 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3586 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59579 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14960 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87376 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87376 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87376 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87376 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43914 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; cz., type = DS, class = IN + +;; ANSWERS: +cz. 1022 IN DS 54576 10 2 397E50C85EDE9CDE33F363A9E66FD1B216D788F8DD438A57A423A386869C8F06 +cz. 1022 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . usdJcSrC+uZEPY8AbHtkDdbuhCaz7ZGrKWHYZG3lixlcaEACfpf2Wl4Tz55FvIgCXKII9B6PUJ9umfupy+XOMvBUsjI8aD/Of8bEBWQ2QS35GOt8YMoyf5lI+nZT0hte/cY3Dgq0Vo2zHvvdrPC2kfgy0i/h4IMxLYWghQeCg1M= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23832 +;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; cz., type = DNSKEY, class = IN + +;; ANSWERS: +cz. 18000 IN DNSKEY 257 3 10 AwEAAay0hi4HN2r/BqMQTpIPIVDyjmyF+9ZWvr5Lewx+q+947o/GrRv4FGFfkZxf9CFfYVUf0jG5Yq4i06pGVNwJl81HS9Ux2oeHRXUvgtLnl5HeRVLL+zgI5byx9HSNr4bPO8ZEn5OjoayhkNyGSFr4VWrzQk/K02vLP4d1cCEzUQy30eyZto2/tG5ZwCU/iRkS1PJOcOW98hiFIfFDZv1XjbEpqEYhT2PATs6rt+BKwSHKGISmg1PNdg+y0rItemYMWr1f9BGAdtTWoPCPCYPjOZMPoIyA4tMscD+ww54Jf/QNoHccY4hO1yHiuAXG7SUn8jo0IKQ9W7JJxES0aqFCX/0= +cz. 18000 IN DNSKEY 256 3 10 AwEAAd3ZDGaLTUBExTP4AxFwNmoNUbi/VuWW5/vdee9lnZynOe6QoXfw8+yxwAKEB1IMrPxXVcc1PIHSecFQYcm5ydYAFo2FD0x+NAk+7quCmepMjuWEo1qRMxlgVMxBjWCCOUM+zhGfkq/6u0GEEHzonevsRMazhkIbIZUWQmBMvUu7 +cz. 18000 IN RRSIG DNSKEY 10 1 18000 20150116000000 20150102000000 54576 cz. Ghsts1kWqYSQ72PDf49ItDFLQjTGoTK6JA9Ogf/efflU6ZltiuuXVd17oKI15HPk1hjL/n9HNRiIf1htUpdA9vmUbYKfrjVp2MJXHIGNniH1vWU3cFxReh2dxMspUDTyK64LwBBbBIBmEWY7jadtzsvjdHXx1eqngN3e4WUPGS58JoSXVv1d38vcTZ1jYLWmOlnHrCvZEwj9t53Lq1Ln/fra2Ft3cfgO6i0P6qtBht/amX7kX1BAV0l6lO+fy0PXXbXWoTMRDIruId/8N0ND7FZolH+XBxSW9clDHzPx9ivkJsxKB3rHO8vNOVWcHyKyKacpW2O8FFUee5PLlCu+6g== +cz. 18000 IN RRSIG DNSKEY 10 1 18000 20150119154437 20150106200801 12305 cz. P48hNLytBKd+6k+EnJuE5W24xWSmxqjCvQy6M4UwDACyMyxDMZP4DmWuRgb+g/2OjpfSdGFvNTPSrTKAx3sOMynqLMJzYWRb5bRf2lPEIeHQH2Eeo9wvwh14uakw6HzHcNovak21iVTNoN61vmYR5QT1RyuBwYgFBGgUbMeiYpc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 907 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidNsec3 new file mode 100644 index 000000000..210ec0d07 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoidNsec3 @@ -0,0 +1,163 @@ +#Date: 2015-01-06T22:34:53+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10111 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 8 ad: 1 +;; QUESTIONS: +;; cvoid.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +cvoid.nsec3.ingotronic.ch. 300 IN CNAME gibtsnicht.nsec3.ingotronic.ch. +cvoid.nsec3.ingotronic.ch. 300 IN RRSIG CNAME 7 4 300 20150125001848 20141225235834 62417 nsec3.ingotronic.ch. wkUoPvwxbSBQwn6foMsFYdPuGZNnmi1qKWN7sEtcuI4Hu17Gfjm7oBMpbj5fbaKETl83sqAAPQThWAeoYCM0DDhxyI114F6/fb52HLYgGFNLdMP3T75nHZiIcH8A2Z5t9DmqTEPmuSU3sZRCPYI7kfBXGHM1vb0gcLptQn5Zh20= + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300 +nsec3.ingotronic.ch. 300 IN RRSIG SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ= +NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 O275F9OLQ9HNCER7U4SMD4V8AG7IPML9 A NS SOA RRSIG DNSKEY NSEC3PARAM +NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150131235629 20150101233516 62417 nsec3.ingotronic.ch. xccCvQs/b3ndBUo6J2FbaCzDMg+LB1e4OWeI29VTBWcmfbuD3rZvneRdbA9B5AluJH1ar10xxdrt/+RSuhSWC70LswkdPDg4vshmCZMDeMCOJYFEkGR0UgcZUMynU6EewEDLVLgYtBkJmspeuZNMBMPk/ZUOolCElrkHfbUA1Cc= +UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 0UPHA6GQV03I7D8EJUDKC30I0C6I1G1Q +UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. XV2q9ufbwzauD/tmjb2EKsNBF+kHQYL0/MNb6ivY1oH9Q2hzQNPUuHkUl1db2erDFodPvspmDk6p6WOXoV6wmmaYhN+JI1TQKYYThsnKC1bkt1h6QyjwsDc12d8HVHOopvoXpaYWoV4bbghsAylGVqRjEYyt8JtR3BPfphehloU= +L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT +L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1248 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32391 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87380 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87380 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87380 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87380 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55778 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 980 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 980 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33974 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 981 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 981 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 981 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 981 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45078 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3589 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3589 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3589 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13899 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52296 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58137 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_1 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_1 new file mode 100644 index 000000000..dbe48177d --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_1 @@ -0,0 +1,122 @@ +#Date: 2015-01-06T22:34:55+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61136 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 6 ad: 1 +;; QUESTIONS: +;; cvoid1.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +cvoid1.ingotronic.ch. 300 IN CNAME gibtsnicht.ingotronic.ch. +cvoid1.ingotronic.ch. 300 IN RRSIG CNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. bjZ5dgY+WNUzgkbA9Bvgz9Ux6lQxEVWzrtnkByK7C6itvwG3pS1LcxOCPi79a5PQqbGm1S4axCsEHtZkoZWWU2OEUvfiqJtATnxBGlb43q0eP8wQhmxMSqSC5DNedShLeT5v1hhvCyyJ7lEpMKwI1ROc/MMtFzvlWHKCqb81lxQ= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +ingotronic.ch. 300 IN NSEC alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY +ingotronic.ch. 300 IN RRSIG NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M= +eccgost.ingotronic.ch. 300 IN NSEC invalid.ingotronic.ch. NS DS RRSIG NSEC +eccgost.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. lsX44/1144d1nG80WVhDnZCiywh+KTNqj9oEECk3GifEjOWNTJDTfbBnrGbdc7BIWs1mZmcPKFVfQB39QunMyzNQi4Wzjor3U1FPbXhUTn/g9fMul37g1aR00hUfS2Jo49vfDZEMZWp7th9ZFc+hlr8uWISceul5OJRq4SyMbzs= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 905 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16825 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87378 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87378 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87378 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87378 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29298 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 978 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 978 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33412 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 979 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 979 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 979 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 979 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13219 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3587 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3587 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3587 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54010 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_2 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_2 new file mode 100644 index 000000000..b018677c1 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_2 @@ -0,0 +1,124 @@ +#Date: 2015-01-06T22:34:56+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34279 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 6 ad: 1 +;; QUESTIONS: +;; cvoid2.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +cvoid2.ingotronic.ch. 300 IN CNAME cvoid1.ingotronic.ch. +cvoid2.ingotronic.ch. 300 IN RRSIG CNAME 5 3 300 20150125010026 20141226003834 17430 ingotronic.ch. TXsbQfrVD9b/bdPeIpYrLFxPxiihDhWpASKTwlH2qdJq1jj95azjtUKXDaiY5NQHey83W4Z3cS37stNAc/K2Du8novIqfXesZqf7g/1kYl1Yd/WXnU8h3ImPBrx4uGj1mv5K31cxpdfRp5EP73rarc2rgzO+pnCoKV7ofSXXYOo= +cvoid1.ingotronic.ch. 300 IN CNAME gibtsnicht.ingotronic.ch. +cvoid1.ingotronic.ch. 300 IN RRSIG CNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. bjZ5dgY+WNUzgkbA9Bvgz9Ux6lQxEVWzrtnkByK7C6itvwG3pS1LcxOCPi79a5PQqbGm1S4axCsEHtZkoZWWU2OEUvfiqJtATnxBGlb43q0eP8wQhmxMSqSC5DNedShLeT5v1hhvCyyJ7lEpMKwI1ROc/MMtFzvlWHKCqb81lxQ= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +ingotronic.ch. 300 IN NSEC alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY +ingotronic.ch. 300 IN RRSIG NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M= +eccgost.ingotronic.ch. 300 IN NSEC invalid.ingotronic.ch. NS DS RRSIG NSEC +eccgost.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. lsX44/1144d1nG80WVhDnZCiywh+KTNqj9oEECk3GifEjOWNTJDTfbBnrGbdc7BIWs1mZmcPKFVfQB39QunMyzNQi4Wzjor3U1FPbXhUTn/g9fMul37g1aR00hUfS2Jo49vfDZEMZWp7th9ZFc+hlr8uWISceul5OJRq4SyMbzs= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1099 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59670 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87378 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87378 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87378 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87378 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6373 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 978 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 978 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48616 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 979 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 979 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 979 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 979 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14302 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3587 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3587 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3587 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60529 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_3 new file mode 100644 index 000000000..9cca46d2b --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestCNames/testCNameToVoid_3 @@ -0,0 +1,126 @@ +#Date: 2015-01-06T22:34:56+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59635 +;; flags: qr aa rd ra cd ; qd: 1 an: 6 au: 6 ad: 1 +;; QUESTIONS: +;; cvoid3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +cvoid3.ingotronic.ch. 300 IN CNAME cvoid2.ingotronic.ch. +cvoid3.ingotronic.ch. 300 IN RRSIG CNAME 5 3 300 20150125010026 20141226003834 17430 ingotronic.ch. Hu0GdbBDRA0DKRD4+sXTmQepSP4MiNAgYgD31P0HsW90u7EMg/urDVtDR4SGRQjgAJek5+YtYWoVD3Daqzbu5F6lJp8BATK7BcMbERdTv3R+3jnBbElA8sxyHUXBnMjuj6P1ifjFEN8cnS7zCVEDGZdKZN58TOCpNtuHAzl1J8A= +cvoid2.ingotronic.ch. 300 IN CNAME cvoid1.ingotronic.ch. +cvoid2.ingotronic.ch. 300 IN RRSIG CNAME 5 3 300 20150125010026 20141226003834 17430 ingotronic.ch. TXsbQfrVD9b/bdPeIpYrLFxPxiihDhWpASKTwlH2qdJq1jj95azjtUKXDaiY5NQHey83W4Z3cS37stNAc/K2Du8novIqfXesZqf7g/1kYl1Yd/WXnU8h3ImPBrx4uGj1mv5K31cxpdfRp5EP73rarc2rgzO+pnCoKV7ofSXXYOo= +cvoid1.ingotronic.ch. 300 IN CNAME gibtsnicht.ingotronic.ch. +cvoid1.ingotronic.ch. 300 IN RRSIG CNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. bjZ5dgY+WNUzgkbA9Bvgz9Ux6lQxEVWzrtnkByK7C6itvwG3pS1LcxOCPi79a5PQqbGm1S4axCsEHtZkoZWWU2OEUvfiqJtATnxBGlb43q0eP8wQhmxMSqSC5DNedShLeT5v1hhvCyyJ7lEpMKwI1ROc/MMtFzvlWHKCqb81lxQ= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +ingotronic.ch. 300 IN NSEC alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY +ingotronic.ch. 300 IN RRSIG NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M= +eccgost.ingotronic.ch. 300 IN NSEC invalid.ingotronic.ch. NS DS RRSIG NSEC +eccgost.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. lsX44/1144d1nG80WVhDnZCiywh+KTNqj9oEECk3GifEjOWNTJDTfbBnrGbdc7BIWs1mZmcPKFVfQB39QunMyzNQi4Wzjor3U1FPbXhUTn/g9fMul37g1aR00hUfS2Jo49vfDZEMZWp7th9ZFc+hlr8uWISceul5OJRq4SyMbzs= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1293 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39640 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87377 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87377 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87377 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87377 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10842 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 977 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 977 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34860 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 978 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 978 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 978 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 978 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34516 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3586 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3586 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3586 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50866 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameChain b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameChain new file mode 100644 index 000000000..c570c0e8e --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameChain @@ -0,0 +1,165 @@ +#Date: 2015-01-06T22:35:18+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44507 +;; flags: qr aa rd ra cd ; qd: 1 an: 8 au: 2 ad: 3 +;; QUESTIONS: +;; www.alias.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +alias.nsec3.ingotronic.ch. 300 IN DNAME alias.ingotronic.ch. +alias.nsec3.ingotronic.ch. 300 IN RRSIG DNAME 7 4 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. eYGi6EDpW/j20NoDaULrBkHTSTJhk45F8wsIRmGvmbdodQtvXH5Ax8kReCg3BxlkVnL+I4aQL4GrNFUU9F05JgIXHhDyW7ZixGVtj1rz2jCYHFYiQZC6RZSntnoUKdhcbgs/KI5ffIoFFMzrFfT8Aw6lUpBti0HRtnOdtepBHSc= +www.alias.nsec3.ingotronic.ch. 300 IN CNAME www.alias.ingotronic.ch. +alias.ingotronic.ch. 300 IN DNAME ingotronic.ch. +alias.ingotronic.ch. 300 IN RRSIG DNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. GzAO4/bVZ3twjJhR1z1uujUYNI35rtGJi3jlDY6kbwQcaZeiu8WSeln5L90FijEVFVsXsv5rVvOZXAiXk5FP5jZgGg/A6H1iN8nNsVNSzc8XNWBd+Wv4+x0aQKZvcAD++Pcn3EW3nCEcHNdvnqVsjXbtdTJOiPYrvm/iC3QduCI= +www.alias.ingotronic.ch. 300 IN CNAME www.ingotronic.ch. +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1075 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59638 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87355 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87355 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87355 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87355 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1139 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 955 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 955 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28751 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 956 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 956 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 956 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 956 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45226 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3564 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3564 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3564 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40277 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48824 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39526 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameDirectQueryIsValid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameDirectQueryIsValid new file mode 100644 index 000000000..e734ecd3a --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameDirectQueryIsValid @@ -0,0 +1,120 @@ +#Date: 2015-01-06T22:35:18+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46984 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; alias.ingotronic.ch., type = DNAME, class = IN + +;; ANSWERS: +alias.ingotronic.ch. 300 IN DNAME ingotronic.ch. +alias.ingotronic.ch. 300 IN RRSIG DNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. GzAO4/bVZ3twjJhR1z1uujUYNI35rtGJi3jlDY6kbwQcaZeiu8WSeln5L90FijEVFVsXsv5rVvOZXAiXk5FP5jZgGg/A6H1iN8nNsVNSzc8XNWBd+Wv4+x0aQKZvcAD++Pcn3EW3nCEcHNdvnqVsjXbtdTJOiPYrvm/iC3QduCI= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 628 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36002 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87355 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87355 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87355 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87355 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16893 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 955 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 955 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52063 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 956 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 956 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 956 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 956 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54102 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3564 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3564 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3564 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52299 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameInNsecIsUnderstood_Rfc6672_5_3_4_1 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameInNsecIsUnderstood_Rfc6672_5_3_4_1 new file mode 100644 index 000000000..d59718dc5 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameInNsecIsUnderstood_Rfc6672_5_3_4_1 @@ -0,0 +1,215 @@ +#Date: 2015-01-06T22:35:17+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54975 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; alias.ingotronic.ch., type = NS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +alias.ingotronic.ch. 300 IN NSEC a.b.ingotronic.ch. DNAME RRSIG NSEC +alias.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. mS+nh5skTxhOBdJlkwSGdrmhuA5FC9Am9emIhyIViET/1BoKotmbzLtfaBXAh2gRhcfDr+4OJJ6oyUcdMn/m4YG8NUsf4rAL92/YyxocUoF/oS8ZZv/BPXplCH5J4hsac+heElbPJ29v0kFVujErTaX/Ev0lYsUNI+9OmCrlQpk= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 479 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63210 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87356 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87356 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87356 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87356 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43121 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 956 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 956 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13758 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 957 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 957 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 957 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 957 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49588 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3565 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3565 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3565 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2484 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34069 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87356 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87356 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87356 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87356 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4828 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 956 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 956 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61240 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 957 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 957 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 957 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 957 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11851 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3564 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3564 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3564 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51177 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToExistingIsValid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToExistingIsValid new file mode 100644 index 000000000..cc278235e --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToExistingIsValid @@ -0,0 +1,123 @@ +#Date: 2015-01-06T22:35:18+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38821 +;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 2 ad: 3 +;; QUESTIONS: +;; www.alias.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +alias.ingotronic.ch. 300 IN DNAME ingotronic.ch. +alias.ingotronic.ch. 300 IN RRSIG DNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. GzAO4/bVZ3twjJhR1z1uujUYNI35rtGJi3jlDY6kbwQcaZeiu8WSeln5L90FijEVFVsXsv5rVvOZXAiXk5FP5jZgGg/A6H1iN8nNsVNSzc8XNWBd+Wv4+x0aQKZvcAD++Pcn3EW3nCEcHNdvnqVsjXbtdTJOiPYrvm/iC3QduCI= +www.alias.ingotronic.ch. 300 IN CNAME www.ingotronic.ch. +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 839 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1484 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87355 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87355 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87355 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87355 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32079 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 955 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 955 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20143 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 956 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 956 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 956 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 956 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47237 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3564 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3564 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3564 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23654 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToExternal b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToExternal new file mode 100644 index 000000000..187ce6540 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToExternal @@ -0,0 +1,235 @@ +#Date: 2015-01-06T22:35:19+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47623 +;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 5 ad: 11 +;; QUESTIONS: +;; www.isc.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +isc.ingotronic.ch. 300 IN DNAME isc.org. +isc.ingotronic.ch. 300 IN RRSIG DNAME 5 3 300 20150125010136 20141226005030 17430 ingotronic.ch. Lq+1VhRumvgwRCg2inz0FZkNn28FaHbc2lfie4WJ6ScNxtvGmQwaVc7nGt5xcxQEZZc609yr+kEuYEHMckSiCoEY6jy7/qI9e2vGYe1UGzT2bbjWZ6j/v40kE7x/dWybFAcpaWJyi6x+Nx6n3EsNe30TqPLO9kGzuumYDHNnVMs= +www.isc.ingotronic.ch. 300 IN CNAME www.isc.org. +www.isc.org. 41 IN A 149.20.64.69 +www.isc.org. 41 IN RRSIG A 5 3 60 20150204233244 20150105233244 4521 isc.org. qX9Fqzc+cUB7TUgdAPDQztt+3L7A2TxqVPTGZht3gKb1oBizum2zL3Le6lSO/DI2b526/n+l6gyT7ZtSL058wmEWhXeFlurPojBEBCWYLBkJ7OBLTqMSKzVNN1zpdUIs2RA8QqLOhSWeFkBw0bcJaDnRC2uKr0513aMVJfk5uA8= + +;; AUTHORITY RECORDS: +isc.org. 1008 IN NS ns.isc.afilias-nst.info. +isc.org. 1008 IN NS ord.sns-pb.isc.org. +isc.org. 1008 IN NS sfba.sns-pb.isc.org. +isc.org. 1008 IN NS ams.sns-pb.isc.org. +isc.org. 1008 IN RRSIG NS 5 2 7200 20150204233244 20150105233244 4521 isc.org. Olb3QQHiezY6ysFepLUtePsgyVqXgECmLMROkbaAJT5ndTyoMHy4NaX/zFc63LtvzilrS59l9x719c4Pcm37zuEEdKB1IdjtxYKzKqmCzJZ5GuSZ6XgLO2DPWoF2ws+1BVPJL2myZdoBeEu+cUxCLTsETOloSl9Jz5livJ+Xbxo= + +;; ADDITIONAL RECORDS: +ns.isc.afilias-nst.info. 1008 IN A 199.254.63.254 +ns.isc.afilias-nst.info. 1008 IN AAAA 2001:500:2c:0:0:0:0:254 +ams.sns-pb.isc.org. 1008 IN A 199.6.1.30 +ams.sns-pb.isc.org. 1008 IN AAAA 2001:500:60:0:0:0:0:30 +ord.sns-pb.isc.org. 1008 IN A 199.6.0.30 +ord.sns-pb.isc.org. 1008 IN AAAA 2001:500:71:0:0:0:0:30 +sfba.sns-pb.isc.org. 1008 IN A 149.20.64.3 +sfba.sns-pb.isc.org. 1008 IN AAAA 2001:4f8:0:2:0:0:0:19 +ams.sns-pb.isc.org. 7181 IN RRSIG A 5 4 7200 20150204233244 20150105233244 4521 isc.org. SEjuacdGLjteFKFrB0UTyTcEjEP/VtAKeNWD6DqXLA4839PAk17M1qzCf13uKBGwtb9e1xr3U/GDlIhspbSkSNOIWBzfkKiM8PXQ9kZZuYaPrrz2sz5CzzyzThkz4bq4BicQwKNi/aD/ljLaCIWZDXfZwJabo0Uz+G3QlIq18YE= +ams.sns-pb.isc.org. 7181 IN RRSIG AAAA 5 4 7200 20150204233244 20150105233244 4521 isc.org. EGLJUSGvW1gxEUglZKYLS2NmlJsPNzZQFZSORxTKIXqgF+0A2fZpk+/vkGwxiwqkOsV5Tu7kXUFzC7fIWEI7VDn/L8XKLz575upoMoGvA3bAZ/7VWXjLSXbyTFrDTP9GKSA4knIRtrIsOY+dKieSwIGV6sykBYA8ONMpPcj0sCY= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1221 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21621 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87355 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87355 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87355 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87355 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41228 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 955 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 955 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25460 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 955 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 955 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 955 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 955 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29897 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3563 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3563 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3563 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46136 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50984 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87354 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87354 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87354 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87354 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38781 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; org., type = DS, class = IN + +;; ANSWERS: +org. 1003 IN DS 21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0D90F01BA +org. 1003 IN DS 21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2 +org. 1003 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . TeNrVbBDgqdrbpdIweTad3yMLn+APxxlDpr717kqNgkOc8OxLFE/pFGzfSCYfc5hlMNB/nY1XhIJbWwvd26xOjwcB1rK3yo/Cfa5Pt4P+qV45QYW2JlatQVQPHtgMOf1KvUzXy4DlKzE5yHvHNGscfMOgIDeyWyDS8XwdrEIRR0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 275 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14080 +;; flags: qr rd ra cd ; qd: 1 an: 7 au: 0 ad: 1 +;; QUESTIONS: +;; org., type = DNSKEY, class = IN + +;; ANSWERS: +org. 879 IN DNSKEY 256 3 7 AwEAAawm+6jDEf5ymhSAeQKaJrF0FTdqp4T0F1SE/KSFEcd/MUaBW0J8NyrJZXQJ0I3KpvXJSk3b0Z3X8StBpngUWOa9/iePG5WaR8Edj0JENd6Cy1R7WawrtYAfQ1AWnvGTbvf0rFa2GcMfhyNKeY8UO5TWKECE4AF4C+LlGe12TICh +org. 879 IN DNSKEY 257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU= +org. 879 IN DNSKEY 256 3 7 AwEAAXTZXCkp3UaDofhKlicjaZR/XeMFVkRSXRZsYP9OBRFZB44675hHORNE+QAijMdWOQeQt1SUWGyeJ5SHPVirGVxt9wCCqOeMTx7WvImZAKuqUl9H5N3Wn6FRidaub7d76IjxKZbkAHhGSJSzRTuuHbyjtrJVGcJ18kZHELyIsqZ3 +org. 879 IN DNSKEY 257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU= +org. 879 IN RRSIG DNSKEY 7 1 900 20150126170632 20150105160632 9795 org. b4jnXExJ1MgfUZffo8HVtxJ73qdbrustN+U6GBtgZLNEpdDgdpf9d4unRp/tqzDFoW0QuEoYOBatPCtpX3Re12/FQ+lWkfOAatcJMYMcW7kU2q86muY44W4p1BK/DxVb2zQHJ4AO7h22dH+TcM8J3WlGrlHYy/6k+emWPC7NpumCF3ctR/w26rAU4sv0lKuPvQSr9mOf3PyX29tz61lSfu4lAcymB6vh7B3D6TMkpHyobOAD67Ne59V1IgeeHXakURM8g0P0HMg87GT4GXwqo9+Aj7oWAq9D8iIIqelOLiijKys5jTzgdbOxM2vVn+l175xJybUzrJI0huJ9zKNCvg== +org. 879 IN RRSIG DNSKEY 7 1 900 20150126170632 20150105160632 21366 org. Edm9U+AtUcNeh2NXrWaLbfNYSRJovpziT1YcCphKGmdluvZPQk6rQAv1Y+2JBhE9Xmb37cY07lr7XHHfYxLWyhrPkpaKCX4ogqhGRylamy5R8BptqvVFhMTRUUHnK4tHvfYXqbtKuh9H84giLWMQIE2ZzQC9UqTvAIrc4FVUVIuwrNR7k6N96yy68feZnH8wcY+/RkyxoxMhcbMxXnZl2V9XP7xUxwtkULQBL1fq7IHI4jmlNyrdLzZltEgMIgtTK5HpgKaDborfoAcGBYnXxiC5RkAwHH81LAlT/BbK9shiWAI+yDhakLsIpl5ajUcTcbRBtLBBMkY6+4nAnXlSfg== +org. 879 IN RRSIG DNSKEY 7 1 900 20150126170632 20150105160632 53348 org. dAW5DYEjkxzfeM83ZCupwRh50L29jdR+dWkZYgt5GLDsYnyJDmRvjnHiHvJXVlHygvytafDMNK1MBlBODwHTBU/O7u7jLMbKvDU26bJpjm7cBJEtdUny3Bfckfr+VnxmT6UgmWLy1Cu8vuMOQS0t0fIMUs7fF2gJcD2bpcX85iY= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1625 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48402 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; isc.org., type = DS, class = IN + +;; ANSWERS: +isc.org. 1008 IN DS 12892 5 2 F1E184C0E1D615D20EB3C223ACED3B03C773DD952D5F0EB5C777586DE18DA6B5 +isc.org. 1008 IN DS 12892 5 1 982113D08B4C6A1D9F6AEE1E2237AEF69F3F9759 +isc.org. 1008 IN RRSIG DS 7 2 86400 20150122163315 20150101153315 53348 org. mpNwUFgIi/ahCYVkPlQuyJ+AY6BGiRaLD4cRwBIBNnaGVeR5vHNrGPrOX32mfS38tegrfNjJS4y3icwavPeubuZwGKIja8CBRGhzzFj6JZgydRJpJ+lkKws6+vDhjQ3A8+VerV0TNs8IWXSBa+Vl4Gv+0bX5NlM4RF/7Kyd7lJA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 283 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58766 +;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; isc.org., type = DNSKEY, class = IN + +;; ANSWERS: +isc.org. 7181 IN DNSKEY 257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGrhhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy347cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQzBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyLKOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bByBNsO70aEFTd +isc.org. 7181 IN DNSKEY 256 3 5 AwEAAbJpDF4RemdHHE/HrJJhR3zpzAQ6zsHqFv0i4lCWTUf4sX+cq3vSu7fKO4QJtm97S1sbcnmHonVE3QPzLOsqsY630Wy5JzrPK3gUvQLgfIsovo2v+dosITL8WbvjU1mEXhIwfuuBhYmYSKySZ0X9gpHGhdxRd+J8M7riPfN7kHLP +isc.org. 7181 IN RRSIG DNSKEY 5 2 7200 20150204230128 20150105230128 4521 isc.org. F7Lm/p8NrLlHT1rzV09lYxakAu7fGcY9sRnZ2uLlq9d3SpXIXGUuudPg61sd1GdqrRRKiRwfXvNsmvpNL2t8B1/k3gpNUT9V/+SBkI99PKNSkXijVToCebFkCIjqgyjPXkXXFB28E8ZhUDjjYp1LAVMGsfBEnaw7NeHg4MQ3v10= +isc.org. 7181 IN RRSIG DNSKEY 5 2 7200 20150204230128 20150105230128 12892 isc.org. KFk6zXeVu/lULIjwpu5pzRonoksbZMC0Y0qr5K7SpzZK0P/pG4iEzDdSVHA8st+QxNxQ7O4aypeo2jxiJT61OfRzUhjKwopTPVRiiREDV7DFU/fEkgCYXWPlOP7w/An0NzIPc5OLxCDovQefKKgrJaA0hjrd+bTeINgLGdmra+b4FCgYusIZ9Cp+iNs/dByc6cGexce0a0JCyu/vBLnjzo0byjckZm/iiL4BPwtqlaV+NyXFgjucAoqegpSoUpAz1ozCNz9CcJ4yfA9HpWdiWLpYdO3hMt8kHJbk2DxJNkkLRdOP6ZES+3RBUgMgo0FnIYCrVC8QYYQGTO8f2cdfBw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 923 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToNoDataIsValid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToNoDataIsValid new file mode 100644 index 000000000..15e91df4e --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToNoDataIsValid @@ -0,0 +1,121 @@ +#Date: 2015-01-06T22:35:14+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20564 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 4 ad: 1 +;; QUESTIONS: +;; www.alias.ingotronic.ch., type = MX, class = IN + +;; ANSWERS: +alias.ingotronic.ch. 300 IN DNAME ingotronic.ch. +alias.ingotronic.ch. 300 IN RRSIG DNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. GzAO4/bVZ3twjJhR1z1uujUYNI35rtGJi3jlDY6kbwQcaZeiu8WSeln5L90FijEVFVsXsv5rVvOZXAiXk5FP5jZgGg/A6H1iN8nNsVNSzc8XNWBd+Wv4+x0aQKZvcAD++Pcn3EW3nCEcHNdvnqVsjXbtdTJOiPYrvm/iC3QduCI= +www.alias.ingotronic.ch. 300 IN CNAME www.ingotronic.ch. + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +www.ingotronic.ch. 300 IN NSEC z.ingotronic.ch. A AAAA RRSIG NSEC +www.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 699 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12186 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87359 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87359 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87359 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87359 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60111 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 959 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 959 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24158 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 960 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 960 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 960 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 960 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19242 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3568 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3568 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3568 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60231 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToNxDomainIsValid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToNxDomainIsValid new file mode 100644 index 000000000..d6784a4f8 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameToNxDomainIsValid @@ -0,0 +1,123 @@ +#Date: 2015-01-06T22:35:15+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49797 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 6 ad: 1 +;; QUESTIONS: +;; x.alias.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +alias.ingotronic.ch. 300 IN DNAME ingotronic.ch. +alias.ingotronic.ch. 300 IN RRSIG DNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. GzAO4/bVZ3twjJhR1z1uujUYNI35rtGJi3jlDY6kbwQcaZeiu8WSeln5L90FijEVFVsXsv5rVvOZXAiXk5FP5jZgGg/A6H1iN8nNsVNSzc8XNWBd+Wv4+x0aQKZvcAD++Pcn3EW3nCEcHNdvnqVsjXbtdTJOiPYrvm/iC3QduCI= +x.alias.ingotronic.ch. 300 IN CNAME x.ingotronic.ch. + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +ingotronic.ch. 300 IN NSEC alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY +ingotronic.ch. 300 IN RRSIG NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M= +www.ingotronic.ch. 300 IN NSEC z.ingotronic.ch. A AAAA RRSIG NSEC +www.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 914 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64372 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87358 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87358 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87358 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87358 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36440 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 958 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 958 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58358 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 959 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 959 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 959 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 959 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4469 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3567 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3567 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3567 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61514 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithFakedCnameIsInvalid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithFakedCnameIsInvalid new file mode 100644 index 000000000..040e37371 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithFakedCnameIsInvalid @@ -0,0 +1,220 @@ +#Date: 2015-01-06T22:35:15+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59873 +;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 2 ad: 3 +;; QUESTIONS: +;; www.alias.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +alias.ingotronic.ch. 300 IN DNAME ingotronic.ch. +alias.ingotronic.ch. 300 IN RRSIG DNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. GzAO4/bVZ3twjJhR1z1uujUYNI35rtGJi3jlDY6kbwQcaZeiu8WSeln5L90FijEVFVsXsv5rVvOZXAiXk5FP5jZgGg/A6H1iN8nNsVNSzc8XNWBd+Wv4+x0aQKZvcAD++Pcn3EW3nCEcHNdvnqVsjXbtdTJOiPYrvm/iC3QduCI= +www.alias.ingotronic.ch. 300 IN CNAME www.ingotronic.ch. +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 839 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32717 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87358 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87358 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87358 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87358 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22278 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 958 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 958 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39399 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 959 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 959 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 959 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 959 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30642 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3567 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3567 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3567 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 634 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21603 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87358 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87358 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87358 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87358 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64817 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 958 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 958 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11560 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 959 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 959 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 959 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 959 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24579 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3567 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3567 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3567 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3482 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithMultipleCnamesIsInvalid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithMultipleCnamesIsInvalid new file mode 100644 index 000000000..081386efc --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithMultipleCnamesIsInvalid @@ -0,0 +1,220 @@ +#Date: 2015-01-06T22:35:14+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49996 +;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 2 ad: 3 +;; QUESTIONS: +;; www.alias.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +alias.ingotronic.ch. 300 IN DNAME ingotronic.ch. +alias.ingotronic.ch. 300 IN RRSIG DNAME 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. GzAO4/bVZ3twjJhR1z1uujUYNI35rtGJi3jlDY6kbwQcaZeiu8WSeln5L90FijEVFVsXsv5rVvOZXAiXk5FP5jZgGg/A6H1iN8nNsVNSzc8XNWBd+Wv4+x0aQKZvcAD++Pcn3EW3nCEcHNdvnqVsjXbtdTJOiPYrvm/iC3QduCI= +www.alias.ingotronic.ch. 300 IN CNAME www.ingotronic.ch. +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 839 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25388 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87359 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87359 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87359 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87359 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64749 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 959 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 959 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55977 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 960 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 960 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 960 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 960 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25126 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3568 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3568 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3568 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46256 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51913 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87359 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87359 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87359 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87359 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50080 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 959 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 959 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34534 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 960 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 960 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 960 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 960 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31593 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3568 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3568 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3568 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43999 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithNoCnameIsValid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithNoCnameIsValid new file mode 100644 index 000000000..c72454d1c --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithNoCnameIsValid @@ -0,0 +1,433 @@ +#Date: 2015-01-06T22:35:16+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13618 +;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 5 ad: 11 +;; QUESTIONS: +;; www.isc.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +isc.ingotronic.ch. 300 IN DNAME isc.org. +isc.ingotronic.ch. 300 IN RRSIG DNAME 5 3 300 20150125010136 20141226005030 17430 ingotronic.ch. Lq+1VhRumvgwRCg2inz0FZkNn28FaHbc2lfie4WJ6ScNxtvGmQwaVc7nGt5xcxQEZZc609yr+kEuYEHMckSiCoEY6jy7/qI9e2vGYe1UGzT2bbjWZ6j/v40kE7x/dWybFAcpaWJyi6x+Nx6n3EsNe30TqPLO9kGzuumYDHNnVMs= +www.isc.ingotronic.ch. 300 IN CNAME www.isc.org. +www.isc.org. 44 IN A 149.20.64.69 +www.isc.org. 44 IN RRSIG A 5 3 60 20150204233244 20150105233244 4521 isc.org. qX9Fqzc+cUB7TUgdAPDQztt+3L7A2TxqVPTGZht3gKb1oBizum2zL3Le6lSO/DI2b526/n+l6gyT7ZtSL058wmEWhXeFlurPojBEBCWYLBkJ7OBLTqMSKzVNN1zpdUIs2RA8QqLOhSWeFkBw0bcJaDnRC2uKr0513aMVJfk5uA8= + +;; AUTHORITY RECORDS: +isc.org. 1011 IN NS ord.sns-pb.isc.org. +isc.org. 1011 IN NS ns.isc.afilias-nst.info. +isc.org. 1011 IN NS sfba.sns-pb.isc.org. +isc.org. 1011 IN NS ams.sns-pb.isc.org. +isc.org. 1011 IN RRSIG NS 5 2 7200 20150204233244 20150105233244 4521 isc.org. Olb3QQHiezY6ysFepLUtePsgyVqXgECmLMROkbaAJT5ndTyoMHy4NaX/zFc63LtvzilrS59l9x719c4Pcm37zuEEdKB1IdjtxYKzKqmCzJZ5GuSZ6XgLO2DPWoF2ws+1BVPJL2myZdoBeEu+cUxCLTsETOloSl9Jz5livJ+Xbxo= + +;; ADDITIONAL RECORDS: +ns.isc.afilias-nst.info. 1011 IN A 199.254.63.254 +ns.isc.afilias-nst.info. 1011 IN AAAA 2001:500:2c:0:0:0:0:254 +ams.sns-pb.isc.org. 1011 IN A 199.6.1.30 +ams.sns-pb.isc.org. 1011 IN AAAA 2001:500:60:0:0:0:0:30 +ord.sns-pb.isc.org. 1011 IN A 199.6.0.30 +ord.sns-pb.isc.org. 1011 IN AAAA 2001:500:71:0:0:0:0:30 +sfba.sns-pb.isc.org. 1011 IN A 149.20.64.3 +sfba.sns-pb.isc.org. 1011 IN AAAA 2001:4f8:0:2:0:0:0:19 +ams.sns-pb.isc.org. 7184 IN RRSIG A 5 4 7200 20150204233244 20150105233244 4521 isc.org. SEjuacdGLjteFKFrB0UTyTcEjEP/VtAKeNWD6DqXLA4839PAk17M1qzCf13uKBGwtb9e1xr3U/GDlIhspbSkSNOIWBzfkKiM8PXQ9kZZuYaPrrz2sz5CzzyzThkz4bq4BicQwKNi/aD/ljLaCIWZDXfZwJabo0Uz+G3QlIq18YE= +ams.sns-pb.isc.org. 7184 IN RRSIG AAAA 5 4 7200 20150204233244 20150105233244 4521 isc.org. EGLJUSGvW1gxEUglZKYLS2NmlJsPNzZQFZSORxTKIXqgF+0A2fZpk+/vkGwxiwqkOsV5Tu7kXUFzC7fIWEI7VDn/L8XKLz575upoMoGvA3bAZ/7VWXjLSXbyTFrDTP9GKSA4knIRtrIsOY+dKieSwIGV6sykBYA8ONMpPcj0sCY= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1221 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32562 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87358 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87358 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87358 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87358 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51051 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 958 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 958 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19837 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 959 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 959 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 959 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 959 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24177 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3567 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3567 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3567 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9736 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27756 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87357 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87357 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87357 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87357 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7390 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; org., type = DS, class = IN + +;; ANSWERS: +org. 1006 IN DS 21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2 +org. 1006 IN DS 21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0D90F01BA +org. 1006 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . TeNrVbBDgqdrbpdIweTad3yMLn+APxxlDpr717kqNgkOc8OxLFE/pFGzfSCYfc5hlMNB/nY1XhIJbWwvd26xOjwcB1rK3yo/Cfa5Pt4P+qV45QYW2JlatQVQPHtgMOf1KvUzXy4DlKzE5yHvHNGscfMOgIDeyWyDS8XwdrEIRR0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 275 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34399 +;; flags: qr rd ra cd ; qd: 1 an: 7 au: 0 ad: 1 +;; QUESTIONS: +;; org., type = DNSKEY, class = IN + +;; ANSWERS: +org. 882 IN DNSKEY 257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU= +org. 882 IN DNSKEY 257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU= +org. 882 IN DNSKEY 256 3 7 AwEAAawm+6jDEf5ymhSAeQKaJrF0FTdqp4T0F1SE/KSFEcd/MUaBW0J8NyrJZXQJ0I3KpvXJSk3b0Z3X8StBpngUWOa9/iePG5WaR8Edj0JENd6Cy1R7WawrtYAfQ1AWnvGTbvf0rFa2GcMfhyNKeY8UO5TWKECE4AF4C+LlGe12TICh +org. 882 IN DNSKEY 256 3 7 AwEAAXTZXCkp3UaDofhKlicjaZR/XeMFVkRSXRZsYP9OBRFZB44675hHORNE+QAijMdWOQeQt1SUWGyeJ5SHPVirGVxt9wCCqOeMTx7WvImZAKuqUl9H5N3Wn6FRidaub7d76IjxKZbkAHhGSJSzRTuuHbyjtrJVGcJ18kZHELyIsqZ3 +org. 882 IN RRSIG DNSKEY 7 1 900 20150126170632 20150105160632 9795 org. b4jnXExJ1MgfUZffo8HVtxJ73qdbrustN+U6GBtgZLNEpdDgdpf9d4unRp/tqzDFoW0QuEoYOBatPCtpX3Re12/FQ+lWkfOAatcJMYMcW7kU2q86muY44W4p1BK/DxVb2zQHJ4AO7h22dH+TcM8J3WlGrlHYy/6k+emWPC7NpumCF3ctR/w26rAU4sv0lKuPvQSr9mOf3PyX29tz61lSfu4lAcymB6vh7B3D6TMkpHyobOAD67Ne59V1IgeeHXakURM8g0P0HMg87GT4GXwqo9+Aj7oWAq9D8iIIqelOLiijKys5jTzgdbOxM2vVn+l175xJybUzrJI0huJ9zKNCvg== +org. 882 IN RRSIG DNSKEY 7 1 900 20150126170632 20150105160632 21366 org. Edm9U+AtUcNeh2NXrWaLbfNYSRJovpziT1YcCphKGmdluvZPQk6rQAv1Y+2JBhE9Xmb37cY07lr7XHHfYxLWyhrPkpaKCX4ogqhGRylamy5R8BptqvVFhMTRUUHnK4tHvfYXqbtKuh9H84giLWMQIE2ZzQC9UqTvAIrc4FVUVIuwrNR7k6N96yy68feZnH8wcY+/RkyxoxMhcbMxXnZl2V9XP7xUxwtkULQBL1fq7IHI4jmlNyrdLzZltEgMIgtTK5HpgKaDborfoAcGBYnXxiC5RkAwHH81LAlT/BbK9shiWAI+yDhakLsIpl5ajUcTcbRBtLBBMkY6+4nAnXlSfg== +org. 882 IN RRSIG DNSKEY 7 1 900 20150126170632 20150105160632 53348 org. dAW5DYEjkxzfeM83ZCupwRh50L29jdR+dWkZYgt5GLDsYnyJDmRvjnHiHvJXVlHygvytafDMNK1MBlBODwHTBU/O7u7jLMbKvDU26bJpjm7cBJEtdUny3Bfckfr+VnxmT6UgmWLy1Cu8vuMOQS0t0fIMUs7fF2gJcD2bpcX85iY= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1625 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29726 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; isc.org., type = DS, class = IN + +;; ANSWERS: +isc.org. 1011 IN DS 12892 5 1 982113D08B4C6A1D9F6AEE1E2237AEF69F3F9759 +isc.org. 1011 IN DS 12892 5 2 F1E184C0E1D615D20EB3C223ACED3B03C773DD952D5F0EB5C777586DE18DA6B5 +isc.org. 1011 IN RRSIG DS 7 2 86400 20150122163315 20150101153315 53348 org. mpNwUFgIi/ahCYVkPlQuyJ+AY6BGiRaLD4cRwBIBNnaGVeR5vHNrGPrOX32mfS38tegrfNjJS4y3icwavPeubuZwGKIja8CBRGhzzFj6JZgydRJpJ+lkKws6+vDhjQ3A8+VerV0TNs8IWXSBa+Vl4Gv+0bX5NlM4RF/7Kyd7lJA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 283 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43826 +;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; isc.org., type = DNSKEY, class = IN + +;; ANSWERS: +isc.org. 7184 IN DNSKEY 257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGrhhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy347cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQzBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyLKOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bByBNsO70aEFTd +isc.org. 7184 IN DNSKEY 256 3 5 AwEAAbJpDF4RemdHHE/HrJJhR3zpzAQ6zsHqFv0i4lCWTUf4sX+cq3vSu7fKO4QJtm97S1sbcnmHonVE3QPzLOsqsY630Wy5JzrPK3gUvQLgfIsovo2v+dosITL8WbvjU1mEXhIwfuuBhYmYSKySZ0X9gpHGhdxRd+J8M7riPfN7kHLP +isc.org. 7184 IN RRSIG DNSKEY 5 2 7200 20150204230128 20150105230128 4521 isc.org. F7Lm/p8NrLlHT1rzV09lYxakAu7fGcY9sRnZ2uLlq9d3SpXIXGUuudPg61sd1GdqrRRKiRwfXvNsmvpNL2t8B1/k3gpNUT9V/+SBkI99PKNSkXijVToCebFkCIjqgyjPXkXXFB28E8ZhUDjjYp1LAVMGsfBEnaw7NeHg4MQ3v10= +isc.org. 7184 IN RRSIG DNSKEY 5 2 7200 20150204230128 20150105230128 12892 isc.org. KFk6zXeVu/lULIjwpu5pzRonoksbZMC0Y0qr5K7SpzZK0P/pG4iEzDdSVHA8st+QxNxQ7O4aypeo2jxiJT61OfRzUhjKwopTPVRiiREDV7DFU/fEkgCYXWPlOP7w/An0NzIPc5OLxCDovQefKKgrJaA0hjrd+bTeINgLGdmra+b4FCgYusIZ9Cp+iNs/dByc6cGexce0a0JCyu/vBLnjzo0byjckZm/iiL4BPwtqlaV+NyXFgjucAoqegpSoUpAz1ozCNz9CcJ4yfA9HpWdiWLpYdO3hMt8kHJbk2DxJNkkLRdOP6ZES+3RBUgMgo0FnIYCrVC8QYYQGTO8f2cdfBw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 923 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62271 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87357 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87357 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87357 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87357 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46846 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 957 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 957 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18781 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 958 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 958 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 958 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 958 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5666 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3566 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3566 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3566 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16375 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29069 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87357 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87357 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87357 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87357 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39361 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; org., type = DS, class = IN + +;; ANSWERS: +org. 1006 IN DS 21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2 +org. 1006 IN DS 21366 7 2 96EEB2FFD9B00CD4694E78278B5EFDAB0A80446567B69F634DA078F0D90F01BA +org. 1006 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . TeNrVbBDgqdrbpdIweTad3yMLn+APxxlDpr717kqNgkOc8OxLFE/pFGzfSCYfc5hlMNB/nY1XhIJbWwvd26xOjwcB1rK3yo/Cfa5Pt4P+qV45QYW2JlatQVQPHtgMOf1KvUzXy4DlKzE5yHvHNGscfMOgIDeyWyDS8XwdrEIRR0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 275 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52936 +;; flags: qr rd ra cd ; qd: 1 an: 7 au: 0 ad: 1 +;; QUESTIONS: +;; org., type = DNSKEY, class = IN + +;; ANSWERS: +org. 882 IN DNSKEY 256 3 7 AwEAAawm+6jDEf5ymhSAeQKaJrF0FTdqp4T0F1SE/KSFEcd/MUaBW0J8NyrJZXQJ0I3KpvXJSk3b0Z3X8StBpngUWOa9/iePG5WaR8Edj0JENd6Cy1R7WawrtYAfQ1AWnvGTbvf0rFa2GcMfhyNKeY8UO5TWKECE4AF4C+LlGe12TICh +org. 882 IN DNSKEY 257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU= +org. 882 IN DNSKEY 256 3 7 AwEAAXTZXCkp3UaDofhKlicjaZR/XeMFVkRSXRZsYP9OBRFZB44675hHORNE+QAijMdWOQeQt1SUWGyeJ5SHPVirGVxt9wCCqOeMTx7WvImZAKuqUl9H5N3Wn6FRidaub7d76IjxKZbkAHhGSJSzRTuuHbyjtrJVGcJ18kZHELyIsqZ3 +org. 882 IN DNSKEY 257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU= +org. 882 IN RRSIG DNSKEY 7 1 900 20150126170632 20150105160632 9795 org. b4jnXExJ1MgfUZffo8HVtxJ73qdbrustN+U6GBtgZLNEpdDgdpf9d4unRp/tqzDFoW0QuEoYOBatPCtpX3Re12/FQ+lWkfOAatcJMYMcW7kU2q86muY44W4p1BK/DxVb2zQHJ4AO7h22dH+TcM8J3WlGrlHYy/6k+emWPC7NpumCF3ctR/w26rAU4sv0lKuPvQSr9mOf3PyX29tz61lSfu4lAcymB6vh7B3D6TMkpHyobOAD67Ne59V1IgeeHXakURM8g0P0HMg87GT4GXwqo9+Aj7oWAq9D8iIIqelOLiijKys5jTzgdbOxM2vVn+l175xJybUzrJI0huJ9zKNCvg== +org. 882 IN RRSIG DNSKEY 7 1 900 20150126170632 20150105160632 21366 org. Edm9U+AtUcNeh2NXrWaLbfNYSRJovpziT1YcCphKGmdluvZPQk6rQAv1Y+2JBhE9Xmb37cY07lr7XHHfYxLWyhrPkpaKCX4ogqhGRylamy5R8BptqvVFhMTRUUHnK4tHvfYXqbtKuh9H84giLWMQIE2ZzQC9UqTvAIrc4FVUVIuwrNR7k6N96yy68feZnH8wcY+/RkyxoxMhcbMxXnZl2V9XP7xUxwtkULQBL1fq7IHI4jmlNyrdLzZltEgMIgtTK5HpgKaDborfoAcGBYnXxiC5RkAwHH81LAlT/BbK9shiWAI+yDhakLsIpl5ajUcTcbRBtLBBMkY6+4nAnXlSfg== +org. 882 IN RRSIG DNSKEY 7 1 900 20150126170632 20150105160632 53348 org. dAW5DYEjkxzfeM83ZCupwRh50L29jdR+dWkZYgt5GLDsYnyJDmRvjnHiHvJXVlHygvytafDMNK1MBlBODwHTBU/O7u7jLMbKvDU26bJpjm7cBJEtdUny3Bfckfr+VnxmT6UgmWLy1Cu8vuMOQS0t0fIMUs7fF2gJcD2bpcX85iY= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1625 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34869 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; isc.org., type = DS, class = IN + +;; ANSWERS: +isc.org. 1011 IN DS 12892 5 1 982113D08B4C6A1D9F6AEE1E2237AEF69F3F9759 +isc.org. 1011 IN DS 12892 5 2 F1E184C0E1D615D20EB3C223ACED3B03C773DD952D5F0EB5C777586DE18DA6B5 +isc.org. 1011 IN RRSIG DS 7 2 86400 20150122163315 20150101153315 53348 org. mpNwUFgIi/ahCYVkPlQuyJ+AY6BGiRaLD4cRwBIBNnaGVeR5vHNrGPrOX32mfS38tegrfNjJS4y3icwavPeubuZwGKIja8CBRGhzzFj6JZgydRJpJ+lkKws6+vDhjQ3A8+VerV0TNs8IWXSBa+Vl4Gv+0bX5NlM4RF/7Kyd7lJA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 283 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53707 +;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; isc.org., type = DNSKEY, class = IN + +;; ANSWERS: +isc.org. 7184 IN DNSKEY 256 3 5 AwEAAbJpDF4RemdHHE/HrJJhR3zpzAQ6zsHqFv0i4lCWTUf4sX+cq3vSu7fKO4QJtm97S1sbcnmHonVE3QPzLOsqsY630Wy5JzrPK3gUvQLgfIsovo2v+dosITL8WbvjU1mEXhIwfuuBhYmYSKySZ0X9gpHGhdxRd+J8M7riPfN7kHLP +isc.org. 7184 IN DNSKEY 257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGrhhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy347cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQzBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyLKOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bByBNsO70aEFTd +isc.org. 7184 IN RRSIG DNSKEY 5 2 7200 20150204230128 20150105230128 4521 isc.org. F7Lm/p8NrLlHT1rzV09lYxakAu7fGcY9sRnZ2uLlq9d3SpXIXGUuudPg61sd1GdqrRRKiRwfXvNsmvpNL2t8B1/k3gpNUT9V/+SBkI99PKNSkXijVToCebFkCIjqgyjPXkXXFB28E8ZhUDjjYp1LAVMGsfBEnaw7NeHg4MQ3v10= +isc.org. 7184 IN RRSIG DNSKEY 5 2 7200 20150204230128 20150105230128 12892 isc.org. KFk6zXeVu/lULIjwpu5pzRonoksbZMC0Y0qr5K7SpzZK0P/pG4iEzDdSVHA8st+QxNxQ7O4aypeo2jxiJT61OfRzUhjKwopTPVRiiREDV7DFU/fEkgCYXWPlOP7w/An0NzIPc5OLxCDovQefKKgrJaA0hjrd+bTeINgLGdmra+b4FCgYusIZ9Cp+iNs/dByc6cGexce0a0JCyu/vBLnjzo0byjckZm/iiL4BPwtqlaV+NyXFgjucAoqegpSoUpAz1ozCNz9CcJ4yfA9HpWdiWLpYdO3hMt8kHJbk2DxJNkkLRdOP6ZES+3RBUgMgo0FnIYCrVC8QYYQGTO8f2cdfBw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 923 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithTooLongCnameIsInvalid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithTooLongCnameIsInvalid new file mode 100644 index 000000000..efe469e21 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestDNames/testDNameWithTooLongCnameIsInvalid @@ -0,0 +1,356 @@ +#Date: 2015-01-06T22:35:17+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59527 +;; flags: qr aa rd ra cd ; qd: 1 an: 5 au: 2 ad: 3 +;; QUESTIONS: +;; www.n3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +n3.ingotronic.ch. 300 IN DNAME nsec3.ingotronic.ch. +n3.ingotronic.ch. 300 IN RRSIG DNAME 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. Ww/ymB77saHhLbwoTg5cVq5O/hr0Iqbutn/L/JJUUNeeS1ZTTmTaL93mfVKllO2p23j0hWg7aVLvGnKIfk8+FYQH6YVFoqVActac0vuTwCuJSX5EdeV5OhevQXCIoGcI93lt3WN29C9FYI1/o5z8vk9iZtw1kJ+tOrUcSKlgfiU= +www.n3.ingotronic.ch. 300 IN CNAME www.nsec3.ingotronic.ch. +www.nsec3.ingotronic.ch. 300 IN A 127.0.0.1 +www.nsec3.ingotronic.ch. 300 IN RRSIG A 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. jQhCY33aj9YTcCTHgl71PhM02o2LL6tdTy5M8TQw/Kt8D7wHxjVpu75eT9XEaM3abIqvygero5hCxyPW6IfF+FKmdx3MNigQiaB2sKu2XDNmFMbaucmVAWDRDMRY1BFavjz316JSb0rXX3XcS/ixbj9+jAm9lCXROcuzmOPB7vw= + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +nsec3.ingotronic.ch. 300 IN RRSIG NS 7 3 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. fl2Q0YQQ1TduolGLyQx8vGqSApoBbb6A+go5SLFBYQobrPfO/rb+SM8JvnlzNX/Xa7dRhDYrnfBTFUm1mCur9aIi34gu5UwDNQvt/GXY5dC3+DEy/28bTZ43UuCs+qGH9u9leFwGX4neFNl0s5B4RpxBN4is8dXMUvOda6QcsOw= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 854 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35467 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87357 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87357 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87357 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87357 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47591 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 957 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 957 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49208 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 958 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 958 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 958 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 958 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58278 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3565 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3565 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3565 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13703 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35066 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87356 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87356 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87356 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87356 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18452 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 956 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 956 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38903 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 957 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 957 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 957 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 957 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3695 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3565 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3565 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3565 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60056 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6716 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4224 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7930 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87356 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87356 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87356 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87356 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16079 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 956 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 956 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33342 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 957 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 957 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 957 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 957 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60462 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3565 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3565 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3565 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41420 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_bogussig.dnssec b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_bogussig.dnssec new file mode 100644 index 000000000..0068a1319 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_bogussig.dnssec @@ -0,0 +1,173 @@ +#Date: 2013-08-21T00:06:14+02:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20364 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 +;; QUESTIONS: +;; bogussig.dnssec.tjeb.nl., type = A, class = IN + +;; ANSWERS: +bogussig.dnssec.tjeb.nl. 285 IN A 178.18.82.80 +bogussig.dnssec.tjeb.nl. 285 IN RRSIG A 5 4 600 20200101000000 20120627091948 23637 bogussig.dnssec.tjeb.nl. C8Qxh6KKVmO0ZwHvdlQUnWXOJNTGZYgHsXyGwgdU+yjQJp0zdbQF8InG4fEw3yVRgtRVW2b3IFiFimAOj8797IT4+QiAEb+JWoC27QrX/+iE6IqWpogbhiKm223w0shjo349ELzdXjNIxTquNYCSM9zYGfmJlT1OmYvh1LLyj/g= + +;; AUTHORITY RECORDS: +bogussig.dnssec.tjeb.nl. 285 IN NS ns2.tjeb.nl. +bogussig.dnssec.tjeb.nl. 285 IN RRSIG NS 5 4 600 20200101000000 20120627091948 23637 bogussig.dnssec.tjeb.nl. kDOnemdOfAsiN4wjgAQ2b/4v3jcFGgBQrRQNvkhL29OOekdiJYDf2XlvY6CVyrqKRx5oFSu29tbIj6UDAsU6ObQu13JfYZ0FZqQyVjMjCNFUlZnGui7VVyPgi2rb3gKjWlX+FQhFYz1t8jtsopksMUGUVAI+oG61u3vaY0OUh/c= + +;; ADDITIONAL RECORDS: +ns2.tjeb.nl. 555 IN A 195.169.221.157 +ns2.tjeb.nl. 555 IN AAAA 2001:470:1f15:17ba:0:0:0:53 +ns2.tjeb.nl. 556 IN RRSIG A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI= +ns2.tjeb.nl. 556 IN RRSIG AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 830 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36619 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 138548 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 138548 IN DNSKEY 256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf +. 138548 IN RRSIG DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7247 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; nl., type = DS, class = IN + +;; ANSWERS: +nl. 83355 IN DS 21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98 +nl. 83355 IN RRSIG DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38189 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nl., type = DNSKEY, class = IN + +;; ANSWERS: +nl. 4155 IN DNSKEY 257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0= +nl. 4155 IN DNSKEY 256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7 +nl. 4155 IN RRSIG DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 745 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29247 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; tjeb.nl., type = DS, class = IN + +;; ANSWERS: +tjeb.nl. 4155 IN DS 17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA +tjeb.nl. 4155 IN RRSIG DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 246 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64862 +;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; tjeb.nl., type = DNSKEY, class = IN + +;; ANSWERS: +tjeb.nl. 555 IN DNSKEY 256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt +tjeb.nl. 555 IN DNSKEY 257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs= +tjeb.nl. 555 IN RRSIG DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8= +tjeb.nl. 555 IN RRSIG DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 922 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14587 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; dnssec.tjeb.nl., type = DS, class = IN + +;; ANSWERS: +dnssec.tjeb.nl. 555 IN DS 8340 5 1 5733A59841EA708AE9223822124B07B555E17332 +dnssec.tjeb.nl. 555 IN RRSIG DS 8 3 3600 20130917051704 20130818051644 11499 tjeb.nl. WfurllImGCRujmNfI0ZBtJrmQgSo/68lGSTo95J8YBIm2W9iUqsFI+LwKj3F2QEwz3SsJ2c1mDWiAvkptSq9LgqdLgBJpjDtHNg7fGHdZyvffjlj/+I4ePZG+7Lk5mpNmUmkhx8tgDJiCHMTgfjPl4nAjPxdUPjD59GStEKBT2E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 246 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52275 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; dnssec.tjeb.nl., type = DNSKEY, class = IN + +;; ANSWERS: +dnssec.tjeb.nl. 556 IN DNSKEY 256 3 5 AwEAAdSl9MRil0yoBBkAGGHhxJIRyB//+lfi+ftbTh3a3pDoukvRahssEOKRjiNfmaoQRHbZA4HTqWxIHlu0CzhOc/e5phBPY2oEnGWKmFQRihJVYd2lwjwCTZNKHUz0PhN6PBM8/xlFAyBWduM1ldZf7sge2rod3xx8mZjhVekRnw+P +dnssec.tjeb.nl. 556 IN RRSIG DNSKEY 5 3 3600 20150101000000 20120726165632 8340 dnssec.tjeb.nl. EcmwD5XSZMN8hc1opbI+0+x/6gQ5OukiFl746FJLBM9fUdcYb7A3GnJ9qyWRqvaEPSq2FuzfE2zmW7+YQRHlUxP/INk2ffjDJJwcrIUtgbJv8J+ztWl0L5crReEL5eYpgetG4xgGDT19W+Bd0EHg2YP3o1VHJvV8qzDQxam2NKI= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 365 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40156 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; bogussig.dnssec.tjeb.nl., type = DS, class = IN + +;; ANSWERS: +bogussig.dnssec.tjeb.nl. 285 IN DS 23637 5 1 AC0EEB922A964D8C78B37851CC8AAE1692886BC6 +bogussig.dnssec.tjeb.nl. 285 IN RRSIG DS 5 4 600 20150101000000 20120726165632 8340 dnssec.tjeb.nl. DIBZxWmoKj9j/GyxWzBLNejuSvhk0nrb5yfihYTu0ZgQJtDlhSfTE1j9RkAfwlq8+nPwBqjpEIbe931cqpEZDE28CyeiIV18A5Dqo0/gHBkZu9RBl0+JIYW0U1VJZBA00fB476rlnbYslaylXbykxG1KHTcuLWqvO99z7lsEfVM= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 262 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_bogussig.nsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_bogussig.nsec3 new file mode 100644 index 000000000..b992f6bbc --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_bogussig.nsec3 @@ -0,0 +1,174 @@ +#Date: 2013-08-21T00:06:16+02:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7880 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 +;; QUESTIONS: +;; bogussig.nsec3.tjeb.nl., type = A, class = IN + +;; ANSWERS: +bogussig.nsec3.tjeb.nl. 285 IN A 178.18.82.80 +bogussig.nsec3.tjeb.nl. 285 IN RRSIG A 7 4 600 20150101000000 20110520094958 32453 bogussig.nsec3.tjeb.nl. W8LMPVphiwjNEnlmk0zTZTNg6c4MhplKjtqhHnt1d2Td8KBpzBLEU+egiq4IDvOWK42Jko5TCCI50y5Un1eX0O7pa+v2m5anAOOY452gBH1H8rY2sVTxtWSCzcq5T2MmF7QChDt10PlbCC1liL4VBugOLJ1FDywuQLpnazvPOIo= + +;; AUTHORITY RECORDS: +bogussig.nsec3.tjeb.nl. 285 IN NS ns2.tjeb.nl. +bogussig.nsec3.tjeb.nl. 285 IN RRSIG NS 7 4 600 20150101000000 20110520094958 32453 bogussig.nsec3.tjeb.nl. 3W61pFbwMuNT2GZHgIODVnE7GKKMgmiJzpAKpIfeFCE2rQxIYLGtPYcyB1PHEKiVn/+oXg3B0KfRYGCGfS0jWeT9wo4V/e53UdzOIlEAWLFLPPHqjOhTQ7htSNc18ZwD+tsYgoj6vdIfT49TLvLZQqe2jCKJ0rir9a/Kx7yHN0M= + +;; ADDITIONAL RECORDS: +ns2.tjeb.nl. 553 IN A 195.169.221.157 +ns2.tjeb.nl. 553 IN AAAA 2001:470:1f15:17ba:0:0:0:53 +ns2.tjeb.nl. 554 IN RRSIG A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI= +ns2.tjeb.nl. 554 IN RRSIG AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 827 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13757 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 138546 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 138546 IN DNSKEY 256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf +. 138546 IN RRSIG DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48548 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; nl., type = DS, class = IN + +;; ANSWERS: +nl. 83353 IN DS 21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98 +nl. 83353 IN RRSIG DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7166 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nl., type = DNSKEY, class = IN + +;; ANSWERS: +nl. 4153 IN DNSKEY 257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0= +nl. 4153 IN DNSKEY 256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7 +nl. 4153 IN RRSIG DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 745 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54240 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; tjeb.nl., type = DS, class = IN + +;; ANSWERS: +tjeb.nl. 4153 IN DS 17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA +tjeb.nl. 4153 IN RRSIG DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 246 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27859 +;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; tjeb.nl., type = DNSKEY, class = IN + +;; ANSWERS: +tjeb.nl. 553 IN DNSKEY 256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt +tjeb.nl. 553 IN DNSKEY 257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs= +tjeb.nl. 553 IN RRSIG DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8= +tjeb.nl. 553 IN RRSIG DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 922 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5375 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.tjeb.nl., type = DS, class = IN + +;; ANSWERS: +nsec3.tjeb.nl. 554 IN DS 33022 7 1 A9BBB2B6B619282B263474B19BDBA7A724A11F9E +nsec3.tjeb.nl. 554 IN DS 21665 7 2 40B5D47EC3AD05AF64CA91478408DE035AA64F7CAF7FC372958C80033B330377 +nsec3.tjeb.nl. 554 IN RRSIG DS 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. SXiF+5inBiEVdfFredApgDrdJ/qu6/sjIQ1Ek4M+ldzrgfjtG+HDFTH3A+cs79Mfeq62yUuQpYLGrkZ5Ok9G/4j7lhzdIGX7VZqOqA5TecpjtnATvHaUH1+3nhHYTMCZbDe4wMzsMBnjcNLVbTq+t+UhLKhiq6nsI4xt8TA4fVQ= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 293 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4198 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.tjeb.nl., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.tjeb.nl. 554 IN DNSKEY 256 3 7 AwEAAdWgR6bilcX8UdjeVDenTLcnR6AsrSYXpYccj8QF103GPzDkoLLkh9KS4/obiRYs8BRGotSZK7QT1Ew/xWml425bR0JzOgajHF0Au01M/TtvLSA/Vf4jFqXfFwSBCMWtZGbspSj3SEiILaHmdsyfS0KpqJwF8f+hnOdwmHYEmMkh +nsec3.tjeb.nl. 554 IN RRSIG DNSKEY 7 3 3600 20160101000000 20120416140921 21665 nsec3.tjeb.nl. B/gmYobsGg2zcwEwkTHrYp3xt3claIM4YFKJiqZk3A9H4thBv+9kjmlF9Mt1PHAHtbxAmtYOyuPLuFGLbNWn/qCgjP6ShKHInY5nJMqTsL1Sf3kGhxcKsHR4wUjFKg0eyaFUel1Dm88W6yeWhMWj6vAz0C+LtT/mZnJabN4WQnY= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 363 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58727 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; bogussig.nsec3.tjeb.nl., type = DS, class = IN + +;; ANSWERS: +bogussig.nsec3.tjeb.nl. 556 IN DS 32453 7 1 9866886BAB4AC1F8701687E488220437741B870E +bogussig.nsec3.tjeb.nl. 556 IN RRSIG DS 7 4 3600 20160101000000 20120416140921 21665 nsec3.tjeb.nl. ZETBW1W1Gx3VPNcH18KWJhlZ8QGQec+JRB9u+WGdp/rIq+6780iPUdXeXakqKyJGXcZd8jFo1YZ5otGbyaPxyxOX5qQmjEo22TcUZgfsUYCm5/BfKaIVq5tyRsT3qBGP1K3MelDZ8ahATQPXFHUnqKJ4RV4AnLk6e9V5rj6z4sI= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 260 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_sigexpired.dnssec b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_sigexpired.dnssec new file mode 100644 index 000000000..0d7d4b13d --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_sigexpired.dnssec @@ -0,0 +1,173 @@ +#Date: 2013-08-21T00:06:15+02:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63037 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 +;; QUESTIONS: +;; sigexpired.dnssec.tjeb.nl., type = A, class = IN + +;; ANSWERS: +sigexpired.dnssec.tjeb.nl. 285 IN A 178.18.82.80 +sigexpired.dnssec.tjeb.nl. 285 IN RRSIG A 5 4 600 20110628091948 20100628091948 47010 sigexpired.dnssec.tjeb.nl. VHpZcN2Pu+/anXg/DSHObQ0Rb+Xg9mPjSUccXvZhQiQ7KpIRFsV+c28fQG/KRp7upnQlzF0x0OG9aVijIeiuxzyymh1rG+EkmUL9d1kYiWrlASBClAh7MNXoQAD+7hndHYDm/xT6WXtgFIbrfUx/OhF/MbTtGn1BLGc2912Qs/c= + +;; AUTHORITY RECORDS: +sigexpired.dnssec.tjeb.nl. 285 IN NS ns2.tjeb.nl. +sigexpired.dnssec.tjeb.nl. 285 IN RRSIG NS 5 4 600 20110628091948 20100628091948 47010 sigexpired.dnssec.tjeb.nl. PhOlt2TSE6gJdgPgyDsrVGXDsEg/0oeCHnYj99Nkaz5KhTYRnrFJUjcKWh4uDGzwxINxdgiesmwgPMO/EKabIhZRv8K6O6kmRHrPdH4ZLNFKVT5Ly+zTGS5dFQSoVv3Flb016vIGSDZxdcFAhVdzqm0rZg1CNkJdvcVPACwASFg= + +;; ADDITIONAL RECORDS: +ns2.tjeb.nl. 554 IN A 195.169.221.157 +ns2.tjeb.nl. 554 IN AAAA 2001:470:1f15:17ba:0:0:0:53 +ns2.tjeb.nl. 555 IN RRSIG A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI= +ns2.tjeb.nl. 555 IN RRSIG AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 836 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22753 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 138547 IN DNSKEY 256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf +. 138547 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 138547 IN RRSIG DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59940 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; nl., type = DS, class = IN + +;; ANSWERS: +nl. 83354 IN DS 21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98 +nl. 83354 IN RRSIG DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29772 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nl., type = DNSKEY, class = IN + +;; ANSWERS: +nl. 4154 IN DNSKEY 257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0= +nl. 4154 IN DNSKEY 256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7 +nl. 4154 IN RRSIG DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 745 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5661 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; tjeb.nl., type = DS, class = IN + +;; ANSWERS: +tjeb.nl. 4154 IN DS 17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA +tjeb.nl. 4154 IN RRSIG DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 246 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32649 +;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; tjeb.nl., type = DNSKEY, class = IN + +;; ANSWERS: +tjeb.nl. 554 IN DNSKEY 256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt +tjeb.nl. 554 IN DNSKEY 257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs= +tjeb.nl. 554 IN RRSIG DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8= +tjeb.nl. 554 IN RRSIG DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 922 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5928 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; dnssec.tjeb.nl., type = DS, class = IN + +;; ANSWERS: +dnssec.tjeb.nl. 554 IN DS 8340 5 1 5733A59841EA708AE9223822124B07B555E17332 +dnssec.tjeb.nl. 554 IN RRSIG DS 8 3 3600 20130917051704 20130818051644 11499 tjeb.nl. WfurllImGCRujmNfI0ZBtJrmQgSo/68lGSTo95J8YBIm2W9iUqsFI+LwKj3F2QEwz3SsJ2c1mDWiAvkptSq9LgqdLgBJpjDtHNg7fGHdZyvffjlj/+I4ePZG+7Lk5mpNmUmkhx8tgDJiCHMTgfjPl4nAjPxdUPjD59GStEKBT2E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 246 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33538 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; dnssec.tjeb.nl., type = DNSKEY, class = IN + +;; ANSWERS: +dnssec.tjeb.nl. 555 IN DNSKEY 256 3 5 AwEAAdSl9MRil0yoBBkAGGHhxJIRyB//+lfi+ftbTh3a3pDoukvRahssEOKRjiNfmaoQRHbZA4HTqWxIHlu0CzhOc/e5phBPY2oEnGWKmFQRihJVYd2lwjwCTZNKHUz0PhN6PBM8/xlFAyBWduM1ldZf7sge2rod3xx8mZjhVekRnw+P +dnssec.tjeb.nl. 555 IN RRSIG DNSKEY 5 3 3600 20150101000000 20120726165632 8340 dnssec.tjeb.nl. EcmwD5XSZMN8hc1opbI+0+x/6gQ5OukiFl746FJLBM9fUdcYb7A3GnJ9qyWRqvaEPSq2FuzfE2zmW7+YQRHlUxP/INk2ffjDJJwcrIUtgbJv8J+ztWl0L5crReEL5eYpgetG4xgGDT19W+Bd0EHg2YP3o1VHJvV8qzDQxam2NKI= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 365 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33840 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; sigexpired.dnssec.tjeb.nl., type = DS, class = IN + +;; ANSWERS: +sigexpired.dnssec.tjeb.nl. 285 IN DS 47010 5 1 674BE2F020B2D307E0505E844840DD63ACB17CB8 +sigexpired.dnssec.tjeb.nl. 285 IN RRSIG DS 5 4 600 20110727165632 20100727165632 8340 dnssec.tjeb.nl. UIFRltFjBk5gEHjQ4OM9Quv/cuPkVYkPc0wjbmb2LoDHBGZ0MDJb6Ch1he7RxeDOe6KQ/m1PM2IoG57n+5kl6UXj/J8rmJw45ODrSVMNdAZZHJ4UUqx4CNzv4BlGnQc1x6qHHn/mPHF96Ma+anGBzi4/fk99dbqh3WJJ1uUM8u0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 264 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_sigexpired.nsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_sigexpired.nsec3 new file mode 100644 index 000000000..146e4928b --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_sigexpired.nsec3 @@ -0,0 +1,174 @@ +#Date: 2013-08-21T00:06:16+02:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2078 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 +;; QUESTIONS: +;; sigexpired.nsec3.tjeb.nl., type = A, class = IN + +;; ANSWERS: +sigexpired.nsec3.tjeb.nl. 286 IN A 178.18.82.80 +sigexpired.nsec3.tjeb.nl. 286 IN RRSIG A 7 4 600 20100520094957 20090520094957 22928 sigexpired.nsec3.tjeb.nl. DsCkOAQ7CZhHBao7r2AU9x705AqbCEJ5b0J+zEKzNEjC7pDvy7RrBcwgvKhiwhNblvBvPU6LXl11qKddb0mHSRrR5neJ3LXiAEeig4TAT+IsFk79XJl6TAcCTAXYPbpYf8cbtgYbyAOTS9JDmej4aKP4B8vpB0cXRlWmWKj/8NU= + +;; AUTHORITY RECORDS: +sigexpired.nsec3.tjeb.nl. 286 IN NS ns2.tjeb.nl. +sigexpired.nsec3.tjeb.nl. 286 IN RRSIG NS 7 4 600 20100520094957 20090520094957 22928 sigexpired.nsec3.tjeb.nl. HxSs03s9vuL+e5DYiRrFBGi7N6fOrzwZVPvJLFcjHEJ6P1u6vtspNFoOc2HOxAetdxHeUdrPCxvrvrbnQLW4u6oobu0N7zKtF+lytCbDVyl2gUYADayf3XnG4uxUolUkU8QZuOYiLPkTNzL3k+PjAzqsCmUeNwdUbeJLOKFcD8Q= + +;; ADDITIONAL RECORDS: +ns2.tjeb.nl. 554 IN A 195.169.221.157 +ns2.tjeb.nl. 554 IN AAAA 2001:470:1f15:17ba:0:0:0:53 +ns2.tjeb.nl. 555 IN RRSIG A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI= +ns2.tjeb.nl. 555 IN RRSIG AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 833 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54087 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 138547 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 138547 IN DNSKEY 256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf +. 138547 IN RRSIG DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11045 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; nl., type = DS, class = IN + +;; ANSWERS: +nl. 83354 IN DS 21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98 +nl. 83354 IN RRSIG DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13198 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nl., type = DNSKEY, class = IN + +;; ANSWERS: +nl. 4154 IN DNSKEY 256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7 +nl. 4154 IN DNSKEY 257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0= +nl. 4154 IN RRSIG DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 745 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38179 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; tjeb.nl., type = DS, class = IN + +;; ANSWERS: +tjeb.nl. 4153 IN DS 17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA +tjeb.nl. 4153 IN RRSIG DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 246 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5863 +;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; tjeb.nl., type = DNSKEY, class = IN + +;; ANSWERS: +tjeb.nl. 553 IN DNSKEY 256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt +tjeb.nl. 553 IN DNSKEY 257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs= +tjeb.nl. 553 IN RRSIG DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8= +tjeb.nl. 553 IN RRSIG DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 922 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25050 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.tjeb.nl., type = DS, class = IN + +;; ANSWERS: +nsec3.tjeb.nl. 554 IN DS 33022 7 1 A9BBB2B6B619282B263474B19BDBA7A724A11F9E +nsec3.tjeb.nl. 554 IN DS 21665 7 2 40B5D47EC3AD05AF64CA91478408DE035AA64F7CAF7FC372958C80033B330377 +nsec3.tjeb.nl. 554 IN RRSIG DS 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. SXiF+5inBiEVdfFredApgDrdJ/qu6/sjIQ1Ek4M+ldzrgfjtG+HDFTH3A+cs79Mfeq62yUuQpYLGrkZ5Ok9G/4j7lhzdIGX7VZqOqA5TecpjtnATvHaUH1+3nhHYTMCZbDe4wMzsMBnjcNLVbTq+t+UhLKhiq6nsI4xt8TA4fVQ= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 293 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5411 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.tjeb.nl., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.tjeb.nl. 554 IN DNSKEY 256 3 7 AwEAAdWgR6bilcX8UdjeVDenTLcnR6AsrSYXpYccj8QF103GPzDkoLLkh9KS4/obiRYs8BRGotSZK7QT1Ew/xWml425bR0JzOgajHF0Au01M/TtvLSA/Vf4jFqXfFwSBCMWtZGbspSj3SEiILaHmdsyfS0KpqJwF8f+hnOdwmHYEmMkh +nsec3.tjeb.nl. 554 IN RRSIG DNSKEY 7 3 3600 20160101000000 20120416140921 21665 nsec3.tjeb.nl. B/gmYobsGg2zcwEwkTHrYp3xt3claIM4YFKJiqZk3A9H4thBv+9kjmlF9Mt1PHAHtbxAmtYOyuPLuFGLbNWn/qCgjP6ShKHInY5nJMqTsL1Sf3kGhxcKsHR4wUjFKg0eyaFUel1Dm88W6yeWhMWj6vAz0C+LtT/mZnJabN4WQnY= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 363 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62061 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; sigexpired.nsec3.tjeb.nl., type = DS, class = IN + +;; ANSWERS: +sigexpired.nsec3.tjeb.nl. 556 IN DS 22928 7 1 E6E3CB649AB6A75A3CC63DA102F732209ACC3446 +sigexpired.nsec3.tjeb.nl. 556 IN RRSIG DS 7 4 3600 20110417140921 20100417140921 21665 nsec3.tjeb.nl. vYYJzFbjol1BQVj+ERludhem01UT1DTMGvcjicDluoMXivinuXFB9QX+Ke5AZscUiRFHpkwJHEC5t66Z+2GUHGxIA2/p8bym2pnrVFUq2e/rZS4wr3Ge2BKkerwLDpxmHd8VBnxodFlk6b4GqUJymAQf6PUfkAf6RBYdASEdBbY= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 262 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_unknownalgorithm.dnssec b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_unknownalgorithm.dnssec new file mode 100644 index 000000000..37ab1cfed --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_unknownalgorithm.dnssec @@ -0,0 +1,173 @@ +#Date: 2013-08-21T00:06:15+02:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61852 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 +;; QUESTIONS: +;; unknownalgorithm.dnssec.tjeb.nl., type = A, class = IN + +;; ANSWERS: +unknownalgorithm.dnssec.tjeb.nl. 285 IN A 178.18.82.80 +unknownalgorithm.dnssec.tjeb.nl. 285 IN RRSIG A 200 4 600 20200101000000 20120627091948 53226 unknownalgorithm.dnssec.tjeb.nl. tQyez4lEr7JzTX72UeaYwUFE5oogVrrQm2VGn3D70LP8oiIuWs8DH4NPBg2dkMcamTiDSH+BoVrk+SWCfJ4xMoolWhrzqioLIHuypSEfM6OkjxH6/0XluyecbBbAPbSvm4K/uREHglmskcg5qDdfX5rc34lyhjwE7ymYRPnwAEo= + +;; AUTHORITY RECORDS: +unknownalgorithm.dnssec.tjeb.nl. 285 IN NS ns2.tjeb.nl. +unknownalgorithm.dnssec.tjeb.nl. 285 IN RRSIG NS 200 4 600 20200101000000 20120627091948 53226 unknownalgorithm.dnssec.tjeb.nl. NgvVRuG8jngOxSehdNhwpMRreJ2GhosG7Jq9hhwn6T2y3JtPGdPnZ2YLivP78cDuAVF6VV7WzbaHxWnuBegAfzKU2kSl1x885AboLQ3jniRchSUfgoWKSJWXhDtXcGL6fwWqXeA3Er4ww8E72FAVKczuexhIa1Sv2pr2AdLTROA= + +;; ADDITIONAL RECORDS: +ns2.tjeb.nl. 554 IN A 195.169.221.157 +ns2.tjeb.nl. 554 IN AAAA 2001:470:1f15:17ba:0:0:0:53 +ns2.tjeb.nl. 555 IN RRSIG A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI= +ns2.tjeb.nl. 555 IN RRSIG AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 854 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33817 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 138547 IN DNSKEY 256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf +. 138547 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 138547 IN RRSIG DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39454 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; nl., type = DS, class = IN + +;; ANSWERS: +nl. 83354 IN DS 21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98 +nl. 83354 IN RRSIG DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49985 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nl., type = DNSKEY, class = IN + +;; ANSWERS: +nl. 4154 IN DNSKEY 256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7 +nl. 4154 IN DNSKEY 257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0= +nl. 4154 IN RRSIG DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 745 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47474 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; tjeb.nl., type = DS, class = IN + +;; ANSWERS: +tjeb.nl. 4154 IN DS 17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA +tjeb.nl. 4154 IN RRSIG DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 246 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12203 +;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; tjeb.nl., type = DNSKEY, class = IN + +;; ANSWERS: +tjeb.nl. 554 IN DNSKEY 257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs= +tjeb.nl. 554 IN DNSKEY 256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt +tjeb.nl. 554 IN RRSIG DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8= +tjeb.nl. 554 IN RRSIG DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 922 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29046 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; dnssec.tjeb.nl., type = DS, class = IN + +;; ANSWERS: +dnssec.tjeb.nl. 554 IN DS 8340 5 1 5733A59841EA708AE9223822124B07B555E17332 +dnssec.tjeb.nl. 554 IN RRSIG DS 8 3 3600 20130917051704 20130818051644 11499 tjeb.nl. WfurllImGCRujmNfI0ZBtJrmQgSo/68lGSTo95J8YBIm2W9iUqsFI+LwKj3F2QEwz3SsJ2c1mDWiAvkptSq9LgqdLgBJpjDtHNg7fGHdZyvffjlj/+I4ePZG+7Lk5mpNmUmkhx8tgDJiCHMTgfjPl4nAjPxdUPjD59GStEKBT2E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 246 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32116 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; dnssec.tjeb.nl., type = DNSKEY, class = IN + +;; ANSWERS: +dnssec.tjeb.nl. 555 IN DNSKEY 256 3 5 AwEAAdSl9MRil0yoBBkAGGHhxJIRyB//+lfi+ftbTh3a3pDoukvRahssEOKRjiNfmaoQRHbZA4HTqWxIHlu0CzhOc/e5phBPY2oEnGWKmFQRihJVYd2lwjwCTZNKHUz0PhN6PBM8/xlFAyBWduM1ldZf7sge2rod3xx8mZjhVekRnw+P +dnssec.tjeb.nl. 555 IN RRSIG DNSKEY 5 3 3600 20150101000000 20120726165632 8340 dnssec.tjeb.nl. EcmwD5XSZMN8hc1opbI+0+x/6gQ5OukiFl746FJLBM9fUdcYb7A3GnJ9qyWRqvaEPSq2FuzfE2zmW7+YQRHlUxP/INk2ffjDJJwcrIUtgbJv8J+ztWl0L5crReEL5eYpgetG4xgGDT19W+Bd0EHg2YP3o1VHJvV8qzDQxam2NKI= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 365 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50593 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; unknownalgorithm.dnssec.tjeb.nl., type = DS, class = IN + +;; ANSWERS: +unknownalgorithm.dnssec.tjeb.nl. 285 IN DS 53226 5 1 C7D58D23493A940041658E85BDBC03E2ED9F2690 +unknownalgorithm.dnssec.tjeb.nl. 285 IN RRSIG DS 200 4 600 20150101000000 20120726165632 8340 dnssec.tjeb.nl. bew64pyLZ5sNhEybacmvNhcs7iU1HI42SXctSdv54jdrRacG5U9kXGLubDx23xKX4ffXAefTyDL+frfRBFp7LF1Jw3CesZvnrJA4iwNi4tA+CtqNEPegnWm2HHPbelcuwxkCx0VLBzdKsm96kqezM8awljFZEl/PUik3PUhk6CY= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 270 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_unknownalgorithm.nsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_unknownalgorithm.nsec3 new file mode 100644 index 000000000..de639da12 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testInvalid_unknownalgorithm.nsec3 @@ -0,0 +1,174 @@ +#Date: 2013-08-21T00:06:16+02:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21525 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 +;; QUESTIONS: +;; unknownalgorithm.nsec3.tjeb.nl., type = A, class = IN + +;; ANSWERS: +unknownalgorithm.nsec3.tjeb.nl. 285 IN A 178.18.82.80 +unknownalgorithm.nsec3.tjeb.nl. 285 IN RRSIG A 200 4 600 20150101000000 20110520094958 39629 unknownalgorithm.nsec3.tjeb.nl. xI243fqO7RkuWgmyiK9OSNUQ45hOGGZmm1N+J6xwi3V8QkQtmWHpOgmtbMS/A3OTOwFb6vd2VV+LrARLZYY/lRou+vkVrL0vLxcageOJmEkedI8S8HP/U/g4VSJj3uMlxqgLOxeCAGXmqFxljMH5tPuicjzUiVnc/c0SKj8O0vs= + +;; AUTHORITY RECORDS: +unknownalgorithm.nsec3.tjeb.nl. 285 IN NS ns2.tjeb.nl. +unknownalgorithm.nsec3.tjeb.nl. 285 IN RRSIG NS 200 4 600 20150101000000 20110520094958 39629 unknownalgorithm.nsec3.tjeb.nl. pMcWMv8kW8AyLrvwGDVea3wpxee84EPZn4cmNJISZhWInbxZo8BtOtJHSpwWbY5Nh1Z0qd0tJrhBI7Ek3Lszda/2Tz/PEh9WUXEyPQ67CgZW7l/NH1xZPEfP4Q0883j+t25F7bhXgdW8qHpXPpkKy9TjxiR7alQ4l5WNIDtI2k8= + +;; ADDITIONAL RECORDS: +ns2.tjeb.nl. 554 IN A 195.169.221.157 +ns2.tjeb.nl. 554 IN AAAA 2001:470:1f15:17ba:0:0:0:53 +ns2.tjeb.nl. 555 IN RRSIG A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI= +ns2.tjeb.nl. 555 IN RRSIG AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 851 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29473 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 138547 IN DNSKEY 256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf +. 138547 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 138547 IN RRSIG DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36416 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; nl., type = DS, class = IN + +;; ANSWERS: +nl. 83354 IN DS 21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98 +nl. 83354 IN RRSIG DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4465 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nl., type = DNSKEY, class = IN + +;; ANSWERS: +nl. 4154 IN DNSKEY 256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7 +nl. 4154 IN DNSKEY 257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0= +nl. 4154 IN RRSIG DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 745 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37669 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; tjeb.nl., type = DS, class = IN + +;; ANSWERS: +tjeb.nl. 4154 IN DS 17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA +tjeb.nl. 4154 IN RRSIG DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 246 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31112 +;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; tjeb.nl., type = DNSKEY, class = IN + +;; ANSWERS: +tjeb.nl. 554 IN DNSKEY 257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs= +tjeb.nl. 554 IN DNSKEY 256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt +tjeb.nl. 554 IN RRSIG DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8= +tjeb.nl. 554 IN RRSIG DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 922 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62047 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.tjeb.nl., type = DS, class = IN + +;; ANSWERS: +nsec3.tjeb.nl. 555 IN DS 21665 7 2 40B5D47EC3AD05AF64CA91478408DE035AA64F7CAF7FC372958C80033B330377 +nsec3.tjeb.nl. 555 IN DS 33022 7 1 A9BBB2B6B619282B263474B19BDBA7A724A11F9E +nsec3.tjeb.nl. 555 IN RRSIG DS 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. SXiF+5inBiEVdfFredApgDrdJ/qu6/sjIQ1Ek4M+ldzrgfjtG+HDFTH3A+cs79Mfeq62yUuQpYLGrkZ5Ok9G/4j7lhzdIGX7VZqOqA5TecpjtnATvHaUH1+3nhHYTMCZbDe4wMzsMBnjcNLVbTq+t+UhLKhiq6nsI4xt8TA4fVQ= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 293 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9653 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.tjeb.nl., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.tjeb.nl. 555 IN DNSKEY 256 3 7 AwEAAdWgR6bilcX8UdjeVDenTLcnR6AsrSYXpYccj8QF103GPzDkoLLkh9KS4/obiRYs8BRGotSZK7QT1Ew/xWml425bR0JzOgajHF0Au01M/TtvLSA/Vf4jFqXfFwSBCMWtZGbspSj3SEiILaHmdsyfS0KpqJwF8f+hnOdwmHYEmMkh +nsec3.tjeb.nl. 555 IN RRSIG DNSKEY 7 3 3600 20160101000000 20120416140921 21665 nsec3.tjeb.nl. B/gmYobsGg2zcwEwkTHrYp3xt3claIM4YFKJiqZk3A9H4thBv+9kjmlF9Mt1PHAHtbxAmtYOyuPLuFGLbNWn/qCgjP6ShKHInY5nJMqTsL1Sf3kGhxcKsHR4wUjFKg0eyaFUel1Dm88W6yeWhMWj6vAz0C+LtT/mZnJabN4WQnY= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 363 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38423 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; unknownalgorithm.nsec3.tjeb.nl., type = DS, class = IN + +;; ANSWERS: +unknownalgorithm.nsec3.tjeb.nl. 557 IN DS 39629 7 1 7C7A8C7309C1B974A6C00E8418BB3DE40F21CADB +unknownalgorithm.nsec3.tjeb.nl. 557 IN RRSIG DS 200 4 3600 20160101000000 20120416140921 21665 nsec3.tjeb.nl. MCAkQ9lrNsU9jIlMgTk4/qAQLMKKr/nvWm7zd2PIZVyLJGXEJjSydol6Tczvgdz3VyZy0+6UP9JyEGt1TVcLbQr36SpLdxbxlyKf4I4A1d3mpL2QwKKnojGWwbtx8R7i1Ktw8JAsHsGLfFUe+THUL87HBjk1Vuly9+FzKNP1qHI= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 268 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testModifiedSignature b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testModifiedSignature new file mode 100644 index 000000000..b885bb06d --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testModifiedSignature @@ -0,0 +1,97 @@ +#Date: 2013-08-21T00:06:16+02:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39790 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 138546 IN DNSKEY 256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf +. 138546 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 138546 IN RRSIG DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39048 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 83338 IN DS 22072 8 2 94E4C1E425B28150D8DD7C974E27E1A933C1D4B51E535177B52DFF3F807A8C94 +ch. 83338 IN RRSIG DS 8 1 86400 20130827000000 20130819230000 49656 . AuYFxV0Za5X6pLHTPxpmX8PBV8yODP6t5xcqlXSm9WNXjdpHs927Aa8mTgTtNOrtXWgTBQNhBhjrg1KxmV9To7eolWAgnLa6ZYM6FjO4PWkJxWye0UzufBCpjU5hIZ8P2E7BUyD+pFfO07+dr+44dXfV0eYiGYlyWQiO7SalOiE= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5703 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 83338 IN DNSKEY 256 3 8 AwEAAbxjQGBSu3RdzMwH7MD1o5nuv3PZ+iGBPIX+sHKLTOVOzp0xGho//69OLYfJj8B5Fm5Id7IicmSb67qAkkOZHYqSVyjkbsF2FeNVj7lFhCGnQ4EcjFdU/vlbL49z34ILXVEQBHl3vMS40i9py9BoJ4XJIy0I+vKqO2DyvxGEx+j1 +ch. 83338 IN DNSKEY 257 3 8 AwEAAeP0/M59JL65K0YWD0W+8k8x1T79hM4W2pi7cx0CxQULRd3udQnf/8ymUbKsPfVDMCXLQwW2evWHRu4B/OKnkRzDQsev7prdJ5UxAHWF4oFsWpGYx+A7WbqllTlmMFkV8bNz6TW6Trl4+RaLirt3ofRUFrJKyKCyNCKkxbtpFO6p6vP5K8V3CW854NndF3D/Xjz0s3nwd3dLwW3XVqi705mhJBvCSeorgsKMcY3PCBG6U5Twj/akb6P8I2nmoGsrIbtmvGk191zV5o4i8RTjk5DI6FcO5GL0J1w9sAiVYfXlN8wdyr90kqO6MGcvSQEItJCTaljyRT53bekbUhdRE50= +ch. 83338 IN DNSKEY 256 3 8 AwEAAaANwH4naX1c6xHWHYuFVHa7PLc9n7BPL8J3sa2LqKuQvQ1aTu3hIYAsO6c5wlDp4Pgw8HejPdEZC/VRBtHkXeWfe84IJ2731IQYjQGyD4rKq/L9VjD9bMlSjj6RtI7t4ItzEPlsSEEmEtXFLt8IDzq0xc2tQcec9PsfvvV5jIWN +ch. 83338 IN RRSIG DNSKEY 8 1 86400 20131004100909 20130819090909 22072 ch. Nwqv4Ibx3E8+0xjeHocT6/hNGB99sxwpA3Nnan82YRcwpc73M0B8xlvUb+tzsIHvbQVCL83MWWtBfwRsbd9a32eqHvCdzk7wdmgnc4e+vO2QBDrpqy/AXN4+urBK7iuueNy0yUpqjRlIoBE4Ku1Qo1HYQpKu1vUa29w9qMrvTjDIRudy5yJ4YHFYjWF25d80W8coIh00KL2IjAbeZXRYFaaMP9Vw7NQN3qNM64/6FWvGEtD3QNt3Xf86C4m27Antn+na6K3iGT+doMME2kFYJaGwOrHBlE9F3MqWMtRI4McMTnkc052MaOVGKvvtDzmpQBcNQTrrMO4rSC6OofBPBw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39975 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 539 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 539 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 539 IN RRSIG DS 8 2 3600 20130909002703 20130813122537 51783 ch. Ke4stscv7T3wI6xZa7YsiGpmKhs7b8yPTL/HnIuwVnkIdhQfBB7lbXxdxEyLTLq04dmfiC03EtXCAZSHYovU5sE7O3UA11g7bSljxBLSmuCS6h4es2DMIwNWBexGiIkHAtoCL6zedfjGkexz3IYhMA96OfH+ft2nt4ykuDsXXB8= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44453 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20130908212226 20130809202226 6031 ingotronic.ch. w8yqzYuixi+QI+UMdX3dVJVYynpp+d1wL8PwlqNMjL2dTsHxD6xSFefo+Zxxl2cte2soXuzU1pL5HiM34RgQL577FyVOInxfTpUEztG+z+PNS1xXBmHfGek9T70doaUwtdcP++V93H2Z9vG1dmgk0NYTKrKEYV30m0F4LUtWOMvnnZ50bIFi/PZAPAn1UJXK6m/A/tLfsECM4/YcZCE/R+Ce2wTKK0cmzFq0qo+QjznktvQr7BolDTjXb3TSssMwsB97RRfaRo6zZ4AMOa4ipCnd3IJBrCADzXtaGjp2ErfhwVxJCp9p+UVDqlYyMwEZO3MqJqpybzbvuQzNEOLVtw== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20130908212226 20130809202226 17430 ingotronic.ch. Zv2um4K6MF35IV252+eZDTSpN/BF0ElGZXfVhrORtxgHLBaFQUGIAOvi7b6PlQTlMVhkaEQxwgxZSS1b81KqXeuqFC+Z9QUaX5N+A9c2klwOBV+njdktH6zi75bWWCnSN33wZsw1uOKgNEVSpF509GQq+2yUoJU7PHycmG4z0Y8= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testReturnOriginalRcodeIfPrimaryQueryFails b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testReturnOriginalRcodeIfPrimaryQueryFails new file mode 100644 index 000000000..b061e00c8 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testReturnOriginalRcodeIfPrimaryQueryFails @@ -0,0 +1 @@ +#Date: 2013-08-21T00:06:16+02:00 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testReturnServfailIfIntermediateQueryFails b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testReturnServfailIfIntermediateQueryFails new file mode 100644 index 000000000..488c7db99 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testReturnServfailIfIntermediateQueryFails @@ -0,0 +1,42 @@ +#Date: 2013-08-21T00:06:15+02:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25326 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; www.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20130908204313 20130809202226 17430 ingotronic.ch. OMZ2Z5XSFruxd0jBCyT1wYKzlz6aw2Ui2XmbBxp3Bom26n7UiEdjeGlTkoLce5gxsKaAgPuBLGy6MauZz9wLomlsMphsRAP7Y/U1c5UuKKFjF49cRSu/DTS9OstJ3YNIeoABphfPCMn6dOqBIJyjVHJybiBx2ZBROHdaC4cB1KM= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20130908202801 20130809202226 17430 ingotronic.ch. nYQXAE0xrUBWGMWP1cq+xhTFdD91xm2yfuP8SyjL9fI/0ixcW/fJs0PPPdLkStz3ZTGk/rO6alU64HCecshJdLLdwmjNH6cEt9LkudHA4/8TT0fMR7E3elzbYZPIK7iYEsjcfRKey02Hmq+Y+k3W4+lc2uFOlbNr02HfOwH7SDc= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20130908205459 20130809202226 17430 ingotronic.ch. cQ+BxomTy6psnCbedHYgSECQGeRaKghNGOpsFX1ra+WC6MZKdQWAiG/fRn/yU6L4bE1pi1FfFIfAWu79KWfQIbVhOSFUjcpqw/D3lwXtGVk9fjiNCSZN9vsoe6iXLoJtvd1hN/PeHUZAWRdJSkGH9EHEzsWfoki6+kryBYDFDyM= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 615 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47195 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 138548 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 138548 IN DNSKEY 256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf +. 138548 IN RRSIG DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testSignedBelowUnsignedBelowSigned b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testSignedBelowUnsignedBelowSigned new file mode 100644 index 000000000..62a67bc00 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testSignedBelowUnsignedBelowSigned @@ -0,0 +1,247 @@ +#Date: 2013-08-21T00:06:14+02:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48748 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 +;; QUESTIONS: +;; ok.nods.ok.dnssec.tjeb.nl., type = A, class = IN + +;; ANSWERS: +ok.nods.ok.dnssec.tjeb.nl. 285 IN A 178.18.82.80 +ok.nods.ok.dnssec.tjeb.nl. 285 IN RRSIG A 5 6 600 20200101000000 20120627091943 54150 ok.nods.ok.dnssec.tjeb.nl. NF+Z/ab5m254P22XCo4QA0ErU5mo/ELn1g+hX5gmEzS0A/1tbWxJlgZ3vWrNyBghE8Q2nm6Lw2hRKIGzUB8S7i6B10HMZNDMcdXcOG0sUArHlhkfCSGS81y+8Ry/45lyn4QYPNDlziaUt/6IeBwXPvjmaEfd3c13d0AF5qTz7H0= + +;; AUTHORITY RECORDS: +ok.nods.ok.dnssec.tjeb.nl. 285 IN NS ns2.tjeb.nl. +ok.nods.ok.dnssec.tjeb.nl. 285 IN RRSIG NS 5 6 600 20200101000000 20120627091943 54150 ok.nods.ok.dnssec.tjeb.nl. ddy2V0LFPwH96h3Mfg1OsPkuTxlGiJXquPvBuJmpXnM50LPWsUnCn42idMZgVQTePqA+GSCO3P5ql5Flwc/hDCPCOMsOOudEBtMu1jDDoyjrZdpb3tp0x0elrG6Ux8WB5EUKRVeTMcpoGTt0uO0s4KOYUYKgSRv45mHkNffdUag= + +;; ADDITIONAL RECORDS: +ns2.tjeb.nl. 555 IN A 195.169.221.157 +ns2.tjeb.nl. 555 IN AAAA 2001:470:1f15:17ba:0:0:0:53 +ns2.tjeb.nl. 556 IN RRSIG A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI= +ns2.tjeb.nl. 556 IN RRSIG AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 836 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19875 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 138548 IN DNSKEY 256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf +. 138548 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 138548 IN RRSIG DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63605 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; nl., type = DS, class = IN + +;; ANSWERS: +nl. 83355 IN DS 21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98 +nl. 83355 IN RRSIG DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50819 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nl., type = DNSKEY, class = IN + +;; ANSWERS: +nl. 4155 IN DNSKEY 256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7 +nl. 4155 IN DNSKEY 257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0= +nl. 4155 IN RRSIG DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 745 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38082 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; tjeb.nl., type = DS, class = IN + +;; ANSWERS: +tjeb.nl. 4155 IN DS 17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA +tjeb.nl. 4155 IN RRSIG DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 246 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63327 +;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; tjeb.nl., type = DNSKEY, class = IN + +;; ANSWERS: +tjeb.nl. 555 IN DNSKEY 257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs= +tjeb.nl. 555 IN DNSKEY 256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt +tjeb.nl. 555 IN RRSIG DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8= +tjeb.nl. 555 IN RRSIG DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 922 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39828 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; dnssec.tjeb.nl., type = DS, class = IN + +;; ANSWERS: +dnssec.tjeb.nl. 555 IN DS 8340 5 1 5733A59841EA708AE9223822124B07B555E17332 +dnssec.tjeb.nl. 555 IN RRSIG DS 8 3 3600 20130917051704 20130818051644 11499 tjeb.nl. WfurllImGCRujmNfI0ZBtJrmQgSo/68lGSTo95J8YBIm2W9iUqsFI+LwKj3F2QEwz3SsJ2c1mDWiAvkptSq9LgqdLgBJpjDtHNg7fGHdZyvffjlj/+I4ePZG+7Lk5mpNmUmkhx8tgDJiCHMTgfjPl4nAjPxdUPjD59GStEKBT2E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 246 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58984 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; dnssec.tjeb.nl., type = DNSKEY, class = IN + +;; ANSWERS: +dnssec.tjeb.nl. 556 IN DNSKEY 256 3 5 AwEAAdSl9MRil0yoBBkAGGHhxJIRyB//+lfi+ftbTh3a3pDoukvRahssEOKRjiNfmaoQRHbZA4HTqWxIHlu0CzhOc/e5phBPY2oEnGWKmFQRihJVYd2lwjwCTZNKHUz0PhN6PBM8/xlFAyBWduM1ldZf7sge2rod3xx8mZjhVekRnw+P +dnssec.tjeb.nl. 556 IN RRSIG DNSKEY 5 3 3600 20150101000000 20120726165632 8340 dnssec.tjeb.nl. EcmwD5XSZMN8hc1opbI+0+x/6gQ5OukiFl746FJLBM9fUdcYb7A3GnJ9qyWRqvaEPSq2FuzfE2zmW7+YQRHlUxP/INk2ffjDJJwcrIUtgbJv8J+ztWl0L5crReEL5eYpgetG4xgGDT19W+Bd0EHg2YP3o1VHJvV8qzDQxam2NKI= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 365 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41324 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ok.dnssec.tjeb.nl., type = DS, class = IN + +;; ANSWERS: +ok.dnssec.tjeb.nl. 285 IN DS 59280 5 1 C13C96F9AF5D63E74B3E21A04C46EEC14640A84C +ok.dnssec.tjeb.nl. 285 IN RRSIG DS 5 4 600 20150101000000 20120726165632 8340 dnssec.tjeb.nl. DbBJPY8+fItE/VoXXLXyWjyD7VX7Vfv2FsI9BQMbFqrPAcugotIPASV1HDoiZNlXd8314McC7baonMe1gADqhPRC5HQxaji/1ED7gQzF/dSKQdpiippDyAkwcLEOIhKKqpHACSp+QEzx8hoXZeJgOPqZo2NTMDHOfMiVmP+NVo8= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 256 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42335 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ok.dnssec.tjeb.nl., type = DNSKEY, class = IN + +;; ANSWERS: +ok.dnssec.tjeb.nl. 556 IN DNSKEY 256 3 5 AwEAAbqTfqZ3Mpwo2fZXfYN9+oLix0Au2ZyRfGjHKPgMCVDb94X7q6FWkrg01uxbcvfin9jvAzU5dG9SWh/S01NuXrthRbirLGngd4j0woNdQgRQZu3O8LhmUxTRobCFu+nkEOAOB6osS+yON0+3rATgAQxDsFJq+osg29CrzcrYhBBp +ok.dnssec.tjeb.nl. 556 IN RRSIG DNSKEY 5 4 3600 20200101000000 20120627091948 59280 ok.dnssec.tjeb.nl. f8cF15NA+XEHUu8m5UzGLt5hhId4Bl2JKakjORGW3ayRdBUCvyMSk7FcJly6KUMpypxVmO/IpzIdiR8DGjFSlRsPF8gL/N9P9JfWAlmaYCDeSEdcaR57sL4KpDned9KgmVa7YKclj/wk/j9KK4ecDmsiPj9x6GH7a9WFI1oskRs= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 371 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26534 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; nods.ok.dnssec.tjeb.nl., type = DS, class = IN + +;; ANSWERS: +nods.ok.dnssec.tjeb.nl. 285 IN DS 18237 5 1 ED4130C00847B64B527F416D56308C0EFD0C09A1 +nods.ok.dnssec.tjeb.nl. 285 IN RRSIG DS 5 5 600 20200101000000 20120627091948 59280 ok.dnssec.tjeb.nl. AsDYw6FRuvPc/OUSf8yE0ZJuE2eoEa9N97qj4vMDNEJ6cRIhf6wl57V0ssndUnjXQ7ShiLDXXIiOnqkj+sHrCRms6btKR5aZyiFUF/D2nVG51E7kz/Z3FhsgTZpwFGDQkNX/uY376Em1u0Vl6oAhRsSs8dxw5cM1OcKQW529fYo= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 264 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28097 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; nods.ok.dnssec.tjeb.nl., type = DNSKEY, class = IN + +;; ANSWERS: +nods.ok.dnssec.tjeb.nl. 556 IN DNSKEY 256 3 5 AwEAAdmebhaUlvVyYVAyXq692krRBhj3DXq1EkLXujtwEKw+4dGgL2UZJSyeziBhiaunAq0PVE2hQwABuiw+d7NGNuRsIL4tUanzxN3AKWhOnFAKCqvpd+5b+USbVPbcmkbZsNNMAal9+W9yaPp+MqZXPZX+hW6YCJhLBzybxI4f5KN9 +nods.ok.dnssec.tjeb.nl. 556 IN RRSIG DNSKEY 5 5 3600 20200101000000 20120627091947 18237 nods.ok.dnssec.tjeb.nl. 0oNDvs/odYESMMuURD7XVXH5ryciZzjhDBT0FUL4tJYBHR9RbfDib3ehBKL+ZkLsCE4k/UbbkIfrs3XyZt7+Z1ZUqururAFY36jXLWnd5INHO9PPXDvQkUYGuFLj0+OQRT+TJYMqTRJZ1vNUqlQHje8J8MMgiKQFu6VTF9xLaKU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 381 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33309 +;; flags: qr rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; ok.nods.ok.dnssec.tjeb.nl., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ok.nods.ok.dnssec.tjeb.nl. 285 IN RRSIG NSEC 5 6 18000 20200101000000 20120627091947 18237 nods.ok.dnssec.tjeb.nl. avkoLWRhNaE1eIS7kOqAzCtgAQk9HjAL0HEUl2idwJ/nmw1Mh4cal/34iEeTTJQ1LeclkAdiuv3doyl2vahhaovge+R0cY+Yw5N6qf86fyRIq7B0BK6iFXAQ4UZLDWf2dXv70Bwp/RywN2EMTnGJ7XOTP5kQqpV8pYAtauA2RpA= +ok.nods.ok.dnssec.tjeb.nl. 285 IN NSEC sigexpired.nods.ok.dnssec.tjeb.nl. NS RRSIG NSEC +nods.ok.dnssec.tjeb.nl. 285 IN SOA ns2.tjeb.nl. tjeb.tjeb.nl. 2005080901 28800 7200 604800 18000 +nods.ok.dnssec.tjeb.nl. 285 IN RRSIG SOA 5 5 600 20200101000000 20120627091947 18237 nods.ok.dnssec.tjeb.nl. vEkdhN9MjgTnql2TOq8/g7lrTHTGSGTdsc2/zu2wzzizyajH8Nn1k6i7TjTiefxUZ8u7T/uSopVmavBwR/C/cG8YPJ2QEcTSmEh0gVin4rkzLAwkAABV0mCVPd5MAg5lJSim8Q3U37p/WKlB4U/s3yE3VJjOM170SXJFuY9XZCQ= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 518 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testSignedBelowUnsignedBelowSignedNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testSignedBelowUnsignedBelowSignedNsec3 new file mode 100644 index 000000000..aba1833db --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testSignedBelowUnsignedBelowSignedNsec3 @@ -0,0 +1,248 @@ +#Date: 2013-08-21T00:06:15+02:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40631 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 2 ad: 5 +;; QUESTIONS: +;; ok.nods.ok.Nsec3.tjeb.nl., type = A, class = IN + +;; ANSWERS: +ok.nods.ok.Nsec3.tjeb.nl. 285 IN A 178.18.82.80 +ok.nods.ok.Nsec3.tjeb.nl. 285 IN RRSIG A 7 6 600 20150101000000 20110520094930 51119 ok.nods.ok.nsec3.tjeb.nl. ANNO/Gps0zLNrGo3D/SU1x5S2q2tuuIjd3fqqjj3JUDXNVzu9V2cC2Bt/BnpnF5QXfPO+qmnfk6Y63zpV4I3NN4/R3PaY3WXkyS+UsUDPtrt0mnsyNLnVJbp0cUbCHi2CuwIVaWFVtnfHIKk/DyDajfOtc5q77b+jKqAwrlN+I0= + +;; AUTHORITY RECORDS: +ok.nods.ok.nsec3.tjeb.nl. 285 IN NS ns2.tjeb.nl. +ok.nods.ok.nsec3.tjeb.nl. 285 IN RRSIG NS 7 6 600 20150101000000 20110520094930 51119 ok.nods.ok.nsec3.tjeb.nl. Ihi9NiaUENtDnd7QRfk+rVpu+u28TYt/ABUJcDOwhBMGunMryv6xa0+QgTL5MTP2qA2Tx7E3EBK/aJq+Ll9oOX6ZnDJ4McAA9HMk4AK2mNy43uU77WIkW17pwyTxh5sCJTx5AJ3V2TB9dWBtjuCWbFfBYCUXMQgenftrKinNUTM= + +;; ADDITIONAL RECORDS: +ns2.tjeb.nl. 554 IN A 195.169.221.157 +ns2.tjeb.nl. 554 IN AAAA 2001:470:1f15:17ba:0:0:0:53 +ns2.tjeb.nl. 555 IN RRSIG A 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. pXJsbRFz7VdvCiKPuElW08X+THHEwYrSFmKl1qd4N7xaQQl9rwmnN48mfqz3ZsChbJdPKsJJ2xSIj9+PcJoXm1RX8TMZoHpCOGDAbZPfEMTgCpnRkfNTMEYgpH9y8pqV49w88ertZfbx5S8FMa7JmEr5y9axzNyW/x0ln3FnGyI= +ns2.tjeb.nl. 555 IN RRSIG AAAA 8 3 3600 20130828183606 20130729175112 11499 tjeb.nl. 4ObrppiU3IGWmXezHtz7x3rVnkEZfhAxej2lo2zhg58UYIZqFN3WhvQS/iST1wP5jdqtCmhUMBAc1yQmGMyXFINbBHVlckyI7DrZt4vPOlTBkVqWqJIwi8mwZ3Tp//hFcRXqhvfGOj2K8x+4mnnRvnLNBKf/r/MW6E5R5R8+nZs= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 833 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63252 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 138547 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 138547 IN DNSKEY 256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf +. 138547 IN RRSIG DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6681 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; nl., type = DS, class = IN + +;; ANSWERS: +nl. 83354 IN DS 21362 8 2 881D17ECCD7FD67F1086247611CCB7FB8646E82D0074AA91E980B016FD3EDE98 +nl. 83354 IN RRSIG DS 8 1 86400 20130827000000 20130819230000 49656 . LeBOQAStOr5mLRIDTX893FlBFMKap/amWnaHKgKs6ip/B93jAuoPXJggBPnGGvFrVEuTK8JJOi55FHOEOvKjzg6qDswY+DbqGIdmYOD/SaXv0FqF/iuAbrrNaYXj50MexeHKgExNcEd5mrFk9eQh5T5w7QLjeQG9InVTvoXK5G0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8159 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nl., type = DNSKEY, class = IN + +;; ANSWERS: +nl. 4154 IN DNSKEY 256 3 8 AwEAAaq7dp+Ez3A1naHOO0A1zAIfcRtGzYRSptT7NOxuw9mKNXf3Z0258r+l4ghNYbnf5ZhAUUMrah7ydNBu5gz9z1y+hJFhm7cPl13rtYmhbMcQoF89ERdCD586HFtgE1RCggGRy/cxp+VDG7N3gheAjbSdAChMSPE2sGC11CFPuEx7 +nl. 4154 IN DNSKEY 257 3 8 AwEAAbgqMqYHpmZrqQd3zFNOzYv2lw8bWBnrtK9TjlwK/ZBYMwKGR6TNbmMuwdjebpIE2vFxTHGLQfb2PmUJpazAGkG0fUaqrjuIU99Qbe5hwLYXqyGe2Mm+ZNRsomBxhluR/ky/XX4V1TjTqeXYH4gkzEs7I6og5IE0tKyhhpU38XHtuFVj7uunIAWGn5g9tZ0ZNnv8CkwLE5hLmRf+AoNTd483ZBX4FUT32KbF6XV3ikctXbsMe2GqGlIf0gMqJQbNvYf1NuNMbxauh9YavEQ0yaavI1hz5eLMJRruq4wDTyRnMJHupxY69oZZ9IbIsEf0FurtaA7fXrAxqcfEfARr4b0= +nl. 4154 IN RRSIG DNSKEY 8 1 7200 20130902072242 20130819161003 21362 nl. MB0vdAiJIq7TAfodDKy5uGVu0idlJ49vIFs7pDBWvcSfv/7aUohEODQ/b9m0QrZacJz/yssm/pgLyQJckdsyfCWxJ71F2XnJmoZwTRtBVWSArbuDqZx2sisGljn46C5PokGNTVz7stMpLgrp2UBtbkKIUcFxVOkP1aMoAEC2te7EG68Cl/uaAJsphxgU4TyccSJes1QxEwAXpra/apnk/I35Cx67NJzVXOitTSmIh6qI6fjlDIxX30PUyyZsW5bcjJc41wCRpzpFy5d5GCrwqfPLM9ycDcL2LTp5JtGAldzMZ72Jyr6bzVAc7/8DkB4m5EgGjQ8EnbqKcs2aI+XpcQ== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 745 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11951 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; tjeb.nl., type = DS, class = IN + +;; ANSWERS: +tjeb.nl. 4154 IN DS 17992 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA +tjeb.nl. 4154 IN RRSIG DS 8 2 7200 20130830191348 20130816101003 11604 nl. EJl0DMR81ffQRZAcB0wLXtNsUwNtcXkri9GHO8GkjZtlrzhk6jODf1xwFmD7vFCGMBcXqqHZYYWs5IjYUrrdrtFq6ePKfKc1pHs51EoTJdJvjLlShDWN2U9FTfXLjMiVpyL4d3o3ZaPPSQiqiaZINneqzDVyXXan9o8PMBbW7Sg= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 246 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14217 +;; flags: qr rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; tjeb.nl., type = DNSKEY, class = IN + +;; ANSWERS: +tjeb.nl. 554 IN DNSKEY 257 3 8 AwEAAcHR47QfC0dlPEQkAsKRh3VYFvUKlIerSdlT7HBS3/NOQ6ghVs9uYskdbs2pLSRbu4CSu6X0MgKZO0lxoJhi6FqBa33Oc0Mmp/dd6AW4pNdZa4icP6fKT+HcPbLU9dUsrjDo13iXgUy3gls5BLG9KnTaLzWs9KmxTInBUHFLjZa70Fl+ILNfJ/e1D6eX3C104nmGSWpO6OB+nQDz46ra23eGJ7EeNAu1/uhPcqeXg3HWKjqHTzQW5XxVyMhdXx/ILC3SZhsqNqlkKZjmmHbg7V1+iograUg1XEaxaOE25W9jrzvQnMxlZT8I9LTyyi1YArvxMCTcGkNWRi4Ca4/HEDs= +tjeb.nl. 554 IN DNSKEY 256 3 8 AwEAAee4BKqSMI/wEKdLXQyn+TzOjEMWG5IXy+WRGw+6MiKrbLit60eJxNXszf/zR55UUtMqP76lAFkFwZgpmUs6ac3pYOTUYRVFjjG1/hnUF1/thd9uZLe1E3gwa5m6dcOHaspG5xYsJ2wEBmYj1z1xTh70892PwxVR9R9GMKh4YyNt +tjeb.nl. 554 IN RRSIG DNSKEY 8 2 3600 20130917040339 20130818034238 11499 tjeb.nl. ocva2TybPLT8eY4pSxeawEpQ0AM7rvqdGwA3msbiwgPWpW/VfgPWBiN5cZg6PDQA2+Z+BWuK1qgCGFcGEwcWdQ9hm0AsT9pFD8xAFCyNNxYxRiMRFiDop33ZpE2N4S5ukfVVbPa1YHVZ2qzW+RZbb7HjYg4xOJiQKhNuaUEK1b8= +tjeb.nl. 554 IN RRSIG DNSKEY 8 2 3600 20130917040339 20130818034238 17992 tjeb.nl. iqa2i2rUfeHGNHYlkbeSBfULinAmRg9qcsCzTdzlv7MhI0EJZn9LXOlpVA8fi1a1plpIub7qFt5Uu1fzatmlZU48RBxFGINQO4Ad0SKqDFg0WdbwMjwvFJxRmqFvsLhm4eZhOxRx5bCpa/UtTawzY2D5IGH7GGdn8pA0Fa1Dvv32Fw4eNjlcq/Y5xEs1j1ar/qDcG9EyG00O0L+DEc4TREXpPe+PoZkMoRL+glC8IqZ3jJc56O8wugzvJomZNFiaLXGmr2H/XMayhLVpm7ncTeaDknK7aJu0Z/jnATjoc9nyP8t2/Rcw53781pDP1sJlSmfVn/Xpz/MAfY6HQSTPOg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 922 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36588 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.tjeb.nl., type = DS, class = IN + +;; ANSWERS: +nsec3.tjeb.nl. 555 IN DS 21665 7 2 40B5D47EC3AD05AF64CA91478408DE035AA64F7CAF7FC372958C80033B330377 +nsec3.tjeb.nl. 555 IN DS 33022 7 1 A9BBB2B6B619282B263474B19BDBA7A724A11F9E +nsec3.tjeb.nl. 555 IN RRSIG DS 8 3 3600 20130917053510 20130818045138 11499 tjeb.nl. SXiF+5inBiEVdfFredApgDrdJ/qu6/sjIQ1Ek4M+ldzrgfjtG+HDFTH3A+cs79Mfeq62yUuQpYLGrkZ5Ok9G/4j7lhzdIGX7VZqOqA5TecpjtnATvHaUH1+3nhHYTMCZbDe4wMzsMBnjcNLVbTq+t+UhLKhiq6nsI4xt8TA4fVQ= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 293 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19122 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.tjeb.nl., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.tjeb.nl. 555 IN DNSKEY 256 3 7 AwEAAdWgR6bilcX8UdjeVDenTLcnR6AsrSYXpYccj8QF103GPzDkoLLkh9KS4/obiRYs8BRGotSZK7QT1Ew/xWml425bR0JzOgajHF0Au01M/TtvLSA/Vf4jFqXfFwSBCMWtZGbspSj3SEiILaHmdsyfS0KpqJwF8f+hnOdwmHYEmMkh +nsec3.tjeb.nl. 555 IN RRSIG DNSKEY 7 3 3600 20160101000000 20120416140921 21665 nsec3.tjeb.nl. B/gmYobsGg2zcwEwkTHrYp3xt3claIM4YFKJiqZk3A9H4thBv+9kjmlF9Mt1PHAHtbxAmtYOyuPLuFGLbNWn/qCgjP6ShKHInY5nJMqTsL1Sf3kGhxcKsHR4wUjFKg0eyaFUel1Dm88W6yeWhMWj6vAz0C+LtT/mZnJabN4WQnY= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 363 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28799 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ok.nsec3.tjeb.nl., type = DS, class = IN + +;; ANSWERS: +ok.nsec3.tjeb.nl. 556 IN DS 29015 7 1 CC9E46C7B681556F305BFA23D28B76B2FD4645C9 +ok.nsec3.tjeb.nl. 556 IN RRSIG DS 7 4 3600 20160101000000 20120416140921 21665 nsec3.tjeb.nl. a8SDAhKngJlF4ev6aNMn/N7shOW2NRBTHw89Gwh2uVImoac3BHj1jVoHBj0DLB/5wRdJOoRCXnHf0mjs00fvmnc4iKmth32/rptNr4edHDvlXnHtVyOXM0fb2fbFzoTy4bZhwWZL/diw7wPZ8DMPSElp90FaC1lziTzUqZzDGwE= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 254 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6209 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ok.nsec3.tjeb.nl., type = DNSKEY, class = IN + +;; ANSWERS: +ok.nsec3.tjeb.nl. 556 IN DNSKEY 256 3 7 AwEAAceWOJhsrAn2TBLPwK/Bi+PK0QG2yxRsuhaq/wRTr33WEjJ9b3xc0CDfiqqyGxUZ/TUpj6nSYWGYiijQdTQpE7SPDWfJdqKF49OHbfYu9pcOztuLhhXME7iqWB0E0L8aaIe+iT8sVWh0DMBMQxnn16YT6p2lpOhoLmXvX9BEtY8B +ok.nsec3.tjeb.nl. 556 IN RRSIG DNSKEY 7 4 3600 20150101000000 20110520094959 29015 ok.nsec3.tjeb.nl. N7cMAbsKLWn2vIHcCrwSHYpQwIcwPvTTrUE0G6FmTHZZtaCvn4aJI48G0IkSxwdXqRkdo2QnFOwYb+909yR4bFVbkW18s1sjLrkoCX//+qC3HJUhqPg0NE930JlaMgB05gsdUKvsgnix4QbJeV+wDmX5A6fDqsMYzzTM9nJDC14= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 369 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21311 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; nods.ok.nsec3.tjeb.nl., type = DS, class = IN + +;; ANSWERS: +nods.ok.nsec3.tjeb.nl. 556 IN DS 55175 7 1 A568CC122F255DB28A2D3722F73A3B0806F518F6 +nods.ok.nsec3.tjeb.nl. 556 IN RRSIG DS 7 5 3600 20150101000000 20110520094959 29015 ok.nsec3.tjeb.nl. By8MnTo378q+EuGJn0nHqXvUCKFlTuGZ0A7e2Cj8Obn4uXlYHH3jthhqHTkdnHaKEUleUQPahceiw/LOtDl/6NIawJhU/XsHeAISQSwtIFEDh+Et2PbiUm7ctJzc8/RI5JZUOdmigDp16MosJgaZtqQ/jrrXgmVuNUoyKjMSDh4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 262 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51720 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; nods.ok.nsec3.tjeb.nl., type = DNSKEY, class = IN + +;; ANSWERS: +nods.ok.nsec3.tjeb.nl. 556 IN DNSKEY 256 3 7 AwEAAcdRLBNRBImIcppogur+tBYqebD1/4o1NUlZUzCrd3l/zK6QNpCz0l0xFzIaHmUanzvRqvU3EBWv38V2Y4/o5JBmNQFsAdvGCa9PrA7qUcSLUhf8sQyZZ+H1C5lbsLkQeIHpt4v+lUSrCyqR0YxIpuOTmy5ndlkft8ZVnhpB6sRp +nods.ok.nsec3.tjeb.nl. 556 IN RRSIG DNSKEY 7 5 3600 20150101000000 20110520094954 55175 nods.ok.nsec3.tjeb.nl. RDrU5bY24bqgA2yYFSe9RNNvOOy7KTb0GczvmG04hOgh3HprehZUqe57stXjNRvFCPNadAYvyXWXzr6Jwwardsq/yHx4Wc+Eg7FI3SKi9s4xfqQMznmhNReTbaOM9axhvh+Kjhhr0wd4ahTxUeR4RI7Ptt08S4YZR6xETg25Fes= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 379 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60428 +;; flags: qr rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; ok.nods.ok.nsec3.tjeb.nl., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +nods.ok.nsec3.tjeb.nl. 285 IN SOA ns2.tjeb.nl. tjeb.tjeb.nl. 2005080901 28800 7200 604800 18000 +nods.ok.nsec3.tjeb.nl. 285 IN RRSIG SOA 7 5 600 20150101000000 20110520094954 55175 nods.ok.nsec3.tjeb.nl. gvLwLEFhql1MoJQ5H3jEJbW55lvuzEhOfr6lbps+lCXu3LDLDf65DqFp059Irel6Yhm8aG18wy0bEed4FR9bFf/QrIgwVHPurGwdt9jEgKX32ymzLraCrtjuHVs3lQ5n4TDtNg8j4anoE5rPhzdhfxXto6kCrFUmp8prrdNrC44= +0QUE97DEAJOCAN6U144OOGAVCOPGSPJ3.nods.ok.nsec3.tjeb.nl. 285 IN RRSIG NSEC3 7 6 18000 20150101000000 20110520094954 55175 nods.ok.nsec3.tjeb.nl. gR78M3VVulOpbrZ7htYu0cteB0o09MkaenWab8DWL1Jkzyp+oVPmvPcDZ6PpTW4JPtBG95BXCk9as0ULf/bQg0YNFk2Dos05nNQNIS/S51lRRjj2BSINUVvV+9xmnMqPt6RixC+4jPIGJgh3cpVxOW9wOj/oOc2i+PevNPLmjDM= +0QUE97DEAJOCAN6U144OOGAVCOPGSPJ3.nods.ok.nsec3.tjeb.nl. 285 IN NSEC3 1 0 5 BEEF 6K87EVMP3OJ1N6STBBL5QGG00SSCMK23 NS + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 536 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testUnsignedThatMustBeSigned b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testUnsignedThatMustBeSigned new file mode 100644 index 000000000..8a6e594b6 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestInvalid/testUnsignedThatMustBeSigned @@ -0,0 +1,117 @@ +#Date: 2013-08-21T00:06:15+02:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56424 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 138548 IN DNSKEY 256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf +. 138548 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 138548 IN RRSIG DNSKEY 8 0 172800 20130903235959 20130820000000 19036 . fGmWbtROfDQ5bFTrhIQDesRvY2viY1/7Qzg7WHHH8g78QONdl33t10P9rSHwjN2JdgZ3Jbnwu/2LOFCKpwV5Ei5w9A3oUW5jcq/wnC/oKSVfvoHJ4zzJ/11KCMi1sGVUwHRf2BeNMvf8Kjpb59oUMx85NjWkIxlZYZDsC/cemeRcm1aaYrzIAS+rxck8Wmx9+1cEz/KF/w2C0sZSiMJL52Jda5XBv/24obY1NLlUHTNIQVxktAS6e5bPtHNve4zbb0YGI0QUbtIO6Bh56CoE5vnHo5bDdBY6Kdo9VOlZd4AGm1Nw9z2HLyftJanqGd495azQ6uLV6x9QN6LZ4WBVwg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60938 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 83340 IN DS 22072 8 2 94E4C1E425B28150D8DD7C974E27E1A933C1D4B51E535177B52DFF3F807A8C94 +ch. 83340 IN RRSIG DS 8 1 86400 20130827000000 20130819230000 49656 . AuYFxV0Za5X6pLHTPxpmX8PBV8yODP6t5xcqlXSm9WNXjdpHs927Aa8mTgTtNOrtXWgTBQNhBhjrg1KxmV9To7eolWAgnLa6ZYM6FjO4PWkJxWye0UzufBCpjU5hIZ8P2E7BUyD+pFfO07+dr+44dXfV0eYiGYlyWQiO7SalOiE= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47777 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 83340 IN DNSKEY 257 3 8 AwEAAeP0/M59JL65K0YWD0W+8k8x1T79hM4W2pi7cx0CxQULRd3udQnf/8ymUbKsPfVDMCXLQwW2evWHRu4B/OKnkRzDQsev7prdJ5UxAHWF4oFsWpGYx+A7WbqllTlmMFkV8bNz6TW6Trl4+RaLirt3ofRUFrJKyKCyNCKkxbtpFO6p6vP5K8V3CW854NndF3D/Xjz0s3nwd3dLwW3XVqi705mhJBvCSeorgsKMcY3PCBG6U5Twj/akb6P8I2nmoGsrIbtmvGk191zV5o4i8RTjk5DI6FcO5GL0J1w9sAiVYfXlN8wdyr90kqO6MGcvSQEItJCTaljyRT53bekbUhdRE50= +ch. 83340 IN DNSKEY 256 3 8 AwEAAaANwH4naX1c6xHWHYuFVHa7PLc9n7BPL8J3sa2LqKuQvQ1aTu3hIYAsO6c5wlDp4Pgw8HejPdEZC/VRBtHkXeWfe84IJ2731IQYjQGyD4rKq/L9VjD9bMlSjj6RtI7t4ItzEPlsSEEmEtXFLt8IDzq0xc2tQcec9PsfvvV5jIWN +ch. 83340 IN DNSKEY 256 3 8 AwEAAbxjQGBSu3RdzMwH7MD1o5nuv3PZ+iGBPIX+sHKLTOVOzp0xGho//69OLYfJj8B5Fm5Id7IicmSb67qAkkOZHYqSVyjkbsF2FeNVj7lFhCGnQ4EcjFdU/vlbL49z34ILXVEQBHl3vMS40i9py9BoJ4XJIy0I+vKqO2DyvxGEx+j1 +ch. 83340 IN RRSIG DNSKEY 8 1 86400 20131004100909 20130819090909 22072 ch. Nwqv4Ibx3E8+0xjeHocT6/hNGB99sxwpA3Nnan82YRcwpc73M0B8xlvUb+tzsIHvbQVCL83MWWtBfwRsbd9a32eqHvCdzk7wdmgnc4e+vO2QBDrpqy/AXN4+urBK7iuueNy0yUpqjRlIoBE4Ku1Qo1HYQpKu1vUa29w9qMrvTjDIRudy5yJ4YHFYjWF25d80W8coIh00KL2IjAbeZXRYFaaMP9Vw7NQN3qNM64/6FWvGEtD3QNt3Xf86C4m27Antn+na6K3iGT+doMME2kFYJaGwOrHBlE9F3MqWMtRI4McMTnkc052MaOVGKvvtDzmpQBcNQTrrMO4rSC6OofBPBw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50312 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 541 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 541 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 541 IN RRSIG DS 8 2 3600 20130909002703 20130813122537 51783 ch. Ke4stscv7T3wI6xZa7YsiGpmKhs7b8yPTL/HnIuwVnkIdhQfBB7lbXxdxEyLTLq04dmfiC03EtXCAZSHYovU5sE7O3UA11g7bSljxBLSmuCS6h4es2DMIwNWBexGiIkHAtoCL6zedfjGkexz3IYhMA96OfH+ft2nt4ykuDsXXB8= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22330 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20130908212226 20130809202226 6031 ingotronic.ch. w8yqzYuixi+QI+UMdX3dVJVYynpp+d1wL8PwlqNMjL2dTsHxD6xSFefo+Zxxl2cte2soXuzU1pL5HiM34RgQL577FyVOInxfTpUEztG+z+PNS1xXBmHfGek9T70doaUwtdcP++V93H2Z9vG1dmgk0NYTKrKEYV30m0F4LUtWOMvnnZ50bIFi/PZAPAn1UJXK6m/A/tLfsECM4/YcZCE/R+Ce2wTKK0cmzFq0qo+QjznktvQr7BolDTjXb3TSssMwsB97RRfaRo6zZ4AMOa4ipCnd3IJBrCADzXtaGjp2ErfhwVxJCp9p+UVDqlYyMwEZO3MqJqpybzbvuQzNEOLVtw== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20130908212226 20130809202226 17430 ingotronic.ch. Zv2um4K6MF35IV252+eZDTSpN/BF0ElGZXfVhrORtxgHLBaFQUGIAOvi7b6PlQTlMVhkaEQxwgxZSS1b81KqXeuqFC+Z9QUaX5N+A9c2klwOBV+njdktH6zi75bWWCnSN33wZsw1uOKgNEVSpF509GQq+2yUoJU7PHycmG4z0Y8= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27567 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; www.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032613 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20130908212440 20130809202440 17430 ingotronic.ch. Bv0THQWBGQh8Ymi6eLS7EIv8qA70/FmPrECD8ewe3nySf1N54/UqC++kOoIuG9sHoKNmSKl8SjoaYTulbVt0pUQROPKJh76eCAbfuusbY10dHWB4cZWYSY4NBW1z9twi9UfHHWhzeZloL/ILQG/eqVJAeKhlqwvhIzWzy2c1mWE= +www.ingotronic.ch. 300 IN NSEC z.ingotronic.ch. A AAAA RRSIG NSEC +www.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20130908204313 20130809202226 17430 ingotronic.ch. D355Ot7NsJvQ0ED1dl4jSvr9Mxe2XnXwoXoF3d+dX5fikfJ5dnAH4txuGyAbVYchwmTmNpwdP2sPwPI/SBR9Ta7XuunxSfEUwibllU4GkktHNIBOzvH9fKZqqkpMfzIyxgthtEFr5WsKZACqKm02nykyoWIvbe2Ck3HVcscXVbY= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 475 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestKeyCacheUsage/testUnsigned b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestKeyCacheUsage/testUnsigned new file mode 100644 index 000000000..e6e34bef8 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestKeyCacheUsage/testUnsigned @@ -0,0 +1,158 @@ +#Date: 2015-01-06T22:35:11+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1856 +;; flags: qr aa rd ra cd ; qd: 1 an: 1 au: 1 ad: 3 +;; QUESTIONS: +;; www.unsigned.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.unsigned.ingotronic.ch. 300 IN A 127.0.0.1 + +;; AUTHORITY RECORDS: +unsigned.ingotronic.ch. 300 IN NS ns1.ingotronic.ch. + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 278 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38534 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87363 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87363 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87363 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87363 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61854 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 963 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 963 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48752 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 964 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 964 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 964 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 964 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23116 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3572 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3572 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3572 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39476 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45944 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; unsigned.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +unsigned.ingotronic.ch. 300 IN NSEC v.ingotronic.ch. NS RRSIG NSEC +unsigned.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. VsO/22QJi2Ny+QZBukileDIUc4/DqPdZwNssNbylPAscz0IBrLt9zKDcI26NSMqhFRFXIZqBXJScmKJseKB+wQUscwKK5kkzUIXK/SPbLQ8MLnOUKIXUgURDKDCp6W8eHoa/51dOS0Vb1woxmzN1kQnjTTUoW5z1igN7RcYCuGQ= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 480 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51417 +;; flags: qr aa rd ra cd ; qd: 1 an: 1 au: 1 ad: 3 +;; QUESTIONS: +;; www.unsigned.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.unsigned.ingotronic.ch. 300 IN A 127.0.0.1 + +;; AUTHORITY RECORDS: +unsigned.ingotronic.ch. 300 IN NS ns1.ingotronic.ch. + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 278 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNoDSProofCanExistForRoot b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNoDSProofCanExistForRoot new file mode 100644 index 000000000..1e7a7b7a6 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNoDSProofCanExistForRoot @@ -0,0 +1,38 @@ +#Date: 2014-01-28T22:39:20+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48189 +;; flags: qr aa rd ra ; qd: 1 an: 0 au: 8 ad: 1 +;; QUESTIONS: +;; ., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +;hash(.) -> hash(a.) +;key is the same as for nsec3.ingotronic.ch. +79anvqbpbhcdqbbli9adpmg4p0sof39o. 300 IN NSEC3 1 0 10 1234 9umm3m67j29mljvnfbcqa4prsu1gir2r NS SOA RRSIG +79anvqbpbhcdqbbli9adpmg4p0sof39o. 300 IN RRSIG NSEC3 7 1 300 20140215011722 20140116005424 16758 . BbqCmb/7I8FMxVbQuOTQ7+Yfpw/1NTNlL29y3AWu4GRh+v3Mrh13PqsS+pwEgBtHTQ2uUCMil+1kiUs2qNCnbz7N5gV3RNtiNZOW9dltU3B2gSwFuX4UKPdCuIrHTBeIVZo7IsSYZSL2/GZ3ECdwbL28KRtvvp1l7uOeHuDdmeIJm47XyowM9v+x1/iCch6GoDzw5XcuXFoEfT+4sXQdhxGneab64alYo49kSf1+lt0pwNTJOtNcyAHvrnsLO/g3Kk5cfR2MNw7ubVyJRicCYO82252LoXITZ/q2Y6k+OCquo5kmc0OLeijZySYF54xFyg2zlcv54j70c/wI9xle7g== + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1051 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +. 300 IN RRSIG DNSKEY 7 0 300 20140215011722 20140116005424 16758 . dFPeCHbVNX/k3Hx9XKC6T0WaboXStOxprTqqc8DQSvTTaUrazAwc41/ty1LMdgrcU1JpvZmB3UzLoQcFoYaMQKOcQyPm4GCABMzl0xNTWAOjYURIZggEIEuu61p4j0y4nc52CnRbLxgjUsQOAvPzgDyJHnQ7eSOnz9tZSrpyTmtzU/szKm623cH+7DkguG1QpbWCNl4cTjyqDPwefsdE82u/8PAQ0ANR/hy5sZ4IOwdOas/H1oYCMIc0y9IEtlYO0LPiOv9rx/UmgH64tuuLmmgiIGZXqExsh1XEsQqakCQ33Ux4+p1MCQl3uM/6WvGdJkKNR7/n4kktQy2BxF3ONA== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataApexNsec3ProofInsecureDelegation b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataApexNsec3ProofInsecureDelegation new file mode 100644 index 000000000..56d439691 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataApexNsec3ProofInsecureDelegation @@ -0,0 +1,158 @@ +#Date: 2014-01-28T22:39:20+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48189 +;; flags: qr aa rd ra ; qd: 1 an: 0 au: 8 ad: 1 +;; QUESTIONS: +;; sub.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032736 300 60 864000 300 +nsec3.ingotronic.ch. 300 IN RRSIG SOA 7 3 300 20140215042629 20140116032629 62417 nsec3.ingotronic.ch. DaTlmlI5j/Y1XJZtij2jplUmwYCcfcUr7O0fzFwUoP7y/3gjaqeT8YyhD1JJP2Agf1ZwEh2q12lD3ZiYp9RvOmkreWQiDv8zUbykBwNpY9w2ur6qgEZWtLQgB+BqdYUeAVV+EOOq+RfVSZzee+z9E+Pf/sEV4kXTbRTwGS+4XmM= + +;hash(sub.nsec3.ingotronic.ch.), taken from parent zone and removed the DS +5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 74SO0776K6C87EPASDU8QK8SROIK00KK NS RRSIG +5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20140215042629 20140116032629 62417 nsec3.ingotronic.ch. fjiw9C0JFM8mA45Wzu+0H4SMe7CIce05bKuTvXUMI6RY164xMRgU0a9mQpk++Upksk/eAnexzA/TlqYQISGg+/JWV/js5xUNc6jYVWUmy84wGPq2vSrC3uoLwBZgvmNjAJlEHMFFx3XX9ihS4+KhgFM66s5pqLiIAshPwe6wsqU= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1051 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 61065 IN DNSKEY 256 3 8 AwEAAb8sU6pbYMWRbkRnEuEZw9NSir707TkOcF+UL1XiK4NDJOvXRyX195Am5dQ7bRnnuySZ3daf37vvjUUhuIWUAQ4stht8nJfYxVQXDYjSpGH5I6Hf/0CZEoNP6cNvrQ7AFmKkmv00xWExKQjbvnRPI4bqpMwtHVzn6WybBZ6kuqED +. 61065 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 61065 IN RRSIG DNSKEY 8 0 172800 20140204235959 20140121000000 19036 . naUK900bmMkwXGEUg2wDRHVLN5vPQCU5l9LE3ZwiShbOze9KpWtFCluZ8v2G6Xlm35vNK+sq4B/UV/PVS9f4FhLgfQKJSThpAT8CqMOdvLgu+sTQ4bp+ve1h9sK3T20xjs3khQ16D4mDNUK+sdGEHpBJu7RlBGlprD9Xa8yE8CSkR/WFDm91wIU7AoTdqCz9Lkb1TFavj8SrSjQXYt/H+xwy8VzKxfxL/f9Lm70bfLmW8ZVRKjT12cbs+7TxG4IwP/W0TiTq7oa2fDESKJq3mAHOTifHl3cTG5DO7nldesDPcxWD4UZxYMz1teSlKSNgQGdcUVHIeMkhh1pBnfnCBA== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10015 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 824 IN DS 24859 8 2 9AFD21261EAF98AFD7E24E89BE6B25767F93EB401C6C3DF21342F40EE82DCCF0 +ch. 824 IN RRSIG DS 8 1 86400 20140203000000 20140126230000 33655 . vdEmh6O0rGMUcX5EDZtUAT/D7jadckSXdN9YILrNJZj32Xl7BwJOzvvI2nXngmG/o6KdxMqh+Cldp0alYKUvWXX3A16xIp89aLkxlyBWM84t1Bt8V0XPHFZJDCznfVvYhFYG0tnUpABg6F3rGiDwk2woCmFPTeZMjPgWk4p2IDI= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46537 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 824 IN DNSKEY 257 3 8 AwEAAb5bW5/VfwMAh4475ab4xxrFwc7RIbAoKOABByzbIDMODUlQz1MQLlrI/z4SYANynrDCevw2f1f2ROUzriZpqwqiTN2w3K3GJrk7yZ+1e8OhI2uaGsxKVnTyxKiyzPlC9OLilEsZ4oLGoUIksfJgdDY9+Nj1971H1XS1eDNViJ6kSxgnbxH5tnHl5s75Wfzq8GxSyMu5KxoYbCGT/mvU5ZyZccULQUe/f11FE5JazLf9TgtyDSyWdCFRWl6mdIAR7lVCY82jtN0+Mhzp1PYF/YK3IReKs9P0vijM8qYDXem0NNSzse9lk7SiJWc02vVo/QmfxqTVkNrv2Fcg7fUoiCk= +ch. 824 IN DNSKEY 256 3 8 AwEAAfRZWbfzfBEayMyl/GmDY+e9zmYPNLVlfss3/eUxwnsfh704epy8rVQ6pJuVU0ihFWHTp583ZvWy73ZrVrtXwXbpa3z4+84vhxXDshHG6W67/XEThG0zQY/zFwopIQC+/LLhn7NAR5SZghdqS7+d4EoW52BZtGW/hZIyGuiWZynZ +ch. 824 IN DNSKEY 256 3 8 AwEAAcbnjesseojqOqAWrNxHDr7aw4jwJkQGfFtWdtr0KQEQApS112QmhbWIZ1yHS8IWbAd4jVGRFQqJ4KZoFW6HdgKfXcfrBQ5QXVfi0gyyZjzwAteOGxAH8NtuqbOwkhT3efDtntJcY+wQIwL5QQKKX/Aw2CvxhmUQxHCNhvsD2HPH +ch. 824 IN RRSIG DNSKEY 8 1 86400 20140303100909 20140116090909 24859 ch. F/gnqCvTxFwFFkUX/YEP4ifda8rSrU1DWEJKrj3lnobrd7LJQJRYwanOXbF0YRbNJWPsDXvw2v8/m9NggNy9EL7/iwR9TB2eNwwDAoZsrDitvmVFWm4ewueWNlXy63P96CyzeiTx37uxh59+PpC/w6+Z8Eb/ce6K714NW5PGg3ZM1ABNVt3VSv1WpbnOHdUKp0WHQtvUxSUh1EBN9OZAi9OsO/e44VmAEICA2qqVYcUR3hdiVBTCn0M+g+afXhTmavsUVSzeEdVtHpRLV7q1rIM2woWFmnhG27VGE+Fx5D7wwj9aC09vr4xADdmlTa05taoX0OKKqO5X1j/kT38SAg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47971 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 2355 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 2355 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 2355 IN RRSIG DS 8 2 3600 20140227194545 20140128190342 47694 ch. fI4xUfXJ/4RwPi0CQUX12gHlmSAh6NLE9AXNRFXv0JX2Jhprq1rwLnbCxZsdU0N27dHSIFeeOSb3b02EdaBKKtBAPegXOIYX67siXHhRnykXjqX0tuHDPWYPeegh7UttVLWi0ZHeBJ6YagYW+9Cu3EyoAhVt5V72rgKzB6cKWK0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48551 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20140218124422 20140119114422 6031 ingotronic.ch. ToVAQwGYFHE7lkZGc3b42RmbJxQgkCq0U/GBj/thBklPY+6ljKhNSKBSXbM6rFpMHGoWC2WAXlDLTLRZJT1mBziFDd2YXyxRItr+oj+FK2zGEYM5+JEUG/TW1XS7LH5y8Uj8RaJuXi76OUYtBG+r0KFidH+ix3dlxg/O43epn8nf3wMwnrJL7EddjuMGSujFjoIM+Fy0CKvu+R5RFyIQn2V7E2Y/ZoSzEn7Ey27IYRc1EiskzUz94opbIQHx0/YkngZpDOSs9P2d8FX7rJVBjy7pxvS6IA8EPytJMEwAEw4agaq9nCEc7M0rdN0knv81qTLZWF/p47m2X13yTGrhOw== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20140218124422 20140119114422 17430 ingotronic.ch. dW820FCc9H0HzcOEihkrGq7W5Cm8y0FXg4xcMWaobHzsX3jI5ResccGi9UnNclE6pXAnu4E7w7d8tOEdih+Eb8rt67eaXOIBReWynMaHkVpAbRASiil755vnCE3SsXathrunUVpRB3QkIVqRhTLGzM+LANC3H8jVXhGVRVy8Dog= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25297 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20140218125024 20140119120700 17430 ingotronic.ch. JE66mSXrbaDE2usJScL/GXUxTXRn+GeO+Fi/iJyajr09aVnqTqd7UEN9eq454rLozFAv4dV3vKQywOI7BDMkM+OfVYQKy/Kro7CcvNpcuo+Tg8kX8ttl1a6C9kjy75wHh09X62TmKhA1a5bksHMs/P3SCTG87cXllmTpot3KlUE= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57018 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20140215023510 20140116021800 16758 nsec3.ingotronic.ch. RT1Lj82phLAEt5Ck6F/vg6VYvgT7Loy7sixOoZC13YCU7tJqe9lZEWWQuDATlvUdMeyApDXjDj0Czy2cDlCxPrtpZANm+/GWGn67+t8MUC2r8rgbVvFWjHFmMrb9nMLsdOajF5m7A9cnPIpFfng7uUqlpBZ7UvvBGtBOy6sRxErdxzr2KY+2B2dLyfGw7z9e04J9F75AC+jdL1Z+R0CSkaYJoroun53OULF8xhNOB9D4pbKx/fcVxVuNx2L8KcpDn2EsHGSkM4eIUo7l3kYx3f4OV0HFIL0pwByqDvc+66HCEcS5OBlEM+Z5EDKS1DGY3DE85RFZpu4sIShqffRB4A== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20140215023510 20140116021800 62417 nsec3.ingotronic.ch. iGelQHd9Eqam20YcJGFoOLn6DTQgkCts5nJrRLRYuDndGNUOcpTt0EcPImOGiDYEk+0TiXXF3jfbKYaZtncsKvwE50m41E4osqdIA/rpJU9GFWwGgQ2EX5uizunyxEM/YzTgjr9+heIW9+MtgPV1NZRp8HPN3Tq96j3VI3lCQxs= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataApexNsec3WithSOAValid b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataApexNsec3WithSOAValid new file mode 100644 index 000000000..b8b733c32 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataApexNsec3WithSOAValid @@ -0,0 +1,158 @@ +#Date: 2014-01-28T22:39:20+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48189 +;; flags: qr aa rd ra ; qd: 1 an: 0 au: 8 ad: 1 +;; QUESTIONS: +;; sub.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032736 300 60 864000 300 +nsec3.ingotronic.ch. 300 IN RRSIG SOA 7 3 300 20140215042629 20140116032629 62417 nsec3.ingotronic.ch. DaTlmlI5j/Y1XJZtij2jplUmwYCcfcUr7O0fzFwUoP7y/3gjaqeT8YyhD1JJP2Agf1ZwEh2q12lD3ZiYp9RvOmkreWQiDv8zUbykBwNpY9w2ur6qgEZWtLQgB+BqdYUeAVV+EOOq+RfVSZzee+z9E+Pf/sEV4kXTbRTwGS+4XmM= + +;hash(sub.nsec3.ingotronic.ch.), taken from parent zone and added a SOA, which makes this repsonse actually valid again +5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 74SO0776K6C87EPASDU8QK8SROIK00KK NS DS SOA RRSIG +5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20140215042629 20140116032629 62417 nsec3.ingotronic.ch. hDh7ATOdwszkVQCMmbGXPdQu5j24W1SLVRU5ZcwsqPPkRYmgUUsCqchpaHNV216S1Q0PYkdDWiuoCv26fkNVIRIydNlGC+kw567qlq520En2dFdVlTf4FFjADglWbCDjHBYagSx6e/y1ekDsvtPLDxi80M9wFruAhNLXlFd1KsE= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1051 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 61065 IN DNSKEY 256 3 8 AwEAAb8sU6pbYMWRbkRnEuEZw9NSir707TkOcF+UL1XiK4NDJOvXRyX195Am5dQ7bRnnuySZ3daf37vvjUUhuIWUAQ4stht8nJfYxVQXDYjSpGH5I6Hf/0CZEoNP6cNvrQ7AFmKkmv00xWExKQjbvnRPI4bqpMwtHVzn6WybBZ6kuqED +. 61065 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 61065 IN RRSIG DNSKEY 8 0 172800 20140204235959 20140121000000 19036 . naUK900bmMkwXGEUg2wDRHVLN5vPQCU5l9LE3ZwiShbOze9KpWtFCluZ8v2G6Xlm35vNK+sq4B/UV/PVS9f4FhLgfQKJSThpAT8CqMOdvLgu+sTQ4bp+ve1h9sK3T20xjs3khQ16D4mDNUK+sdGEHpBJu7RlBGlprD9Xa8yE8CSkR/WFDm91wIU7AoTdqCz9Lkb1TFavj8SrSjQXYt/H+xwy8VzKxfxL/f9Lm70bfLmW8ZVRKjT12cbs+7TxG4IwP/W0TiTq7oa2fDESKJq3mAHOTifHl3cTG5DO7nldesDPcxWD4UZxYMz1teSlKSNgQGdcUVHIeMkhh1pBnfnCBA== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10015 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 824 IN DS 24859 8 2 9AFD21261EAF98AFD7E24E89BE6B25767F93EB401C6C3DF21342F40EE82DCCF0 +ch. 824 IN RRSIG DS 8 1 86400 20140203000000 20140126230000 33655 . vdEmh6O0rGMUcX5EDZtUAT/D7jadckSXdN9YILrNJZj32Xl7BwJOzvvI2nXngmG/o6KdxMqh+Cldp0alYKUvWXX3A16xIp89aLkxlyBWM84t1Bt8V0XPHFZJDCznfVvYhFYG0tnUpABg6F3rGiDwk2woCmFPTeZMjPgWk4p2IDI= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46537 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 824 IN DNSKEY 257 3 8 AwEAAb5bW5/VfwMAh4475ab4xxrFwc7RIbAoKOABByzbIDMODUlQz1MQLlrI/z4SYANynrDCevw2f1f2ROUzriZpqwqiTN2w3K3GJrk7yZ+1e8OhI2uaGsxKVnTyxKiyzPlC9OLilEsZ4oLGoUIksfJgdDY9+Nj1971H1XS1eDNViJ6kSxgnbxH5tnHl5s75Wfzq8GxSyMu5KxoYbCGT/mvU5ZyZccULQUe/f11FE5JazLf9TgtyDSyWdCFRWl6mdIAR7lVCY82jtN0+Mhzp1PYF/YK3IReKs9P0vijM8qYDXem0NNSzse9lk7SiJWc02vVo/QmfxqTVkNrv2Fcg7fUoiCk= +ch. 824 IN DNSKEY 256 3 8 AwEAAfRZWbfzfBEayMyl/GmDY+e9zmYPNLVlfss3/eUxwnsfh704epy8rVQ6pJuVU0ihFWHTp583ZvWy73ZrVrtXwXbpa3z4+84vhxXDshHG6W67/XEThG0zQY/zFwopIQC+/LLhn7NAR5SZghdqS7+d4EoW52BZtGW/hZIyGuiWZynZ +ch. 824 IN DNSKEY 256 3 8 AwEAAcbnjesseojqOqAWrNxHDr7aw4jwJkQGfFtWdtr0KQEQApS112QmhbWIZ1yHS8IWbAd4jVGRFQqJ4KZoFW6HdgKfXcfrBQ5QXVfi0gyyZjzwAteOGxAH8NtuqbOwkhT3efDtntJcY+wQIwL5QQKKX/Aw2CvxhmUQxHCNhvsD2HPH +ch. 824 IN RRSIG DNSKEY 8 1 86400 20140303100909 20140116090909 24859 ch. F/gnqCvTxFwFFkUX/YEP4ifda8rSrU1DWEJKrj3lnobrd7LJQJRYwanOXbF0YRbNJWPsDXvw2v8/m9NggNy9EL7/iwR9TB2eNwwDAoZsrDitvmVFWm4ewueWNlXy63P96CyzeiTx37uxh59+PpC/w6+Z8Eb/ce6K714NW5PGg3ZM1ABNVt3VSv1WpbnOHdUKp0WHQtvUxSUh1EBN9OZAi9OsO/e44VmAEICA2qqVYcUR3hdiVBTCn0M+g+afXhTmavsUVSzeEdVtHpRLV7q1rIM2woWFmnhG27VGE+Fx5D7wwj9aC09vr4xADdmlTa05taoX0OKKqO5X1j/kT38SAg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47971 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 2355 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 2355 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 2355 IN RRSIG DS 8 2 3600 20140227194545 20140128190342 47694 ch. fI4xUfXJ/4RwPi0CQUX12gHlmSAh6NLE9AXNRFXv0JX2Jhprq1rwLnbCxZsdU0N27dHSIFeeOSb3b02EdaBKKtBAPegXOIYX67siXHhRnykXjqX0tuHDPWYPeegh7UttVLWi0ZHeBJ6YagYW+9Cu3EyoAhVt5V72rgKzB6cKWK0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48551 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20140218124422 20140119114422 6031 ingotronic.ch. ToVAQwGYFHE7lkZGc3b42RmbJxQgkCq0U/GBj/thBklPY+6ljKhNSKBSXbM6rFpMHGoWC2WAXlDLTLRZJT1mBziFDd2YXyxRItr+oj+FK2zGEYM5+JEUG/TW1XS7LH5y8Uj8RaJuXi76OUYtBG+r0KFidH+ix3dlxg/O43epn8nf3wMwnrJL7EddjuMGSujFjoIM+Fy0CKvu+R5RFyIQn2V7E2Y/ZoSzEn7Ey27IYRc1EiskzUz94opbIQHx0/YkngZpDOSs9P2d8FX7rJVBjy7pxvS6IA8EPytJMEwAEw4agaq9nCEc7M0rdN0knv81qTLZWF/p47m2X13yTGrhOw== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20140218124422 20140119114422 17430 ingotronic.ch. dW820FCc9H0HzcOEihkrGq7W5Cm8y0FXg4xcMWaobHzsX3jI5ResccGi9UnNclE6pXAnu4E7w7d8tOEdih+Eb8rt67eaXOIBReWynMaHkVpAbRASiil755vnCE3SsXathrunUVpRB3QkIVqRhTLGzM+LANC3H8jVXhGVRVy8Dog= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25297 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20140218125024 20140119120700 17430 ingotronic.ch. JE66mSXrbaDE2usJScL/GXUxTXRn+GeO+Fi/iJyajr09aVnqTqd7UEN9eq454rLozFAv4dV3vKQywOI7BDMkM+OfVYQKy/Kro7CcvNpcuo+Tg8kX8ttl1a6C9kjy75wHh09X62TmKhA1a5bksHMs/P3SCTG87cXllmTpot3KlUE= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57018 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20140215023510 20140116021800 16758 nsec3.ingotronic.ch. RT1Lj82phLAEt5Ck6F/vg6VYvgT7Loy7sixOoZC13YCU7tJqe9lZEWWQuDATlvUdMeyApDXjDj0Czy2cDlCxPrtpZANm+/GWGn67+t8MUC2r8rgbVvFWjHFmMrb9nMLsdOajF5m7A9cnPIpFfng7uUqlpBZ7UvvBGtBOy6sRxErdxzr2KY+2B2dLyfGw7z9e04J9F75AC+jdL1Z+R0CSkaYJoroun53OULF8xhNOB9D4pbKx/fcVxVuNx2L8KcpDn2EsHGSkM4eIUo7l3kYx3f4OV0HFIL0pwByqDvc+66HCEcS5OBlEM+Z5EDKS1DGY3DE85RFZpu4sIShqffRB4A== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20140215023510 20140116021800 62417 nsec3.ingotronic.ch. iGelQHd9Eqam20YcJGFoOLn6DTQgkCts5nJrRLRYuDndGNUOcpTt0EcPImOGiDYEk+0TiXXF3jfbKYaZtncsKvwE50m41E4osqdIA/rpJU9GFWwGgQ2EX5uizunyxEM/YzTgjr9+heIW9+MtgPV1NZRp8HPN3Tq96j3VI3lCQxs= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3ForDSMustNotHaveSOA b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3ForDSMustNotHaveSOA new file mode 100644 index 000000000..2df05dceb --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3ForDSMustNotHaveSOA @@ -0,0 +1,38 @@ +#Date: 2014-01-28T22:39:20+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48189 +;; flags: qr aa rd ra ; qd: 1 an: 0 au: 8 ad: 1 +;; QUESTIONS: +;; bogus., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +;hash(bogus.) -> hash(cogus.) +;key is the same as for nsec3.ingotronic.ch. +uroghcuh4jsasbi1f0ompeqpo1fgssvn.bogus. 300 IN NSEC3 1 0 10 1234 k0uipho2c78uta6m47n625jfjbl776m3 NS RRSIG +uroghcuh4jsasbi1f0ompeqpo1fgssvn.bogus. 300 IN RRSIG NSEC3 7 2 300 20140215011722 20140116005424 16758 bogus. D0q5h55pyybGzHMyxnHeFnchmmrEi1mZMuirbvZ/FgSZXN8zp0H5KW4FmOXMNMQwXLwXyYceymusBcGymM1DT3WeJWhds5LG1rqxvjk24Vbvaf/te+Q7aGxIXiEn3l5t3uHEM8m1Z0bc0wURzRLRLjhvaMXFUA06HaORYnEXlRmr3sl5d3BeQIoKtIgOWsdPB6Dk66saDFBAGc/EcWwmwHB6d+SKt1dUcYXYRPbIFL5Xx8EM4PKBE2dhiKi/2SYqQSx8pa8jtxBbBdpx6c/PchRA1zZ1w9V6TtIANSq2Hxrcj8Ey5nmeoR6M1p6r0Wtg46e0EJg0EGYB/rcrGlKilw== + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1051 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; bogus., type = DNSKEY, class = IN + +;; ANSWERS: +bogus. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +bogus. 300 IN RRSIG DNSKEY 7 1 300 20140215011722 20140116005424 16758 bogus. cN174LuYu9b/3QYN/5gA1ByWEjXPRFjIUVdGG1hidB4rPuqzWsvI0tOZ7vcQTC9Lagm9IpEYdczyAZWOJZyb727xYqqAQKsLKy/rzdqsD/ICzX0bs6GDA356dYECzW9eR4SqpX3xtMmttYC4lZ140IcZ6hacUqsjMqsxAfHlBbbyaJIf7QUyagwzG87GRgI42/bv0dL69t+CwfoQu2hR1GUcpUOxqEVUz2oPXy+/Cii3fiL8uJ/e65x/QDlMqTpHQ8f/IqLcYPxs364fitgnvwo7j8nDDORgvNuyGYf6lkuMnlRO70IhFBdjG4wmd8lU3fERLhHPFlLOy9g/lbnivw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_1 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_1 new file mode 100644 index 000000000..1b67cdf1e --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_1 @@ -0,0 +1,158 @@ +#Date: 2014-01-28T22:39:20+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38248 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; www.nsec3.ingotronic.ch., type = MX, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032736 300 60 864000 300 +nsec3.ingotronic.ch. 300 IN RRSIG SOA 7 3 300 20140215042629 20140116032629 62417 nsec3.ingotronic.ch. DaTlmlI5j/Y1XJZtij2jplUmwYCcfcUr7O0fzFwUoP7y/3gjaqeT8YyhD1JJP2Agf1ZwEh2q12lD3ZiYp9RvOmkreWQiDv8zUbykBwNpY9w2ur6qgEZWtLQgB+BqdYUeAVV+EOOq+RfVSZzee+z9E+Pf/sEV4kXTbRTwGS+4XmM= +7L2K0NAC88UN3IJV0404HF7PM543BN3F.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 810L2KR9HCVTELBLO8GQM0EMIM8KD01E CNAME RRSIG +; ^^^^^ +; Replaced from "A AAAA" and manually resigned +7L2K0NAC88UN3IJV0404HF7PM543BN3F.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20140215011722 20140116005424 62417 nsec3.ingotronic.ch. fjkZKkZ/QS3fr27G/YL502r/m5yvAj1H5DozJMFJ1uFbyUO/gTP6L1GF3pijt4BjcqbMz7h3uMUikcDEW+ieAy7G4k0y5uU0quHPJvP7pbslCvEs516UIiAvzKsbK7LTn1Dv4Wau0UkImiWXZwx666M6SNh/etebNngPr0ZwGe4= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 537 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 61065 IN DNSKEY 256 3 8 AwEAAb8sU6pbYMWRbkRnEuEZw9NSir707TkOcF+UL1XiK4NDJOvXRyX195Am5dQ7bRnnuySZ3daf37vvjUUhuIWUAQ4stht8nJfYxVQXDYjSpGH5I6Hf/0CZEoNP6cNvrQ7AFmKkmv00xWExKQjbvnRPI4bqpMwtHVzn6WybBZ6kuqED +. 61065 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 61065 IN RRSIG DNSKEY 8 0 172800 20140204235959 20140121000000 19036 . naUK900bmMkwXGEUg2wDRHVLN5vPQCU5l9LE3ZwiShbOze9KpWtFCluZ8v2G6Xlm35vNK+sq4B/UV/PVS9f4FhLgfQKJSThpAT8CqMOdvLgu+sTQ4bp+ve1h9sK3T20xjs3khQ16D4mDNUK+sdGEHpBJu7RlBGlprD9Xa8yE8CSkR/WFDm91wIU7AoTdqCz9Lkb1TFavj8SrSjQXYt/H+xwy8VzKxfxL/f9Lm70bfLmW8ZVRKjT12cbs+7TxG4IwP/W0TiTq7oa2fDESKJq3mAHOTifHl3cTG5DO7nldesDPcxWD4UZxYMz1teSlKSNgQGdcUVHIeMkhh1pBnfnCBA== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10015 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 824 IN DS 24859 8 2 9AFD21261EAF98AFD7E24E89BE6B25767F93EB401C6C3DF21342F40EE82DCCF0 +ch. 824 IN RRSIG DS 8 1 86400 20140203000000 20140126230000 33655 . vdEmh6O0rGMUcX5EDZtUAT/D7jadckSXdN9YILrNJZj32Xl7BwJOzvvI2nXngmG/o6KdxMqh+Cldp0alYKUvWXX3A16xIp89aLkxlyBWM84t1Bt8V0XPHFZJDCznfVvYhFYG0tnUpABg6F3rGiDwk2woCmFPTeZMjPgWk4p2IDI= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46537 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 824 IN DNSKEY 257 3 8 AwEAAb5bW5/VfwMAh4475ab4xxrFwc7RIbAoKOABByzbIDMODUlQz1MQLlrI/z4SYANynrDCevw2f1f2ROUzriZpqwqiTN2w3K3GJrk7yZ+1e8OhI2uaGsxKVnTyxKiyzPlC9OLilEsZ4oLGoUIksfJgdDY9+Nj1971H1XS1eDNViJ6kSxgnbxH5tnHl5s75Wfzq8GxSyMu5KxoYbCGT/mvU5ZyZccULQUe/f11FE5JazLf9TgtyDSyWdCFRWl6mdIAR7lVCY82jtN0+Mhzp1PYF/YK3IReKs9P0vijM8qYDXem0NNSzse9lk7SiJWc02vVo/QmfxqTVkNrv2Fcg7fUoiCk= +ch. 824 IN DNSKEY 256 3 8 AwEAAfRZWbfzfBEayMyl/GmDY+e9zmYPNLVlfss3/eUxwnsfh704epy8rVQ6pJuVU0ihFWHTp583ZvWy73ZrVrtXwXbpa3z4+84vhxXDshHG6W67/XEThG0zQY/zFwopIQC+/LLhn7NAR5SZghdqS7+d4EoW52BZtGW/hZIyGuiWZynZ +ch. 824 IN DNSKEY 256 3 8 AwEAAcbnjesseojqOqAWrNxHDr7aw4jwJkQGfFtWdtr0KQEQApS112QmhbWIZ1yHS8IWbAd4jVGRFQqJ4KZoFW6HdgKfXcfrBQ5QXVfi0gyyZjzwAteOGxAH8NtuqbOwkhT3efDtntJcY+wQIwL5QQKKX/Aw2CvxhmUQxHCNhvsD2HPH +ch. 824 IN RRSIG DNSKEY 8 1 86400 20140303100909 20140116090909 24859 ch. F/gnqCvTxFwFFkUX/YEP4ifda8rSrU1DWEJKrj3lnobrd7LJQJRYwanOXbF0YRbNJWPsDXvw2v8/m9NggNy9EL7/iwR9TB2eNwwDAoZsrDitvmVFWm4ewueWNlXy63P96CyzeiTx37uxh59+PpC/w6+Z8Eb/ce6K714NW5PGg3ZM1ABNVt3VSv1WpbnOHdUKp0WHQtvUxSUh1EBN9OZAi9OsO/e44VmAEICA2qqVYcUR3hdiVBTCn0M+g+afXhTmavsUVSzeEdVtHpRLV7q1rIM2woWFmnhG27VGE+Fx5D7wwj9aC09vr4xADdmlTa05taoX0OKKqO5X1j/kT38SAg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47971 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 2355 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 2355 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 2355 IN RRSIG DS 8 2 3600 20140227194545 20140128190342 47694 ch. fI4xUfXJ/4RwPi0CQUX12gHlmSAh6NLE9AXNRFXv0JX2Jhprq1rwLnbCxZsdU0N27dHSIFeeOSb3b02EdaBKKtBAPegXOIYX67siXHhRnykXjqX0tuHDPWYPeegh7UttVLWi0ZHeBJ6YagYW+9Cu3EyoAhVt5V72rgKzB6cKWK0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48551 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20140218124422 20140119114422 6031 ingotronic.ch. ToVAQwGYFHE7lkZGc3b42RmbJxQgkCq0U/GBj/thBklPY+6ljKhNSKBSXbM6rFpMHGoWC2WAXlDLTLRZJT1mBziFDd2YXyxRItr+oj+FK2zGEYM5+JEUG/TW1XS7LH5y8Uj8RaJuXi76OUYtBG+r0KFidH+ix3dlxg/O43epn8nf3wMwnrJL7EddjuMGSujFjoIM+Fy0CKvu+R5RFyIQn2V7E2Y/ZoSzEn7Ey27IYRc1EiskzUz94opbIQHx0/YkngZpDOSs9P2d8FX7rJVBjy7pxvS6IA8EPytJMEwAEw4agaq9nCEc7M0rdN0knv81qTLZWF/p47m2X13yTGrhOw== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20140218124422 20140119114422 17430 ingotronic.ch. dW820FCc9H0HzcOEihkrGq7W5Cm8y0FXg4xcMWaobHzsX3jI5ResccGi9UnNclE6pXAnu4E7w7d8tOEdih+Eb8rt67eaXOIBReWynMaHkVpAbRASiil755vnCE3SsXathrunUVpRB3QkIVqRhTLGzM+LANC3H8jVXhGVRVy8Dog= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25297 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20140218125024 20140119120700 17430 ingotronic.ch. JE66mSXrbaDE2usJScL/GXUxTXRn+GeO+Fi/iJyajr09aVnqTqd7UEN9eq454rLozFAv4dV3vKQywOI7BDMkM+OfVYQKy/Kro7CcvNpcuo+Tg8kX8ttl1a6C9kjy75wHh09X62TmKhA1a5bksHMs/P3SCTG87cXllmTpot3KlUE= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57018 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20140215023510 20140116021800 16758 nsec3.ingotronic.ch. RT1Lj82phLAEt5Ck6F/vg6VYvgT7Loy7sixOoZC13YCU7tJqe9lZEWWQuDATlvUdMeyApDXjDj0Czy2cDlCxPrtpZANm+/GWGn67+t8MUC2r8rgbVvFWjHFmMrb9nMLsdOajF5m7A9cnPIpFfng7uUqlpBZ7UvvBGtBOy6sRxErdxzr2KY+2B2dLyfGw7z9e04J9F75AC+jdL1Z+R0CSkaYJoroun53OULF8xhNOB9D4pbKx/fcVxVuNx2L8KcpDn2EsHGSkM4eIUo7l3kYx3f4OV0HFIL0pwByqDvc+66HCEcS5OBlEM+Z5EDKS1DGY3DE85RFZpu4sIShqffRB4A== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20140215023510 20140116021800 62417 nsec3.ingotronic.ch. iGelQHd9Eqam20YcJGFoOLn6DTQgkCts5nJrRLRYuDndGNUOcpTt0EcPImOGiDYEk+0TiXXF3jfbKYaZtncsKvwE50m41E4osqdIA/rpJU9GFWwGgQ2EX5uizunyxEM/YzTgjr9+heIW9+MtgPV1NZRp8HPN3Tq96j3VI3lCQxs= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_2 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_2 new file mode 100644 index 000000000..23f0d0bbc --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_2 @@ -0,0 +1,158 @@ +#Date: 2014-01-28T22:39:20+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48189 +;; flags: qr aa rd ra ; qd: 1 an: 0 au: 8 ad: 1 +;; QUESTIONS: +;; sub.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032736 300 60 864000 300 +nsec3.ingotronic.ch. 300 IN RRSIG SOA 7 3 300 20140215042629 20140116032629 62417 nsec3.ingotronic.ch. DaTlmlI5j/Y1XJZtij2jplUmwYCcfcUr7O0fzFwUoP7y/3gjaqeT8YyhD1JJP2Agf1ZwEh2q12lD3ZiYp9RvOmkreWQiDv8zUbykBwNpY9w2ur6qgEZWtLQgB+BqdYUeAVV+EOOq+RfVSZzee+z9E+Pf/sEV4kXTbRTwGS+4XmM= + +;hash(sub.nsec3.ingotronic.ch.), taken from parent zone +5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 74SO0776K6C87EPASDU8QK8SROIK00KK NS DS RRSIG +5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20140215011722 20140116005424 62417 nsec3.ingotronic.ch. uen8Xh6XJzE+0Xw3vTOCt9w8B5TQ4w7VyLZtUIZaXkq2kS4xpwIiEw5YgrvR0YdlffhZi2IncBm9mxK7utPfz4GDyHurOZWQXzZS1umh8C0YiLwMjP7RybYakurL6BAJHh685XBTyVkUmbxcZ0udVvIwhvzqTamMj+0m04S20+4= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1051 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 61065 IN DNSKEY 256 3 8 AwEAAb8sU6pbYMWRbkRnEuEZw9NSir707TkOcF+UL1XiK4NDJOvXRyX195Am5dQ7bRnnuySZ3daf37vvjUUhuIWUAQ4stht8nJfYxVQXDYjSpGH5I6Hf/0CZEoNP6cNvrQ7AFmKkmv00xWExKQjbvnRPI4bqpMwtHVzn6WybBZ6kuqED +. 61065 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 61065 IN RRSIG DNSKEY 8 0 172800 20140204235959 20140121000000 19036 . naUK900bmMkwXGEUg2wDRHVLN5vPQCU5l9LE3ZwiShbOze9KpWtFCluZ8v2G6Xlm35vNK+sq4B/UV/PVS9f4FhLgfQKJSThpAT8CqMOdvLgu+sTQ4bp+ve1h9sK3T20xjs3khQ16D4mDNUK+sdGEHpBJu7RlBGlprD9Xa8yE8CSkR/WFDm91wIU7AoTdqCz9Lkb1TFavj8SrSjQXYt/H+xwy8VzKxfxL/f9Lm70bfLmW8ZVRKjT12cbs+7TxG4IwP/W0TiTq7oa2fDESKJq3mAHOTifHl3cTG5DO7nldesDPcxWD4UZxYMz1teSlKSNgQGdcUVHIeMkhh1pBnfnCBA== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10015 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 824 IN DS 24859 8 2 9AFD21261EAF98AFD7E24E89BE6B25767F93EB401C6C3DF21342F40EE82DCCF0 +ch. 824 IN RRSIG DS 8 1 86400 20140203000000 20140126230000 33655 . vdEmh6O0rGMUcX5EDZtUAT/D7jadckSXdN9YILrNJZj32Xl7BwJOzvvI2nXngmG/o6KdxMqh+Cldp0alYKUvWXX3A16xIp89aLkxlyBWM84t1Bt8V0XPHFZJDCznfVvYhFYG0tnUpABg6F3rGiDwk2woCmFPTeZMjPgWk4p2IDI= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46537 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 824 IN DNSKEY 257 3 8 AwEAAb5bW5/VfwMAh4475ab4xxrFwc7RIbAoKOABByzbIDMODUlQz1MQLlrI/z4SYANynrDCevw2f1f2ROUzriZpqwqiTN2w3K3GJrk7yZ+1e8OhI2uaGsxKVnTyxKiyzPlC9OLilEsZ4oLGoUIksfJgdDY9+Nj1971H1XS1eDNViJ6kSxgnbxH5tnHl5s75Wfzq8GxSyMu5KxoYbCGT/mvU5ZyZccULQUe/f11FE5JazLf9TgtyDSyWdCFRWl6mdIAR7lVCY82jtN0+Mhzp1PYF/YK3IReKs9P0vijM8qYDXem0NNSzse9lk7SiJWc02vVo/QmfxqTVkNrv2Fcg7fUoiCk= +ch. 824 IN DNSKEY 256 3 8 AwEAAfRZWbfzfBEayMyl/GmDY+e9zmYPNLVlfss3/eUxwnsfh704epy8rVQ6pJuVU0ihFWHTp583ZvWy73ZrVrtXwXbpa3z4+84vhxXDshHG6W67/XEThG0zQY/zFwopIQC+/LLhn7NAR5SZghdqS7+d4EoW52BZtGW/hZIyGuiWZynZ +ch. 824 IN DNSKEY 256 3 8 AwEAAcbnjesseojqOqAWrNxHDr7aw4jwJkQGfFtWdtr0KQEQApS112QmhbWIZ1yHS8IWbAd4jVGRFQqJ4KZoFW6HdgKfXcfrBQ5QXVfi0gyyZjzwAteOGxAH8NtuqbOwkhT3efDtntJcY+wQIwL5QQKKX/Aw2CvxhmUQxHCNhvsD2HPH +ch. 824 IN RRSIG DNSKEY 8 1 86400 20140303100909 20140116090909 24859 ch. F/gnqCvTxFwFFkUX/YEP4ifda8rSrU1DWEJKrj3lnobrd7LJQJRYwanOXbF0YRbNJWPsDXvw2v8/m9NggNy9EL7/iwR9TB2eNwwDAoZsrDitvmVFWm4ewueWNlXy63P96CyzeiTx37uxh59+PpC/w6+Z8Eb/ce6K714NW5PGg3ZM1ABNVt3VSv1WpbnOHdUKp0WHQtvUxSUh1EBN9OZAi9OsO/e44VmAEICA2qqVYcUR3hdiVBTCn0M+g+afXhTmavsUVSzeEdVtHpRLV7q1rIM2woWFmnhG27VGE+Fx5D7wwj9aC09vr4xADdmlTa05taoX0OKKqO5X1j/kT38SAg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47971 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 2355 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 2355 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 2355 IN RRSIG DS 8 2 3600 20140227194545 20140128190342 47694 ch. fI4xUfXJ/4RwPi0CQUX12gHlmSAh6NLE9AXNRFXv0JX2Jhprq1rwLnbCxZsdU0N27dHSIFeeOSb3b02EdaBKKtBAPegXOIYX67siXHhRnykXjqX0tuHDPWYPeegh7UttVLWi0ZHeBJ6YagYW+9Cu3EyoAhVt5V72rgKzB6cKWK0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48551 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20140218124422 20140119114422 6031 ingotronic.ch. ToVAQwGYFHE7lkZGc3b42RmbJxQgkCq0U/GBj/thBklPY+6ljKhNSKBSXbM6rFpMHGoWC2WAXlDLTLRZJT1mBziFDd2YXyxRItr+oj+FK2zGEYM5+JEUG/TW1XS7LH5y8Uj8RaJuXi76OUYtBG+r0KFidH+ix3dlxg/O43epn8nf3wMwnrJL7EddjuMGSujFjoIM+Fy0CKvu+R5RFyIQn2V7E2Y/ZoSzEn7Ey27IYRc1EiskzUz94opbIQHx0/YkngZpDOSs9P2d8FX7rJVBjy7pxvS6IA8EPytJMEwAEw4agaq9nCEc7M0rdN0knv81qTLZWF/p47m2X13yTGrhOw== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20140218124422 20140119114422 17430 ingotronic.ch. dW820FCc9H0HzcOEihkrGq7W5Cm8y0FXg4xcMWaobHzsX3jI5ResccGi9UnNclE6pXAnu4E7w7d8tOEdih+Eb8rt67eaXOIBReWynMaHkVpAbRASiil755vnCE3SsXathrunUVpRB3QkIVqRhTLGzM+LANC3H8jVXhGVRVy8Dog= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25297 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20140218125024 20140119120700 17430 ingotronic.ch. JE66mSXrbaDE2usJScL/GXUxTXRn+GeO+Fi/iJyajr09aVnqTqd7UEN9eq454rLozFAv4dV3vKQywOI7BDMkM+OfVYQKy/Kro7CcvNpcuo+Tg8kX8ttl1a6C9kjy75wHh09X62TmKhA1a5bksHMs/P3SCTG87cXllmTpot3KlUE= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57018 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20140215023510 20140116021800 16758 nsec3.ingotronic.ch. RT1Lj82phLAEt5Ck6F/vg6VYvgT7Loy7sixOoZC13YCU7tJqe9lZEWWQuDATlvUdMeyApDXjDj0Czy2cDlCxPrtpZANm+/GWGn67+t8MUC2r8rgbVvFWjHFmMrb9nMLsdOajF5m7A9cnPIpFfng7uUqlpBZ7UvvBGtBOy6sRxErdxzr2KY+2B2dLyfGw7z9e04J9F75AC+jdL1Z+R0CSkaYJoroun53OULF8xhNOB9D4pbKx/fcVxVuNx2L8KcpDn2EsHGSkM4eIUo7l3kYx3f4OV0HFIL0pwByqDvc+66HCEcS5OBlEM+Z5EDKS1DGY3DE85RFZpu4sIShqffRB4A== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20140215023510 20140116021800 62417 nsec3.ingotronic.ch. iGelQHd9Eqam20YcJGFoOLn6DTQgkCts5nJrRLRYuDndGNUOcpTt0EcPImOGiDYEk+0TiXXF3jfbKYaZtncsKvwE50m41E4osqdIA/rpJU9GFWwGgQ2EX5uizunyxEM/YzTgjr9+heIW9+MtgPV1NZRp8HPN3Tq96j3VI3lCQxs= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_3 new file mode 100644 index 000000000..604bc5a04 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_3 @@ -0,0 +1,158 @@ +#Date: 2014-01-28T22:39:20+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48189 +;; flags: qr aa rd ra ; qd: 1 an: 0 au: 8 ad: 1 +;; QUESTIONS: +;; sub.nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032736 300 60 864000 300 +nsec3.ingotronic.ch. 300 IN RRSIG SOA 7 3 300 20140215042629 20140116032629 62417 nsec3.ingotronic.ch. DaTlmlI5j/Y1XJZtij2jplUmwYCcfcUr7O0fzFwUoP7y/3gjaqeT8YyhD1JJP2Agf1ZwEh2q12lD3ZiYp9RvOmkreWQiDv8zUbykBwNpY9w2ur6qgEZWtLQgB+BqdYUeAVV+EOOq+RfVSZzee+z9E+Pf/sEV4kXTbRTwGS+4XmM= + +;hash(sub.nsec3.ingotronic.ch.), taken from parent zone +5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 74SO0776K6C87EPASDU8QK8SROIK00KK NS SOA RRSIG +5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20140215011722 20140116005424 62417 nsec3.ingotronic.ch. FdU0H+o81azPLo4Enzj5BZHEeU/kKDIQiPQ/UIWB0NO5VDDNqn4eH+3klmMtElS0nhi/0PDN14SrPVPUaRYO9E9kw4/9XEaHmO5nn0uqYF5tERlgx3uJmJ/89Pg8Ai1bQkLi+FpeOS/Vvnj73GYy+eOItcRfatv67wY57eRQA6w= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1051 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60551 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 61065 IN DNSKEY 256 3 8 AwEAAb8sU6pbYMWRbkRnEuEZw9NSir707TkOcF+UL1XiK4NDJOvXRyX195Am5dQ7bRnnuySZ3daf37vvjUUhuIWUAQ4stht8nJfYxVQXDYjSpGH5I6Hf/0CZEoNP6cNvrQ7AFmKkmv00xWExKQjbvnRPI4bqpMwtHVzn6WybBZ6kuqED +. 61065 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 61065 IN RRSIG DNSKEY 8 0 172800 20140204235959 20140121000000 19036 . naUK900bmMkwXGEUg2wDRHVLN5vPQCU5l9LE3ZwiShbOze9KpWtFCluZ8v2G6Xlm35vNK+sq4B/UV/PVS9f4FhLgfQKJSThpAT8CqMOdvLgu+sTQ4bp+ve1h9sK3T20xjs3khQ16D4mDNUK+sdGEHpBJu7RlBGlprD9Xa8yE8CSkR/WFDm91wIU7AoTdqCz9Lkb1TFavj8SrSjQXYt/H+xwy8VzKxfxL/f9Lm70bfLmW8ZVRKjT12cbs+7TxG4IwP/W0TiTq7oa2fDESKJq3mAHOTifHl3cTG5DO7nldesDPcxWD4UZxYMz1teSlKSNgQGdcUVHIeMkhh1pBnfnCBA== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10015 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 824 IN DS 24859 8 2 9AFD21261EAF98AFD7E24E89BE6B25767F93EB401C6C3DF21342F40EE82DCCF0 +ch. 824 IN RRSIG DS 8 1 86400 20140203000000 20140126230000 33655 . vdEmh6O0rGMUcX5EDZtUAT/D7jadckSXdN9YILrNJZj32Xl7BwJOzvvI2nXngmG/o6KdxMqh+Cldp0alYKUvWXX3A16xIp89aLkxlyBWM84t1Bt8V0XPHFZJDCznfVvYhFYG0tnUpABg6F3rGiDwk2woCmFPTeZMjPgWk4p2IDI= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46537 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 824 IN DNSKEY 257 3 8 AwEAAb5bW5/VfwMAh4475ab4xxrFwc7RIbAoKOABByzbIDMODUlQz1MQLlrI/z4SYANynrDCevw2f1f2ROUzriZpqwqiTN2w3K3GJrk7yZ+1e8OhI2uaGsxKVnTyxKiyzPlC9OLilEsZ4oLGoUIksfJgdDY9+Nj1971H1XS1eDNViJ6kSxgnbxH5tnHl5s75Wfzq8GxSyMu5KxoYbCGT/mvU5ZyZccULQUe/f11FE5JazLf9TgtyDSyWdCFRWl6mdIAR7lVCY82jtN0+Mhzp1PYF/YK3IReKs9P0vijM8qYDXem0NNSzse9lk7SiJWc02vVo/QmfxqTVkNrv2Fcg7fUoiCk= +ch. 824 IN DNSKEY 256 3 8 AwEAAfRZWbfzfBEayMyl/GmDY+e9zmYPNLVlfss3/eUxwnsfh704epy8rVQ6pJuVU0ihFWHTp583ZvWy73ZrVrtXwXbpa3z4+84vhxXDshHG6W67/XEThG0zQY/zFwopIQC+/LLhn7NAR5SZghdqS7+d4EoW52BZtGW/hZIyGuiWZynZ +ch. 824 IN DNSKEY 256 3 8 AwEAAcbnjesseojqOqAWrNxHDr7aw4jwJkQGfFtWdtr0KQEQApS112QmhbWIZ1yHS8IWbAd4jVGRFQqJ4KZoFW6HdgKfXcfrBQ5QXVfi0gyyZjzwAteOGxAH8NtuqbOwkhT3efDtntJcY+wQIwL5QQKKX/Aw2CvxhmUQxHCNhvsD2HPH +ch. 824 IN RRSIG DNSKEY 8 1 86400 20140303100909 20140116090909 24859 ch. F/gnqCvTxFwFFkUX/YEP4ifda8rSrU1DWEJKrj3lnobrd7LJQJRYwanOXbF0YRbNJWPsDXvw2v8/m9NggNy9EL7/iwR9TB2eNwwDAoZsrDitvmVFWm4ewueWNlXy63P96CyzeiTx37uxh59+PpC/w6+Z8Eb/ce6K714NW5PGg3ZM1ABNVt3VSv1WpbnOHdUKp0WHQtvUxSUh1EBN9OZAi9OsO/e44VmAEICA2qqVYcUR3hdiVBTCn0M+g+afXhTmavsUVSzeEdVtHpRLV7q1rIM2woWFmnhG27VGE+Fx5D7wwj9aC09vr4xADdmlTa05taoX0OKKqO5X1j/kT38SAg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47971 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 2355 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 2355 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 2355 IN RRSIG DS 8 2 3600 20140227194545 20140128190342 47694 ch. fI4xUfXJ/4RwPi0CQUX12gHlmSAh6NLE9AXNRFXv0JX2Jhprq1rwLnbCxZsdU0N27dHSIFeeOSb3b02EdaBKKtBAPegXOIYX67siXHhRnykXjqX0tuHDPWYPeegh7UttVLWi0ZHeBJ6YagYW+9Cu3EyoAhVt5V72rgKzB6cKWK0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48551 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20140218124422 20140119114422 6031 ingotronic.ch. ToVAQwGYFHE7lkZGc3b42RmbJxQgkCq0U/GBj/thBklPY+6ljKhNSKBSXbM6rFpMHGoWC2WAXlDLTLRZJT1mBziFDd2YXyxRItr+oj+FK2zGEYM5+JEUG/TW1XS7LH5y8Uj8RaJuXi76OUYtBG+r0KFidH+ix3dlxg/O43epn8nf3wMwnrJL7EddjuMGSujFjoIM+Fy0CKvu+R5RFyIQn2V7E2Y/ZoSzEn7Ey27IYRc1EiskzUz94opbIQHx0/YkngZpDOSs9P2d8FX7rJVBjy7pxvS6IA8EPytJMEwAEw4agaq9nCEc7M0rdN0knv81qTLZWF/p47m2X13yTGrhOw== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20140218124422 20140119114422 17430 ingotronic.ch. dW820FCc9H0HzcOEihkrGq7W5Cm8y0FXg4xcMWaobHzsX3jI5ResccGi9UnNclE6pXAnu4E7w7d8tOEdih+Eb8rt67eaXOIBReWynMaHkVpAbRASiil755vnCE3SsXathrunUVpRB3QkIVqRhTLGzM+LANC3H8jVXhGVRVy8Dog= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25297 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20140218125024 20140119120700 17430 ingotronic.ch. JE66mSXrbaDE2usJScL/GXUxTXRn+GeO+Fi/iJyajr09aVnqTqd7UEN9eq454rLozFAv4dV3vKQywOI7BDMkM+OfVYQKy/Kro7CcvNpcuo+Tg8kX8ttl1a6C9kjy75wHh09X62TmKhA1a5bksHMs/P3SCTG87cXllmTpot3KlUE= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57018 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20140215023510 20140116021800 16758 nsec3.ingotronic.ch. RT1Lj82phLAEt5Ck6F/vg6VYvgT7Loy7sixOoZC13YCU7tJqe9lZEWWQuDATlvUdMeyApDXjDj0Czy2cDlCxPrtpZANm+/GWGn67+t8MUC2r8rgbVvFWjHFmMrb9nMLsdOajF5m7A9cnPIpFfng7uUqlpBZ7UvvBGtBOy6sRxErdxzr2KY+2B2dLyfGw7z9e04J9F75AC+jdL1Z+R0CSkaYJoroun53OULF8xhNOB9D4pbKx/fcVxVuNx2L8KcpDn2EsHGSkM4eIUo7l3kYx3f4OV0HFIL0pwByqDvc+66HCEcS5OBlEM+Z5EDKS1DGY3DE85RFZpu4sIShqffRB4A== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20140215023510 20140116021800 62417 nsec3.ingotronic.ch. iGelQHd9Eqam20YcJGFoOLn6DTQgkCts5nJrRLRYuDndGNUOcpTt0EcPImOGiDYEk+0TiXXF3jfbKYaZtncsKvwE50m41E4osqdIA/rpJU9GFWwGgQ2EX5uizunyxEM/YzTgjr9+heIW9+MtgPV1NZRp8HPN3Tq96j3VI3lCQxs= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_4 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_4 new file mode 100644 index 000000000..db7fcabd7 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNodataNsec3_4 @@ -0,0 +1,197 @@ +#Date: 2013-08-04T20:43:22+02:00 + +# This is data for a constructed test: when a zone switches from signed to +# unsigned AND a resolver incorrectly returns data from the delegation point +# (instead of from the delegated child), the zone must be treated as insecure + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52489 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 162318 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 162318 IN DNSKEY 256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf +. 162318 IN RRSIG DNSKEY 8 0 172800 20130814235959 20130731000000 19036 . UUzEZTh+YdFwAThMqKdbiTJYoOYY2FoAwFanVv47w2lc9NTTz7Fb6wtnj/rb47ZtAdIGcBAlh5AWz1UisSIxW1f3bLXdHyaS6YlAZ8shdw5VMktJXrFlnnu8ibOdA8yADMuLvUARHknh9Ri78Po4CwvEdMA+FYha1YyHgm7j0DeqI2ZuRNhXqjF6p+u4Z9zqXjIDq29pog2eZI0NDUQ0EMpLpDuo0PdbbGh7QRiRjeSJ/Oqfb6FrWCn4J14NS6CctKRaumyHiN+SsGx/W+fCsODLkRb0WAVaAIytzNYT8R666eui0c7hnI4imUDUOC0unyj/396zZ1YWHCUgAyJIGg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63054 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 75918 IN DS 22072 8 2 94E4C1E425B28150D8DD7C974E27E1A933C1D4B51E535177B52DFF3F807A8C94 +ch. 75918 IN RRSIG DS 8 1 86400 20130811000000 20130803230000 49656 . oyIAnRmpT1taLwIrZg0/WV3iqMBiWSNjIAXWZkoO9wp+cr0kMeVcrhrXYHAOTqGsL301YtMAT43BAPq9Cq0CZ4sD5K6OFOzo284SigLicuuWo0eEakJFdeYObB/+9wOERyN4iMVryjIl7GMz3D+UgLWrYMWWDDyVbmAm7ZY/3zs= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1681 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 75919 IN DNSKEY 257 3 8 AwEAAeP0/M59JL65K0YWD0W+8k8x1T79hM4W2pi7cx0CxQULRd3udQnf/8ymUbKsPfVDMCXLQwW2evWHRu4B/OKnkRzDQsev7prdJ5UxAHWF4oFsWpGYx+A7WbqllTlmMFkV8bNz6TW6Trl4+RaLirt3ofRUFrJKyKCyNCKkxbtpFO6p6vP5K8V3CW854NndF3D/Xjz0s3nwd3dLwW3XVqi705mhJBvCSeorgsKMcY3PCBG6U5Twj/akb6P8I2nmoGsrIbtmvGk191zV5o4i8RTjk5DI6FcO5GL0J1w9sAiVYfXlN8wdyr90kqO6MGcvSQEItJCTaljyRT53bekbUhdRE50= +ch. 75919 IN DNSKEY 256 3 8 AwEAAaANwH4naX1c6xHWHYuFVHa7PLc9n7BPL8J3sa2LqKuQvQ1aTu3hIYAsO6c5wlDp4Pgw8HejPdEZC/VRBtHkXeWfe84IJ2731IQYjQGyD4rKq/L9VjD9bMlSjj6RtI7t4ItzEPlsSEEmEtXFLt8IDzq0xc2tQcec9PsfvvV5jIWN +ch. 75919 IN DNSKEY 256 3 8 AwEAAdmE6uljIBh3EdgS3jWT87HtnwhYwP/9/ciJH87VtWMSR8jtMqbr2CFWRFdO9sTIuQ27sOwYe24TXbHt2TBUR4EBiDuzVD+Oj7ikYK1hM0LslL0fYfCJZKVM2SCHnsdh2ExZda/o0v+HtVtRdL7MbTADGue+xGQg6MzvavRd8D2p +ch. 75919 IN RRSIG DNSKEY 8 1 86400 20130904100909 20130720090909 22072 ch. 1DIfkQfa6JMWoGs+y6vAwZ4F9Vf698b3hOpSgw3/Y3cdF/GqINRDQqiMi8OzGX5wV38QrBIG4wTCqHLB51VlHh2MHhU6F45eR/oA62LP6mmdIEuuG6hv2RuUj9S09r3eedr34ETjv8mRkydqekOFDqJaDG8t+B5EVku/94FU81x0pma05wEOvl5+IWQ62YqVuuzqd+Zz8+bObx5X74VAATC053XSftqbih0NJ65dWptOyyqs7MCvTXVpyWf5ipkfULexCWi9pjY7EuviTcJjdhwndiURl+uwMyzfMmf5XBREvJE03t/Cd1Xp9Ee3Iot2rXOpbQ83tUw3xqsgtGkfMg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34393 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3583 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3583 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3583 IN RRSIG DS 8 2 3600 20130831110238 20130801120230 27249 ch. rhEK+na/h6EbbDBbOCBb2igPPPnkwKqKsJ1tAn11PLrrOoXkJs3Ke9LM/y6vxebH03H4gCJtS8VAavyzKWM7tzeraZP1oWlK6g855PeAwGyGYxtT6JVvwlwaFXQqLVoLNJy60eTobRQyKy0OqdDRHm0W/frnPPkM/zXLTr5g9pY= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40418 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20130902082432 20130803075649 6031 ingotronic.ch. XYDiDlvzokZfrlCk+ZfvBof8cbStGsDqd8YCOtBf/rvnAOWTdV1LGQ1LxE64udTObpKM/+oRgCWFcULnajdwljH2vRw6ZnY/VQAE3QmyNNQHTCQYfOkoYGzUrOQZ9QwTFQaP7FXc/kx0pJwvswhg/cC1WFy/PEM3ydfzYBTSthFxs2G5ZbONUR30jVRq1fjBkjh/+ev6HQZAy8MfIZRM8AvIWEJUOEYJuP8pkwbJaE2Mp70aA6SYULVLLTY9g0LxwtLnv9SpdEOr4w2nz6BQ195BG4Ky6t5vQya2J3LAcpxovooopUMLfM3Tvwarr4Otz2HVAzn95UmA36h5Yvo+WA== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20130902082432 20130803075649 17430 ingotronic.ch. jwsrJ+V3kqYu2PTsgEokovbFlT+kLgTCPrw5iVXy5F+iTnwxUt5Mq+RkJ58nuKGdqjLTGZIjSybO1vVRdrMU7xyby17pSI1wc0TE5yeJnXhQQgYLh074bPvVfL4vzslX8Ab8U+JL5zo0/PnrVZhswjJLsrddpzlgGbkTQmcgKiM= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30648 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20130902081456 20130803072435 17430 ingotronic.ch. ma2SzHd/Al7dZdivV0/D0M616DPN5bYQmUJMERLum+Dhw38Rl2/KbeBUiFsfamyBFsNLuG272Q35rZlOn62tmko/ysg7vttsZwqDsXXurAz53k4+7OISHYJ2kDFaLRxa5rGoKreCQ+YmiCMGGKtuFTtyoZb36Sl3cXbAKJRhIL0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11577 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20130903154645 20130804144645 16758 nsec3.ingotronic.ch. emr2IJwIyRsu/o9tX2w3PLYc1Z4u3quRUBfbrWgTbMe02YpCDieyp7+f/IxmRspKvUpEIp+c0pcpIj0oHNL0ve2rfq9n5WPpwaYaJ3KycCFWF+iWwEAzzOyNdxdLwqsLdhN5rTX1lNTexak0czJXa7XXqiqdqLnfFr+xz610UfZ0R/dZdbdwsoUBrGd9bfTg6RCDzO2YJf6TKCT6Yn1s3fDnRYgb8RGCVOO0S6r38hqXxEqLoaNVnj8Qjd3pi1PpKnZf6/xrhV1+cJRoUtl7G1gK9aXwkn93KNqurrvialvw/0vP7OM1+WJauq2mXcdFQ8huQmCHRlm9QRWreorPxQ== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20130903154645 20130804144645 62417 nsec3.ingotronic.ch. kMYZ2Xsa+n2x9vmiOYIIZqBp5S5IIeZVd6CmQNWY0UeztIhAH1xM2XEAXPbAZ5GqXjwtvWIir4+5S/U0IS4PwNOcTmysOX/jrsZVDDwpoidBoxTjnvD30pqTH9RkuiK9t5FpQYxNLmF8B6T4hK01g+OXC80QzBX4LEu8O4KDJ+8= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14675 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 +;; QUESTIONS: +;; a.unsigned.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 S5OG9G30J61V17I3RN5MPOG1VDUL8TMS NS +S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20130903151143 20130804144753 62417 nsec3.ingotronic.ch. sgwh2RSVYzkVYQJUNd7y/yZZRIMpkscaTgKPFxBSSx+R0Qtl8gfCicRtM4C0XRtPEQdxXLAWGnh1YsqBASpMFNw6nlDBWNQpe6ctBLPLTLcNkCu6Yxi4Y6ouYAHlt/8rJy29mgyqZ1ViOVRAds+Oloomjvg/JDbiOZKw4c/Rsq4= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 105 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14675 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 +;; QUESTIONS: +;; unsigned.nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +unsigned.nsec3.ingotronic.ch. 300 DS 23829 7 1 902429770AEE28DCBC72350E8BC260AFF4F239C5 +unsigned.nsec3.ingotronic.ch. 300 DS 23829 7 2 20B0949D09A8FE56C33BE9835B46DE749598FFE20AB4897A1D2ACCCC94A96DF7 +unsigned.nsec3.ingotronic.ch. 300 RRSIG DS 7 4 300 20130903175754 20130804175754 62417 nsec3.ingotronic.ch. uERbvGIS0r3tBJy3rGBFc21bE6ySOCE48zhxgM0mJHj3Y4UzGuhSK14cR0cZpCcZXAIvSlYBsJ7UQOu4U6Flf6Ep/Wzm7iitfOvGYfROFrbHVLsDwH06l08UueFSQK8TfueiNo9D+glxhqercts30j6ZEYwcDXE+HcHnQrR7k+o= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + + +############################################### + +# constructed response here: the NSEC3 is from the delegating zone for the +# child zone +# hash(n=unsigned.nsec3.ingotronic.ch.,it=10,s=1234)=s4k4ekrnhmvobs9ff9m8v911bvl7nduf + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14675 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 +;; QUESTIONS: +;; a.unsigned.nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 S5OG9G30J61V17I3RN5MPOG1VDUL8TMS NS +S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20130903151143 20130804144753 62417 nsec3.ingotronic.ch. sgwh2RSVYzkVYQJUNd7y/yZZRIMpkscaTgKPFxBSSx+R0Qtl8gfCicRtM4C0XRtPEQdxXLAWGnh1YsqBASpMFNw6nlDBWNQpe6ctBLPLTLcNkCu6Yxi4Y6ouYAHlt/8rJy29mgyqZ1ViOVRAds+Oloomjvg/JDbiOZKw4c/Rsq4= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + + +############################################### diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNsec3ClosestEncloserIsInsecureDelegation b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNsec3ClosestEncloserIsInsecureDelegation new file mode 100644 index 000000000..736649770 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNSEC3NoData/testNsec3ClosestEncloserIsInsecureDelegation @@ -0,0 +1,197 @@ +#Date: 2013-08-04T20:43:22+02:00 + +# This is data for a constructed test: when a zone switches from signed to +# unsigned AND a resolver incorrectly returns data from the delegation point +# (instead of from the delegated child), the zone must be treated as insecure + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52489 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 162318 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 162318 IN DNSKEY 256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf +. 162318 IN RRSIG DNSKEY 8 0 172800 20130814235959 20130731000000 19036 . UUzEZTh+YdFwAThMqKdbiTJYoOYY2FoAwFanVv47w2lc9NTTz7Fb6wtnj/rb47ZtAdIGcBAlh5AWz1UisSIxW1f3bLXdHyaS6YlAZ8shdw5VMktJXrFlnnu8ibOdA8yADMuLvUARHknh9Ri78Po4CwvEdMA+FYha1YyHgm7j0DeqI2ZuRNhXqjF6p+u4Z9zqXjIDq29pog2eZI0NDUQ0EMpLpDuo0PdbbGh7QRiRjeSJ/Oqfb6FrWCn4J14NS6CctKRaumyHiN+SsGx/W+fCsODLkRb0WAVaAIytzNYT8R666eui0c7hnI4imUDUOC0unyj/396zZ1YWHCUgAyJIGg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63054 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 75918 IN DS 22072 8 2 94E4C1E425B28150D8DD7C974E27E1A933C1D4B51E535177B52DFF3F807A8C94 +ch. 75918 IN RRSIG DS 8 1 86400 20130811000000 20130803230000 49656 . oyIAnRmpT1taLwIrZg0/WV3iqMBiWSNjIAXWZkoO9wp+cr0kMeVcrhrXYHAOTqGsL301YtMAT43BAPq9Cq0CZ4sD5K6OFOzo284SigLicuuWo0eEakJFdeYObB/+9wOERyN4iMVryjIl7GMz3D+UgLWrYMWWDDyVbmAm7ZY/3zs= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1681 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 75919 IN DNSKEY 257 3 8 AwEAAeP0/M59JL65K0YWD0W+8k8x1T79hM4W2pi7cx0CxQULRd3udQnf/8ymUbKsPfVDMCXLQwW2evWHRu4B/OKnkRzDQsev7prdJ5UxAHWF4oFsWpGYx+A7WbqllTlmMFkV8bNz6TW6Trl4+RaLirt3ofRUFrJKyKCyNCKkxbtpFO6p6vP5K8V3CW854NndF3D/Xjz0s3nwd3dLwW3XVqi705mhJBvCSeorgsKMcY3PCBG6U5Twj/akb6P8I2nmoGsrIbtmvGk191zV5o4i8RTjk5DI6FcO5GL0J1w9sAiVYfXlN8wdyr90kqO6MGcvSQEItJCTaljyRT53bekbUhdRE50= +ch. 75919 IN DNSKEY 256 3 8 AwEAAaANwH4naX1c6xHWHYuFVHa7PLc9n7BPL8J3sa2LqKuQvQ1aTu3hIYAsO6c5wlDp4Pgw8HejPdEZC/VRBtHkXeWfe84IJ2731IQYjQGyD4rKq/L9VjD9bMlSjj6RtI7t4ItzEPlsSEEmEtXFLt8IDzq0xc2tQcec9PsfvvV5jIWN +ch. 75919 IN DNSKEY 256 3 8 AwEAAdmE6uljIBh3EdgS3jWT87HtnwhYwP/9/ciJH87VtWMSR8jtMqbr2CFWRFdO9sTIuQ27sOwYe24TXbHt2TBUR4EBiDuzVD+Oj7ikYK1hM0LslL0fYfCJZKVM2SCHnsdh2ExZda/o0v+HtVtRdL7MbTADGue+xGQg6MzvavRd8D2p +ch. 75919 IN RRSIG DNSKEY 8 1 86400 20130904100909 20130720090909 22072 ch. 1DIfkQfa6JMWoGs+y6vAwZ4F9Vf698b3hOpSgw3/Y3cdF/GqINRDQqiMi8OzGX5wV38QrBIG4wTCqHLB51VlHh2MHhU6F45eR/oA62LP6mmdIEuuG6hv2RuUj9S09r3eedr34ETjv8mRkydqekOFDqJaDG8t+B5EVku/94FU81x0pma05wEOvl5+IWQ62YqVuuzqd+Zz8+bObx5X74VAATC053XSftqbih0NJ65dWptOyyqs7MCvTXVpyWf5ipkfULexCWi9pjY7EuviTcJjdhwndiURl+uwMyzfMmf5XBREvJE03t/Cd1Xp9Ee3Iot2rXOpbQ83tUw3xqsgtGkfMg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34393 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3583 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3583 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3583 IN RRSIG DS 8 2 3600 20130831110238 20130801120230 27249 ch. rhEK+na/h6EbbDBbOCBb2igPPPnkwKqKsJ1tAn11PLrrOoXkJs3Ke9LM/y6vxebH03H4gCJtS8VAavyzKWM7tzeraZP1oWlK6g855PeAwGyGYxtT6JVvwlwaFXQqLVoLNJy60eTobRQyKy0OqdDRHm0W/frnPPkM/zXLTr5g9pY= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40418 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20130902082432 20130803075649 6031 ingotronic.ch. XYDiDlvzokZfrlCk+ZfvBof8cbStGsDqd8YCOtBf/rvnAOWTdV1LGQ1LxE64udTObpKM/+oRgCWFcULnajdwljH2vRw6ZnY/VQAE3QmyNNQHTCQYfOkoYGzUrOQZ9QwTFQaP7FXc/kx0pJwvswhg/cC1WFy/PEM3ydfzYBTSthFxs2G5ZbONUR30jVRq1fjBkjh/+ev6HQZAy8MfIZRM8AvIWEJUOEYJuP8pkwbJaE2Mp70aA6SYULVLLTY9g0LxwtLnv9SpdEOr4w2nz6BQ195BG4Ky6t5vQya2J3LAcpxovooopUMLfM3Tvwarr4Otz2HVAzn95UmA36h5Yvo+WA== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20130902082432 20130803075649 17430 ingotronic.ch. jwsrJ+V3kqYu2PTsgEokovbFlT+kLgTCPrw5iVXy5F+iTnwxUt5Mq+RkJ58nuKGdqjLTGZIjSybO1vVRdrMU7xyby17pSI1wc0TE5yeJnXhQQgYLh074bPvVfL4vzslX8Ab8U+JL5zo0/PnrVZhswjJLsrddpzlgGbkTQmcgKiM= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30648 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20130902081456 20130803072435 17430 ingotronic.ch. ma2SzHd/Al7dZdivV0/D0M616DPN5bYQmUJMERLum+Dhw38Rl2/KbeBUiFsfamyBFsNLuG272Q35rZlOn62tmko/ysg7vttsZwqDsXXurAz53k4+7OISHYJ2kDFaLRxa5rGoKreCQ+YmiCMGGKtuFTtyoZb36Sl3cXbAKJRhIL0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11577 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20130903154645 20130804144645 16758 nsec3.ingotronic.ch. emr2IJwIyRsu/o9tX2w3PLYc1Z4u3quRUBfbrWgTbMe02YpCDieyp7+f/IxmRspKvUpEIp+c0pcpIj0oHNL0ve2rfq9n5WPpwaYaJ3KycCFWF+iWwEAzzOyNdxdLwqsLdhN5rTX1lNTexak0czJXa7XXqiqdqLnfFr+xz610UfZ0R/dZdbdwsoUBrGd9bfTg6RCDzO2YJf6TKCT6Yn1s3fDnRYgb8RGCVOO0S6r38hqXxEqLoaNVnj8Qjd3pi1PpKnZf6/xrhV1+cJRoUtl7G1gK9aXwkn93KNqurrvialvw/0vP7OM1+WJauq2mXcdFQ8huQmCHRlm9QRWreorPxQ== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20130903154645 20130804144645 62417 nsec3.ingotronic.ch. kMYZ2Xsa+n2x9vmiOYIIZqBp5S5IIeZVd6CmQNWY0UeztIhAH1xM2XEAXPbAZ5GqXjwtvWIir4+5S/U0IS4PwNOcTmysOX/jrsZVDDwpoidBoxTjnvD30pqTH9RkuiK9t5FpQYxNLmF8B6T4hK01g+OXC80QzBX4LEu8O4KDJ+8= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14675 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 +;; QUESTIONS: +;; a.unsigned.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 S5OG9G30J61V17I3RN5MPOG1VDUL8TMS NS +S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20130903151143 20130804144753 62417 nsec3.ingotronic.ch. sgwh2RSVYzkVYQJUNd7y/yZZRIMpkscaTgKPFxBSSx+R0Qtl8gfCicRtM4C0XRtPEQdxXLAWGnh1YsqBASpMFNw6nlDBWNQpe6ctBLPLTLcNkCu6Yxi4Y6ouYAHlt/8rJy29mgyqZ1ViOVRAds+Oloomjvg/JDbiOZKw4c/Rsq4= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 105 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14675 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 +;; QUESTIONS: +;; unsigned.nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +unsigned.nsec3.ingotronic.ch. 300 DS 23829 7 1 902429770AEE28DCBC72350E8BC260AFF4F239C5 +unsigned.nsec3.ingotronic.ch. 300 DS 23829 7 2 20B0949D09A8FE56C33BE9835B46DE749598FFE20AB4897A1D2ACCCC94A96DF7 +unsigned.nsec3.ingotronic.ch. 300 RRSIG DS 7 4 300 20130903175754 20130804175754 62417 nsec3.ingotronic.ch. uERbvGIS0r3tBJy3rGBFc21bE6ySOCE48zhxgM0mJHj3Y4UzGuhSK14cR0cZpCcZXAIvSlYBsJ7UQOu4U6Flf6Ep/Wzm7iitfOvGYfROFrbHVLsDwH06l08UueFSQK8TfueiNo9D+glxhqercts30j6ZEYwcDXE+HcHnQrR7k+o= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + + +############################################### + +# constructed response here: the NSEC3 is from the delegating zone for the +# child zone +# hash(n=unsigned.nsec3.ingotronic.ch.,it=10,s=1234)=s4k4ekrnhmvobs9ff9m8v911bvl7nduf + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14675 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 +;; QUESTIONS: +;; a.unsigned.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 S5OG9G30J61V17I3RN5MPOG1VDUL8TMS NS +S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20130903151143 20130804144753 62417 nsec3.ingotronic.ch. sgwh2RSVYzkVYQJUNd7y/yZZRIMpkscaTgKPFxBSSx+R0Qtl8gfCicRtM4C0XRtPEQdxXLAWGnh1YsqBASpMFNw6nlDBWNQpe6ctBLPLTLcNkCu6Yxi4Y6ouYAHlt/8rJy29mgyqZ1ViOVRAds+Oloomjvg/JDbiOZKw4c/Rsq4= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + + +############################################### diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNoData/testFakedNoDataNsec3WithNsecs b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNoData/testFakedNoDataNsec3WithNsecs new file mode 100644 index 000000000..2455dbcb3 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNoData/testFakedNoDataNsec3WithNsecs @@ -0,0 +1,293 @@ +#Date: 2015-01-06T22:35:09+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25734 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; www.nsec3.ingotronic.ch., type = MX, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300 +nsec3.ingotronic.ch. 300 IN RRSIG SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ= +7L2K0NAC88UN3IJV0404HF7PM543BN3F.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 810L2KR9HCVTELBLO8GQM0EMIM8KD01E A AAAA RRSIG +7L2K0NAC88UN3IJV0404HF7PM543BN3F.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. hOo4U9QFigY0lLf6UzA/WlwjZsXfs5EZdfiumlAHv2H/I81TiWBtKQhOvMyVUOFq1dMq44JnO2KJEEuPRKKNPiER4a3Y/kzpjscW+yfUWjOzOmZX4d2p9ustljj125/PVUwAOeCP7a8fFZMG/7Xughx49B4WFsDrIUEbMsw3Iqo= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 537 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20135 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87364 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87364 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87364 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87364 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16754 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 964 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 964 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6044 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 965 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 965 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 965 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 965 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60471 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3573 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3573 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3573 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17951 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16136 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40073 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36997 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87364 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87364 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87364 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87364 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49791 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 964 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 964 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8607 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 964 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 964 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 964 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 964 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 534 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3572 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3572 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3572 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33596 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33074 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40277 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNoData/testFakedNoDataNsec3WithoutNsecs b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNoData/testFakedNoDataNsec3WithoutNsecs new file mode 100644 index 000000000..41b280d98 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNoData/testFakedNoDataNsec3WithoutNsecs @@ -0,0 +1,295 @@ +#Date: 2015-01-06T22:35:10+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18486 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; www.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.nsec3.ingotronic.ch. 300 IN A 127.0.0.1 +www.nsec3.ingotronic.ch. 300 IN RRSIG A 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. jQhCY33aj9YTcCTHgl71PhM02o2LL6tdTy5M8TQw/Kt8D7wHxjVpu75eT9XEaM3abIqvygero5hCxyPW6IfF+FKmdx3MNigQiaB2sKu2XDNmFMbaucmVAWDRDMRY1BFavjz316JSb0rXX3XcS/ixbj9+jAm9lCXROcuzmOPB7vw= + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +nsec3.ingotronic.ch. 300 IN RRSIG NS 7 3 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. fl2Q0YQQ1TduolGLyQx8vGqSApoBbb6A+go5SLFBYQobrPfO/rb+SM8JvnlzNX/Xa7dRhDYrnfBTFUm1mCur9aIi34gu5UwDNQvt/GXY5dC3+DEy/28bTZ43UuCs+qGH9u9leFwGX4neFNl0s5B4RpxBN4is8dXMUvOda6QcsOw= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 633 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23218 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87363 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87363 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87363 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87363 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56313 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 963 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 963 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32662 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 964 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 964 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 964 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 964 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64353 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3572 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3572 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3572 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13626 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48927 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49642 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25015 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87363 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87363 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87363 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87363 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34587 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 963 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 963 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19027 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 964 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 964 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 964 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 964 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6277 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3572 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3572 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3572 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26423 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58434 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7700 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testDoubleLabelABelowSignedBeforeZoneNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testDoubleLabelABelowSignedBeforeZoneNsec3 new file mode 100644 index 000000000..8540859e9 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testDoubleLabelABelowSignedBeforeZoneNsec3 @@ -0,0 +1,161 @@ +#Date: 2015-01-06T22:34:45+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7362 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 +;; QUESTIONS: +;; alias.1gibtsnicht.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300 +nsec3.ingotronic.ch. 300 IN RRSIG SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ= +NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 O275F9OLQ9HNCER7U4SMD4V8AG7IPML9 A NS SOA RRSIG DNSKEY NSEC3PARAM +NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150131235629 20150101233516 62417 nsec3.ingotronic.ch. xccCvQs/b3ndBUo6J2FbaCzDMg+LB1e4OWeI29VTBWcmfbuD3rZvneRdbA9B5AluJH1ar10xxdrt/+RSuhSWC70LswkdPDg4vshmCZMDeMCOJYFEkGR0UgcZUMynU6EewEDLVLgYtBkJmspeuZNMBMPk/ZUOolCElrkHfbUA1Cc= +UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 0UPHA6GQV03I7D8EJUDKC30I0C6I1G1Q +UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. XV2q9ufbwzauD/tmjb2EKsNBF+kHQYL0/MNb6ivY1oH9Q2hzQNPUuHkUl1db2erDFodPvspmDk6p6WOXoV6wmmaYhN+JI1TQKYYThsnKC1bkt1h6QyjwsDc12d8HVHOopvoXpaYWoV4bbghsAylGVqRjEYyt8JtR3BPfphehloU= +L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT +L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1056 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56361 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87388 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87388 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87388 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87388 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10038 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 988 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 988 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8248 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 989 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 989 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 989 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 989 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60008 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3597 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3597 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3597 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36858 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8889 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12982 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testDoubleLabelABelowSignedNsec3MissingNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testDoubleLabelABelowSignedNsec3MissingNsec3 new file mode 100644 index 000000000..ad3fab6e0 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testDoubleLabelABelowSignedNsec3MissingNsec3 @@ -0,0 +1,297 @@ +#Date: 2015-01-06T22:34:46+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56602 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 +;; QUESTIONS: +;; gibtsnicht.gibtsnicht.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300 +nsec3.ingotronic.ch. 300 IN RRSIG SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ= +NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 O275F9OLQ9HNCER7U4SMD4V8AG7IPML9 A NS SOA RRSIG DNSKEY NSEC3PARAM +NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150131235629 20150101233516 62417 nsec3.ingotronic.ch. xccCvQs/b3ndBUo6J2FbaCzDMg+LB1e4OWeI29VTBWcmfbuD3rZvneRdbA9B5AluJH1ar10xxdrt/+RSuhSWC70LswkdPDg4vshmCZMDeMCOJYFEkGR0UgcZUMynU6EewEDLVLgYtBkJmspeuZNMBMPk/ZUOolCElrkHfbUA1Cc= +UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 0UPHA6GQV03I7D8EJUDKC30I0C6I1G1Q +UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. XV2q9ufbwzauD/tmjb2EKsNBF+kHQYL0/MNb6ivY1oH9Q2hzQNPUuHkUl1db2erDFodPvspmDk6p6WOXoV6wmmaYhN+JI1TQKYYThsnKC1bkt1h6QyjwsDc12d8HVHOopvoXpaYWoV4bbghsAylGVqRjEYyt8JtR3BPfphehloU= +L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT +L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1060 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27538 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87387 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87387 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87387 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87387 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17381 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 987 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 987 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42716 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 988 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 988 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 988 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 988 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4183 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3596 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3596 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3596 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13829 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8061 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35158 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25776 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87387 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87387 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87387 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87387 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42269 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 987 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 987 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6552 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 987 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 987 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 987 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 987 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15230 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3595 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3595 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3595 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57871 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60830 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6067 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNoDataOnENT b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNoDataOnENT new file mode 100644 index 000000000..903bb3871 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNoDataOnENT @@ -0,0 +1,118 @@ +#Date: 2015-01-06T22:34:45+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25863 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; b.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +alias.ingotronic.ch. 300 IN NSEC a.b.ingotronic.ch. DNAME RRSIG NSEC +alias.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. mS+nh5skTxhOBdJlkwSGdrmhuA5FC9Am9emIhyIViET/1BoKotmbzLtfaBXAh2gRhcfDr+4OJJ6oyUcdMn/m4YG8NUsf4rAL92/YyxocUoF/oS8ZZv/BPXplCH5J4hsac+heElbPJ29v0kFVujErTaX/Ev0lYsUNI+9OmCrlQpk= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 481 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1668 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87389 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87389 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87389 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87389 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19837 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 988 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 988 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28569 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 989 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 989 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 989 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 989 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17551 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3597 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3597 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3597 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3475 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNoDataWithInvalidNsecSignature b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNoDataWithInvalidNsecSignature new file mode 100644 index 000000000..717907ef0 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNoDataWithInvalidNsecSignature @@ -0,0 +1,215 @@ +#Date: 2015-01-06T22:34:43+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65247 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; www.ingotronic.ch., type = MX, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +www.ingotronic.ch. 300 IN NSEC z.ingotronic.ch. A AAAA RRSIG NSEC +www.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 475 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10629 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87391 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87391 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87391 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87391 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35482 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 991 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 991 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12915 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 992 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 992 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 992 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 992 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59605 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3600 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3600 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3600 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21625 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5462 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87390 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87390 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87390 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87390 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 239 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 990 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 990 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17622 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 991 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 991 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 991 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 991 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27845 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3599 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3599 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3599 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17702 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_1 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_1 new file mode 100644 index 000000000..f9fe4b0b4 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_1 @@ -0,0 +1,43 @@ +#Date: 2015-01-06T22:34:46+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32300 +;; flags: qr rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 +;; QUESTIONS: +;; gibtsnicht., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2015010601 1800 900 604800 86400 +. 10800 IN RRSIG SOA 8 0 86400 20150113170000 20150106160000 16665 . R9ZOwEb5fodQQNRl4WvguyqEzOxdNPQ18nI+0R5sB2JSqG4Qz45SwW+vfnFCF01UW43/GdEfGOScrYVP2UBM8F2WOM+tHMZN0t9BbP9uszTWhzdYNCl3UKYYJiB59b8HIhKXlERPVfW2UEgIiI2VajShJnUv67W8gQO56hgTNEE= +. 10800 IN RRSIG NSEC 8 0 86400 20150113170000 20150106160000 16665 . wlEpGn1C8YZzJjIrlJp/GSud5FuLAZZj9C54DrKEl9gELWeIFJgLwkI1tcH4EhabbsNScB7SPOmVmnLkuM4Q6yJkmI1HXeBrddxniI2YEw+m9++/i19AqfDxuVYs52peKxXdEZ/sIS5JtDz3bdB44IAp2k1ue780z0xRV796vUk= +. 10800 IN NSEC abogado. NS SOA RRSIG NSEC DNSKEY +gi. 10800 IN RRSIG NSEC 8 1 86400 20150113170000 20150106160000 16665 . jvKrJLijjO866a3A9fkv130tf/UsyS0FgH+k9afhIaNcvTzEwUeVP8+RosGM/b8BWhgASmx2ONSl+BD1LIH1JRkUXKZRVbItdDE27gdKQHTHORYybBDTiHHhnMet1vsceRvN77TAvrdFhm9RYFehZ3ddkQDvy8IACiA5PMhLyQg= +gi. 10800 IN NSEC gift. NS DS RRSIG NSEC + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 646 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36258 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87387 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87387 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87387 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87387 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_2 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_2 new file mode 100644 index 000000000..0c5908dda --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_2 @@ -0,0 +1,120 @@ +#Date: 2015-01-06T22:34:47+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19015 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 +;; QUESTIONS: +;; gibtsnicht.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +ingotronic.ch. 300 IN NSEC alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY +ingotronic.ch. 300 IN RRSIG NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M= +eccgost.ingotronic.ch. 300 IN NSEC invalid.ingotronic.ch. NS DS RRSIG NSEC +eccgost.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. lsX44/1144d1nG80WVhDnZCiywh+KTNqj9oEECk3GifEjOWNTJDTfbBnrGbdc7BIWs1mZmcPKFVfQB39QunMyzNQi4Wzjor3U1FPbXhUTn/g9fMul37g1aR00hUfS2Jo49vfDZEMZWp7th9ZFc+hlr8uWISceul5OJRq4SyMbzs= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 711 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61810 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87386 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87386 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87386 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87386 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38737 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 986 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 986 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12449 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 987 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 987 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 987 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 987 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3260 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3595 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3595 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3595 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41331 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_3 new file mode 100644 index 000000000..edf53cd38 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_3 @@ -0,0 +1,161 @@ +#Date: 2015-01-06T22:34:45+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61261 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 +;; QUESTIONS: +;; gibtsnicht.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300 +nsec3.ingotronic.ch. 300 IN RRSIG SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ= +NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 O275F9OLQ9HNCER7U4SMD4V8AG7IPML9 A NS SOA RRSIG DNSKEY NSEC3PARAM +NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150131235629 20150101233516 62417 nsec3.ingotronic.ch. xccCvQs/b3ndBUo6J2FbaCzDMg+LB1e4OWeI29VTBWcmfbuD3rZvneRdbA9B5AluJH1ar10xxdrt/+RSuhSWC70LswkdPDg4vshmCZMDeMCOJYFEkGR0UgcZUMynU6EewEDLVLgYtBkJmspeuZNMBMPk/ZUOolCElrkHfbUA1Cc= +UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 0UPHA6GQV03I7D8EJUDKC30I0C6I1G1Q +UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. XV2q9ufbwzauD/tmjb2EKsNBF+kHQYL0/MNb6ivY1oH9Q2hzQNPUuHkUl1db2erDFodPvspmDk6p6WOXoV6wmmaYhN+JI1TQKYYThsnKC1bkt1h6QyjwsDc12d8HVHOopvoXpaYWoV4bbghsAylGVqRjEYyt8JtR3BPfphehloU= +L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT +L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1049 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45173 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87388 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87388 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87388 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87388 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43258 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 988 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 988 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36397 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 989 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 989 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 989 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 989 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9276 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3597 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3597 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3597 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49214 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64194 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51334 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_4 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_4 new file mode 100644 index 000000000..e02b7389f --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_4 @@ -0,0 +1,120 @@ +#Date: 2015-01-06T22:34:44+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59323 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 +;; QUESTIONS: +;; gibtsnicht.gibtsnicht.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +ingotronic.ch. 300 IN NSEC alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY +ingotronic.ch. 300 IN RRSIG NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M= +eccgost.ingotronic.ch. 300 IN NSEC invalid.ingotronic.ch. NS DS RRSIG NSEC +eccgost.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. lsX44/1144d1nG80WVhDnZCiywh+KTNqj9oEECk3GifEjOWNTJDTfbBnrGbdc7BIWs1mZmcPKFVfQB39QunMyzNQi4Wzjor3U1FPbXhUTn/g9fMul37g1aR00hUfS2Jo49vfDZEMZWp7th9ZFc+hlr8uWISceul5OJRq4SyMbzs= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 722 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32975 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87389 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87389 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87389 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87389 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62255 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 989 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 989 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42506 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 990 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 990 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 990 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 990 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20975 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3598 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3598 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3598 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53458 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_5 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_5 new file mode 100644 index 000000000..fc1a1d098 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNonExisting_5 @@ -0,0 +1,161 @@ +#Date: 2015-01-06T22:34:43+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7636 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 +;; QUESTIONS: +;; gibtsnicht.gibtsnicht.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300 +nsec3.ingotronic.ch. 300 IN RRSIG SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ= +NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 O275F9OLQ9HNCER7U4SMD4V8AG7IPML9 A NS SOA RRSIG DNSKEY NSEC3PARAM +NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150131235629 20150101233516 62417 nsec3.ingotronic.ch. xccCvQs/b3ndBUo6J2FbaCzDMg+LB1e4OWeI29VTBWcmfbuD3rZvneRdbA9B5AluJH1ar10xxdrt/+RSuhSWC70LswkdPDg4vshmCZMDeMCOJYFEkGR0UgcZUMynU6EewEDLVLgYtBkJmspeuZNMBMPk/ZUOolCElrkHfbUA1Cc= +UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 0UPHA6GQV03I7D8EJUDKC30I0C6I1G1Q +UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. XV2q9ufbwzauD/tmjb2EKsNBF+kHQYL0/MNb6ivY1oH9Q2hzQNPUuHkUl1db2erDFodPvspmDk6p6WOXoV6wmmaYhN+JI1TQKYYThsnKC1bkt1h6QyjwsDc12d8HVHOopvoXpaYWoV4bbghsAylGVqRjEYyt8JtR3BPfphehloU= +L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT +L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1060 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26832 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87390 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87390 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87390 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87390 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6927 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 990 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 990 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34194 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 991 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 991 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 991 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 991 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20509 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3599 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3599 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3599 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7967 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32230 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3112 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNxDomainWithInvalidNsecSignature b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNxDomainWithInvalidNsecSignature new file mode 100644 index 000000000..194e908c7 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testNxDomainWithInvalidNsecSignature @@ -0,0 +1,217 @@ +#Date: 2015-01-06T22:34:44+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12938 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 +;; QUESTIONS: +;; x.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +ingotronic.ch. 300 IN NSEC alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY +ingotronic.ch. 300 IN RRSIG NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M= +www.ingotronic.ch. 300 IN NSEC z.ingotronic.ch. A AAAA RRSIG NSEC +www.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 692 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40248 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87390 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87390 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87390 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87390 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21278 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 989 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 989 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9749 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 990 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 990 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 990 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 990 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20291 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3598 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3598 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3598 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62908 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40211 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87389 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87389 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87389 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87389 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25429 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 989 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 989 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 742 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 990 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 990 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 990 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 990 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6866 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3598 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3598 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3598 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4819 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_1 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_1 new file mode 100644 index 000000000..7a17fde9d --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_1 @@ -0,0 +1,118 @@ +#Date: 2015-01-06T22:34:46+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55491 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; www.ingotronic.ch., type = MX, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +www.ingotronic.ch. 300 IN NSEC z.ingotronic.ch. A AAAA RRSIG NSEC +www.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 475 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50097 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87387 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87387 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87387 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87387 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21262 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 987 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 987 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 221 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 988 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 988 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 988 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 988 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23462 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3596 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3596 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3596 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14899 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_2 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_2 new file mode 100644 index 000000000..ae556d7cd --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_2 @@ -0,0 +1,157 @@ +#Date: 2015-01-06T22:34:46+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20397 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; www.nsec3.ingotronic.ch., type = MX, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300 +nsec3.ingotronic.ch. 300 IN RRSIG SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ= +7L2K0NAC88UN3IJV0404HF7PM543BN3F.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 810L2KR9HCVTELBLO8GQM0EMIM8KD01E A AAAA RRSIG +7L2K0NAC88UN3IJV0404HF7PM543BN3F.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. hOo4U9QFigY0lLf6UzA/WlwjZsXfs5EZdfiumlAHv2H/I81TiWBtKQhOvMyVUOFq1dMq44JnO2KJEEuPRKKNPiER4a3Y/kzpjscW+yfUWjOzOmZX4d2p9ustljj125/PVUwAOeCP7a8fFZMG/7Xughx49B4WFsDrIUEbMsw3Iqo= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 537 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13329 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87388 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87388 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87388 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87388 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27135 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 988 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 988 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14048 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 989 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 989 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 989 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 989 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6090 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3596 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3596 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3596 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8413 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63148 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46698 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_3 new file mode 100644 index 000000000..4431522ea --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_3 @@ -0,0 +1,118 @@ +#Date: 2015-01-06T22:34:44+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21797 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; a.b.ingotronic.ch., type = MX, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +a.b.ingotronic.ch. 300 IN NSEC *.c.ingotronic.ch. A RRSIG NSEC +a.b.ingotronic.ch. 300 IN RRSIG NSEC 5 4 300 20150125000532 20141225234703 17430 ingotronic.ch. HMCFItkk6JIV9hcHJ+p+OO5CI8B7H4fWy6w8kMfKPA/Z/lUcjlSKSexxd4ppubXfaVDhTW5j3Nd0rEpKbxztd9MZGVbvk7LJibvpD4ACR0xSmE69fyjrxrN/uDPYVPL5uOTklgDAlinQS3E6KulWr5iST9H4gmhfrk5MpvK4fcc= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 477 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3215 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87389 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87389 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87389 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87389 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19457 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 989 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 989 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13543 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 990 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 990 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 990 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 990 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44836 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3598 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3598 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3598 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26288 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_4 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_4 new file mode 100644 index 000000000..8fc98ee17 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_4 @@ -0,0 +1,157 @@ +#Date: 2015-01-06T22:34:42+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19002 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; a.b.nsec3.ingotronic.ch., type = MX, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300 +nsec3.ingotronic.ch. 300 IN RRSIG SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ= +4FQSC7ORQNKH924CH6L2DOAISKM28080.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H A RRSIG +4FQSC7ORQNKH924CH6L2DOAISKM28080.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. CqoGO4BUVNtHXxUXDPRCTvVPGnqBDwrO8Uyw1NKGELf71x5TKQKFZCBmlT8G/aRgK5fu7xor/zldHS+6yR7nfHEwdW2Y+GzpUawe8ul8nL+Z8DNDFTuCxJtnoP82X0u/EsaT63RVPZAP94jFlvOpzr9NN/De33EcNdl7B/EB/J0= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 537 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30530 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87391 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87391 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87391 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87391 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5039 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 991 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 991 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9676 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 992 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 992 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 992 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 992 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52839 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3600 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3600 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3600 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34478 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58519 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59867 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_5 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_5 new file mode 100644 index 000000000..62cb0d755 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_5 @@ -0,0 +1,120 @@ +#Date: 2015-01-06T22:34:43+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47937 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 +;; QUESTIONS: +;; b.d.ingotronic.ch., type = MX, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +a.d.ingotronic.ch. 300 IN NSEC a.e.ingotronic.ch. A RRSIG NSEC +a.d.ingotronic.ch. 300 IN RRSIG NSEC 5 4 300 20150125011134 20141226002644 17430 ingotronic.ch. Xlth6wbhlD20uaeZZWKeREQgQBsYN6ztO8zPCWCeklur7YQ3X3aZJGhiNqPPhrdP2g9VEadeFQjCI5eGslXFoJtRPqAVswbk2K0wD8NSeoKRAXhW3N91AQodcalgOhiX5yuqST6gLxJl3WXgwUDvco+JvrfSFWV8FLwZ3RQ/26U= +*.d.ingotronic.ch. 300 IN NSEC a.d.ingotronic.ch. A RRSIG NSEC +*.d.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. CYABmp/vM/1o6z+h7pehEcE6wLRMeRBmWuVD0f2f+nynCX/DQyncjlyDcBc1SiQBuz5BQQz6fN8/vHjpAQXDpdOpftz/YLMME29g87c9APFRzhcU3imp87hFUKyaTBJ4VD9oLZ7NcTvsSnbvnn4pykZTUVI87jIt13zQuAdBPTs= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 693 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2900 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87390 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87390 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87390 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87390 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63505 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 990 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 990 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45285 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 991 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 991 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 991 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 991 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40411 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3599 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3599 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3599 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9413 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_6 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_6 new file mode 100644 index 000000000..2642d093f --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNonExistence/testSignedNodata_6 @@ -0,0 +1,161 @@ +#Date: 2015-01-06T22:34:42+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55533 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 +;; QUESTIONS: +;; b.d.nsec3.ingotronic.ch., type = MX, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +944O996IVI1HPK8C89UTQR054EFGQF8T.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 BIKV50K9D505ABGB6K0F3JPQ62P5MGMI +944O996IVI1HPK8C89UTQR054EFGQF8T.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. ggw9BV94fHJY0yfaqkdoAbh5CZiU99hSi5Y22hccMNzh8wPffhH+wEyuTj9OwKpiw6HCX6wFIKniTxeLlUeTtHvreBBgiaAGPqvNDCzn4lAwsIMSd8P9+fmrChoioqqJ4sBhWUCHRfwg0qqzpRC/PhOGaa3/7XZwYpnK/vgu2og= +810L2KR9HCVTELBLO8GQM0EMIM8KD01E.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 8VOO8LLV6NQKGVAP6LG1M4QMLMOS8LMK CNAME RRSIG +810L2KR9HCVTELBLO8GQM0EMIM8KD01E.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. oVpQ8URiobH7xZcbioe1KuVi7wDEvJDLlS1vN4phMRXDhe8JwA6iGHi8jq+iOT4FkzhO9LTsFJJEI6Nj509+1X2zvRwAfYauanMdXog5vh5d7WF+/Q3LxbybKeol0HvIrJGXeoVnaFJAh8WvMWwnb1tM6mHp1GKtWoWiH8pv6+0= +74SO0776K6C87EPASDU8QK8SROIK00KK.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 7L2K0NAC88UN3IJV0404HF7PM543BN3F A RRSIG +74SO0776K6C87EPASDU8QK8SROIK00KK.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. LgiRXOhpvpRNy0EsyYBIIjHyl8J32vg+EqLB2BMsfxWO311YP3lME0gp8PN4p0Qo/ZIE1Q/V+LFElSSvwroBsIB+/qFjdf4tj022dRDxvkRdEPgo6oO/xqK1rTOUkvPZRfpHuhZbZ0m/j8v2+RyfPLrM2x3ebzcSNT6tDIpL6+A= +nsec3.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300 +nsec3.ingotronic.ch. 300 IN RRSIG SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1049 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56181 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87391 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87391 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87391 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87391 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48499 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 991 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 991 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22381 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 992 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 992 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 992 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 992 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58697 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3600 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3600 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3600 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15181 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40988 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13710 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidExising b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidExising new file mode 100644 index 000000000..26639e8b8 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidExising @@ -0,0 +1,159 @@ +#Date: 2015-01-06T22:35:11+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16004 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; www.partial.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.partial.ingotronic.ch. 300 IN A 127.0.0.1 +www.partial.ingotronic.ch. 300 IN RRSIG A 5 4 300 20150131215743 20150101214134 10287 partial.ingotronic.ch. OYNYXjNIKxup6LLAt9ljYbOHYRlXIUSaYg14UkTpjyQmqRTnlbIz+4S+n8l57liP8YbTY2mnl2x91JpHb4Zr/Ctzw35tVACfosuteELaGEgdcf6xplDVIKQtAQwm1vuZBCYNgGT2Zg3qPypqWndIpZu3bWZZlBaXgyCzyURBdWk= + +;; AUTHORITY RECORDS: +partial.ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +partial.ingotronic.ch. 300 IN RRSIG NS 5 3 300 20150131215743 20150101214134 10287 partial.ingotronic.ch. d+G3QpjVut5sxsMrjk+Cvgu06jVN7SCMZnGD3EmcoBKXTK9CUyF0Gmt4oYl1OxEKEUslunt7JOZGqSo078xNr3KzfSis53mrMqbUmc4QEhi+Y6zGjEXAKWLoIn76GO26ee+E/sE1wiy9150hV3Wcbd5Ctrk5sxQzwYJMo4K+ErM= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 639 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40355 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87362 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87362 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87362 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87362 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4739 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 962 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 962 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65018 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 963 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 963 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 963 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 963 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60585 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3571 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3571 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3571 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43956 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28869 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; partial.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +partial.ingotronic.ch. 300 IN DS 13138 5 1 8FF29061811A3FADE7757B05CE3AD82B6086D1DD +partial.ingotronic.ch. 300 IN DS 13138 5 2 394763F1A8678BB4F411ECD5D9C49FA071C253C9D834F6160667B853A6B7C4B9 +partial.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. GMEz0/NesDaxYzP4XHC5owCth8S713p6ltAYBi2azla5dWomDM80ptsptRLL85LP/pRUL/VHrSGLMOKjH2pFDzZzFfFoBSMK2LFol/E+hBg7gMEovDkaORsqfoVslloq6v+D/o3i2Qxs2GNRSiXjx7ghCYP8kN0qLCWDAcejHgw= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 307 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27071 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; partial.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +partial.ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZpJkpX2HWKaFlYyWe6ZFKl0EJ1SKDcOJpa2KpxY7LXNHgh2M48YGvns4rVWfwcdxlYBC8I0g9sp6+I3leShroDO+khZg7j3sCsljmxPynWQ2MT6vDexl1a85MDj7U27s16EhGbjfDyHZkLR/0VT17Vaw+cQu5gPtSN767suaRR3 +partial.ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAdFaXI5Oh7YBgtdA3Lt1q3wvDAwTs/dqhZEWrRyFtudddJAof4IJa4lmheaUzxaDDtrRB9D5UGuhA9SQTxJTJWogsN5KJH0dBr/8MiL/H6CZHGXGzs1nCDiiyzq/AL/dyYJrRD+AOHqzXmuW7wjjvaWgGRDTYJ2pvCujpv/UPJ6Z1yo1Xz/zLhRgsv7SDjDapfh93ZuzH8tFei8Z06jm+j2Wt/Izj9P0chRwUOP2pjgD9fNVv9yNh2ktEGwnKR/N/tqmI6xyNed2x5Xupw/flckUTisx4O/JcfcjutczA8p5Bwl1+atwfZX3Fc6fkPJNeY7DS/6/bK+YNDngXAD0oP8= +partial.ingotronic.ch. 300 IN RRSIG DNSKEY 5 3 300 20150131221503 20150101221029 10287 partial.ingotronic.ch. ErXJpzUqhyN/3lF6d+cQ9d4wXQ7iD10483V4dbuoli5mZjZWdODzxrOIdrD+s5JUGw0ZDlpuVobDGzah9aPKZzrsZkdn2+D1AmOd0g0yybrkq+aDVf5u9HfLzcjwta9ZZILaZh1fy8lMue+saVrQ6ApVqwX95IDtqmhZ99mUEa0= +partial.ingotronic.ch. 300 IN RRSIG DNSKEY 5 3 300 20150131221503 20150101221029 13138 partial.ingotronic.ch. qgUereTamIG/Wy59QOglwGVSPwGtaR8zbdFpgGtyvLo1AgxqWp0ndkhaMfUp/PtRHe/4YlpCD3UYqC0xd06znt6gKUDygZEz6uxF9r1jXaj8kVXPkubMm0BB/BY1rxMV0LvtN3CcAlA1Ma6aaszSG8QczWSIOOpgKyRmg+OqV9eT157+YBlkB4tdBYitxApZfMbvUdMBtoS5bGHiUkjfIvim1OWq4rDq48rflI9A6u+39ahp1th5UvTyA5N5xoyWinheK6QJsXL6mSfchukg7JylebvuVTkvuM7/mgFLIFrow2vYWFL4NTjbu0EhJVedTEp9ENBMpGtxeFwyQ/P0oQ== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 964 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidExisingNoType b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidExisingNoType new file mode 100644 index 000000000..607f12513 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidExisingNoType @@ -0,0 +1,157 @@ +#Date: 2015-01-06T22:35:11+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5930 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; www.partial.ingotronic.ch., type = MX, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +partial.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032732 300 60 864000 300 +partial.ingotronic.ch. 300 IN RRSIG SOA 5 3 300 20150131234913 20150101224913 10287 partial.ingotronic.ch. j9iaBtgpVcN1UdJRxfBoPmITC25ul+di6s0SZrDz/+tKZtJa2Pt5OEMuZwyPyoTXLxOw95/fsRBBEe7ltdU832BQbc7bc26y6lJRB8xYwtyr4ponxairB2qafUtJge50Euik5B5hvPEtJ0Uaqah9Tgd6jIk3FOZjr+eOS+3/Uus= +www.partial.ingotronic.ch. 300 IN NSEC partial.ingotronic.ch. A AAAA RRSIG NSEC +www.partial.ingotronic.ch. 300 IN RRSIG NSEC 5 4 300 20150131215743 20150101214134 10287 partial.ingotronic.ch. eNizfw2eY5+3HBTqj3MHCS4N9oHo+wILp/SjEY2YVOvgWb9TafylcSQzcKV493wr/OLQYChAZylaXUwZEfKVXI5CM9kpksSOj4QqwP2IOiVBaYYCbycLhWOwZEADpDO9L1bQbpM1IW0EGrtOhwnAc1t9FX+3ihgq5R02OHMXXnk= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 505 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45090 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87362 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87362 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87362 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87362 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9660 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 962 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 962 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59668 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 963 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 963 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 963 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 963 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1543 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3571 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3571 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3571 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17828 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22934 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; partial.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +partial.ingotronic.ch. 300 IN DS 13138 5 1 8FF29061811A3FADE7757B05CE3AD82B6086D1DD +partial.ingotronic.ch. 300 IN DS 13138 5 2 394763F1A8678BB4F411ECD5D9C49FA071C253C9D834F6160667B853A6B7C4B9 +partial.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. GMEz0/NesDaxYzP4XHC5owCth8S713p6ltAYBi2azla5dWomDM80ptsptRLL85LP/pRUL/VHrSGLMOKjH2pFDzZzFfFoBSMK2LFol/E+hBg7gMEovDkaORsqfoVslloq6v+D/o3i2Qxs2GNRSiXjx7ghCYP8kN0qLCWDAcejHgw= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 307 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16901 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; partial.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +partial.ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZpJkpX2HWKaFlYyWe6ZFKl0EJ1SKDcOJpa2KpxY7LXNHgh2M48YGvns4rVWfwcdxlYBC8I0g9sp6+I3leShroDO+khZg7j3sCsljmxPynWQ2MT6vDexl1a85MDj7U27s16EhGbjfDyHZkLR/0VT17Vaw+cQu5gPtSN767suaRR3 +partial.ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAdFaXI5Oh7YBgtdA3Lt1q3wvDAwTs/dqhZEWrRyFtudddJAof4IJa4lmheaUzxaDDtrRB9D5UGuhA9SQTxJTJWogsN5KJH0dBr/8MiL/H6CZHGXGzs1nCDiiyzq/AL/dyYJrRD+AOHqzXmuW7wjjvaWgGRDTYJ2pvCujpv/UPJ6Z1yo1Xz/zLhRgsv7SDjDapfh93ZuzH8tFei8Z06jm+j2Wt/Izj9P0chRwUOP2pjgD9fNVv9yNh2ktEGwnKR/N/tqmI6xyNed2x5Xupw/flckUTisx4O/JcfcjutczA8p5Bwl1+atwfZX3Fc6fkPJNeY7DS/6/bK+YNDngXAD0oP8= +partial.ingotronic.ch. 300 IN RRSIG DNSKEY 5 3 300 20150131221503 20150101221029 10287 partial.ingotronic.ch. ErXJpzUqhyN/3lF6d+cQ9d4wXQ7iD10483V4dbuoli5mZjZWdODzxrOIdrD+s5JUGw0ZDlpuVobDGzah9aPKZzrsZkdn2+D1AmOd0g0yybrkq+aDVf5u9HfLzcjwta9ZZILaZh1fy8lMue+saVrQ6ApVqwX95IDtqmhZ99mUEa0= +partial.ingotronic.ch. 300 IN RRSIG DNSKEY 5 3 300 20150131221503 20150101221029 13138 partial.ingotronic.ch. qgUereTamIG/Wy59QOglwGVSPwGtaR8zbdFpgGtyvLo1AgxqWp0ndkhaMfUp/PtRHe/4YlpCD3UYqC0xd06znt6gKUDygZEz6uxF9r1jXaj8kVXPkubMm0BB/BY1rxMV0LvtN3CcAlA1Ma6aaszSG8QczWSIOOpgKyRmg+OqV9eT157+YBlkB4tdBYitxApZfMbvUdMBtoS5bGHiUkjfIvim1OWq4rDq48rflI9A6u+39ahp1th5UvTyA5N5xoyWinheK6QJsXL6mSfchukg7JylebvuVTkvuM7/mgFLIFrow2vYWFL4NTjbu0EhJVedTEp9ENBMpGtxeFwyQ/P0oQ== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 964 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidNonExising b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidNonExising new file mode 100644 index 000000000..7e45eb44a --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPartiallyInvalid/testValidNonExising @@ -0,0 +1,159 @@ +#Date: 2015-01-06T22:35:12+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33483 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 +;; QUESTIONS: +;; www.gibtsnicht.partial.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +partial.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032732 300 60 864000 300 +partial.ingotronic.ch. 300 IN RRSIG SOA 5 3 300 20150131234913 20150101224913 10287 partial.ingotronic.ch. j9iaBtgpVcN1UdJRxfBoPmITC25ul+di6s0SZrDz/+tKZtJa2Pt5OEMuZwyPyoTXLxOw95/fsRBBEe7ltdU832BQbc7bc26y6lJRB8xYwtyr4ponxairB2qafUtJge50Euik5B5hvPEtJ0Uaqah9Tgd6jIk3FOZjr+eOS+3/Uus= +partial.ingotronic.ch. 300 IN NSEC a.b.partial.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY +partial.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150114201832 20141215193100 10287 partial.ingotronic.ch. lPXkSiRb1MAI4Vvl7B21CPy5VLsoBwsNA5n6daRwUxXgMcQTgoeQF+/pU7ljIRr/8Ha3jIDBPIDMnH3t/UL2+9fTe0kch9EjeWTy4eTGJAwNZri6IwEnpAecFtWllSJKcFq6oYv7BK6hFfnDeRr95LOtFSqhdTXydPC+MtmN3YM= +a.d.partial.ingotronic.ch. 300 IN NSEC www.partial.ingotronic.ch. A RRSIG NSEC +a.d.partial.ingotronic.ch. 300 IN RRSIG NSEC 5 5 300 20150131215743 20150101214134 10287 partial.ingotronic.ch. JLvNDN5napvCnhCvMYMA4bB/q/odOgHEUR1YDMvYGJDhjToN+ciwjuiiXYcSqHmF7fRQxi6c04eoq0sCgC+cM1Gpnw/JJPzOO6WoT3+gf3XGmdIg7n0Kp9W0/GIwkWp1h6/f3JDig/XY/1bJL9307VyWsc/Bq25O1u8h0gosTUw= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 753 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38613 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87362 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87362 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87362 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87362 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30892 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 962 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 962 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50832 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 963 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 963 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 963 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 963 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57379 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3571 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3571 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3571 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44173 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46232 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; partial.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +partial.ingotronic.ch. 300 IN DS 13138 5 2 394763F1A8678BB4F411ECD5D9C49FA071C253C9D834F6160667B853A6B7C4B9 +partial.ingotronic.ch. 300 IN DS 13138 5 1 8FF29061811A3FADE7757B05CE3AD82B6086D1DD +partial.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. GMEz0/NesDaxYzP4XHC5owCth8S713p6ltAYBi2azla5dWomDM80ptsptRLL85LP/pRUL/VHrSGLMOKjH2pFDzZzFfFoBSMK2LFol/E+hBg7gMEovDkaORsqfoVslloq6v+D/o3i2Qxs2GNRSiXjx7ghCYP8kN0qLCWDAcejHgw= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 307 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16111 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; partial.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +partial.ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAdFaXI5Oh7YBgtdA3Lt1q3wvDAwTs/dqhZEWrRyFtudddJAof4IJa4lmheaUzxaDDtrRB9D5UGuhA9SQTxJTJWogsN5KJH0dBr/8MiL/H6CZHGXGzs1nCDiiyzq/AL/dyYJrRD+AOHqzXmuW7wjjvaWgGRDTYJ2pvCujpv/UPJ6Z1yo1Xz/zLhRgsv7SDjDapfh93ZuzH8tFei8Z06jm+j2Wt/Izj9P0chRwUOP2pjgD9fNVv9yNh2ktEGwnKR/N/tqmI6xyNed2x5Xupw/flckUTisx4O/JcfcjutczA8p5Bwl1+atwfZX3Fc6fkPJNeY7DS/6/bK+YNDngXAD0oP8= +partial.ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZpJkpX2HWKaFlYyWe6ZFKl0EJ1SKDcOJpa2KpxY7LXNHgh2M48YGvns4rVWfwcdxlYBC8I0g9sp6+I3leShroDO+khZg7j3sCsljmxPynWQ2MT6vDexl1a85MDj7U27s16EhGbjfDyHZkLR/0VT17Vaw+cQu5gPtSN767suaRR3 +partial.ingotronic.ch. 300 IN RRSIG DNSKEY 5 3 300 20150131221503 20150101221029 10287 partial.ingotronic.ch. ErXJpzUqhyN/3lF6d+cQ9d4wXQ7iD10483V4dbuoli5mZjZWdODzxrOIdrD+s5JUGw0ZDlpuVobDGzah9aPKZzrsZkdn2+D1AmOd0g0yybrkq+aDVf5u9HfLzcjwta9ZZILaZh1fy8lMue+saVrQ6ApVqwX95IDtqmhZ99mUEa0= +partial.ingotronic.ch. 300 IN RRSIG DNSKEY 5 3 300 20150131221503 20150101221029 13138 partial.ingotronic.ch. qgUereTamIG/Wy59QOglwGVSPwGtaR8zbdFpgGtyvLo1AgxqWp0ndkhaMfUp/PtRHe/4YlpCD3UYqC0xd06znt6gKUDygZEz6uxF9r1jXaj8kVXPkubMm0BB/BY1rxMV0LvtN3CcAlA1Ma6aaszSG8QczWSIOOpgKyRmg+OqV9eT157+YBlkB4tdBYitxApZfMbvUdMBtoS5bGHiUkjfIvim1OWq4rDq48rflI9A6u+39ahp1th5UvTyA5N5xoyWinheK6QJsXL6mSfchukg7JylebvuVTkvuM7/mgFLIFrow2vYWFL4NTjbu0EhJVedTEp9ENBMpGtxeFwyQ/P0oQ== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 964 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testCDonQueryDoesntDoAnything b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testCDonQueryDoesntDoAnything new file mode 100644 index 000000000..4da76fbc1 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testCDonQueryDoesntDoAnything @@ -0,0 +1,120 @@ +#Date: 2015-01-06T22:35:26+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53070 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; www.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 615 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44772 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87347 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87347 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87347 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87347 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59154 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 947 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 947 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51168 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 948 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 948 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 948 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 948 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48789 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3556 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3556 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3556 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43654 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidAnswerToDifferentQueryTypeIsBogus b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidAnswerToDifferentQueryTypeIsBogus new file mode 100644 index 000000000..dce835bad --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidAnswerToDifferentQueryTypeIsBogus @@ -0,0 +1,120 @@ +#Date: 2015-01-06T22:35:26+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17080 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; www.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 615 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11713 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87347 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87347 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87347 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87347 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41417 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 947 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 947 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37187 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 948 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 948 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 948 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 948 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11702 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3556 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3556 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3556 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51726 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidExising b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidExising new file mode 100644 index 000000000..bcd49eb7b --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidExising @@ -0,0 +1,120 @@ +#Date: 2015-01-06T22:35:26+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 416 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; www.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 615 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8443 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87348 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87348 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87348 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87348 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57680 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 948 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 948 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6455 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 948 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 948 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 948 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 948 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45403 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3556 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3556 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3556 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5657 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidNonExising b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidNonExising new file mode 100644 index 000000000..f6c12ddcd --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPositive/testValidNonExising @@ -0,0 +1,128 @@ +#Date: 2015-01-06T22:35:26+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17546 +;; flags: qr aa rd ra cd ; qd: 1 an: 12 au: 0 ad: 3 +;; QUESTIONS: +;; ingotronic.ch., type = ANY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN RRSIG NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M= +ingotronic.ch. 300 IN NSEC alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN A 127.0.0.1 +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +ingotronic.ch. 300 IN RRSIG A 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. GTY5ES29arEKcafghM9Ui3mdS+cS3vTtQ6ROJhCg5Lv+oaYMiMPhljJ1K5hF8r4Hpukc7ZyTf6bAez3/r2VlhMU5Q7qrx148sk63vgm8qaA3/78UKs3Fib1Z8D2fCmPHz3hmpKe/jtwX/nnyf5qhP7lpPy30QnjsjAD1xbQd1f8= +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1939 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35981 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87347 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87347 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87347 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87347 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2430 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 947 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 947 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21918 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 948 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 948 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 948 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 948 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43744 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3556 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3556 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3556 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18065 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithEmptyAnswerIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithEmptyAnswerIsBad new file mode 100644 index 000000000..42b6e2fa6 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithEmptyAnswerIsBad @@ -0,0 +1,23 @@ +#Date: 2015-01-06T22:34:53+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57078 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; www.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 615 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithInvalidSignatureIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithInvalidSignatureIsBad new file mode 100644 index 000000000..e9916759d --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithInvalidSignatureIsBad @@ -0,0 +1,63 @@ +#Date: 2015-01-06T22:34:51+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58452 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87382 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87382 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87382 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87382 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30876 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87382 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87382 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87382 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87382 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60920 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; www.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 615 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithMismatchedAlgorithmIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithMismatchedAlgorithmIsBad new file mode 100644 index 000000000..d9b90e6ce --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithMismatchedAlgorithmIsBad @@ -0,0 +1,43 @@ +#Date: 2015-01-06T22:34:52+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23439 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; www.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 615 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59888 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87381 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87381 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87381 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87381 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithMismatchedFootprintIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithMismatchedFootprintIsBad new file mode 100644 index 000000000..9b1bb7e73 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithMismatchedFootprintIsBad @@ -0,0 +1,43 @@ +#Date: 2015-01-06T22:34:51+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42047 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; www.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 615 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46248 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87382 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87382 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87382 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87382 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithWeirdHashIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithWeirdHashIsBad new file mode 100644 index 000000000..0550f9c8e --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDnskeyPrimeResponseWithWeirdHashIsBad @@ -0,0 +1,43 @@ +#Date: 2015-01-06T22:34:50+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53507 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; www.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 615 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31035 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87383 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87383 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87383 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87383 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenNsecIsFromChildApex b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenNsecIsFromChildApex new file mode 100644 index 000000000..a98526d0f --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenNsecIsFromChildApex @@ -0,0 +1,276 @@ +#Date: 2015-01-06T22:34:51+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7434 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; 1.sub.ingotronic.ch., type = NSEC, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +sub.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032794 300 60 864000 300 +sub.ingotronic.ch. 300 IN RRSIG SOA 5 3 300 20150201081246 20150102071246 3600 sub.ingotronic.ch. iyj09Qcj7m6Eec8MbAZiQW0sPEzTCtrulsANwrkOvg6wMTcKZt+EDaGRxdp0+6PcAURD60WP5PdKojY2qqN0th49nxA02e7d8xqlYDlD4B3svbviaf16p5AT012mFQ7JUSNQMgkj/4HznmfQtvpKjX+GHvlCBKKXbBKPFXKu77w= +sub.ingotronic.ch. 300 IN NSEC alias.sub.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY +sub.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150201075325 20150102071246 3600 sub.ingotronic.ch. Mm93ERE64aeLL7go+Dc0oamkdUWUAFe0zWDP1yYv1Zo+bVlk8WPxGdaT7soi/42qJZ27KMuYJBDgyy2GaapMbTgtLUcIwIp8fCtweVwoOSMs4jHCCmGNX6imjQR/xzx9Df0xYBYJNm3glN8qawn06tgpiG9zOqIQUcURr2E5lbo= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 494 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39413 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87382 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87382 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87382 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87382 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 409 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 982 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 982 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55860 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 983 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 983 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 983 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 983 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32310 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3591 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3591 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3591 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23793 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49730 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; sub.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +sub.ingotronic.ch. 300 IN DS 42976 5 1 E638863370B9DE424C31CA03B99CCED96027B88C +sub.ingotronic.ch. 300 IN DS 42976 5 2 C54339C4B4EAACF8643D8FAE6C57836F8207F8D82088F1C51AF100123D2A42EF +sub.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. m1gkZjYlA6aeCibofiRybFhOLgRvP+UG5nzWjH4yfzjPnfODRqo8TkEbRc1wUS1etARSq9TrsCjlWSKdn3JBdQfi0uGa27lLproj6oHi1+enh+OKIjFRxScP1bPPcbCALRFOeIp9JA1TEAGsyn+pWSwRF/wpEfrTTbOj94tsxX0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 303 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52421 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; sub.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +sub.ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAbVAfHflzOy0uICze0QDBfbrZrU1UN1LNc5D987u8qhP9Vz2pd4yb3rSLOuH9hG7ouAkI63qmtmq6TP71jRXyHr4F9/ZbD3hzhCkyXdo+KaPO70VXWtdIZUom5WuA92pzTB/WuiaWJ217SUeRXU9e4NwrpbDINd6sXcb+sBEFDRt0d/VbwAxa7vo8fl5qOmr/PzD7FoKFTnTWTfUduRsHMdlyYY+j8JfikDdTdeRuYuHzUCO3q3BcUEHrBnKE87JtEM0TQnDSe9OaLFxYARq+LMdHY2P/OZP8nWStSnB8d3E7Sc/FEOQZ9xKkmh1japxgoStjcnBKvz53DmwIXcvcRc= +sub.ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAcsnnxVGj8qUAxBox/LKOrpdJG0S8Zfn/mMl+f52Odke62Et5blo+jrbXiOWa6+AlASOMYprqpaZ32b16UvtsuqruErqwy+M427TVTmG6LXEDe7rCNrJF0tIesQpwkA8WjlTRE2bcVHTwARL//smGhTlE9WTPAQGDdXyTUWYr1rX +sub.ingotronic.ch. 300 IN RRSIG DNSKEY 5 3 300 20150131230442 20150101222529 3600 sub.ingotronic.ch. mPYA7Wo+MdzLLleV32ZvynRVzdnL97XgGqzeUPiI7LSXfaSEOtpoE3GeosbLIjGmZ42wLTYOXWm4YS/Mb9ctQGuNPQRMgQbVPkv/aOO6tX+Vqq1XJkKgdb7dRdvvs4jzjIOH/a++OpUy0EBKKioAkwKCrcTNqLkRQ0IkTyoaaCA= +sub.ingotronic.ch. 300 IN RRSIG DNSKEY 5 3 300 20150131230442 20150101222529 42976 sub.ingotronic.ch. Z2/JMubvx8hgfIzmvmXVSfe/qCbZZ3XlJsj3ZrAa8+izrRODKYrGVOtJ+ONPOwid6NQN40yizJoxNFfvkDDqUiZJO6vpb9FmStj034RD1hfC/7qsLoCdOLkLoQwrQDoYTIwLywpsduCW83JzbGBzzCkC9+aoFPVXIkcGUqoQCdYB5OXzF9/2uWq8tD7AQ6t5MzPeMJC+VcNOjqBPRkunl27yUreNt1Nb65C38S72DAJNzAZIZqj1A8jZ6tk0fdixmZ+KWelP8S9SW2TpeGxwJ4kbHJJ+vSo7dkqRtnIYv4GPW6Xp3GH1oErTMGeqp9mquQ6n6jWP6ejlwc6puMxjNQ== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 952 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31198 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; sub.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +sub.ingotronic.ch. 300 IN A 127.0.0.1 +sub.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150131215757 20150101212100 3600 sub.ingotronic.ch. n5sXfpaxmFD6fFEvMEW+DwUJSP3yshFzkbc6idvWENf2b7F90jp093w4y0YkYsG5fWroQvHCJAMnXbawOEfFWquLhVJc8HHvZDXUeQb55rFYg8qYd1fOoP7/Z5hbwBNLSCGn3JPjCRXVfnEa58lKARgr+KZ1gqI/2Dm+jOoZ2Uc= + +;; AUTHORITY RECORDS: +sub.ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +sub.ingotronic.ch. 300 IN RRSIG NS 5 3 300 20150131215757 20150101212100 3600 sub.ingotronic.ch. sXlfjCvwDECHOum9PfpnP+/d7A1MntO1H4jYBpsFvQru3YoR02TghQhoReszEeds39AUWJFT8u9Bk+OrKUS+Ubi6i+wbaiKFpoRHdzWDN3YFu3flRx+2chdVl9KkGywcYBi2j51iDWjKbWoCE3E1t7OoA/DBqSACyeLLsolagpY= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 623 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12532 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87382 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87382 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87382 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87382 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27836 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 982 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 982 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39901 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 983 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 983 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 983 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 983 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45415 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3590 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3590 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3590 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9413 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenNsecOnEntIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenNsecOnEntIsBad new file mode 100644 index 000000000..81fd3c985 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenNsecOnEntIsBad @@ -0,0 +1,235 @@ +#Date: 2015-01-06T22:34:52+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3444 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; e.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +a.d.ingotronic.ch. 300 IN NSEC a.e.ingotronic.ch. A RRSIG NSEC +a.d.ingotronic.ch. 300 IN RRSIG NSEC 5 4 300 20150125011134 20141226002644 17430 ingotronic.ch. Xlth6wbhlD20uaeZZWKeREQgQBsYN6ztO8zPCWCeklur7YQ3X3aZJGhiNqPPhrdP2g9VEadeFQjCI5eGslXFoJtRPqAVswbk2K0wD8NSeoKRAXhW3N91AQodcalgOhiX5yuqST6gLxJl3WXgwUDvco+JvrfSFWV8FLwZ3RQ/26U= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 479 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45334 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87381 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87381 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87381 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87381 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28115 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 981 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 981 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8220 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 982 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 982 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 982 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 982 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12780 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3590 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3590 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3590 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57848 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46058 +;; flags: qr aa rd ra cd ; qd: 1 an: 1 au: 1 ad: 3 +;; QUESTIONS: +;; a.e.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +a.e.ingotronic.ch. 300 IN A 127.0.0.1 + +;; AUTHORITY RECORDS: +a.e.ingotronic.ch. 300 IN NS ns1.ingotronic.ch. + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 269 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42039 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87381 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87381 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87381 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87381 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44314 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 981 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 981 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56200 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 982 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 982 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 982 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 982 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56568 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3590 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3590 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3590 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57563 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenOnInsecureDelegationWithWrongNsec b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenOnInsecureDelegationWithWrongNsec new file mode 100644 index 000000000..249ab3e5a --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsNoDataWhenOnInsecureDelegationWithWrongNsec @@ -0,0 +1,237 @@ +#Date: 2015-01-06T22:34:51+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54648 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; alias.ingotronic.ch., type = NSEC, class = IN + +;; ANSWERS: +alias.ingotronic.ch. 300 IN NSEC a.b.ingotronic.ch. DNAME RRSIG NSEC +alias.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. mS+nh5skTxhOBdJlkwSGdrmhuA5FC9Am9emIhyIViET/1BoKotmbzLtfaBXAh2gRhcfDr+4OJJ6oyUcdMn/m4YG8NUsf4rAL92/YyxocUoF/oS8ZZv/BPXplCH5J4hsac+heElbPJ29v0kFVujErTaX/Ev0lYsUNI+9OmCrlQpk= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 640 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1473 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87383 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87383 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87383 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87383 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12527 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 983 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 983 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45087 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 984 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 984 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 984 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 984 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10272 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3592 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3592 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3592 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19066 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40136 +;; flags: qr aa rd ra cd ; qd: 1 an: 1 au: 1 ad: 3 +;; QUESTIONS: +;; www.unsigned.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.unsigned.ingotronic.ch. 300 IN A 127.0.0.1 + +;; AUTHORITY RECORDS: +unsigned.ingotronic.ch. 300 IN NS ns1.ingotronic.ch. + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 278 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8431 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87382 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87382 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87382 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87382 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19263 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 982 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 982 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2609 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 983 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 983 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 983 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 983 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29809 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3591 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3591 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3591 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43821 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsPrimeResponseWithEmptyAnswerIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsPrimeResponseWithEmptyAnswerIsBad new file mode 100644 index 000000000..774c3059e --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsPrimeResponseWithEmptyAnswerIsBad @@ -0,0 +1,43 @@ +#Date: 2015-01-06T22:34:50+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45525 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; www.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 615 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54828 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87383 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87383 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87383 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87383 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsPrimeResponseWithNxDomainForTld b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsPrimeResponseWithNxDomainForTld new file mode 100644 index 000000000..1a4c6802f --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testDsPrimeResponseWithNxDomainForTld @@ -0,0 +1,43 @@ +#Date: 2015-01-06T22:34:53+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28876 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; www.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 615 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21203 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87381 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87381 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87381 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87381 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testRootDnskeyPrimeResponseWithNxDomainIsBad b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testRootDnskeyPrimeResponseWithNxDomainIsBad new file mode 100644 index 000000000..73a40852f --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestPriming/testRootDnskeyPrimeResponseWithNxDomainIsBad @@ -0,0 +1,23 @@ +#Date: 2015-01-06T22:34:51+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24908 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; www.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 615 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestRRsig/testRRsigNodata b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestRRsig/testRRsigNodata new file mode 100644 index 000000000..0694d83ca --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestRRsig/testRRsigNodata @@ -0,0 +1 @@ +#Date: 2015-01-06T22:35:12+01:00 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestRRsig/testRRsigServfail b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestRRsig/testRRsigServfail new file mode 100644 index 000000000..0694d83ca --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestRRsig/testRRsigServfail @@ -0,0 +1 @@ +#Date: 2015-01-06T22:35:12+01:00 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInitializingWithEmptyConfigDoesNotFail b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInitializingWithEmptyConfigDoesNotFail new file mode 100644 index 000000000..6404d40e6 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInitializingWithEmptyConfigDoesNotFail @@ -0,0 +1 @@ +#Date: 2015-01-06T22:35:27+01:00 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInitializingWithNonExistingFileThrows b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInitializingWithNonExistingFileThrows new file mode 100644 index 000000000..6404d40e6 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInitializingWithNonExistingFileThrows @@ -0,0 +1 @@ +#Date: 2015-01-06T22:35:27+01:00 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInsecureWithEmptyTrustAnchor b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInsecureWithEmptyTrustAnchor new file mode 100644 index 000000000..1c151a9c1 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testInsecureWithEmptyTrustAnchor @@ -0,0 +1,23 @@ +#Date: 2015-01-06T22:35:27+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33750 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; www.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 615 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadEmptyTrustAnchors b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadEmptyTrustAnchors new file mode 100644 index 000000000..6404d40e6 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadEmptyTrustAnchors @@ -0,0 +1 @@ +#Date: 2015-01-06T22:35:27+01:00 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithDNSKEY b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithDNSKEY new file mode 100644 index 000000000..bf5ce0ec1 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithDNSKEY @@ -0,0 +1,160 @@ +#Date: 2015-01-06T22:35:27+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40286 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87346 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87346 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87346 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87346 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46375 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87346 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87346 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87346 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87346 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46387 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; www.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 615 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32118 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87346 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87346 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87346 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87346 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2082 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 946 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 946 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29359 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 947 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 947 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 947 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 947 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60271 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3555 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3555 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3555 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32326 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithInvalidDNSKEY b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithInvalidDNSKEY new file mode 100644 index 000000000..821f94804 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithInvalidDNSKEY @@ -0,0 +1,43 @@ +#Date: 2015-01-06T22:35:27+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6910 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; www.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 615 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53829 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87346 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87346 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87346 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87346 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithInvalidDS b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithInvalidDS new file mode 100644 index 000000000..2663e46c7 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorWithInvalidDS @@ -0,0 +1,43 @@ +#Date: 2015-01-06T22:35:27+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 198 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; www.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.ingotronic.ch. 300 IN A 127.0.0.1 +www.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. hkD2bkHZKHoJX8cg69j6l1JXE7iYlVFc0iMo3/3hcq4TqieiT2El/9DLfMSxa7XyB/HRDG5Ul61E56pwlCDdxkwemtAuTzjCpqAtvQ5l5OEtTM4i6nijKBkRRzHjh99qDI1jh9GFv3jkTk5m7iaMQemUB4VTjKGLcZHXvWmQLbg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 615 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7218 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87346 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87346 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87346 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87346 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchors b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchors new file mode 100644 index 000000000..6404d40e6 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchors @@ -0,0 +1 @@ +#Date: 2015-01-06T22:35:27+01:00 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorsAlongWithGarbage b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorsAlongWithGarbage new file mode 100644 index 000000000..6404d40e6 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorsAlongWithGarbage @@ -0,0 +1 @@ +#Date: 2015-01-06T22:35:27+01:00 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorsFromFile b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorsFromFile new file mode 100644 index 000000000..6404d40e6 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestTrustAnchorLoading/testLoadRootTrustAnchorsFromFile @@ -0,0 +1 @@ +#Date: 2015-01-06T22:35:27+01:00 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedTldNsec3NoOptOut b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedTldNsec3NoOptOut new file mode 100644 index 000000000..26699db52 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedTldNsec3NoOptOut @@ -0,0 +1,106 @@ +#Date: 2015-01-06T22:35:06+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9484 +;; flags: qr rd ra cd ; qd: 1 an: 1 au: 3 ad: 6 +;; QUESTIONS: +;; 20min.ch., type = A, class = IN + +;; ANSWERS: +20min.ch. 300 IN A 83.140.105.62 + +;; AUTHORITY RECORDS: +20min.ch. 3587 IN NS ns1.first-ns.de. +20min.ch. 3587 IN NS robotns2.second-ns.de. +20min.ch. 3587 IN NS robotns3.second-ns.com. + +;; ADDITIONAL RECORDS: +ns1.first-ns.de. 588 IN A 213.239.242.238 +ns1.first-ns.de. 287 IN AAAA 2a01:4f8:0:a101:0:0:a:1 +robotns2.second-ns.de. 1004 IN A 213.133.105.6 +robotns3.second-ns.com. 7187 IN A 193.47.99.3 +robotns3.second-ns.com. 587 IN AAAA 2a00:1158:4:0:0:0:add:a3 +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 255 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30662 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87367 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87367 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87367 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87367 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23607 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 967 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 967 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 979 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 968 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 968 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 968 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 968 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57818 +;; flags: qr rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 +;; QUESTIONS: +;; 20min.ch., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ch. 3588 IN SOA a.nic.ch. helpdesk.nic.ch. 2015010622 900 600 1123200 3600 +ch. 3588 IN RRSIG SOA 8 1 3600 20150205202115 20150106200400 60789 ch. gXFznlMM50NpTnKf/1GIa8PJjARc4OUJVjVzicybnZieYvXA1bXo9NnFabfSV8+ePmuvKlph1mdmXi4RWeCy75fT2DdWorJpW9/riW+4z0usW0fHNo5d7SLdxuUJGZCd22VM4y1F79crVmAftifagcsKmvDE0B8HrZ/8sH0Y6uQ= +E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch. 3588 IN RRSIG NSEC3 8 2 3600 20150124000839 20150105123019 60789 ch. HznmGWxQqbLUD5mjv8FHCwSfsNZ0fk4X6vtgyFTA81rVSQs4mUfoopvrBrYHGB0iKz/eeRCgHisH99L7uw/dWUy8h9pTQM4UFmspLjTiVHDNad6COrKnFFywV8E7CwibCd+qcdo4yGME3TbVkH1BbSvzQrUKKKe5eO/hleMvhSk= +E5N5J3RCG0FLHRQLGU5G3IN5ROJNRL21.ch. 3588 IN NSEC3 1 1 2 A170C978 E5PB8JRENAJFIO1LLO9ELPG39F787FOL NS DS RRSIG +G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch. 3588 IN RRSIG NSEC3 8 2 3600 20150124064109 20150105123019 60789 ch. pvd/nB3QKjTbLpxM9H9xcJIwmLnNAJPsXMffmjtAjTbceZ7IfpQHmguLPyJS7awSyEOTAhKmpeaT7m4iHhFm1/X4ybZmUvRSexqskgmGzqK+39cjaPrxc+ghdiUgFSjxv36PhoyM5gYnclTqpwGuFR00HK3av9vnnEKEY7zWtmM= +G6DPGFANFNS93LVDHH7362IPSUN8DK5T.ch. 3588 IN NSEC3 1 1 2 A170C978 G6DQNPQ9VP0U8F95714HO3575MPP42V1 NS SOA RRSIG DNSKEY NSEC3PARAM + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 741 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedTldNsec3OptOut b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedTldNsec3OptOut new file mode 100644 index 000000000..d0507d386 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedTldNsec3OptOut @@ -0,0 +1,110 @@ +#Date: 2015-01-06T22:35:06+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15612 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 5 ad: 7 +;; QUESTIONS: +;; yahoo.com., type = A, class = IN + +;; ANSWERS: +yahoo.com. 1800 IN A 98.138.253.109 +yahoo.com. 1800 IN A 206.190.36.45 +yahoo.com. 1800 IN A 98.139.183.24 + +;; AUTHORITY RECORDS: +yahoo.com. 87436 IN NS ns1.yahoo.com. +yahoo.com. 87436 IN NS ns5.yahoo.com. +yahoo.com. 87436 IN NS ns2.yahoo.com. +yahoo.com. 87436 IN NS ns4.yahoo.com. +yahoo.com. 87436 IN NS ns3.yahoo.com. + +;; ADDITIONAL RECORDS: +ns1.yahoo.com. 87436 IN A 68.180.131.16 +ns2.yahoo.com. 87436 IN A 68.142.255.16 +ns3.yahoo.com. 87436 IN A 203.84.221.53 +ns3.yahoo.com. 1800 IN AAAA 2406:8600:b8:fe03:0:0:0:1003 +ns4.yahoo.com. 87436 IN A 98.138.11.157 +ns5.yahoo.com. 87436 IN A 119.160.247.124 +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 284 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38276 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87368 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87368 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87368 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87368 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50370 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; com., type = DS, class = IN + +;; ANSWERS: +com. 1036 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CFC41A5766 +com. 1036 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . EdNGsG+8slVhJncXMIfcIv5EWXpnDNbGHFHGO2qo64xZ7i8v3dMN0f2vvzNBMufCttyxWAC44s0fHzP24IuuLzTQRyPb4x7/xOXPNM/GsDSEWRrSxXD9wxswpa7XdD8gxqlrrLIlFkOJ59R88L/haMC7dzG0uo9lvE3r8fcynp4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 239 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40305 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; com., type = DNSKEY, class = IN + +;; ANSWERS: +com. 1037 IN DNSKEY 257 3 8 AQPDzldNmMvZFX4NcNJ0uEnKDg7tmv/F3MyQR0lpBmVcNcsIszxNFxsBfKNW9JYCYqpik8366LE7VbIcNRzfp2h9OO8HRl+H+E08zauK8k7evWEmu/6od+2boggPoiEfGNyvNPaSI7FOIroDsnw/taggzHRX1Z7SOiOiPWPNIwSUyWOZ79VmcQ1GLkC6NlYvG3HwYmynQv6oFwGv/KELSw7ZSdrbTQ0HXvZbqMUI7BaMskmvgm1G7oKZ1YiF7O9ioVNc0+7ASbqmZN7Z98EGU/Qh2K/BgUe8Hs0XVcdPKrtyYnoQHd2ynKPcMMlTEih2/2HDHjRPJ2aywIpKNnv4oPo/ +com. 1037 IN DNSKEY 256 3 8 AQOzd48WKiAn+RyfIqkS/ZqQTguv/+dbIENccl9CWvJ8Sx7cLc29uZtDkHjmvqhgI6eKwt1sOhDQdyB6saNImQnG5z6ZoILNlW4h1ljy2LEi16WDf93iQnLekcW3Pr8b0YjmJZu6DXKUrcU1uBYtsULaHpa4ERUJFePn3dmX+2brVQ== +com. 1037 IN RRSIG DNSKEY 8 1 86400 20150108192533 20150101192033 30909 com. qZxb8vx3uSMQJMcx9hLn6OyDBcq67tkDsvcE5Tk3y8UOiJghAJW/4zlyji1C8yQzACqcXtE8g21u3BGyGIhLIDG+v6kaOeqKrWGQfvqer8ihd0NpwuOguV4g68ZcE0qFgFYHNKcpqnxAgIYkcoRda+2tPxcCLTPzEPPyEY0pHX9zC2HL88EneK4xP3qn5YIRDbFfHdDXMU61uXh9p4ASRTpy1l+pKnSf2c/LoUBJyPdFjUw2lQPMHZSNo7qjTkJxv1Mn2WSp8rO+xknqQu12zqihIb40KIyZHPgQ5wCCCT70kf3RmKEqmH1F6T7AWT9oBAzuD192ACyRJSXm5KdW1Q== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 743 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12758 +;; flags: qr rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 +;; QUESTIONS: +;; yahoo.com., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1420580086 1800 900 604800 86400 +com. 900 IN RRSIG SOA 8 1 900 20150113213446 20150106202446 48758 com. qu8Cf1ULvc3Iziz9agwXZMNlbG29SEJLVSkeqoiH7KHk4BOu/VroRuYnSnO3XYfHmUfcb4iOulUFxywVWrKr+3WnDWI9K9W9ColDY1RQHuiZNV+V3wGmdf+LSXPiGgCT5INi3aCgCz7ASWee82D6uHg5DroaYqkd1mRHz4djry0= +CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 900 IN RRSIG NSEC3 8 2 86400 20150112055507 20150105044507 48758 com. jxmK9TYR0jbMXKL6irMe5NSnXv8TA54f3OnR6Z6FsGAYufuJ5GD38pHzAet0qkn+Bj4qH/mMsAH+McuXXpsLjQqOLI3Vi+ezSyiibgMDWMCx4485rFnoyWuv7P85jjDf0RI/Vi3KhJ2Eo7c7YGLwBeNlf7Rf+mOtsE+Pe/rwWO4= +CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 900 IN NSEC3 1 1 0 - CK0QFMDQRCSRU0651QLVA1JQB21IF7UR NS SOA RRSIG DNSKEY NSEC3PARAM +GPIKIEOSOPL79LLAGN0NKTKIIIG03PO1.com. 900 IN RRSIG NSEC3 8 2 86400 20150112051957 20150105040957 48758 com. nG70oihFwICnzK+GXlNIWLTNPpD05C6aWAWUC5rdBhGY/JkNWSdIk2+Gokv+BkNChaIixEO32hsmuLd5frh4E3UtJ1fhiIjX8Ty5FUAT5FM8URfy2nOxlgtp+/qhpM0Fl6YebYWBvjS87gT0m3ihpwyUX5Cc9TDfX/WRxEeYF94= +GPIKIEOSOPL79LLAGN0NKTKIIIG03PO1.com. 900 IN NSEC3 1 1 0 - GPIPCMMD0H5PRLQHL08EAICA0CBFSUMP NS DS RRSIG + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 759 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedZoneBind b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedZoneBind new file mode 100644 index 000000000..4a2f726f4 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowSignedZoneBind @@ -0,0 +1,138 @@ +#Date: 2015-01-06T22:35:05+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56956 +;; flags: qr aa rd ra cd ; qd: 1 an: 1 au: 1 ad: 3 +;; QUESTIONS: +;; www.unsigned.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.unsigned.ingotronic.ch. 300 IN A 127.0.0.1 + +;; AUTHORITY RECORDS: +unsigned.ingotronic.ch. 300 IN NS ns1.ingotronic.ch. + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 278 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4514 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87368 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87368 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87368 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87368 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41695 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 968 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 968 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39298 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 969 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 969 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 969 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 969 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30277 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3577 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3577 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3577 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29421 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64953 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; unsigned.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +unsigned.ingotronic.ch. 300 IN NSEC v.ingotronic.ch. NS RRSIG NSEC +unsigned.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. VsO/22QJi2Ny+QZBukileDIUc4/DqPdZwNssNbylPAscz0IBrLt9zKDcI26NSMqhFRFXIZqBXJScmKJseKB+wQUscwKK5kkzUIXK/SPbLQ8MLnOUKIXUgURDKDCp6W8eHoa/51dOS0Vb1woxmzN1kQnjTTUoW5z1igN7RcYCuGQ= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 480 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowUnsignedZone b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowUnsignedZone new file mode 100644 index 000000000..ed479f06d --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestUnsigned/testUnsignedBelowUnsignedZone @@ -0,0 +1,138 @@ +#Date: 2015-01-06T22:35:06+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65513 +;; flags: qr aa rd ra cd ; qd: 1 an: 1 au: 1 ad: 3 +;; QUESTIONS: +;; www.sub.unsigned.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.sub.unsigned.ingotronic.ch. 300 IN A 127.0.0.1 + +;; AUTHORITY RECORDS: +sub.unsigned.ingotronic.ch. 300 IN NS ns1.ingotronic.ch. + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 282 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6175 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87367 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87367 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87367 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87367 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15153 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 967 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 967 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13386 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 968 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 968 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 968 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 968 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43748 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3576 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3576 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3576 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40343 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33055 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; unsigned.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +unsigned.ingotronic.ch. 300 IN NSEC v.ingotronic.ch. NS RRSIG NSEC +unsigned.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. VsO/22QJi2Ny+QZBukileDIUc4/DqPdZwNssNbylPAscz0IBrLt9zKDcI26NSMqhFRFXIZqBXJScmKJseKB+wQUscwKK5kkzUIXK/SPbLQ8MLnOUKIXUgURDKDCp6W8eHoa/51dOS0Vb1woxmzN1kQnjTTUoW5z1igN7RcYCuGQ= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 480 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testDsNodataFromWildcardNsecChild b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testDsNodataFromWildcardNsecChild new file mode 100644 index 000000000..cf479c051 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testDsNodataFromWildcardNsecChild @@ -0,0 +1,158 @@ +#Date: 2015-01-06T22:35:05+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30309 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87368 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87368 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87368 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87368 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51543 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 968 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 968 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29661 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 969 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 969 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 969 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 969 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10556 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3577 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3577 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3577 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55011 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60076 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; c.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +a.b.ingotronic.ch. 300 IN NSEC *.c.ingotronic.ch. A RRSIG NSEC +a.b.ingotronic.ch. 300 IN RRSIG NSEC 5 4 300 20150125000532 20141225234703 17430 ingotronic.ch. HMCFItkk6JIV9hcHJ+p+OO5CI8B7H4fWy6w8kMfKPA/Z/lUcjlSKSexxd4ppubXfaVDhTW5j3Nd0rEpKbxztd9MZGVbvk7LJibvpD4ACR0xSmE69fyjrxrN/uDPYVPL5uOTklgDAlinQS3E6KulWr5iST9H4gmhfrk5MpvK4fcc= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 479 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60766 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; x.c.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +*.c.ingotronic.ch. 300 IN NSEC cfailed.ingotronic.ch. A RRSIG NSEC +*.c.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. Lf7FP3WsqHc3SUznxjp367ehSI5mcUE7OzvHQj68BfC77FPylpt3YLtyirEZVjVKPjQ6maarQakizn6u7KFf1jFr2kGpS1rZCvyfAxGX6wwIZK/Wf0lfhP0IquQd+kX2OlmRbbemFI/lFG72NAcB+19t8tcwV5k6ADkxC2L6o/4= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 483 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8878 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; www.x.c.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +*.c.ingotronic.ch. 300 IN NSEC cfailed.ingotronic.ch. A RRSIG NSEC +*.c.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. Lf7FP3WsqHc3SUznxjp367ehSI5mcUE7OzvHQj68BfC77FPylpt3YLtyirEZVjVKPjQ6maarQakizn6u7KFf1jFr2kGpS1rZCvyfAxGX6wwIZK/Wf0lfhP0IquQd+kX2OlmRbbemFI/lFG72NAcB+19t8tcwV5k6ADkxC2L6o/4= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 487 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testDsNodataFromWildcardNsecCovered b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testDsNodataFromWildcardNsecCovered new file mode 100644 index 000000000..1163207ec --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testDsNodataFromWildcardNsecCovered @@ -0,0 +1,120 @@ +#Date: 2015-01-06T22:35:03+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50725 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87370 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87370 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87370 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87370 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29961 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 970 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 970 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35385 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 971 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 971 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 971 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 971 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20327 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3579 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3579 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3579 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47920 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20309 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 +;; QUESTIONS: +;; ce.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +ingotronic.ch. 300 IN NSEC alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY +ingotronic.ch. 300 IN RRSIG NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M= +*.c.ingotronic.ch. 300 IN NSEC cfailed.ingotronic.ch. A RRSIG NSEC +*.c.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. Lf7FP3WsqHc3SUznxjp367ehSI5mcUE7OzvHQj68BfC77FPylpt3YLtyirEZVjVKPjQ6maarQakizn6u7KFf1jFr2kGpS1rZCvyfAxGX6wwIZK/Wf0lfhP0IquQd+kX2OlmRbbemFI/lFG72NAcB+19t8tcwV5k6ADkxC2L6o/4= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 699 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testLabelCountInSignaturesNotAllSame b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testLabelCountInSignaturesNotAllSame new file mode 100644 index 000000000..5942bea3b --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testLabelCountInSignaturesNotAllSame @@ -0,0 +1,298 @@ +#Date: 2015-01-06T22:35:02+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6386 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 +;; QUESTIONS: +;; b.d.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +b.d.nsec3.ingotronic.ch. 300 IN A 127.0.0.1 +b.d.nsec3.ingotronic.ch. 300 IN RRSIG A 7 5 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. vYIVCLyXQa6nNezkqsRtXFfx5Ne/9O665IJRyIn5InKvS1YQ16rEbSAitkDNRU8rdYrojjbl0ZZD6VNh21UwM2QOpM+I/Fv8VXTLSOUD24unM3NjPUMI6sLk+25EFGjEqv+IConZgmMylZwqdtocH8gOXid1IYVsU1u6x47GsLs= +b.d.nsec3.ingotronic.ch. 300 IN RRSIG A 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. eTKm2GV3eV5Y8U6GoqwV+r3ddroqbgszQ6ffKiDPOSnPjgBQ5NP0MgR4ZC8iP7yp/ycVAx8BsnCwUfv1CDIZ1eeOAFRDmOiUlU3NqUA+Lklz+HLkK67P9w8WKcVkn079CPyPvp6Z0VNHq1o3WhRhVWzRYK2BMvZhqT2anYe8uQY= + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +nsec3.ingotronic.ch. 300 IN RRSIG NS 7 3 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. fl2Q0YQQ1TduolGLyQx8vGqSApoBbb6A+go5SLFBYQobrPfO/rb+SM8JvnlzNX/Xa7dRhDYrnfBTFUm1mCur9aIi34gu5UwDNQvt/GXY5dC3+DEy/28bTZ43UuCs+qGH9u9leFwGX4neFNl0s5B4RpxBN4is8dXMUvOda6QcsOw= +810L2KR9HCVTELBLO8GQM0EMIM8KD01E.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 8VOO8LLV6NQKGVAP6LG1M4QMLMOS8LMK CNAME RRSIG +810L2KR9HCVTELBLO8GQM0EMIM8KD01E.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. oVpQ8URiobH7xZcbioe1KuVi7wDEvJDLlS1vN4phMRXDhe8JwA6iGHi8jq+iOT4FkzhO9LTsFJJEI6Nj509+1X2zvRwAfYauanMdXog5vh5d7WF+/Q3LxbybKeol0HvIrJGXeoVnaFJAh8WvMWwnb1tM6mHp1GKtWoWiH8pv6+0= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29930 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87371 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87371 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87371 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87371 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12727 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 971 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 971 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14423 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 972 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 972 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 972 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 972 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57122 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3580 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3580 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3580 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12690 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18356 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21569 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53334 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87371 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87371 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87371 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87371 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33527 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 971 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 971 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17311 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 972 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 972 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 972 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 972 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51328 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3580 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3580 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3580 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6320 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43131 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52988 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNameNotExpandedFromWildcardWhenNonWildcardExists b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNameNotExpandedFromWildcardWhenNonWildcardExists new file mode 100644 index 000000000..ec55eeac7 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNameNotExpandedFromWildcardWhenNonWildcardExists @@ -0,0 +1,219 @@ +#Date: 2015-01-06T22:35:03+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5694 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 +;; QUESTIONS: +;; b.d.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +b.d.ingotronic.ch. 300 IN A 127.0.0.2 +b.d.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. R/R9YKXD6MKoCLSiSyedgPvCyz4vC5twiGXU0ho/612q1zukfCBpfehpthnlhaers9I+3sQZKsRjUYq2e7hs+5pawLne4wxlAJUVR8qZ/u3U0zZlDLFyswQQebTUfx5cUn1r5xWTMsODa/Za3QcxaNWRBlX7SQmP4CaHVD8BlsY= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= +a.d.ingotronic.ch. 300 IN NSEC a.e.ingotronic.ch. A RRSIG NSEC +a.d.ingotronic.ch. 300 IN RRSIG NSEC 5 4 300 20150125011134 20141226002644 17430 ingotronic.ch. Xlth6wbhlD20uaeZZWKeREQgQBsYN6ztO8zPCWCeklur7YQ3X3aZJGhiNqPPhrdP2g9VEadeFQjCI5eGslXFoJtRPqAVswbk2K0wD8NSeoKRAXhW3N91AQodcalgOhiX5yuqST6gLxJl3WXgwUDvco+JvrfSFWV8FLwZ3RQ/26U= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 829 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56054 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87370 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87370 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87370 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87370 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2068 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 970 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 970 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30440 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 971 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 971 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 971 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 971 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39575 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3579 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3579 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3579 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13421 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 472 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87370 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87370 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87370 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87370 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52500 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 970 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 970 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3503 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 971 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 971 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 971 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 971 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61608 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3578 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3578 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3578 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16525 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNameNotExpandedFromWildcardWhenNonWildcardExistsNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNameNotExpandedFromWildcardWhenNonWildcardExistsNsec3 new file mode 100644 index 000000000..d32d948c8 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNameNotExpandedFromWildcardWhenNonWildcardExistsNsec3 @@ -0,0 +1,297 @@ +#Date: 2015-01-06T22:35:02+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6386 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 +;; QUESTIONS: +;; b.d.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +b.d.nsec3.ingotronic.ch. 300 IN A 127.0.0.1 +b.d.nsec3.ingotronic.ch. 300 IN RRSIG A 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. eTKm2GV3eV5Y8U6GoqwV+r3ddroqbgszQ6ffKiDPOSnPjgBQ5NP0MgR4ZC8iP7yp/ycVAx8BsnCwUfv1CDIZ1eeOAFRDmOiUlU3NqUA+Lklz+HLkK67P9w8WKcVkn079CPyPvp6Z0VNHq1o3WhRhVWzRYK2BMvZhqT2anYe8uQY= + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +nsec3.ingotronic.ch. 300 IN RRSIG NS 7 3 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. fl2Q0YQQ1TduolGLyQx8vGqSApoBbb6A+go5SLFBYQobrPfO/rb+SM8JvnlzNX/Xa7dRhDYrnfBTFUm1mCur9aIi34gu5UwDNQvt/GXY5dC3+DEy/28bTZ43UuCs+qGH9u9leFwGX4neFNl0s5B4RpxBN4is8dXMUvOda6QcsOw= +810L2KR9HCVTELBLO8GQM0EMIM8KD01E.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 8VOO8LLV6NQKGVAP6LG1M4QMLMOS8LMK CNAME RRSIG +810L2KR9HCVTELBLO8GQM0EMIM8KD01E.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. oVpQ8URiobH7xZcbioe1KuVi7wDEvJDLlS1vN4phMRXDhe8JwA6iGHi8jq+iOT4FkzhO9LTsFJJEI6Nj509+1X2zvRwAfYauanMdXog5vh5d7WF+/Q3LxbybKeol0HvIrJGXeoVnaFJAh8WvMWwnb1tM6mHp1GKtWoWiH8pv6+0= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29930 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87371 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87371 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87371 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87371 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12727 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 971 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 971 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14423 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 972 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 972 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 972 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 972 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57122 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3580 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3580 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3580 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12690 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18356 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21569 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53334 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87371 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87371 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87371 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87371 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33527 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 971 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 971 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17311 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 972 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 972 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 972 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 972 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51328 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3580 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3580 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3580 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6320 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43131 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52988 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNodataWilcardWithoutCe b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNodataWilcardWithoutCe new file mode 100644 index 000000000..58500bb3e --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testNodataWilcardWithoutCe @@ -0,0 +1,217 @@ +#Date: 2015-01-06T22:35:02+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19025 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 +;; QUESTIONS: +;; \001.c.ingotronic.ch., type = MX, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +a.b.ingotronic.ch. 300 IN NSEC *.c.ingotronic.ch. A RRSIG NSEC +a.b.ingotronic.ch. 300 IN RRSIG NSEC 5 4 300 20150125000532 20141225234703 17430 ingotronic.ch. HMCFItkk6JIV9hcHJ+p+OO5CI8B7H4fWy6w8kMfKPA/Z/lUcjlSKSexxd4ppubXfaVDhTW5j3Nd0rEpKbxztd9MZGVbvk7LJibvpD4ACR0xSmE69fyjrxrN/uDPYVPL5uOTklgDAlinQS3E6KulWr5iST9H4gmhfrk5MpvK4fcc= +*.c.ingotronic.ch. 300 IN NSEC cfailed.ingotronic.ch. A RRSIG NSEC +*.c.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. Lf7FP3WsqHc3SUznxjp367ehSI5mcUE7OzvHQj68BfC77FPylpt3YLtyirEZVjVKPjQ6maarQakizn6u7KFf1jFr2kGpS1rZCvyfAxGX6wwIZK/Wf0lfhP0IquQd+kX2OlmRbbemFI/lFG72NAcB+19t8tcwV5k6ADkxC2L6o/4= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 697 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43123 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87372 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87372 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87372 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87372 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9093 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 972 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 972 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 972 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 972 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 972 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 972 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11698 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3580 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3580 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3580 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46520 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30476 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87371 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87371 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87371 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87371 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2117 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 971 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 971 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46135 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 972 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 972 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 972 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 972 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9267 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3580 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3580 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3580 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23660 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testPositiveWithInvalidNsecSignature b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testPositiveWithInvalidNsecSignature new file mode 100644 index 000000000..1f9f86940 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testPositiveWithInvalidNsecSignature @@ -0,0 +1,219 @@ +#Date: 2015-01-06T22:35:04+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52897 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 +;; QUESTIONS: +;; a.c.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +a.c.ingotronic.ch. 300 IN A 127.0.0.2 +a.c.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. geU9+RShND1QSzoFR2S1RAJxA6G4xzDzW7bzjFlzYdsFS22qF7sfkO09No9Dh8GaaYNZSyJ00y6ldeO+jWrqeulgP99ogJcdC9vGnzYJxgl6T1BPzKOMtLg/peXAqARBK1NyDgLTjNSmVPVda5Xpe6aAZDOr1elE464SkEMiQHg= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= +*.c.ingotronic.ch. 300 IN NSEC cfailed.ingotronic.ch. A RRSIG NSEC +*.c.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. Lf7FP3WsqHc3SUznxjp367ehSI5mcUE7OzvHQj68BfC77FPylpt3YLtyirEZVjVKPjQ6maarQakizn6u7KFf1jFr2kGpS1rZCvyfAxGX6wwIZK/Wf0lfhP0IquQd+kX2OlmRbbemFI/lFG72NAcB+19t8tcwV5k6ADkxC2L6o/4= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 833 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23232 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87369 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87369 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87369 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87369 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15202 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 969 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 969 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46342 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 970 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 970 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 970 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 970 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32974 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3578 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3578 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3578 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51129 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56199 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87369 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87369 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87369 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87369 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36411 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 969 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 969 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21233 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 970 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 970 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 970 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 970 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42201 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3578 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3578 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3578 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52631 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcard b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcard new file mode 100644 index 000000000..e7fcd9161 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcard @@ -0,0 +1,219 @@ +#Date: 2015-01-06T22:35:03+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11754 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 +;; QUESTIONS: +;; a.wc.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +a.wc.ingotronic.ch. 300 IN A 127.0.0.2 +a.wc.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. XZpNDVyI2aAxNL0fMgxbKCHH6iFYitqUSc6KETJARx12GJt/0fkas+y6YRfS5oz4pBi8dsnlb/rjsDYoQ6aG6hCvAKnqSmZFO27Zp39AR6Uf+UMTR2H4tAgpvTm5tFBPh9POiH/e9YzGacKrXNkOZETXYdwzV7RQ0Ct9Gt2qLEw= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= +*.wc.ingotronic.ch. 300 IN NSEC *.sub.wc.ingotronic.ch. A RRSIG NSEC +*.wc.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. ReylzrruAa2BPfMdmDkTLgj/cLWzXR7V22zk/LPIChZUI7K8JIZHUzFA2XO6Cho+Dj3SGEXlwwgncN6RNImAthvYh1SMfj6GjM7beo7g5WBbJrwkAnrR/G/LIXj4D0xhcX3yFrDVt9Xp1wSqrJmurvodjkbo/8m8O4yhZFSiuWM= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 835 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 255 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87371 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87371 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87371 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87371 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2733 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 970 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 970 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30372 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 971 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 971 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 971 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 971 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18005 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3579 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3579 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3579 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35032 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4440 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87370 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87370 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87370 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87370 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24442 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 970 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 970 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49540 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 971 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 971 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 971 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 971 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12172 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3579 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3579 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3579 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53492 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcardNodata b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcardNodata new file mode 100644 index 000000000..1d52cd885 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcardNodata @@ -0,0 +1,215 @@ +#Date: 2015-01-06T22:35:01+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 575 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; a.wc.ingotronic.ch., type = MX, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +*.wc.ingotronic.ch. 300 IN NSEC *.sub.wc.ingotronic.ch. A RRSIG NSEC +*.wc.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. ReylzrruAa2BPfMdmDkTLgj/cLWzXR7V22zk/LPIChZUI7K8JIZHUzFA2XO6Cho+Dj3SGEXlwwgncN6RNImAthvYh1SMfj6GjM7beo7g5WBbJrwkAnrR/G/LIXj4D0xhcX3yFrDVt9Xp1wSqrJmurvodjkbo/8m8O4yhZFSiuWM= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 485 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52336 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87372 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87372 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87372 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87372 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19347 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 972 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 972 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6261 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 973 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 973 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 973 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 973 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15861 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3581 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3581 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3581 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47780 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11858 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87372 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87372 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87372 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87372 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52147 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 972 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 972 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42646 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 973 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 973 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 973 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 973 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39084 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3581 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3581 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3581 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5987 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcardNodataNsec3 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcardNodataNsec3 new file mode 100644 index 000000000..e4e522c85 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestWildcard/testSynthesisUsesCorrectWildcardNodataNsec3 @@ -0,0 +1,297 @@ +#Date: 2015-01-06T22:35:04+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22667 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 +;; QUESTIONS: +;; a.wc.nsec3.ingotronic.ch., type = MX, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT +L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM= +O275F9OLQ9HNCER7U4SMD4V8AG7IPML9.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 QM439T9VOCEM9QOGUD483A42508V4G4E CNAME RRSIG +O275F9OLQ9HNCER7U4SMD4V8AG7IPML9.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. oNHVOddpZW5FtTmBoQuwUk/8Ufa7OjqtzrJWNNcRufe7gJf/k+cKIGnf/JsZC4FFu+KlTbeOU2RkgfgdvjUv4B+5K9WM4Lc33/4lo4hiH9MiQBIKbneShRwBBCXTlUpSzJvksvl/Ld8VZJ2Dbe2q18A7JQvRNW1o1Gx9vxT1kO8= +ES29HF5NN8D4NUDKH2QBR28NEVBFODG2.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 FH50CGGM3TBSI8M477ILPD3VAT8TM76S A RRSIG +ES29HF5NN8D4NUDKH2QBR28NEVBFODG2.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. CMXrIb7iTUoxImX+qODyUAo0rJ4PyOdS6Fa5yLuCc8OgPTafAgXYNb7oF1esZcYJh6Bn05J+1kIbO9YnIeCLU74bUfQURaeQOwyC+/l/B5Hx1VFo+F304llVBsoge2VvT/IQrtFGBAKpZY5iiQO4DH5yI8yfHprskj3ZB0jvcIY= +nsec3.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300 +nsec3.ingotronic.ch. 300 IN RRSIG SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1050 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20815 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87369 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87369 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87369 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87369 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56020 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 969 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 969 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47777 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 970 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 970 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 970 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 970 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31925 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3578 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3578 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3578 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54791 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54694 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17499 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6987 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87369 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87369 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87369 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87369 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4743 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 969 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 969 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63386 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 970 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 970 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 970 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 970 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59366 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3578 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3578 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3578 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62132 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64272 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52804 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testAlgIsUnknown_eccgost b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testAlgIsUnknown_eccgost new file mode 100644 index 000000000..d5066df85 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testAlgIsUnknown_eccgost @@ -0,0 +1,139 @@ +#Date: 2015-01-06T22:35:00+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50990 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; eccgost.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +eccgost.ingotronic.ch. 300 IN A 127.0.0.1 +eccgost.ingotronic.ch. 300 IN RRSIG A 12 3 300 20150125012943 20141226003214 33696 eccgost.ingotronic.ch. JUSb1od8YDPsNsSyXQCbXN4VGkjuHRxvlGAv3K4FA6mz4x4SQRlsD5GEYIpVMqeJft84sp3wB806CD11Z096tg== + +;; AUTHORITY RECORDS: +eccgost.ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +eccgost.ingotronic.ch. 300 IN RRSIG NS 12 3 300 20150125002026 20141226001257 33696 eccgost.ingotronic.ch. Wb6NEY7OcsBWbCLqis1YAuetf8+/WpJ/VqxndICaKU/1uLU6EznMuIUwUQ/vAXPJCagGvtGuMIU72AUiBExAPA== + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 507 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6159 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87373 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87373 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87373 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87373 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12005 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 973 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 973 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55502 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 974 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 974 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 974 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 974 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28480 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3582 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3582 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3582 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53132 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3317 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; eccgost.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +eccgost.ingotronic.ch. 300 IN DS 22754 12 1 2757C751309FCDD6982EFD25AE24AFC4AE5352AF +eccgost.ingotronic.ch. 300 IN DS 22754 12 2 B5A1A00DF6234B3C33B1EFE43134EF5B7462C0F48FE4845746F2278912F6C9AD +eccgost.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. K2CW7aMJbah4NiqK5McbSlYbLCJRtmkV4wMk5737D2a0B/N+xXB3yrahz3M/KdPQTLBw5gbHCnT4T/PobqvM8wPqsKZELoHsrYZX8nmvB+wPbZPK9nbkuc2G47iKqqhepY8jmfB6O9ekGS4L/5WA4RCpulki7QVmMKorJTc+NjQ= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 307 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testAlgIsUnknown_rsamd5 b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testAlgIsUnknown_rsamd5 new file mode 100644 index 000000000..f32e12387 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testAlgIsUnknown_rsamd5 @@ -0,0 +1,139 @@ +#Date: 2015-01-06T22:35:01+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6805 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; rsamd5.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +rsamd5.ingotronic.ch. 300 IN A 127.0.0.1 +rsamd5.ingotronic.ch. 300 IN RRSIG A 1 3 300 20150125010114 20141226001233 43856 rsamd5.ingotronic.ch. Rqgpczk/xOePnjzbdQX0FNdDH/71yhj3XvkQhcONHgpOojXys2az/WzeITHxxvMgYjfA0y8IYsgP/lNeLSEY5Bh4QLTsUc+vpRhz1nZa3gbNWtgRnFj0HYOM1yEsOaZMXUcDuycd3kgq9SVxqEO3r5yF5VbmntPymno92+OfX9M= + +;; AUTHORITY RECORDS: +rsamd5.ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +rsamd5.ingotronic.ch. 300 IN RRSIG NS 1 3 300 20150125010114 20141226001233 43856 rsamd5.ingotronic.ch. pYkIFh3yaO4yZvqL6fE6Bpgv8g8EiwaKyTb0rGKm8ign8f3PlOG+16mYt+Zn3qzihXiiGVtwpz1h7pf1A6BIx7wScnBfePWSvlu07NIfpbEmDEZRYXxNR12emOjGzgLhUnTQmpK3j6PFn8Gs2/H/kB1kIfM6bf/2/5hIRFVvsmM= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 632 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33880 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87372 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87372 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87372 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87372 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1473 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 972 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 972 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25499 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 973 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 973 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 973 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 973 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38713 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3581 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3581 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3581 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13332 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30570 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; rsamd5.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +rsamd5.ingotronic.ch. 300 IN DS 58016 1 1 A1A8915F892FD435738A21E8440586B40C8502D0 +rsamd5.ingotronic.ch. 300 IN DS 58016 1 2 622EA4C1715DDCB15A3177F6A5A04861AB32FCFB8493F90BD4964F3639DB9FDD +rsamd5.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. ZHiH7NTk5zR3Ir9mjNcJL2x7Tasgj3yE1uaG71EdRtwubvShh4kLkFmER5YQqeUrXBvx5Pog+uHcK+WyX+7YD2GvQycFDheLPCB6BakK1nHid/JbzjXOtXhYCPh557tuZSzF7eLyZ+MhPMkvBJVG4NAGKaN85Dtavxn8JBn8QoQ= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 306 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testDigestIdIsUnknown b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testDigestIdIsUnknown new file mode 100644 index 000000000..0ce723ede --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testDigestIdIsUnknown @@ -0,0 +1,158 @@ +#Date: 2015-01-06T22:35:01+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30764 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; unknown-alg.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +unknown-alg.ingotronic.ch. 300 IN A 127.0.0.1 +unknown-alg.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125010525 20141226010202 45093 unknown-alg.ingotronic.ch. MfedDEmkPC40ZTJzk7UMmnTqSUBwm/36FsPEnJ+xYSkserwjRJRcvWg3YobqlS/i9ZxKqZzvuXIumImOV1CXvf5ZzfDq2ioqUmtR0Nmvzg93lAahTMjgZd5UK5HSHADwsQq5IjreVyTE5lWc+7S22NgJhAcLZuG9sw+gCBxQK0o= + +;; AUTHORITY RECORDS: +unknown-alg.ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +unknown-alg.ingotronic.ch. 300 IN RRSIG NS 5 3 300 20150125000404 20141225232910 45093 unknown-alg.ingotronic.ch. lAhLOlkWySteesEUHzS5wFe4QTyQI1UfvT5sHvGK/1VSLKPkGUGBGYtDVptRxJKoYSU9/nwt4HvtLfwx8X8YxqEkFTxOcHAUpWrGlSTI4fgr/TH7TTr8EWaWK450U5hfZMWMcFIoW6PAi9kl9DjhGJ9fMT/y8G0iKK6i6xTVAf0= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 647 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1445 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87373 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87373 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87373 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87373 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23102 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 973 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 973 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15112 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 974 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 974 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 974 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 974 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58003 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3581 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3581 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3581 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8761 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27464 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; unknown-alg.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +unknown-alg.ingotronic.ch. 300 IN DS 57133 5 123 88911F5CF5E92199654F89E46D36A5A394D248FE +unknown-alg.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. CyQezuOmPS6VRuWmsFsLYTwDwwG0SQmo1VgtvsUbaYFaRT+iQNOyibvTfM7vVtUqFSim/zhfabcIvdzUqC3mJ84L2Ac7BfAVhdIr5k+uLE+Sabe1Ch/RWp5jREyLap+gN8UsjlP98VXN9wfaSd6wLDP5K088o0z/zDmBeLpwZl8= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 263 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43836 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; unknown-alg.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +unknown-alg.ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAb9q2O44+pGOH5jdPSJEryG9ngMwwQ2093jn4EkJYcci/I6uhFsORcif6bMtxTIOUt8mUCowNcENj8oJ8l/eS8Ndaj6jTywYwG94OEEdTRy0XqbGV/x0n24U3pQe76A4jBJYgLk6hOISGcGcvKpkOSzc1ZjUsnJCWGTXVZA9oBsJ +unknown-alg.ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAc7dNVEcGlIIucOGhtuBhYPOf/cZPFOokelc/hrubwt8uvMgs4wn76kc9esnjh5Z2DcyJCJwQuy3FLb3L00n8RaM37FSaH7azMnWqhULBS+hszS4XoJXu97B1D/KulTJaVsejBoAUnHToJ0aB90Kx+rk6EIxTjh0O/xOypKOoG1irRRf4Yh4SYMhZomaazZPRQYkRj6Va7VIPLif31qIPJl+L6q1njcJHcibS7H/cF2nvD4DD4CnRgGZXvKr5mxizz3YpJCHwo0nkqjBASdyfSSi6BKh4C8AR6yo9rIJpxYMA3ee7xRVC7p9/TOp2kO0XEJnlMP1/mMoV0TxcaCc2N8= +unknown-alg.ingotronic.ch. 300 IN RRSIG DNSKEY 5 3 300 20150125005501 20141226002719 45093 unknown-alg.ingotronic.ch. nX6941AOHtN+glWVvCZae2LD4Hhm2/oOZAak9jksXYcH+W57Y0lab+AtQRWHV9LeuqjerO/iNx6Q8Zmiyk4TBgYJj+9y4klAEijAlhDCu2yAoU1zQwwbW4oiPex7m/krJIwV3J+DKJgiYbDprswMjzW+7YR4zKlSBp3aJ90WCfo= +unknown-alg.ingotronic.ch. 300 IN RRSIG DNSKEY 5 3 300 20150125005501 20141226002719 57133 unknown-alg.ingotronic.ch. xm1WcmGCfR0V4h/6dyIAkicrySw8QktabT5ltsW4kq3ylI8ubo3ebe39hHdni2wV+wm+eFRG71XCeO/CV+neaJ8oLnNScKTDz35rAw1g+CTVLAS6MK7Y/bxLBOhvLLfJwir0KNmNleNGtSGByQ9AD8CzWhrmUIsszMQq3vpY2/zLqF5O++y9mYoLBNWw0g+DaPeu5TdmWQlL4B5z+I1nYi80LccBIxTkhq9Mu2lEhTLgIzj9GVYnzgJSTuSGnStEkSdCN/AJ1rNPWziOXIKilFF06z18bohAVbLzA44BR5khNmzT2HV4CK3KVIome9PJuSAwEM0N0jyUhgONxXRigQ== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 976 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testEd_ed25519 b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testEd_ed25519 new file mode 100644 index 000000000..312bfd74b --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testEd_ed25519 @@ -0,0 +1,112 @@ +#Date: 2020-01-26T20:03:58+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28087 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ed25519.nl., type = A, class = IN + +;; ANSWERS: +ed25519.nl. 3403 IN RRSIG A 15 2 3600 20200206000000 20200116000000 27662 ed25519.nl. o0g+PTzmqA+LqRcoR3qduXimU1u5/oMXJGIHOv9aq5+7sdz5Lz6V5Z+lUZyUFDUCGg+k1I0aT5mW3JwuVVi6Cw== +ed25519.nl. 3403 IN A 77.72.150.82 + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS512 OPT ; payload 512, xrcode 0, version 0, flags 32768 + +;; Message size: 161 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54587 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 7303 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= +. 7303 IN DNSKEY 256 3 8 AwEAAeN+h0loXPKt7lFdW2zKIDkVHyJ1aYGUVE1dMNBlRH3kTn40JKcHiPOs+fy0OFVCBwoKa1s9qZtdyP1UC0hgKoldj3oELK1yLI5MUbTMcNkWbBMRuxRz/CgZJu3IxcmuZWZMbn4LQDMj5YeiUiuWns5vipFGWWpyPyozQXmenSWOK2GJOwcm7I/DyHVtVdztTvqiHqzy2aRoxwPhmEuAoYzzuNJJw6JNEnXaN/7l2TIciskFyPVPBFZYHnk+1ma906dfehIR190z3lh1ZESL2Yy3VIE2QGpRU6Px4ydH5sXxZ2wSMgqNNga4kjnfM1msBqk3EI48RvTTkuV0yb1eFuU= +. 7303 IN RRSIG DNSKEY 8 0 172800 20200211000000 20200121000000 20326 . UaaPoqlBlRixcabCWMJ9jVvevx+Sp8W5rMt06Tozfg/gefIspEKxw4fx22mRaAQZzdHq9Lt+Who4YpUX95CDrgDYtYJ9NOyICRNlWnY9FNqOW0AreCmEK0qqS52xYb72hJYpFrCILGLD6jl4Ar0LFi29iXnVLQ99+SvD8PPHHkEiIu1WhlES7taEavtbKijyjLYXwagQxSQCzMgkbWN1+S78kJGZEMaBODTZuiiGIw5Jy3OPAQxHQyLTElR5ZuEg59/sSnTCEfmoXcxG9/g6O1qWs6d9hDVadKfXhHr8OTXGoB25Ttp3CyZGdSqRkCwwJpWJ9SlaL+khcJoLFqwm8w== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS512 OPT ; payload 512, xrcode 0, version 0, flags 32768 + +;; Message size: 864 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43154 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; nl., type = DS, class = IN + +;; ANSWERS: +nl. 8754 IN DS 34112 8 2 3C5B5F9B3557455C50751A9BE9EBE9238C88E19F5F07F930976917B51B95CD22 +nl. 8754 IN RRSIG DS 8 1 86400 20200207050000 20200125040000 33853 . s8pLNGhOt2S56ZmFJCUFjh72+nDKMxDBU5mH9GUBwsuJFmFs0aCBvAE8nPkU6lUN3d+UYJg9n8PEq0KP7Ea9v+HTnbDftKbQMbyL2tYhlP1+3CXwwozmD+1keq0AyFY6k7yj/d/ETcQYbmvz4Gudm0uJ4z+s1EDaGlLsXl4D7jFPhs117ASUBKFcphKEg3nKOhId04qOMf7ULz9evHggCPs9NCls+XHomo6HTSW+ZsoAi31ShiDnxnMU85nyst1sAT3xPsUZs/9TgFvmosPEUjkWtOUhypN6MYAS/kDbGECw41iEb1R4HRh2hOEhj7TLOpn2HfqC1pUrKRY7Ap7RSw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS512 OPT ; payload 512, xrcode 0, version 0, flags 32768 + +;; Message size: 366 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27023 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nl., type = DNSKEY, class = IN + +;; ANSWERS: +nl. 3529 IN DNSKEY 256 3 8 AwEAAdDXROYhplVlInShki5RxTj7vFwqk8grVOHwUjwUlvsKBJUknF1PN1TWpHoXvWFXDTviW7jVgPx6RH2I4b/Iq30zHgPxJYT3EtpTzRbX2F1WS5n31r8BrQc3V1LdCGknhpAw6c7SAntrZ6m6nkgDn6z0ySnWri659CjxUgsHCBmD +nl. 3529 IN DNSKEY 257 3 8 AwEAAcb+4kIsKoZM+3ZZpU9kzxrzw30e3b+L0KZeX+aAS3eM+Q+q27Jw0NZ3dqsPSif61GjRW6apjDZ9Ciab3oyEu7IpihVrw94DTjWZTVViZAijAIHwKUzY0YjkT3RvN+xgpw4uZs1SnqCZxYko+15esteKXW/nJpde0d9OeFFBaS2WTCycK+A6gd9DsOw91Y7Z2vrR/2g9N9dMIVq9neB1/KXXm4MttLqJyxRWZNAFTyLGQKzPpQDp9s3qowV2+pcHOh6lUTEeOWiAtotJ/5WyO91viZ5tBfClsyGpggBTaeUQ7T5adhAtX6nRkhePyAtQgCCf63ZpHyoyxvbkDM7yuA0= +nl. 3529 IN RRSIG DNSKEY 8 1 3600 20200202095410 20200119113801 34112 nl. YGz3Y0XlKlWblNFPyt/T1cFUJkyB/mSLr9qWloZOUI4yyG/HqHU1aaS51UppjcGnAmCvcIYJ0tC8aNwEb+PW82czWJKX01A/493jQvCFPawqSFJWEFmiIdd7GVghAL5HFkZPyN1zeB/cYO3Y+/1UccY/r3QHlKmNpspJ7OoVo5/gcGvpE3vej5/DKDz/jiSo9wyEvLY09Ifpdsg03yJXCGMgD7kPDkPtnPWNNbUzmLiZbI0O4ePGS7q3G7Ink381KVS6f+3Dyjl0LQtEGEmyYglBl3w4DNAwlTvb7m5HEMarPYCs2Hy9zumSEoxNRpOhCSC3eNFuIT+4+cvzKEFOIw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS512 OPT ; payload 512, xrcode 0, version 0, flags 32768 + +;; Message size: 745 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41875 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ed25519.nl., type = DS, class = IN + +;; ANSWERS: +ed25519.nl. 3599 IN DS 45515 15 2 1579CE721A8ADF5EF5222D48D6065FDD06E7BCE5C0154EC3EF1F30CC0D06EAAA +ed25519.nl. 3599 IN RRSIG DS 8 2 3600 20200206093417 20200123053802 63744 nl. NhT3bOB2OFPf2tm8uG4QbbZVn/zwZRbHtOIcXc+hAUwZWKD3ZS5u+2gYEDwvG6G2hCtgcpIQZLAlnrlUs2j6EqSIbGJcof9fX+P3p3MMkvLZO3Sf17qOBETeVMsFSQPEdEyFInJWi4UxnJrjWpiLtdaxDJXIOJ0CDU2w6MfasHg= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS512 OPT ; payload 512, xrcode 0, version 0, flags 32768 + +;; Message size: 249 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54226 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ed25519.nl., type = DNSKEY, class = IN + +;; ANSWERS: +ed25519.nl. 3599 IN RRSIG DNSKEY 15 2 3600 20200206000000 20200116000000 45515 ed25519.nl. J/S+wT1KqCBWpzHtiJKhJ+YWx498lhTnvIcvKL/+eyAooKRbVrF/gXCAZpiL1hS7visl+Vw4fjTnnKnZn8BgDQ== +ed25519.nl. 3599 IN DNSKEY 256 3 15 2tstZAjgmlDTePn0NVXrAHBJmg84LoaFVxzLl1anjGI= +ed25519.nl. 3599 IN DNSKEY 257 3 15 m1NELLVVQKl4fHVn/KKdeNO0PrYKGT3IGbYseT8XcKo= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS512 OPT ; payload 512, xrcode 0, version 0, flags 32768 + +;; Message size: 241 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testEd_ed448 b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testEd_ed448 new file mode 100644 index 000000000..c90dbe818 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testEd_ed448 @@ -0,0 +1,111 @@ +#Date: 2020-01-26T20:06:39+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38495 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ed448.nl., type = A, class = IN + +;; ANSWERS: +ed448.nl. 3599 IN A 45.150.156.16 +ed448.nl. 3599 IN RRSIG A 16 2 3600 20200206000000 20200116000000 24480 ed448.nl. bvKGWUiNDA3bFq0ECVF+/BGtNrNZUmgvDVKtLwrBWJTd+du2exCuUWfZNW72QxIDwJxPcnbCAiwAhOXjdzWGZH5Rtyqrz+bOELH4VISCA3dTGleofgZpWBBwuzWAWd8A5hCm35eei6ffo0BCIlmFSSwA + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS512 OPT ; payload 512, xrcode 0, version 0, flags 32768 + +;; Message size: 207 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59993 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 7127 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= +. 7127 IN DNSKEY 256 3 8 AwEAAeN+h0loXPKt7lFdW2zKIDkVHyJ1aYGUVE1dMNBlRH3kTn40JKcHiPOs+fy0OFVCBwoKa1s9qZtdyP1UC0hgKoldj3oELK1yLI5MUbTMcNkWbBMRuxRz/CgZJu3IxcmuZWZMbn4LQDMj5YeiUiuWns5vipFGWWpyPyozQXmenSWOK2GJOwcm7I/DyHVtVdztTvqiHqzy2aRoxwPhmEuAoYzzuNJJw6JNEnXaN/7l2TIciskFyPVPBFZYHnk+1ma906dfehIR190z3lh1ZESL2Yy3VIE2QGpRU6Px4ydH5sXxZ2wSMgqNNga4kjnfM1msBqk3EI48RvTTkuV0yb1eFuU= +. 7127 IN RRSIG DNSKEY 8 0 172800 20200211000000 20200121000000 20326 . UaaPoqlBlRixcabCWMJ9jVvevx+Sp8W5rMt06Tozfg/gefIspEKxw4fx22mRaAQZzdHq9Lt+Who4YpUX95CDrgDYtYJ9NOyICRNlWnY9FNqOW0AreCmEK0qqS52xYb72hJYpFrCILGLD6jl4Ar0LFi29iXnVLQ99+SvD8PPHHkEiIu1WhlES7taEavtbKijyjLYXwagQxSQCzMgkbWN1+S78kJGZEMaBODTZuiiGIw5Jy3OPAQxHQyLTElR5ZuEg59/sSnTCEfmoXcxG9/g6O1qWs6d9hDVadKfXhHr8OTXGoB25Ttp3CyZGdSqRkCwwJpWJ9SlaL+khcJoLFqwm8w== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS512 OPT ; payload 512, xrcode 0, version 0, flags 32768 + +;; Message size: 864 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53319 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; nl., type = DS, class = IN + +;; ANSWERS: +nl. 23199 IN DS 34112 8 2 3C5B5F9B3557455C50751A9BE9EBE9238C88E19F5F07F930976917B51B95CD22 +nl. 23199 IN RRSIG DS 8 1 86400 20200207200000 20200125190000 33853 . Uoj2zHzh4QFG8bFVuEz2M6KIkNDoVxcFsTlPgc9r/jcrHtmDD19FDzQxulwjsSTvg6Y55lknUriMR9A6gFbMKxVdqA1KNa7WqU3RhKvlztBK0BRnK3vYnA0FqxiuCkbckiSRJjkxGe2nLaehxP4Jkg2/1o+AvB1+8lBteKhclV4yfpMnAqdGKYvrNoFIzV90BHMLqs3nqHOg4N0LHzfFhyD7WUHp1/qAVxVD0Q7U2TfpRxWW8hoUZixl3maAcwLFoMCmwIGm9KdaynvwYNt91wfRWp2LLZ5aRDsvBeaHiTI9K1cUU007rKU9jORc7U8C43RJL4DL8afQLF4pingKgQ== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS512 OPT ; payload 512, xrcode 0, version 0, flags 32768 + +;; Message size: 366 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22319 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nl., type = DNSKEY, class = IN + +;; ANSWERS: +nl. 3511 IN DNSKEY 257 3 8 AwEAAcb+4kIsKoZM+3ZZpU9kzxrzw30e3b+L0KZeX+aAS3eM+Q+q27Jw0NZ3dqsPSif61GjRW6apjDZ9Ciab3oyEu7IpihVrw94DTjWZTVViZAijAIHwKUzY0YjkT3RvN+xgpw4uZs1SnqCZxYko+15esteKXW/nJpde0d9OeFFBaS2WTCycK+A6gd9DsOw91Y7Z2vrR/2g9N9dMIVq9neB1/KXXm4MttLqJyxRWZNAFTyLGQKzPpQDp9s3qowV2+pcHOh6lUTEeOWiAtotJ/5WyO91viZ5tBfClsyGpggBTaeUQ7T5adhAtX6nRkhePyAtQgCCf63ZpHyoyxvbkDM7yuA0= +nl. 3511 IN DNSKEY 256 3 8 AwEAAdDXROYhplVlInShki5RxTj7vFwqk8grVOHwUjwUlvsKBJUknF1PN1TWpHoXvWFXDTviW7jVgPx6RH2I4b/Iq30zHgPxJYT3EtpTzRbX2F1WS5n31r8BrQc3V1LdCGknhpAw6c7SAntrZ6m6nkgDn6z0ySnWri659CjxUgsHCBmD +nl. 3511 IN RRSIG DNSKEY 8 1 3600 20200202095410 20200119113801 34112 nl. YGz3Y0XlKlWblNFPyt/T1cFUJkyB/mSLr9qWloZOUI4yyG/HqHU1aaS51UppjcGnAmCvcIYJ0tC8aNwEb+PW82czWJKX01A/493jQvCFPawqSFJWEFmiIdd7GVghAL5HFkZPyN1zeB/cYO3Y+/1UccY/r3QHlKmNpspJ7OoVo5/gcGvpE3vej5/DKDz/jiSo9wyEvLY09Ifpdsg03yJXCGMgD7kPDkPtnPWNNbUzmLiZbI0O4ePGS7q3G7Ink381KVS6f+3Dyjl0LQtEGEmyYglBl3w4DNAwlTvb7m5HEMarPYCs2Hy9zumSEoxNRpOhCSC3eNFuIT+4+cvzKEFOIw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS512 OPT ; payload 512, xrcode 0, version 0, flags 32768 + +;; Message size: 745 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31479 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ed448.nl., type = DS, class = IN + +;; ANSWERS: +ed448.nl. 3599 IN DS 24480 16 2 85B885E4BC43270BDAA46860687D8F62D9BEEF1C6E9BEF21A7D80DC18A7943ED +ed448.nl. 3599 IN RRSIG DS 8 2 3600 20200207144247 20200124023802 63744 nl. iBuueusdnKMiKRoiWXOi+ikw4gAkowyAspPklGY1t7U8nO8j+gxT3ooMBd9MdTFslgO7JVqIXUzdYZltUYgw4QsbOIPHZgJRKqsDk/e1PGd14OicoIi4U9QAvxDoiVs4JI7+u3sCi7IRKf2Bjov+3K7QWhKIftyjLaHZUhf9vcE= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS512 OPT ; payload 512, xrcode 0, version 0, flags 32768 + +;; Message size: 247 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50838 +;; flags: qr rd ra cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ed448.nl., type = DNSKEY, class = IN + +;; ANSWERS: +ed448.nl. 1799 IN DNSKEY 257 3 16 8pYFjTum61L0k+q8HiIkEPipTTbuYnZceMVTJvqMZbhZdwzpkiYHRBHcVxmnOp1RJsGyt6I0myOA +ed448.nl. 1799 IN RRSIG DNSKEY 16 2 1800 20200206000000 20200116000000 24480 ed448.nl. hMzUYoP9CvlqYajBDuODCxSpsouc96EG5A0aYTt78vhcRAuO7SP1n+AkqujGycZoCLNEt3IWONiAXOfAoGAPw3ZRh8W/ECqvX8fleB6UHlZKxrh8WPWn/wLZ2tsnBLXSnUGLypjFb5eqIeY6eUUB0CMA + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS512 OPT ; payload 512, xrcode 0, version 0, flags 32768 + +;; Message size: 264 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testInvalidIterationCountMarksInsecure b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testInvalidIterationCountMarksInsecure new file mode 100644 index 000000000..120484232 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testInvalidIterationCountMarksInsecure @@ -0,0 +1,161 @@ +#Date: 2015-01-06T22:35:30+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55905 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 +;; QUESTIONS: +;; www.wc.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.wc.nsec3.ingotronic.ch. 300 IN A 127.0.0.2 +www.wc.nsec3.ingotronic.ch. 300 IN RRSIG A 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. dIDse8tpnBhl5X20CZ5c8rO8cuj9dKMeA/qiyQYEqEFp1QnnVawapqDh1pCrJhBxcKnT7THqKSP6XpDIQA70jcHSecAVRqBZBA2coWZTSOi3dnsARJfIueh8kpsmtYsn6ejuG+7sroQKH9Niu4xoi433ez7Anr9itet9kAP9dmA= + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +nsec3.ingotronic.ch. 300 IN RRSIG NS 7 3 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. fl2Q0YQQ1TduolGLyQx8vGqSApoBbb6A+go5SLFBYQobrPfO/rb+SM8JvnlzNX/Xa7dRhDYrnfBTFUm1mCur9aIi34gu5UwDNQvt/GXY5dC3+DEy/28bTZ43UuCs+qGH9u9leFwGX4neFNl0s5B4RpxBN4is8dXMUvOda6QcsOw= +2HKTRIEPNUPMRM91OD7L5M677RDC4DFD.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 4FQSC7ORQNKH924CH6L2DOAISKM28080 CNAME RRSIG +2HKTRIEPNUPMRM91OD7L5M677RDC4DFD.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. BXhW2wGFkkGdsdGKqFMr9QqwGrtCA56D8CH/CKjOn51Udirm6asczVWIVStM0no1VIZNAa3oF6F/RzcDVKtkJTw4KHrSX5LHiWW19pyB1fql2krTQ3Zfr0mZsUb/JMf2/yPqXQu9QYN8XrlicZ60LwFWFRNO2gscMqgHnNtdidk= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 896 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7035 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87343 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87343 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87343 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87343 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44863 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 943 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 943 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13081 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 944 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 944 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 944 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 944 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12443 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3552 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3552 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3552 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6113 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41147 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28760 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3ClosestEncloserIsDelegation b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3ClosestEncloserIsDelegation new file mode 100644 index 000000000..c29d41842 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3ClosestEncloserIsDelegation @@ -0,0 +1,535 @@ +#Date: 2015-01-06T22:35:28+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4332 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 +;; QUESTIONS: +;; 9.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300 +nsec3.ingotronic.ch. 300 IN RRSIG SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ= +NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 O275F9OLQ9HNCER7U4SMD4V8AG7IPML9 A NS SOA RRSIG DNSKEY NSEC3PARAM +NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150131235629 20150101233516 62417 nsec3.ingotronic.ch. xccCvQs/b3ndBUo6J2FbaCzDMg+LB1e4OWeI29VTBWcmfbuD3rZvneRdbA9B5AluJH1ar10xxdrt/+RSuhSWC70LswkdPDg4vshmCZMDeMCOJYFEkGR0UgcZUMynU6EewEDLVLgYtBkJmspeuZNMBMPk/ZUOolCElrkHfbUA1Cc= +5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 74SO0776K6C87EPASDU8QK8SROIK00KK NS DS RRSIG +5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. Fj0oqoPcn/OEnskMdbw0fTkESOsr6nyhXAqiB0BrGv+PIQEeYPguOFDKvV5CkHaoX+R1OrLHnbc3TFrgopy8cA/Uo3+YxNhIJn6tnm9ynyw7n6RoqWNsY6SYiCwM44Ea4sW7xcMmz8YUiPAJe+NrJYVoFnGjRbRWhLqI+q1iU3M= +L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT +L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1048 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52037 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87345 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87345 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87345 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87345 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8702 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 945 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 945 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51929 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 946 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 946 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 946 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 946 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20671 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3554 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3554 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3554 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65359 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8194 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59006 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12595 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 +;; QUESTIONS: +;; a.sub.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +sub.nsec3.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032916 300 60 864000 300 +sub.nsec3.ingotronic.ch. 300 IN RRSIG SOA 7 4 300 20150125015740 20141226005740 47588 sub.nsec3.ingotronic.ch. Bf4LTgw0NTtweK4jIpwJHZ1TXexTWKUsBz2jG0/tMeTkcIZOUNVFrOxBfSG6/bMDUA3jSbz5jJ1m9s65BST+KkUqQX+vcRTWQAZT3Hrl3Si82mC1pxOB/84yyR1C0AYrgx9LA+XMsXP1asYWpIHMK+r8A5SVkOyH4lbhqOieEi4= +8N8QLBCUIH7R2BG7DMCJ5AEE63K4KVUA.sub.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 11 4321 8Q9N8IJMR07MUTMO8TDS0N9UEQA8QVD9 A NS SOA RRSIG DNSKEY NSEC3PARAM +8N8QLBCUIH7R2BG7DMCJ5AEE63K4KVUA.sub.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 5 300 20150125013111 20141226005322 47588 sub.nsec3.ingotronic.ch. le09pR2JyiMdQqnRMEzP8x0R4TM2GEjW4KQ3H/rwewL6FZYuTUUtby44kqCAVS9pZ+bxKtT0A7F5RG06S2fwSx5OP62O6OFQoz/qmjc4ecsaciSMX+Rh3BbVSy8NyHoy0v2G9kAijyXrdz9xBSm/nRoS74RjL2mu7TPw/PTM3mI= +0NEGNVKPNDG8COAS7H0J86LJOO3HD9DA.sub.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 11 4321 4IGI4A0AMGQ33TEQ30KODCUNR3GUQ9PM A RRSIG +0NEGNVKPNDG8COAS7H0J86LJOO3HD9DA.sub.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 5 300 20150125010632 20141226002446 47588 sub.nsec3.ingotronic.ch. UTxl/DGaYhwIhPk3igVHrExeG7bWR9/rSEOa+qmijHN2h/MnA7vf40Egh1kzCE5IEMlWbJTyH7SQtcIBO+QNY5wcZIs1ROhGsLQCK03d8MhYZeWw16+8kPpnwV1ZskVVHJ355Sm6iMumxEPmjEzhpxeDAQ3A9SHBBBHPZ0gk0Ew= +DFLBG9075O3J47SUNJOFNAMQIE6355M6.sub.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 11 4321 FF6HDF6NIR1O4UO4N6BO1NT1P5BLEM45 A RRSIG +DFLBG9075O3J47SUNJOFNAMQIE6355M6.sub.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 5 300 20150125011509 20141226005740 47588 sub.nsec3.ingotronic.ch. LOf771yhl0XefM1p1t99S7KH4hiQaT78qev2VFkdgv9WN/w2JrZOkO0bx5ikNzt2MuELtdh8IDTP9KdRss9XsSEr7AIkKg0CN3oG6xxKgt+rrY5O+GfbvrgBFhn7H4JGTBlacnAnoMjreyCSxNtE1bHSIZOHOevkxZ4voFIQ0OQ= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1076 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13990 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87345 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87345 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87345 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87345 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22861 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 945 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 945 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62841 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 946 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 946 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 946 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 946 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7825 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3554 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3554 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3554 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54026 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8144 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65284 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2523 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; sub.nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +sub.nsec3.ingotronic.ch. 300 IN DS 14583 7 2 450CACC87D02E5FF421230909AA852C6FDD2687F884AA44254DD94DA85535077 +sub.nsec3.ingotronic.ch. 300 IN DS 14583 7 1 D51C5631497C1D29CA98691288D65554DC02748E +sub.nsec3.ingotronic.ch. 300 IN RRSIG DS 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. YaXJXminnSCzuVyXM/bgnRohbK4kN+wMi8/14ahyigDbBktZ0TWNv3PaYXRE5TFRrnmFRka0TEeCcU4HjQv1goi7BHXvn9VtoAlsi2NrboZOTYt5vo4cFhyPkBPajJWfKtQE4W4AW2CdW6736gKzevMGsJza0ZE+phasic+lwnY= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 315 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21959 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; sub.nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +sub.nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAaxrudePJ21EN1RmgBFOZJG5tL4EBLzvqDwCasrBCCd7A/4cXJ2hGXpWhfmGi6Jw0aE2H9DSQf3Tpky1gIijeq/bwfxT4QIbrfqOn9Qoo0eVhJ5eLadg91vD9zPu9LrsV66dn8WIoeHyXOW6jTweKRVvTg0y3RMgofQwKj4ZLQuD +sub.nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAfbT4DoA+kmKQSfhaS4IkklDaqgrxdD3OlrG9dctyUcoxignP3hChGSj9cX+ojrGakS4rI6H7oQVhPAdL2ZOr3mcrKgj52kwD+aAsW19nhS4aEahbseRm8Sq3ebt1zefQRezLrDC+3BPzeCMmuZe53bEN01BQpLwJHz86gtibPZ/xFkmSPIXK5AiqqGTULJRKFm8IqNVKvEwZ+OCiT5NH+Wfzidd+DfRjAD/N5TalP863+nZhp5TdoIPcQfxqrsYyv//UewvC/sijmw1uljwXncRNCA8nMKWKZwPFqJft7pGepRPvojSAmnPZjpHhZh+tHYMk4GQpACDJSF+9uCoOXM= +sub.nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 4 300 20150125004357 20141226000657 14583 sub.nsec3.ingotronic.ch. QbclcvQd9lPzpy8w1Z7g9jSeIHGMAwnHYf1wsi9w/dFaxOWnqKZxSkjbxu8JPq8WzDhGnXlCD/wksK7oAnvr1IStV4jSjh3JQ0JHlvy30c6n2ZEgN1Y6OlUTIH88eaEFEt8zykZKhMNPZcfhh+hqC7hl0oUzgZcA42Tn/U6JNz+DWfQBSJBmAUgzgQFcTnJkR/U9BRoCe19isbBXG2HwrmDNl3PYTudkeJTOEXSuKcTAUdV6twuZ7y+j7uWeqCkXRw9WBzAOQ/bH4x1JSGKt6OZOG5wJ2cdhBVHuR9hLfIJJau8ZgnKjKI2MQ3WWF23ZDMCBILsp3KFPUKEy3tZMKA== +sub.nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 4 300 20150125004357 20141226000657 47588 sub.nsec3.ingotronic.ch. KAsXqPyHIH2Y/iV8QR5JQ/EfUrVfxNeoaTYINar0gtvk84VThpsS/8lhpdwU9NbukXUyD0QZfQm+nF+WIFs4mYPU06tW2Nn0CHiPwBXdA8ZaApVasxbtCmk//BQi9LlRyMriylPUIZeUMLyTTisIffIdTuLBf9xhaYe81uZmpB8= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 970 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40054 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87344 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87344 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87344 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87344 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49011 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 944 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 944 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19308 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 945 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 945 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 945 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 945 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5655 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3553 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3553 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3553 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7346 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61808 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23642 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13871 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; sub.nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +sub.nsec3.ingotronic.ch. 300 IN DS 14583 7 2 450CACC87D02E5FF421230909AA852C6FDD2687F884AA44254DD94DA85535077 +sub.nsec3.ingotronic.ch. 300 IN DS 14583 7 1 D51C5631497C1D29CA98691288D65554DC02748E +sub.nsec3.ingotronic.ch. 300 IN RRSIG DS 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. YaXJXminnSCzuVyXM/bgnRohbK4kN+wMi8/14ahyigDbBktZ0TWNv3PaYXRE5TFRrnmFRka0TEeCcU4HjQv1goi7BHXvn9VtoAlsi2NrboZOTYt5vo4cFhyPkBPajJWfKtQE4W4AW2CdW6736gKzevMGsJza0ZE+phasic+lwnY= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 315 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39441 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; sub.nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +sub.nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAfbT4DoA+kmKQSfhaS4IkklDaqgrxdD3OlrG9dctyUcoxignP3hChGSj9cX+ojrGakS4rI6H7oQVhPAdL2ZOr3mcrKgj52kwD+aAsW19nhS4aEahbseRm8Sq3ebt1zefQRezLrDC+3BPzeCMmuZe53bEN01BQpLwJHz86gtibPZ/xFkmSPIXK5AiqqGTULJRKFm8IqNVKvEwZ+OCiT5NH+Wfzidd+DfRjAD/N5TalP863+nZhp5TdoIPcQfxqrsYyv//UewvC/sijmw1uljwXncRNCA8nMKWKZwPFqJft7pGepRPvojSAmnPZjpHhZh+tHYMk4GQpACDJSF+9uCoOXM= +sub.nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAaxrudePJ21EN1RmgBFOZJG5tL4EBLzvqDwCasrBCCd7A/4cXJ2hGXpWhfmGi6Jw0aE2H9DSQf3Tpky1gIijeq/bwfxT4QIbrfqOn9Qoo0eVhJ5eLadg91vD9zPu9LrsV66dn8WIoeHyXOW6jTweKRVvTg0y3RMgofQwKj4ZLQuD +sub.nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 4 300 20150125004357 20141226000657 14583 sub.nsec3.ingotronic.ch. QbclcvQd9lPzpy8w1Z7g9jSeIHGMAwnHYf1wsi9w/dFaxOWnqKZxSkjbxu8JPq8WzDhGnXlCD/wksK7oAnvr1IStV4jSjh3JQ0JHlvy30c6n2ZEgN1Y6OlUTIH88eaEFEt8zykZKhMNPZcfhh+hqC7hl0oUzgZcA42Tn/U6JNz+DWfQBSJBmAUgzgQFcTnJkR/U9BRoCe19isbBXG2HwrmDNl3PYTudkeJTOEXSuKcTAUdV6twuZ7y+j7uWeqCkXRw9WBzAOQ/bH4x1JSGKt6OZOG5wJ2cdhBVHuR9hLfIJJau8ZgnKjKI2MQ3WWF23ZDMCBILsp3KFPUKEy3tZMKA== +sub.nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 4 300 20150125004357 20141226000657 47588 sub.nsec3.ingotronic.ch. KAsXqPyHIH2Y/iV8QR5JQ/EfUrVfxNeoaTYINar0gtvk84VThpsS/8lhpdwU9NbukXUyD0QZfQm+nF+WIFs4mYPU06tW2Nn0CHiPwBXdA8ZaApVasxbtCmk//BQi9LlRyMriylPUIZeUMLyTTisIffIdTuLBf9xhaYe81uZmpB8= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 970 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3ClosestEncloserIsInsecureDelegation b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3ClosestEncloserIsInsecureDelegation new file mode 100644 index 000000000..42e525f34 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3ClosestEncloserIsInsecureDelegation @@ -0,0 +1,197 @@ +#Date: 2013-08-04T20:43:22+02:00 + +# This is data for a constructed test: when a zone switches from signed to +# unsigned AND a resolver incorrectly returns data from the delegation point +# (instead of from the delegated child), the zone must be treated as insecure + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52489 +;; flags: qr rd ra ad cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 162318 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 162318 IN DNSKEY 256 3 8 AwEAAcFTyWsmpTs49Q0FKVepUqft+7+c3elhdsfh+amh+orgWLcitLM1bBBiWe6eymWW0EakLZAG4tej28tyx4f+j37Q9VX+m5NAhO/Y0riQonVWfzxLGymx3Ti5x/x7VKvF5Y5hf5OWv2J7pvEumYFFCtu4glit9T9J85+i3UgqSHqf +. 162318 IN RRSIG DNSKEY 8 0 172800 20130814235959 20130731000000 19036 . UUzEZTh+YdFwAThMqKdbiTJYoOYY2FoAwFanVv47w2lc9NTTz7Fb6wtnj/rb47ZtAdIGcBAlh5AWz1UisSIxW1f3bLXdHyaS6YlAZ8shdw5VMktJXrFlnnu8ibOdA8yADMuLvUARHknh9Ri78Po4CwvEdMA+FYha1YyHgm7j0DeqI2ZuRNhXqjF6p+u4Z9zqXjIDq29pog2eZI0NDUQ0EMpLpDuo0PdbbGh7QRiRjeSJ/Oqfb6FrWCn4J14NS6CctKRaumyHiN+SsGx/W+fCsODLkRb0WAVaAIytzNYT8R666eui0c7hnI4imUDUOC0unyj/396zZ1YWHCUgAyJIGg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 736 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63054 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 75918 IN DS 22072 8 2 94E4C1E425B28150D8DD7C974E27E1A933C1D4B51E535177B52DFF3F807A8C94 +ch. 75918 IN RRSIG DS 8 1 86400 20130811000000 20130803230000 49656 . oyIAnRmpT1taLwIrZg0/WV3iqMBiWSNjIAXWZkoO9wp+cr0kMeVcrhrXYHAOTqGsL301YtMAT43BAPq9Cq0CZ4sD5K6OFOzo284SigLicuuWo0eEakJFdeYObB/+9wOERyN4iMVryjIl7GMz3D+UgLWrYMWWDDyVbmAm7ZY/3zs= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1681 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 75919 IN DNSKEY 257 3 8 AwEAAeP0/M59JL65K0YWD0W+8k8x1T79hM4W2pi7cx0CxQULRd3udQnf/8ymUbKsPfVDMCXLQwW2evWHRu4B/OKnkRzDQsev7prdJ5UxAHWF4oFsWpGYx+A7WbqllTlmMFkV8bNz6TW6Trl4+RaLirt3ofRUFrJKyKCyNCKkxbtpFO6p6vP5K8V3CW854NndF3D/Xjz0s3nwd3dLwW3XVqi705mhJBvCSeorgsKMcY3PCBG6U5Twj/akb6P8I2nmoGsrIbtmvGk191zV5o4i8RTjk5DI6FcO5GL0J1w9sAiVYfXlN8wdyr90kqO6MGcvSQEItJCTaljyRT53bekbUhdRE50= +ch. 75919 IN DNSKEY 256 3 8 AwEAAaANwH4naX1c6xHWHYuFVHa7PLc9n7BPL8J3sa2LqKuQvQ1aTu3hIYAsO6c5wlDp4Pgw8HejPdEZC/VRBtHkXeWfe84IJ2731IQYjQGyD4rKq/L9VjD9bMlSjj6RtI7t4ItzEPlsSEEmEtXFLt8IDzq0xc2tQcec9PsfvvV5jIWN +ch. 75919 IN DNSKEY 256 3 8 AwEAAdmE6uljIBh3EdgS3jWT87HtnwhYwP/9/ciJH87VtWMSR8jtMqbr2CFWRFdO9sTIuQ27sOwYe24TXbHt2TBUR4EBiDuzVD+Oj7ikYK1hM0LslL0fYfCJZKVM2SCHnsdh2ExZda/o0v+HtVtRdL7MbTADGue+xGQg6MzvavRd8D2p +ch. 75919 IN RRSIG DNSKEY 8 1 86400 20130904100909 20130720090909 22072 ch. 1DIfkQfa6JMWoGs+y6vAwZ4F9Vf698b3hOpSgw3/Y3cdF/GqINRDQqiMi8OzGX5wV38QrBIG4wTCqHLB51VlHh2MHhU6F45eR/oA62LP6mmdIEuuG6hv2RuUj9S09r3eedr34ETjv8mRkydqekOFDqJaDG8t+B5EVku/94FU81x0pma05wEOvl5+IWQ62YqVuuzqd+Zz8+bObx5X74VAATC053XSftqbih0NJ65dWptOyyqs7MCvTXVpyWf5ipkfULexCWi9pjY7EuviTcJjdhwndiURl+uwMyzfMmf5XBREvJE03t/Cd1Xp9Ee3Iot2rXOpbQ83tUw3xqsgtGkfMg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34393 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3583 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3583 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3583 IN RRSIG DS 8 2 3600 20130831110238 20130801120230 27249 ch. rhEK+na/h6EbbDBbOCBb2igPPPnkwKqKsJ1tAn11PLrrOoXkJs3Ke9LM/y6vxebH03H4gCJtS8VAavyzKWM7tzeraZP1oWlK6g855PeAwGyGYxtT6JVvwlwaFXQqLVoLNJy60eTobRQyKy0OqdDRHm0W/frnPPkM/zXLTr5g9pY= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40418 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20130902082432 20130803075649 6031 ingotronic.ch. XYDiDlvzokZfrlCk+ZfvBof8cbStGsDqd8YCOtBf/rvnAOWTdV1LGQ1LxE64udTObpKM/+oRgCWFcULnajdwljH2vRw6ZnY/VQAE3QmyNNQHTCQYfOkoYGzUrOQZ9QwTFQaP7FXc/kx0pJwvswhg/cC1WFy/PEM3ydfzYBTSthFxs2G5ZbONUR30jVRq1fjBkjh/+ev6HQZAy8MfIZRM8AvIWEJUOEYJuP8pkwbJaE2Mp70aA6SYULVLLTY9g0LxwtLnv9SpdEOr4w2nz6BQ195BG4Ky6t5vQya2J3LAcpxovooopUMLfM3Tvwarr4Otz2HVAzn95UmA36h5Yvo+WA== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20130902082432 20130803075649 17430 ingotronic.ch. jwsrJ+V3kqYu2PTsgEokovbFlT+kLgTCPrw5iVXy5F+iTnwxUt5Mq+RkJ58nuKGdqjLTGZIjSybO1vVRdrMU7xyby17pSI1wc0TE5yeJnXhQQgYLh074bPvVfL4vzslX8Ab8U+JL5zo0/PnrVZhswjJLsrddpzlgGbkTQmcgKiM= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30648 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20130902081456 20130803072435 17430 ingotronic.ch. ma2SzHd/Al7dZdivV0/D0M616DPN5bYQmUJMERLum+Dhw38Rl2/KbeBUiFsfamyBFsNLuG272Q35rZlOn62tmko/ysg7vttsZwqDsXXurAz53k4+7OISHYJ2kDFaLRxa5rGoKreCQ+YmiCMGGKtuFTtyoZb36Sl3cXbAKJRhIL0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11577 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20130903154645 20130804144645 16758 nsec3.ingotronic.ch. emr2IJwIyRsu/o9tX2w3PLYc1Z4u3quRUBfbrWgTbMe02YpCDieyp7+f/IxmRspKvUpEIp+c0pcpIj0oHNL0ve2rfq9n5WPpwaYaJ3KycCFWF+iWwEAzzOyNdxdLwqsLdhN5rTX1lNTexak0czJXa7XXqiqdqLnfFr+xz610UfZ0R/dZdbdwsoUBrGd9bfTg6RCDzO2YJf6TKCT6Yn1s3fDnRYgb8RGCVOO0S6r38hqXxEqLoaNVnj8Qjd3pi1PpKnZf6/xrhV1+cJRoUtl7G1gK9aXwkn93KNqurrvialvw/0vP7OM1+WJauq2mXcdFQ8huQmCHRlm9QRWreorPxQ== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20130903154645 20130804144645 62417 nsec3.ingotronic.ch. kMYZ2Xsa+n2x9vmiOYIIZqBp5S5IIeZVd6CmQNWY0UeztIhAH1xM2XEAXPbAZ5GqXjwtvWIir4+5S/U0IS4PwNOcTmysOX/jrsZVDDwpoidBoxTjnvD30pqTH9RkuiK9t5FpQYxNLmF8B6T4hK01g+OXC80QzBX4LEu8O4KDJ+8= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14675 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 +;; QUESTIONS: +;; a.unsigned.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 S5OG9G30J61V17I3RN5MPOG1VDUL8TMS NS +S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20130903151143 20130804144753 62417 nsec3.ingotronic.ch. sgwh2RSVYzkVYQJUNd7y/yZZRIMpkscaTgKPFxBSSx+R0Qtl8gfCicRtM4C0XRtPEQdxXLAWGnh1YsqBASpMFNw6nlDBWNQpe6ctBLPLTLcNkCu6Yxi4Y6ouYAHlt/8rJy29mgyqZ1ViOVRAds+Oloomjvg/JDbiOZKw4c/Rsq4= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 105 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14675 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 +;; QUESTIONS: +;; unsigned.nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +unsigned.nsec3.ingotronic.ch. 300 DS 23829 7 1 902429770AEE28DCBC72350E8BC260AFF4F239C5 +unsigned.nsec3.ingotronic.ch. 300 DS 23829 7 2 20B0949D09A8FE56C33BE9835B46DE749598FFE20AB4897A1D2ACCCC94A96DF7 +unsigned.nsec3.ingotronic.ch. 300 RRSIG DS 7 4 300 20130903175754 20130804175754 62417 nsec3.ingotronic.ch. uERbvGIS0r3tBJy3rGBFc21bE6ySOCE48zhxgM0mJHj3Y4UzGuhSK14cR0cZpCcZXAIvSlYBsJ7UQOu4U6Flf6Ep/Wzm7iitfOvGYfROFrbHVLsDwH06l08UueFSQK8TfueiNo9D+glxhqercts30j6ZEYwcDXE+HcHnQrR7k+o= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + + +############################################### + +# constructed response here: the NSEC3 is from the delegating zone for the +# child zone +# hash(n=unsigned.nsec3.ingotronic.ch.,it=10,s=1234)=s4k4ekrnhmvobs9ff9m8v911bvl7nduf + +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14675 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 1 ad: 1 +;; QUESTIONS: +;; a.unsigned.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 S5OG9G30J61V17I3RN5MPOG1VDUL8TMS NS +S4K4EKRNHMVOBS9FF9M8V911BVL7NDUF.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20130903151143 20130804144753 62417 nsec3.ingotronic.ch. sgwh2RSVYzkVYQJUNd7y/yZZRIMpkscaTgKPFxBSSx+R0Qtl8gfCicRtM4C0XRtPEQdxXLAWGnh1YsqBASpMFNw6nlDBWNQpe6ctBLPLTLcNkCu6Yxi4Y6ouYAHlt/8rJy29mgyqZ1ViOVRAds+Oloomjvg/JDbiOZKw4c/Rsq4= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + + +############################################### diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3NodataChangedToNxdomainIsBogus b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3NodataChangedToNxdomainIsBogus new file mode 100644 index 000000000..bc96bb340 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3NodataChangedToNxdomainIsBogus @@ -0,0 +1,293 @@ +#Date: 2015-01-06T22:35:29+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4070 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; a.b.nsec3.ingotronic.ch., type = MX, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300 +nsec3.ingotronic.ch. 300 IN RRSIG SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ= +4FQSC7ORQNKH924CH6L2DOAISKM28080.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 5RFQOLI81S6LKQTUG5HLI19UVJNKUL3H A RRSIG +4FQSC7ORQNKH924CH6L2DOAISKM28080.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125000452 20141225235516 62417 nsec3.ingotronic.ch. CqoGO4BUVNtHXxUXDPRCTvVPGnqBDwrO8Uyw1NKGELf71x5TKQKFZCBmlT8G/aRgK5fu7xor/zldHS+6yR7nfHEwdW2Y+GzpUawe8ul8nL+Z8DNDFTuCxJtnoP82X0u/EsaT63RVPZAP94jFlvOpzr9NN/De33EcNdl7B/EB/J0= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 537 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56602 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87344 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87344 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87344 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87344 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12984 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 944 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 944 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38377 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 945 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 945 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 945 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 945 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43754 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3553 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3553 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3553 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10069 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38115 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25812 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56275 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87344 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87344 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87344 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87344 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43002 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 944 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 944 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4041 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 944 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 944 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 944 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 944 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1277 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3552 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3552 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3552 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3516 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25335 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44320 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3WithoutClosestEncloser b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3WithoutClosestEncloser new file mode 100644 index 000000000..d267da478 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3WithoutClosestEncloser @@ -0,0 +1,297 @@ +#Date: 2015-01-06T22:35:28+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10035 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 8 ad: 1 +;; QUESTIONS: +;; gibtsnicht.gibtsnicht.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032932 300 60 864000 300 +nsec3.ingotronic.ch. 300 IN RRSIG SOA 7 3 300 20150201003516 20150101233516 62417 nsec3.ingotronic.ch. RMXaAZCkydysBpA4+LWD2frs4CZH2FBxafAolq7MOG62Sw3ellwNcSIh2naMasviin2DU2BAzIYyFUqKJDbUqzTxZQjsM6d5LtgFy5iTNmWum6FnFP5Fz73Zs/9Q0LNEstR82MRRL8EDElADhFySAReavyT/vlSTScQGxx6slyQ= +NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 O275F9OLQ9HNCER7U4SMD4V8AG7IPML9 A NS SOA RRSIG DNSKEY NSEC3PARAM +NTV3QJT4VQDVBPB6BNOVM40NMKJ3H29P.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150131235629 20150101233516 62417 nsec3.ingotronic.ch. xccCvQs/b3ndBUo6J2FbaCzDMg+LB1e4OWeI29VTBWcmfbuD3rZvneRdbA9B5AluJH1ar10xxdrt/+RSuhSWC70LswkdPDg4vshmCZMDeMCOJYFEkGR0UgcZUMynU6EewEDLVLgYtBkJmspeuZNMBMPk/ZUOolCElrkHfbUA1Cc= +UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 0UPHA6GQV03I7D8EJUDKC30I0C6I1G1Q +UDUMPS9J6F8348HFHH2FAED6I9DDE0U6.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. XV2q9ufbwzauD/tmjb2EKsNBF+kHQYL0/MNb6ivY1oH9Q2hzQNPUuHkUl1db2erDFodPvspmDk6p6WOXoV6wmmaYhN+JI1TQKYYThsnKC1bkt1h6QyjwsDc12d8HVHOopvoXpaYWoV4bbghsAylGVqRjEYyt8JtR3BPfphehloU= +L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 ND3HQPFBN314KVB64L6T40JF75US8HKT +L40SJG7ANKROIHCT5RA6C8CTKJ91CD3N.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125005926 20141226002759 62417 nsec3.ingotronic.ch. v6NHEWwb2KxRGRPshC2KFoxJs4Mis3OmvncJmn5bIWBnzeTY4x75tsE4zlVPx9rp0rjmOAQsYn4KGtIFPUShDHNHy45qoOtKkvRzRgByx4K2l5Rq9OizQVYsEUUScXEYATilaDU9whifF0vPk7YPwFGRmiY3prCGAvY/jH4hQUM= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 1060 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48118 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87346 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87346 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87346 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87346 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30744 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 946 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 946 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54353 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 946 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 946 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 946 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 946 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39530 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3554 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3554 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3554 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14008 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26735 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46506 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51992 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87345 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87345 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87345 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87345 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56174 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 945 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 945 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29049 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 946 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 946 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 946 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 946 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11093 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3554 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3554 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3554 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 907 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 977 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37865 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsecEcdsa256 b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsecEcdsa256 new file mode 100644 index 000000000..c7dfe7398 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsecEcdsa256 @@ -0,0 +1,161 @@ +#Date: 2015-01-06T22:35:30+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12560 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 +;; QUESTIONS: +;; www.wc.nsec3-ecdsa256.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.wc.nsec3-ecdsa256.ingotronic.ch. 300 IN A 127.0.0.2 +www.wc.nsec3-ecdsa256.ingotronic.ch. 300 IN RRSIG A 13 4 300 20150125011638 20141226004859 11718 nsec3-ecdsa256.ingotronic.ch. hGzbQF4VEX6ElyuHpiWGZjbn3w4Kgs8JSd4gF1WhP1a6R+dXuV8MQiM6QGANd2w1ZsyTNcG48Oh6uDXbaydGNQ== + +;; AUTHORITY RECORDS: +nsec3-ecdsa256.ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +nsec3-ecdsa256.ingotronic.ch. 300 IN RRSIG NS 13 3 300 20150125011658 20141226003607 11718 nsec3-ecdsa256.ingotronic.ch. +4TGfjT5xeiYyaO4djJ7l8UieBWAS6xItC8o4gbz7aquazQs1soT+rAw1g+3c4K7XBc9BSfXwS4z0rqKpJ2IhA== +10VLR9985NIK55R4PDCL4C86BA92RJKP.nsec3-ecdsa256.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 31LKSGKTRGKLURR153AK64J90ET1Q7VS +10VLR9985NIK55R4PDCL4C86BA92RJKP.nsec3-ecdsa256.ingotronic.ch. 300 IN RRSIG NSEC3 13 4 300 20150125004222 20141226002655 11718 nsec3-ecdsa256.ingotronic.ch. o0DVYmgeaLhxcKdd5OwIV+aqYjiLwiqVh2AHUy8/GrvdegZSMuI8i7rzuxzmMvchyWYc+aqiIsdF5HfkbBeX+g== + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 732 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54921 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87343 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87343 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87343 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87343 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18027 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 943 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 943 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53874 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 944 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 944 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 944 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 944 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54600 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3552 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3552 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3552 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20701 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16374 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3-ecdsa256.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3-ecdsa256.ingotronic.ch. 300 IN DS 24801 13 2 88CCE5FCE4A356E10AD5ECA8EEED7EC8814277CE4791A94FE1A49B50BBB948FF +nsec3-ecdsa256.ingotronic.ch. 300 IN DS 24801 13 1 7E9B512FE0840FB596EA82894BA7FF4A7B052732 +nsec3-ecdsa256.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. f57P+OkQdUyTus3thb8doi0qQ3whVRetDl6Sj2joISJ+Hmc+uG5Vzw8GAbLow3yumIHMGg6D59h/IKbJi5BA6F/ivr+LxWUm3XbJhLhNZpN3Pn8w0FuciH5Afu8gp0ohzA2Jc1n6vNF1DF5KUMqyUUm/lJLlDHAH7qCSvcHt7mo= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 314 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27735 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3-ecdsa256.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3-ecdsa256.ingotronic.ch. 300 IN DNSKEY 256 3 13 TMiIf94UMj0oa7VwU25gnE4rxFs2nO/eSHFrR/juBKbk+bCgLHM4rKH4VvssNHmn5vvsvjuZtMtePwuS2YIm6w== +nsec3-ecdsa256.ingotronic.ch. 300 IN DNSKEY 257 3 13 Ten7/v9T+PaV9C9wWvFfxE/Yl9KVCMSWd+2a/hqDyNtywhcxr0yVBB9/QmM9Fl1vgaac6bZgGNEZWXptv1FXaQ== +nsec3-ecdsa256.ingotronic.ch. 300 IN RRSIG DNSKEY 13 3 300 20150125011658 20141226003607 11718 nsec3-ecdsa256.ingotronic.ch. Q4P4J3hiheLNMFxvOP9wKMwmtPT+0khpAmNZKh6sF68/O/S7TTAnpI8Ku13fNvJYFwL9buEl5aPe3tRAZHmZBw== +nsec3-ecdsa256.ingotronic.ch. 300 IN RRSIG DNSKEY 13 3 300 20150125011658 20141226003607 24801 nsec3-ecdsa256.ingotronic.ch. hXrbEWZUZlmf+sjRg0jx/sbolBLZ3Trd+F4Pf2iy9DTkCPSrHzWKKOoie/ovF1QLLETxmbqrXHSZBuJamlpoIg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 465 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsecEcdsa384 b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsecEcdsa384 new file mode 100644 index 000000000..76618b0c6 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsecEcdsa384 @@ -0,0 +1,161 @@ +#Date: 2015-01-06T22:35:31+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21233 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 +;; QUESTIONS: +;; www.wc.nsec3-ecdsa384.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.wc.nsec3-ecdsa384.ingotronic.ch. 300 IN A 127.0.0.2 +www.wc.nsec3-ecdsa384.ingotronic.ch. 300 IN RRSIG A 14 4 300 20150125000743 20141225234740 39491 nsec3-ecdsa384.ingotronic.ch. Yd8elljgUjLfYSy0rY7gBfttrig42BNNzSm1WhS5bmHzmJylFnRVM25b91yqAW2ccinrOcaNdIDE5bX9WXUPumLHJc5X/Kn1GIHCcQScoC0tr8BTD4526o79lVuVnTc4 + +;; AUTHORITY RECORDS: +nsec3-ecdsa384.ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +nsec3-ecdsa384.ingotronic.ch. 300 IN RRSIG NS 14 3 300 20150125005853 20141226004214 39491 nsec3-ecdsa384.ingotronic.ch. KIiuzqJsmy8xRJqdd7IvpBjQiUqiEPz5XxySWS8slHB3hmhW9fsdzjfHA15Z22lUoRIXYXGATOjZxfBntPPvtQ47TNq8qaxt8xxAkXNM9Xr/3kdMYctelGRW4Bu5Lzeo +BJF4RC63JPAP9OEN6NMVFBLTG3RT824D.nsec3-ecdsa384.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 EHFCGCNSUDQECLCVFJAKPSAPU6IJGP5D CNAME RRSIG +BJF4RC63JPAP9OEN6NMVFBLTG3RT824D.nsec3-ecdsa384.ingotronic.ch. 300 IN RRSIG NSEC3 14 4 300 20150125010505 20141226003022 39491 nsec3-ecdsa384.ingotronic.ch. nFYeW0c9S2OoiCWVishsl58AtLOYUSwDkNPpPaDYQm1i+Q0UdGOXnk+Yw9MiXj7wcvl1jaAkbMLAn6WaRocOdAQl2S7l2QN/6ZdX02y6yJPfRDIShYW2b+WSrbEG/fsr + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 836 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38908 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87342 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87342 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87342 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87342 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9434 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 942 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 942 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53000 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 943 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 943 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 943 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 943 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13857 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3551 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3551 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3551 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18602 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27656 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3-ecdsa384.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3-ecdsa384.ingotronic.ch. 300 IN DS 899 14 2 A5F35102F5DF2856F2003049D030740D4BAD1EEC72ACCC3402C279F873A34B5A +nsec3-ecdsa384.ingotronic.ch. 300 IN DS 899 14 1 29AA736895A3A3F8B3C5C0309C017EFF90FEB343 +nsec3-ecdsa384.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hJVcDnmPA0OetM2f8sbWmQXhvu0GfKQhR57a3OIMZwJRDScZ/hl15v2jMzPvekB+4hHn8Zf9akDzkrUcLFbCL+5VzXuXtjRElLHVvRN//8+xb5FF3gfKXy9SvrGnYsm8ZDjih1zS9mCI1n+krAdw2nDcOwWD6HCPW96yEtFocas= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 314 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28870 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3-ecdsa384.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3-ecdsa384.ingotronic.ch. 300 IN DNSKEY 256 3 14 68j+WI9Rs6vK68I0R3UqfzqUhloOrZFI6fn6AHRpPdinUmZ63ATp6K4jED8Bea7d6/96/vKCl6aUo8as7sNxtVcE7x93Htsz7JEV7a3tUtkam3C9YuC3m8+VdF35agSL +nsec3-ecdsa384.ingotronic.ch. 300 IN DNSKEY 257 3 14 hQcr8vExudFuOusjGrfTC5V4JecOJQ2/ahtNRqTpIVafQG+iZ9aiOeaHRmw6oIB7E/LJKtXr99PQwA4fqrxXlEbc+OhG8iSNgYD9LoG2psmpeoqyVsOY2bYmBw7XD2/c +nsec3-ecdsa384.ingotronic.ch. 300 IN RRSIG DNSKEY 14 3 300 20150125002339 20141225233316 899 nsec3-ecdsa384.ingotronic.ch. PO4InPbCNmcJ77b4heo/zQhqPx4/92RhBRDquDDp8TKYb57F86lZLnJX+YSnLx4ZTs/eCaWBwNBTiqN+XUKINBETCC2SD8ygYGmofmUANU9bZoOmB0DQ5xH+cpSuMUAR +nsec3-ecdsa384.ingotronic.ch. 300 IN RRSIG DNSKEY 14 3 300 20150125002339 20141225233316 39491 nsec3-ecdsa384.ingotronic.ch. DVa/mHiv5pYDvzC6jHY0d6i8gfKAZGzFttXizD2y9supRNiII5Ji9COjQ43aG7mcO2DI9VgUoRcd+XKdC5Nn/0t2y80G7Y3YsNpgZ4sKbxaHahxEZAxIqAUST1Rb3+Gy + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 593 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testTooLargeIterationCountMustThrow b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testTooLargeIterationCountMustThrow new file mode 100644 index 000000000..c3ac89419 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testTooLargeIterationCountMustThrow @@ -0,0 +1 @@ +#Date: 2015-01-06T22:35:28+01:00 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtilsPublicKeyLoading/testPublicKeyLoadingException b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtilsPublicKeyLoading/testPublicKeyLoadingException new file mode 100644 index 000000000..c5db4bfe6 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtilsPublicKeyLoading/testPublicKeyLoadingException @@ -0,0 +1,161 @@ +#Date: 2015-01-06T22:35:27+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7616 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 4 ad: 3 +;; QUESTIONS: +;; www.wc.nsec3.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +www.wc.nsec3.ingotronic.ch. 300 IN A 127.0.0.2 +www.wc.nsec3.ingotronic.ch. 300 IN RRSIG A 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. dIDse8tpnBhl5X20CZ5c8rO8cuj9dKMeA/qiyQYEqEFp1QnnVawapqDh1pCrJhBxcKnT7THqKSP6XpDIQA70jcHSecAVRqBZBA2coWZTSOi3dnsARJfIueh8kpsmtYsn6ejuG+7sroQKH9Niu4xoi433ez7Anr9itet9kAP9dmA= + +;; AUTHORITY RECORDS: +nsec3.ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +nsec3.ingotronic.ch. 300 IN RRSIG NS 7 3 300 20150125010458 20141226002309 62417 nsec3.ingotronic.ch. fl2Q0YQQ1TduolGLyQx8vGqSApoBbb6A+go5SLFBYQobrPfO/rb+SM8JvnlzNX/Xa7dRhDYrnfBTFUm1mCur9aIi34gu5UwDNQvt/GXY5dC3+DEy/28bTZ43UuCs+qGH9u9leFwGX4neFNl0s5B4RpxBN4is8dXMUvOda6QcsOw= +2HKTRIEPNUPMRM91OD7L5M677RDC4DFD.nsec3.ingotronic.ch. 300 IN NSEC3 1 0 10 1234 4FQSC7ORQNKH924CH6L2DOAISKM28080 CNAME RRSIG +2HKTRIEPNUPMRM91OD7L5M677RDC4DFD.nsec3.ingotronic.ch. 300 IN RRSIG NSEC3 7 4 300 20150125011553 20141226004758 62417 nsec3.ingotronic.ch. BXhW2wGFkkGdsdGKqFMr9QqwGrtCA56D8CH/CKjOn51Udirm6asczVWIVStM0no1VIZNAa3oF6F/RzcDVKtkJTw4KHrSX5LHiWW19pyB1fql2krTQ3Zfr0mZsUb/JMf2/yPqXQu9QYN8XrlicZ60LwFWFRNO2gscMqgHnNtdidk= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 896 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56906 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87346 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87346 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87346 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87346 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62181 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 946 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 946 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64065 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 947 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 947 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 947 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 947 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41647 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3555 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3555 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3555 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38680 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21506 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DS 16758 7 2 3C8DC02750A1636F829B45D6E6D642866768A9CD40A013AD9D25AB63734FFA13 +nsec3.ingotronic.ch. 300 IN DS 16758 7 1 1720FF268E09A2CB63805EC8782D10AAD20E12A5 +nsec3.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125011134 20141226002644 17430 ingotronic.ch. hNurzlGhlyHbSgezPDuhIrtN9ZMsMXZbKGc7HD5rUuM88wD3fM97NxdzF+2Hi1USvBZ5GsQv63L+lAzf+mFPBoPIFHtTiAv8up7kQKRKmi/EzzkCYd/CC4UYdDZbaUyv7esh7spSOGwjPJNdK831p+MgltoWaYtnSGVMgOKk5mc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 305 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34837 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; nsec3.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +nsec3.ingotronic.ch. 300 IN DNSKEY 256 3 7 AwEAAccAWxkTVGZ6UAp0VEozAlYpARhbh6Y6tYOl6Fg3UeBNFFtDQ9fTEEt1NkbnR9u8KkpVN6a67avlYiUN1egDqEwzDU7R1Rw+/USdhm2hqOARmmu3DBgjjX/iXjZLyv310cOGFJZ/smcodlDL4pDAAoPxh/qs6KEBaT0sc1KWcGq3 +nsec3.ingotronic.ch. 300 IN DNSKEY 257 3 7 AwEAAaBuJTf9oGyeTH3biUkAFLrsYrkodX1H7Snsui4XsDHFCBvs5XYacHbs0Jg0/O51KPjmNnjwMW8SSyDkKqYQ+9uYAf2EQ/pnD/VGQqnV2cw0Vwk/t0E2V4FUCju4pnAoyzZFZXGs1eWbX9JXu++b0Azp+ACq6485qJLzHhWDiIrPoK/SvdbFVRK4s+nPPJLH3NGBbtdz6kPq7aFWYBMoGeAZdN1wsQpcNWUo5eOmaJY53nMc7+rDpAyYlMe/FKwSZdX2ZDd63Qsa6Im4FVUJq/nWLq7tlQ/mWks15uDTQyJy/OWfA0ICCO4N9Fel9rThJNpJWEzOCblvZyBoy405kZk= +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 16758 nsec3.ingotronic.ch. mXi1ylDi8XkRPup+YlT8GPdYE+P7gb6+/VdAwtodI916IzrkGkOHOTLbnrbAqqJOh0HxVCYXdxovmEcbJKUFKwplrQg3XD7/9Sq4pKU1MhMFEGrm/QPkM4u0mgjQwyToDLGuPHuFyur3FSjO/n54uGhAEft9JOFk/WKtWdCnm2LLyQrpC6herA3efFaI8kZhdoEY02AwihWVJxHasmz7lOoKRgNrkfELU+fN4+V7ISsRfJMyZc6q5PuNeG6vFD0uNE8tpdLJCSMurKYVpelvYqzFIcRTYcIjXwmS+L3DGjupqWMzFZVmpQM62JG3KCCD0ffpnNb0nWoSoHwpSeh/3Q== +nsec3.ingotronic.ch. 300 IN RRSIG DNSKEY 7 3 300 20150125001457 20141226000444 62417 nsec3.ingotronic.ch. PyCrf8T5dAfJzapb1p+kcTALPjDuD2niSaXXo0KeHAunT+6gJicLML2S/ZpiYr7X7Ma4Z0TYqE02qH6pcLYNnSgv9BE8sZO0nRtPekSyTy5nLi4hFADYhjb3UjaB85qmQZcqm64vC/CJhWO4t6Eixg/5MYALw+Qdy5Fo0qy/U5E= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 958 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testAtLeastOneDigestSupportedWithOnlyNonDSRecords b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testAtLeastOneDigestSupportedWithOnlyNonDSRecords new file mode 100644 index 000000000..fcd07f72d --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testAtLeastOneDigestSupportedWithOnlyNonDSRecords @@ -0,0 +1 @@ +#Date: 2015-01-06T22:35:25+01:00 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testAtLeastOneSupportedAlgorithmWithOnlyNonDSRecords b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testAtLeastOneSupportedAlgorithmWithOnlyNonDSRecords new file mode 100644 index 000000000..f29ef16e1 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testAtLeastOneSupportedAlgorithmWithOnlyNonDSRecords @@ -0,0 +1 @@ +#Date: 2015-01-06T22:35:21+01:00 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testDsNoDataWhenNsecProvesDs b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testDsNoDataWhenNsecProvesDs new file mode 100644 index 000000000..d2184c3d7 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testDsNoDataWhenNsecProvesDs @@ -0,0 +1,239 @@ +#Date: 2015-01-06T22:35:21+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2340 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 +;; QUESTIONS: +;; sub1.ingotronic.ch., type = NSEC, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +ingotronic.ch. 300 IN NSEC alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY +ingotronic.ch. 300 IN RRSIG NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M= +sub.ingotronic.ch. 300 IN NSEC unknown-alg.ingotronic.ch. NS DS RRSIG NSEC +sub.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. bNZQZZypKi/2MlAYJ6h0W69GSCLxnkvq4cXdR5oBfvcGlvP5AMnuqqY0HwjByPHqg8TMn/lrlpoXPODAjeAadRD73F3GD1YgyWDr1eCeSGCIHisadDYpzdeqgQNHxYbz2UMtB5d/6Q/C4yyzWuxk3Rpwg+bV77yYlOjDxgVYMhg= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 705 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41220 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87352 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87352 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87352 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87352 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28241 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 952 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 952 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39612 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 953 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 953 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 953 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 953 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32740 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3561 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3561 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3561 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17983 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14892 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; sub.ingotronic.ch., type = A, class = IN + +;; ANSWERS: +sub.ingotronic.ch. 300 IN A 127.0.0.1 +sub.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150131215757 20150101212100 3600 sub.ingotronic.ch. n5sXfpaxmFD6fFEvMEW+DwUJSP3yshFzkbc6idvWENf2b7F90jp093w4y0YkYsG5fWroQvHCJAMnXbawOEfFWquLhVJc8HHvZDXUeQb55rFYg8qYd1fOoP7/Z5hbwBNLSCGn3JPjCRXVfnEa58lKARgr+KZ1gqI/2Dm+jOoZ2Uc= + +;; AUTHORITY RECORDS: +sub.ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +sub.ingotronic.ch. 300 IN RRSIG NS 5 3 300 20150131215757 20150101212100 3600 sub.ingotronic.ch. sXlfjCvwDECHOum9PfpnP+/d7A1MntO1H4jYBpsFvQru3YoR02TghQhoReszEeds39AUWJFT8u9Bk+OrKUS+Ubi6i+wbaiKFpoRHdzWDN3YFu3flRx+2chdVl9KkGywcYBi2j51iDWjKbWoCE3E1t7OoA/DBqSACyeLLsolagpY= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 623 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25278 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87352 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87352 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87352 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87352 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22717 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 952 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 952 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54290 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 953 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 953 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 953 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 953 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49739 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3561 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3561 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3561 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4917 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testHasSignedNsecsWithoutSignedSigsReturnsFalse b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testHasSignedNsecsWithoutSignedSigsReturnsFalse new file mode 100644 index 000000000..f29ef16e1 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testHasSignedNsecsWithoutSignedSigsReturnsFalse @@ -0,0 +1 @@ +#Date: 2015-01-06T22:35:21+01:00 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testLongestCommonNameRootIsRoot b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testLongestCommonNameRootIsRoot new file mode 100644 index 000000000..d6a19e510 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testLongestCommonNameRootIsRoot @@ -0,0 +1 @@ +#Date: 2015-01-06T22:35:24+01:00 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsLastAndQnameBefore b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsLastAndQnameBefore new file mode 100644 index 000000000..56fe87cf2 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsLastAndQnameBefore @@ -0,0 +1,217 @@ +#Date: 2015-01-06T22:35:21+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62178 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 +;; QUESTIONS: +;; zz.ingotronic.ch., type = NSEC, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +ingotronic.ch. 300 IN NSEC alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY +ingotronic.ch. 300 IN RRSIG NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M= +z.ingotronic.ch. 300 IN NSEC ingotronic.ch. A RRSIG NSEC +z.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. GGnZrgc0Q9aUOAh8w4G7j9GS2G2WcY16ZpETaX5J5x6ZshQGBgKzXDGo2A42YFLalrRas5h44O9qPMIWzwWlZMOB8vEoD+cWSjrBv/gQwzrCyxkBp4v3TLE9lFpvWwTqdKZO0MjrV37IRW91EFR4Mg2Nfb1CVDQaj67CT2ldYdo= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 689 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19186 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87352 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87352 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87352 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87352 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46485 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 952 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 952 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54965 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 953 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 953 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 953 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 953 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18838 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3561 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3561 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3561 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26238 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57008 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87352 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87352 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87352 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87352 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44823 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 952 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 952 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29043 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 953 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 953 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 953 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 953 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62522 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3561 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3561 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3561 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24379 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsLastAndQnameDifferentDomain b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsLastAndQnameDifferentDomain new file mode 100644 index 000000000..652c4b6ce --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsLastAndQnameDifferentDomain @@ -0,0 +1,217 @@ +#Date: 2015-01-06T22:35:20+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3858 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 +;; QUESTIONS: +;; zz.ingotronic.ch., type = NSEC, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +ingotronic.ch. 300 IN NSEC alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY +ingotronic.ch. 300 IN RRSIG NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M= +z.ingotronic.ch. 300 IN NSEC ingotronic.ch. A RRSIG NSEC +z.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. GGnZrgc0Q9aUOAh8w4G7j9GS2G2WcY16ZpETaX5J5x6ZshQGBgKzXDGo2A42YFLalrRas5h44O9qPMIWzwWlZMOB8vEoD+cWSjrBv/gQwzrCyxkBp4v3TLE9lFpvWwTqdKZO0MjrV37IRW91EFR4Mg2Nfb1CVDQaj67CT2ldYdo= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 689 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2610 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87353 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87353 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87353 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87353 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41375 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 953 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 953 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28417 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 954 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 954 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 954 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 954 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7903 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3562 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3562 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3562 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25373 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32204 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87353 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87353 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87353 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87353 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47679 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 953 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 953 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14319 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 954 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 954 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 954 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 954 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59925 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3562 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3562 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3562 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34298 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsLastAndQnameIsZoneApex b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsLastAndQnameIsZoneApex new file mode 100644 index 000000000..cfb02359f --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsLastAndQnameIsZoneApex @@ -0,0 +1,217 @@ +#Date: 2015-01-06T22:35:25+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46196 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 +;; QUESTIONS: +;; zz.ingotronic.ch., type = NSEC, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +ingotronic.ch. 300 IN NSEC alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY +ingotronic.ch. 300 IN RRSIG NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M= +z.ingotronic.ch. 300 IN NSEC ingotronic.ch. A RRSIG NSEC +z.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. GGnZrgc0Q9aUOAh8w4G7j9GS2G2WcY16ZpETaX5J5x6ZshQGBgKzXDGo2A42YFLalrRas5h44O9qPMIWzwWlZMOB8vEoD+cWSjrBv/gQwzrCyxkBp4v3TLE9lFpvWwTqdKZO0MjrV37IRW91EFR4Mg2Nfb1CVDQaj67CT2ldYdo= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 689 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46226 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87348 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87348 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87348 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87348 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14685 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 948 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 948 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64652 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 949 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 949 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 949 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 949 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11788 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3557 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3557 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3557 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55534 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2043 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87348 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87348 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87348 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87348 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58372 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 948 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 948 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49750 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 949 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 949 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 949 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 949 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17160 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3557 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3557 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3557 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13681 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsNotFromApex b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsNotFromApex new file mode 100644 index 000000000..195cf70bd --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsNotFromApex @@ -0,0 +1,118 @@ +#Date: 2015-01-06T22:35:22+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22814 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; 1.www.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +www.ingotronic.ch. 300 IN NSEC z.ingotronic.ch. A AAAA RRSIG NSEC +www.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 477 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53508 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87351 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87351 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87351 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87351 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36666 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 951 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 951 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23619 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 952 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 952 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 952 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 952 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14849 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3560 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3560 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3560 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44885 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenResultIsFromDelegationPoint b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenResultIsFromDelegationPoint new file mode 100644 index 000000000..ca7e65cb6 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenResultIsFromDelegationPoint @@ -0,0 +1,217 @@ +#Date: 2015-01-06T22:35:24+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6532 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 +;; QUESTIONS: +;; sub1.ingotronic.ch., type = NSEC, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +ingotronic.ch. 300 IN NSEC alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY +ingotronic.ch. 300 IN RRSIG NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M= +sub.ingotronic.ch. 300 IN NSEC unknown-alg.ingotronic.ch. NS DS RRSIG NSEC +sub.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. bNZQZZypKi/2MlAYJ6h0W69GSCLxnkvq4cXdR5oBfvcGlvP5AMnuqqY0HwjByPHqg8TMn/lrlpoXPODAjeAadRD73F3GD1YgyWDr1eCeSGCIHisadDYpzdeqgQNHxYbz2UMtB5d/6Q/C4yyzWuxk3Rpwg+bV77yYlOjDxgVYMhg= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 705 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31146 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87349 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87349 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87349 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87349 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16372 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 949 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 949 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39104 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 950 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 950 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 950 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 950 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6834 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3558 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3558 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3558 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3299 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55115 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87349 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87349 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87349 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87349 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17514 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 949 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 949 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53512 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 950 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 950 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 950 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 950 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38139 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3558 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3558 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3558 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29757 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataOfDSForRoot b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataOfDSForRoot new file mode 100644 index 000000000..a7d447378 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataOfDSForRoot @@ -0,0 +1,41 @@ +#Date: 2015-01-06T22:35:22+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57811 +;; flags: qr rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; ., type = DS, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2015010601 1800 900 604800 86400 +. 10800 IN RRSIG SOA 8 0 86400 20150113170000 20150106160000 16665 . R9ZOwEb5fodQQNRl4WvguyqEzOxdNPQ18nI+0R5sB2JSqG4Qz45SwW+vfnFCF01UW43/GdEfGOScrYVP2UBM8F2WOM+tHMZN0t9BbP9uszTWhzdYNCl3UKYYJiB59b8HIhKXlERPVfW2UEgIiI2VajShJnUv67W8gQO56hgTNEE= +. 10800 IN RRSIG NSEC 8 0 86400 20150113170000 20150106160000 16665 . wlEpGn1C8YZzJjIrlJp/GSud5FuLAZZj9C54DrKEl9gELWeIFJgLwkI1tcH4EhabbsNScB7SPOmVmnLkuM4Q6yJkmI1HXeBrddxniI2YEw+m9++/i19AqfDxuVYs52peKxXdEZ/sIS5JtDz3bdB44IAp2k1ue780z0xRV796vUk= +. 10800 IN NSEC abogado. NS SOA RRSIG NSEC DNSKEY + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 448 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65502 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87351 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87351 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87351 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87351 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataOnEntWithWrongNsec b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataOnEntWithWrongNsec new file mode 100644 index 000000000..7e3aa9a09 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataOnEntWithWrongNsec @@ -0,0 +1,217 @@ +#Date: 2015-01-06T22:35:23+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3464 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; alias.ingotronic.ch., type = NSEC, class = IN + +;; ANSWERS: +alias.ingotronic.ch. 300 IN NSEC a.b.ingotronic.ch. DNAME RRSIG NSEC +alias.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. mS+nh5skTxhOBdJlkwSGdrmhuA5FC9Am9emIhyIViET/1BoKotmbzLtfaBXAh2gRhcfDr+4OJJ6oyUcdMn/m4YG8NUsf4rAL92/YyxocUoF/oS8ZZv/BPXplCH5J4hsac+heElbPJ29v0kFVujErTaX/Ev0lYsUNI+9OmCrlQpk= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 640 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53101 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87350 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87350 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87350 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87350 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30899 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 950 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 950 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8785 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 951 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 951 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 951 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 951 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18505 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3559 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3559 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3559 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8855 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41255 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87350 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87350 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87350 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87350 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43022 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 950 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 950 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46782 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 951 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 951 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 951 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 951 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9216 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3559 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3559 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3559 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20989 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenDSResultIsFromChild b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenDSResultIsFromChild new file mode 100644 index 000000000..67e087f24 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenDSResultIsFromChild @@ -0,0 +1,157 @@ +#Date: 2015-01-06T22:35:20+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6051 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; samekey.ingotronic.ch., type = MX, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +samekey.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032788 300 60 864000 300 +samekey.ingotronic.ch. 300 IN RRSIG SOA 5 3 300 20150205115016 20150106105016 17430 samekey.ingotronic.ch. QbR6Z1is3E2h59dciJcIMGEwjq6FT42BIWdZJx2yThVOEEkcqBRX3UrXsWeeByMoyj2zIvlje8zCTFIQWT5zG/4gvt6x1VAQjDL+SJ7ZzNMBUoX42ySyH1vCosPXCwUGpjp2ODNXMBVQ67+llUi+JC+jg6L3CLa3EP4K4fobRgA= +samekey.ingotronic.ch. 300 IN NSEC alias.samekey.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY +samekey.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150205112840 20150106102924 17430 samekey.ingotronic.ch. NSvTE2dxRxxbqpxBcLZw3UKLiK/GZhSnHIm8f7OV1oNepPdYEhKQ1h0ou/KCl4QlJ3pqJq/phwqpssclEcA3bebi5IBp7uDTU1s1lAvvBg0XtGd5Sody9LelOObAhNFAeBy8f7PyA3ORIstEBf2bJCJ5X/UmMcexq3G/RS+wMpc= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 508 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51124 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87353 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87353 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87353 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87353 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35150 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 953 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 953 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63134 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 954 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 954 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 954 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 954 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35961 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3562 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3562 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3562 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40209 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57689 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; samekey.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +samekey.ingotronic.ch. 300 IN DS 6031 5 2 DAFB8A4B65418C56F9BC6DE782EAE8C65F5F710A7AAA4E70A36E3E263028F01D +samekey.ingotronic.ch. 300 IN DS 6031 5 1 730C461CC98117784DC920C4FB19D284F22C1D64 +samekey.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. ABaSrSVKd/CoCD9HiieVOpexP9iUHLXFtrAG+1Q7iju4potpve5C30V9+XJoVsLhArQ90QcDspN95U45Qks4+r8S2MezBDM7jV5B34VGkrWb8+AltxqFg4bIl2VhGiwInW6KKVO161ZS76x5x2ssWhJzY8G8uC0LIxe10N7AfDc= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 307 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57832 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; samekey.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +samekey.ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +samekey.ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +samekey.ingotronic.ch. 300 IN RRSIG DNSKEY 5 3 300 20150205095731 20150106090229 6031 samekey.ingotronic.ch. LuUccRlxgSN+RaFn1OXEFuDOelKnTj40UbXtTRU3DSvw5CSIsFYW5tz2qFMc9TKdyfXct4tCs1IbaxOxDn2S7gLGC0fSQJhR5QJBt//+d9/bPsrbzWdbX1VjGjK0Ei/BQYlybmda7mIhZgdT6PzXu00zR9wenJuUBETR7Iq0j2JSaFdD/NOxDKrMybH6sioa/D/iUV7tCCgNStppcpCE4QHK9ZZLtmwdPe0ai1zpFlJIAqclJeYANoQuul/MbR5QlPz64oVYq30kHK/OMd9sJTOtpcYqBCaknUygHuWOEzzVz8w1pd6XVFknzOiduFRO5eMJ0Epmme2QSOxNPbKSSg== +samekey.ingotronic.ch. 300 IN RRSIG DNSKEY 5 3 300 20150205095731 20150106090229 17430 samekey.ingotronic.ch. Nnz0tzShNXJ5ypcEiLZ4Ky/dY2JULHptYl6G2wWkjZ2R98N3wDJkXQQN2XolOGwBmNyfdMAcI8AVL9SD1oRUmWPnj4yFBu5uS4qR037DsJYEz6pq4t8U0P7O+8Pnkvq/tFMLXE9E17CoWfLRhrqTq7U5kYYn/x0yIXpY0S6M1bA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 964 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenNsecHasCname b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenNsecHasCname new file mode 100644 index 000000000..e9230ae3e --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenNsecHasCname @@ -0,0 +1,217 @@ +#Date: 2015-01-06T22:35:23+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50344 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; csigned.ingotronic.ch., type = NSEC, class = IN + +;; ANSWERS: +csigned.ingotronic.ch. 300 IN NSEC cssub.ingotronic.ch. CNAME RRSIG NSEC +csigned.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. BCAjQxw7Hn8eMh8JNtWlHkprUpQPqCMa9Xca1SQTbgrkuKU6wPOd0tyvqZQZwXh90x54t/Z3OjFvT25Iqf3RSJ5T/1iJHUwdOlB5yHqc/c7E8yUs1cqSNf6ccXotsFJzXTLlpmrPzP7mjG5lpyGcN/hmXVWiMcq4SCeapRI19C4= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 644 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38761 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87350 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87350 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87350 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87350 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7194 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 950 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 950 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39259 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 951 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 951 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 951 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 951 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29906 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3559 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3559 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3559 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44555 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53393 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87350 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87350 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87350 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87350 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59544 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 950 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 950 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21621 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 951 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 951 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 951 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 951 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21667 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3559 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3559 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3559 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13905 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenNsecProvesExistence b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenNsecProvesExistence new file mode 100644 index 000000000..16d480986 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenNsecProvesExistence @@ -0,0 +1,217 @@ +#Date: 2015-01-06T22:35:25+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41730 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; www.ingotronic.ch., type = NSEC, class = IN + +;; ANSWERS: +www.ingotronic.ch. 300 IN NSEC z.ingotronic.ch. A AAAA RRSIG NSEC +www.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125012443 20141226010256 17430 ingotronic.ch. fMbLmn92jrN7YeM4XWcq7/kKLiPB3Ll4yQSLiPRWQw79ZVeNJMkqEqdstEnnTyKu/hAId6YpvMKsJnIfCTVyoO75i6CaEKXOpvf9AT7TstEUj0YKjp4vWvcNs2F2144nrnqnaVFX8ZTxnUV50R+/AsqtKA+2/Tky6SlNhzeWVMI= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 636 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8881 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87348 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87348 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87348 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87348 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59326 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 948 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 948 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48712 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 949 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 949 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 949 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 949 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54200 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3557 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3557 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3557 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27755 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48898 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87348 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87348 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87348 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87348 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10818 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 948 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 948 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44946 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 949 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 949 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 949 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 949 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50782 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3557 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3557 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3557 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8263 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenResultIsFromDelegationPoint b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenResultIsFromDelegationPoint new file mode 100644 index 000000000..9cd1d0f95 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenResultIsFromDelegationPoint @@ -0,0 +1,373 @@ +#Date: 2015-01-06T22:35:22+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57267 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 6 ad: 1 +;; QUESTIONS: +;; t.ingotronic.ch., type = A, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032762 300 60 864000 300 +ingotronic.ch. 300 IN RRSIG SOA 5 2 300 20150125021244 20141226011244 17430 ingotronic.ch. WDLpp9G0P/rlMBfpFn9sAfpEFoBnQfwyGSXbGCc/LG1FSkJoKLDQYDY696scLNsJgkrzZeJrl0oSSvA8AvRUhYRrmuqWMxTVFgYlRwPwqEMCKUqiVhKGVF4NYemoBiUQC4nJwBZd57xKCiF4AQ4CodBtiZxefJFAlTNE0g2yxtM= +ingotronic.ch. 300 IN NSEC alias.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY +ingotronic.ch. 300 IN RRSIG NSEC 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. en5BaZ6zWqEvoUFUDPm5g1pjz7THXBv/1kjKtV2tS+7xh0BtkLEzlA9n/H66ZZAX2EIh7vXj12xVJKOuEuM0o1mJwKsBaLQuTra60/zYAUIddwUOCzI3zzjiRFklPyHSnLkGoBODZcvehnsTzTPyBxkfoouleqpj7gN5jOSBL8M= +sub.ingotronic.ch. 300 IN NSEC unknown-alg.ingotronic.ch. NS DS RRSIG NSEC +sub.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. bNZQZZypKi/2MlAYJ6h0W69GSCLxnkvq4cXdR5oBfvcGlvP5AMnuqqY0HwjByPHqg8TMn/lrlpoXPODAjeAadRD73F3GD1YgyWDr1eCeSGCIHisadDYpzdeqgQNHxYbz2UMtB5d/6Q/C4yyzWuxk3Rpwg+bV77yYlOjDxgVYMhg= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 702 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8953 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87351 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87351 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87351 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87351 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17144 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 951 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 951 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3356 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 952 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 952 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 952 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 952 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62665 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3560 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3560 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3560 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43084 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48797 +;; flags: qr aa rd ra cd ; qd: 1 an: 0 au: 4 ad: 1 +;; QUESTIONS: +;; sub.ingotronic.ch., type = MX, class = IN + +;; ANSWERS: + +;; AUTHORITY RECORDS: +sub.ingotronic.ch. 300 IN SOA ns1.ingotronic.ch. admin.ingotronic.ch. 2013032794 300 60 864000 300 +sub.ingotronic.ch. 300 IN RRSIG SOA 5 3 300 20150201081246 20150102071246 3600 sub.ingotronic.ch. iyj09Qcj7m6Eec8MbAZiQW0sPEzTCtrulsANwrkOvg6wMTcKZt+EDaGRxdp0+6PcAURD60WP5PdKojY2qqN0th49nxA02e7d8xqlYDlD4B3svbviaf16p5AT012mFQ7JUSNQMgkj/4HznmfQtvpKjX+GHvlCBKKXbBKPFXKu77w= +sub.ingotronic.ch. 300 IN NSEC alias.sub.ingotronic.ch. A NS SOA RRSIG NSEC DNSKEY +sub.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150201075325 20150102071246 3600 sub.ingotronic.ch. Mm93ERE64aeLL7go+Dc0oamkdUWUAFe0zWDP1yYv1Zo+bVlk8WPxGdaT7soi/42qJZ27KMuYJBDgyy2GaapMbTgtLUcIwIp8fCtweVwoOSMs4jHCCmGNX6imjQR/xzx9Df0xYBYJNm3glN8qawn06tgpiG9zOqIQUcURr2E5lbo= + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 492 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49848 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87351 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87351 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87351 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87351 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14757 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 951 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 951 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38755 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 952 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 952 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 952 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 952 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45312 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3560 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3560 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3560 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36026 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55654 +;; flags: qr aa rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; sub.ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +sub.ingotronic.ch. 300 IN DS 42976 5 2 C54339C4B4EAACF8643D8FAE6C57836F8207F8D82088F1C51AF100123D2A42EF +sub.ingotronic.ch. 300 IN DS 42976 5 1 E638863370B9DE424C31CA03B99CCED96027B88C +sub.ingotronic.ch. 300 IN RRSIG DS 5 3 300 20150125004144 20141226003211 17430 ingotronic.ch. m1gkZjYlA6aeCibofiRybFhOLgRvP+UG5nzWjH4yfzjPnfODRqo8TkEbRc1wUS1etARSq9TrsCjlWSKdn3JBdQfi0uGa27lLproj6oHi1+enh+OKIjFRxScP1bPPcbCALRFOeIp9JA1TEAGsyn+pWSwRF/wpEfrTTbOj94tsxX0= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 303 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7891 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; sub.ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +sub.ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAbVAfHflzOy0uICze0QDBfbrZrU1UN1LNc5D987u8qhP9Vz2pd4yb3rSLOuH9hG7ouAkI63qmtmq6TP71jRXyHr4F9/ZbD3hzhCkyXdo+KaPO70VXWtdIZUom5WuA92pzTB/WuiaWJ217SUeRXU9e4NwrpbDINd6sXcb+sBEFDRt0d/VbwAxa7vo8fl5qOmr/PzD7FoKFTnTWTfUduRsHMdlyYY+j8JfikDdTdeRuYuHzUCO3q3BcUEHrBnKE87JtEM0TQnDSe9OaLFxYARq+LMdHY2P/OZP8nWStSnB8d3E7Sc/FEOQZ9xKkmh1japxgoStjcnBKvz53DmwIXcvcRc= +sub.ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAcsnnxVGj8qUAxBox/LKOrpdJG0S8Zfn/mMl+f52Odke62Et5blo+jrbXiOWa6+AlASOMYprqpaZ32b16UvtsuqruErqwy+M427TVTmG6LXEDe7rCNrJF0tIesQpwkA8WjlTRE2bcVHTwARL//smGhTlE9WTPAQGDdXyTUWYr1rX +sub.ingotronic.ch. 300 IN RRSIG DNSKEY 5 3 300 20150131230442 20150101222529 3600 sub.ingotronic.ch. mPYA7Wo+MdzLLleV32ZvynRVzdnL97XgGqzeUPiI7LSXfaSEOtpoE3GeosbLIjGmZ42wLTYOXWm4YS/Mb9ctQGuNPQRMgQbVPkv/aOO6tX+Vqq1XJkKgdb7dRdvvs4jzjIOH/a++OpUy0EBKKioAkwKCrcTNqLkRQ0IkTyoaaCA= +sub.ingotronic.ch. 300 IN RRSIG DNSKEY 5 3 300 20150131230442 20150101222529 42976 sub.ingotronic.ch. Z2/JMubvx8hgfIzmvmXVSfe/qCbZZ3XlJsj3ZrAa8+izrRODKYrGVOtJ+ONPOwid6NQN40yizJoxNFfvkDDqUiZJO6vpb9FmStj034RD1hfC/7qsLoCdOLkLoQwrQDoYTIwLywpsduCW83JzbGBzzCkC9+aoFPVXIkcGUqoQCdYB5OXzF9/2uWq8tD7AQ6t5MzPeMJC+VcNOjqBPRkunl27yUreNt1Nb65C38S72DAJNzAZIZqj1A8jZ6tk0fdixmZ+KWelP8S9SW2TpeGxwJ4kbHJJ+vSo7dkqRtnIYv4GPW6Xp3GH1oErTMGeqp9mquQ6n6jWP6ejlwc6puMxjNQ== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 952 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41767 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87351 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87351 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87351 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87351 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49409 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 951 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 951 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35186 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 951 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 951 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 951 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 951 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23542 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3559 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3559 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3559 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19631 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenWcNsecIsForDifferentName b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenWcNsecIsForDifferentName new file mode 100644 index 000000000..f7d3a99d9 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenWcNsecIsForDifferentName @@ -0,0 +1,217 @@ +#Date: 2015-01-06T22:35:19+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53349 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; *.c.ingotronic.ch., type = NSEC, class = IN + +;; ANSWERS: +*.c.ingotronic.ch. 300 IN NSEC cfailed.ingotronic.ch. A RRSIG NSEC +*.c.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. Lf7FP3WsqHc3SUznxjp367ehSI5mcUE7OzvHQj68BfC77FPylpt3YLtyirEZVjVKPjQ6maarQakizn6u7KFf1jFr2kGpS1rZCvyfAxGX6wwIZK/Wf0lfhP0IquQd+kX2OlmRbbemFI/lFG72NAcB+19t8tcwV5k6ADkxC2L6o/4= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 642 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28003 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87354 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87354 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87354 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87354 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3842 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 954 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 954 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64566 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 955 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 955 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 955 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 955 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53409 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3563 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3563 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3563 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18388 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40922 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87354 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87354 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87354 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87354 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2222 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 954 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 954 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2371 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 955 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 955 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 955 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 955 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39664 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3563 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3563 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3563 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2175 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenWcNsecProvesCname b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenWcNsecProvesCname new file mode 100644 index 000000000..1eeccc116 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenWcNsecProvesCname @@ -0,0 +1,217 @@ +#Date: 2015-01-06T22:35:20+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16955 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; *.cwv.ingotronic.ch., type = NSEC, class = IN + +;; ANSWERS: +*.cwv.ingotronic.ch. 300 IN NSEC *.d.ingotronic.ch. CNAME RRSIG NSEC +*.cwv.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125021136 20141226011244 17430 ingotronic.ch. BCuqOula4CbP7OMTfAcntmW8o/Irr0N4NOcG7h7AH+Z+1YBJmITWukLUL8iEmC5UnEXTi807YiCnv0Fp2qKyIxSO7x4Kfpb/smHQC1zgeCdfkiyXOIj9iePyizW0/7jJTTY0DQzDF0fPe5t393eS4qSDiwHSnFqsDN+jKPtR5A0= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 640 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7189 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87354 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87354 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87354 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87354 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24849 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 954 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 954 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49755 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 955 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 955 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 955 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 955 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37764 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3562 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3562 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3562 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58114 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48146 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87353 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87353 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87353 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87353 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59133 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 953 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 953 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61813 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 954 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 954 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 954 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 954 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12624 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3562 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3562 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3562 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55368 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenWcNsecProvesType b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenWcNsecProvesType new file mode 100644 index 000000000..2c185a86d --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenWcNsecProvesType @@ -0,0 +1,217 @@ +#Date: 2015-01-06T22:35:24+01:00 +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54210 +;; flags: qr aa rd ra cd ; qd: 1 an: 2 au: 2 ad: 3 +;; QUESTIONS: +;; *.c.ingotronic.ch., type = NSEC, class = IN + +;; ANSWERS: +*.c.ingotronic.ch. 300 IN NSEC cfailed.ingotronic.ch. A RRSIG NSEC +*.c.ingotronic.ch. 300 IN RRSIG NSEC 5 3 300 20150125000532 20141225234703 17430 ingotronic.ch. Lf7FP3WsqHc3SUznxjp367ehSI5mcUE7OzvHQj68BfC77FPylpt3YLtyirEZVjVKPjQ6maarQakizn6u7KFf1jFr2kGpS1rZCvyfAxGX6wwIZK/Wf0lfhP0IquQd+kX2OlmRbbemFI/lFG72NAcB+19t8tcwV5k6ADkxC2L6o/4= + +;; AUTHORITY RECORDS: +ingotronic.ch. 300 IN NS ns1.ingotronic.ch. +ingotronic.ch. 300 IN RRSIG NS 5 2 300 20150125000532 20141225234703 17430 ingotronic.ch. VuzVJM3McSHlcdngCG/G23zCikq8tXE0CZV2ZSgUFXXFMIEoM6PMi1QRQ/8VF3tee4WGpRx2jhtkui0wFRFfwIhW7G1uPDT4qogaR3KLIyuCEsMxhRH3WJZNrLmLqlSBGvd9OBJwbmryqm3Zzqvrk+E+rh8OJeifnBBpHAX4eHg= + +;; ADDITIONAL RECORDS: +ns1.ingotronic.ch. 300 IN A 62.192.5.131 +ns1.ingotronic.ch. 300 IN RRSIG A 5 3 300 20150125005754 20141226001054 17430 ingotronic.ch. fNG1RZM53pXwBxruHNaSZszxVzNLoCq8VZsTjAzYH2vSLzHXYVGJFTLIeY0K9APAdyJU8WuwmABmn7XY0Kg39kRG77uoFlqUws2PdTz2QKOwJGZY7W88Ak2Y9lkDBcK8o3wJHVptrT8R7p/1U7UfjF0kqPUkakk2B0EbFWdagFg= +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 642 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39900 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87349 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87349 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87349 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87349 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12390 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 949 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 949 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21937 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 950 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 950 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 950 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 950 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52675 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3558 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3558 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3558 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27862 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59857 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ., type = DNSKEY, class = IN + +;; ANSWERS: +. 87349 IN DNSKEY 256 3 8 AwEAAe3fSrbLBy3LOS7pnxEUhvPZTE2H5dIGsI/UfruI/nOEvWWa/PSX2BFedBkEqOlYdjdNF2f+6lmfk2Od/xu0v5bVqxFE+/24v3hZSlWBxvXzPTAGHrbW/IJYEPqlzVOAS4XdUgHg0N7IbLywNHMvB+Yf+Nm6ctyXXFLV4WTNnzs7 +. 87349 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 87349 IN DNSKEY 256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyssHw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkmlWs9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3avv+G7rh7 +. 87349 IN RRSIG DNSKEY 8 0 172800 20150115235959 20150101000000 19036 . i8cAxD2pvQi1oAyvQxRpDfFlbqPzW+69QQEsDwE1eWOm5AtawO9U7lmsGps7sy/fVNvl1ljKBj4Djp9pb3U2FLogjiIlW0cDAkPmLlG9t+b/pjEfBNlhjANUVN06pvQVAfm+LcF26EaWT6FlISBqb6jSy4BHRa3Bdc4Sx7+pRSYSqVVvYxLkfAWsKPqGkvWhebJDndJJV9syXQXgZ+v/uJ+6XOS43xkAdeL8iBzIs/FlwMTfh3tVe3d0lb65IBBLlCzeQuetX+0Vu1YFcnD0mHc/wS2ZnAV5toAFmyVQBoY/XAZiZeaOkcROJ6Zmqezy7liwK7BqsYyAZntMhk8lbg== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 883 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58740 +;; flags: qr rd ra ad cd ; qd: 1 an: 2 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DS, class = IN + +;; ANSWERS: +ch. 949 IN DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3 +ch. 949 IN RRSIG DS 8 1 86400 20150112170000 20150105160000 16665 . thY7xYWBBxiBjqbQIb9fAG4TmQgnziwM7q6P1T3/ITxmECdvOCQnnZA3uD7qmN8uM0HudsD7+y+zgD3rsH4RSTKdL4kHSI0OnCxToMTvklghEgFDezqIRm8NkWdI2H4Stwrj20nYKSpLQxPI2EE54gs18P3KyO8bAUYv8Qx73xU= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 238 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33518 +;; flags: qr rd ra ad cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ch., type = DNSKEY, class = IN + +;; ANSWERS: +ch. 950 IN DNSKEY 256 3 8 AwEAAcSLdT0fEmcFmLpeUkAJoeVaHKiu+nbuc43fWlqaCRVf8t2HA4uWxOk0O5ci9nrFTc8nq8oa5fk5Cj7CHh4yrX9qUCfTdIWTyp8BDEdJpS+Dyb0u9wQuVj+nQMj4fLzdQf4TJs3/qxuiLr3nL1UUwlhhXeqSqGVb7p3mtB5HJ8ad +ch. 950 IN DNSKEY 256 3 8 AwEAAcsg0kY6fw1wzYMhSAKTy+Y2JzAst66P/1odp9NECJJHbU8f4nwziI3onoFSBV0ZiSZhY1aH5dhdDZ7BkrqhVXSrZPAz0CvzjIxmB1gSOf9DeZvjQvoy97HqYolxsf+B3QQv2RKBT67elF5+JisKg3/dQISelKn8LhabSoVrMlD1 +ch. 950 IN DNSKEY 257 3 8 AwEAAb7GhhZ8IAy/AhwmSms5DeQK5ad09wIIplEpYoiAIYXPtJvT1ReFzyfTp/2YP+g/PWDwHPh4qKAHa9x0VgbIQcGAeNakmfkAdWEmCnca323/SAml3mwfaX62G7/uYWae5zh8QTxZKNd+K1yZ5x0IxnI31chSl5xymRbTEHYZDKwSIRFM3fTxUMt93WFaBVWELReYotJBr++rvAWdnlay5TPBTvheLBkaiqtgM4GP8HK07Y+86lsZnEsj5K3G1KTV5SPpa82rqYAwxG9VKbmSE/6/kBR5jJHjt1rRt5Oe7v18aEtw0YCEN4vxq+KuvMoNVqXUsE9LBwHJD+QNwi6wmB0= +ch. 950 IN RRSIG DNSKEY 8 1 86400 20150127100909 20141212090909 46375 ch. bT8q0FWyeMH0SulNo6UdIIgZYNATwYsee2bikq2Gh339Bufma8eaqWIPYT3XKmxYPBFOw0bVl+kLZxTwbR1CFoCDXoP+qgQhh4mf9qkNiv2CDSc+0FE3FRREn+DAhYTUEuB58FPiPakFB8s8O7T+k2qhDae7jy4/y7Jl1lnjaBY8s7bzOUPhF0KKCNZmvoKwtL23ZdVeTSV1xM3jkiNnpzBKbcoSWECSGJVp1SE0BnRXdwQP41YTXFZ0310YjaTAUCC5qbMIWdEkHjfdSQtKBImnc85mkapq9w++XQ4zhauPWBtrPV3CcoCahjUaWdjrKVkibomlJZaN8MEO23CfQw== + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 893 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60752 +;; flags: qr rd ra cd ; qd: 1 an: 3 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DS, class = IN + +;; ANSWERS: +ingotronic.ch. 3558 IN DS 6031 5 1 733D0218B571CD617B1A7493564B9FC4F12ADE82 +ingotronic.ch. 3558 IN DS 6031 5 2 4A948F2FDADA24686E473EDAC00DCF972584C75E3FAA92C2021B6221449FF87E +ingotronic.ch. 3558 IN RRSIG DS 8 2 3600 20150129033614 20150105123019 60789 ch. rVPJP2HhzW7OkroK2axFj5Lb4iVWCH8Fp/Iq1rF952NDo72b8RiKje2RaAKJAGQ+wd0YgE+PAej04GCmkhlDJA/zvPeeTxuhy3HbJzReMlQ7fjyH+wW1hli+FuIYvogXWf7nO/9VyPORt8X/f/pjrOr3Vlj9sGLN8TGYpEuVSw4= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 288 bytes + +############################################### + +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35134 +;; flags: qr aa rd ra cd ; qd: 1 an: 4 au: 0 ad: 1 +;; QUESTIONS: +;; ingotronic.ch., type = DNSKEY, class = IN + +;; ANSWERS: +ingotronic.ch. 300 IN DNSKEY 257 3 5 AwEAAeA1vzmjaB+eBAcvhzpKEgAEFpvQ1rg4uKDW6MsQtacKoqBpgyep2+LuWotz5p/xYxj3NGsArwN8Ad5cY0FHRr8miTT0elOv6nvlqGIfRuhj/BXAQ1x4ihpSFslHw0lJMYFwxsUZWpUyjWX/nv1xRZMMwF46gui0N4OEbyTYusCk77D+A71k+K0EAitFIbIH4GCUKmH1H7HmXhSVH9bN/n7KEGwW32lmsuuUcJoRKDkcUvbMXY/9Xoa2quERrUg/rBbDUHowRPjYDS5GzY1+f4YY8s40BufGiqyUTKKXL953MVFK8gmezXA0hbmrnZ7CBOw/7238mORAdzExaX8n7CE= +ingotronic.ch. 300 IN DNSKEY 256 3 5 AwEAAZ2Xh77GFzpEDx7EHYxShqltHgkiG+BOjBGifEmnJhQSdE5/yNSLFNcdhZZ8HUPxYnaedTqJcFFg4AzUsQklF/fECegTJdZjaj2WoL0/I8K7HMfY/hVuRZUWPNglYi8agJRX6gdkFTCpUNI7stpgKqxtzUJhhw15uG/lKMplwqUr +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 6031 ingotronic.ch. rs1QlP2SlSpA2ELbzwg3DgWLzXWL3Lpv6CUJE2Q0qH2Zp7Qdy3cD+ZEtNh9v24Qv1M6JJ3zFt8mmZoCeW2ycuMbJCqBkW9CBuwF+VznZvZY2MxwPipvhvEEGP//0M8YAZJ66yQPDv3PTdAP8FYbIrJyvY44vwyncwbslpfHT9jAsrbfr3vuMuWps86dnP462q+0s1TxBfqi8mzo3gdavjHKWVNwohLahLKT+tWeu6DSzQv0YwMjwtkLgF7QRgx3ctIIkloOrnx9nHH1N6y+hxEB89fOlyVDjHhgL5uVtsD5fEdT0FJ2Gc/2nShEMMqIwr1/J9kUq1mNySff/uEe65Q== +ingotronic.ch. 300 IN RRSIG DNSKEY 5 2 300 20150125003700 20141226001657 17430 ingotronic.ch. mEwZjhQqeWksWD0TCnNBrtce4YkWJL3edqL6PvAUu8Fn+Ih437kEs3+pqdkgRsdYQ9HW+lBm/8pWwJlNAv0bi9NykItXMwAUFtncgq+6Pnh3iAM972GXSa5VV4LcGQ5b8CBdHCHiEKDqyPv5Hr5QfYL/FQaWlcNRh4QZZlZNPFA= + +;; AUTHORITY RECORDS: + +;; ADDITIONAL RECORDS: +. 32768 CLASS4096 OPT ; payload 4096, xrcode 0, version 0, flags 32768 + +;; Message size: 940 bytes + +############################################### + diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNsecProvesNoDS b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNsecProvesNoDS new file mode 100644 index 000000000..4c9809e7f --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNsecProvesNoDS @@ -0,0 +1 @@ +#Date: 2015-01-06T22:35:22+01:00 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNsecProvesNoDSWithDSPresentForRoot b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNsecProvesNoDSWithDSPresentForRoot new file mode 100644 index 000000000..4c9809e7f --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNsecProvesNoDSWithDSPresentForRoot @@ -0,0 +1 @@ +#Date: 2015-01-06T22:35:22+01:00 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNsecProvesNoDSWithSOAForNonRoot b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNsecProvesNoDSWithSOAForNonRoot new file mode 100644 index 000000000..f29ef16e1 --- /dev/null +++ b/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNsecProvesNoDSWithSOAForNonRoot @@ -0,0 +1 @@ +#Date: 2015-01-06T22:35:21+01:00 diff --git a/src/test/resources/trust_anchors b/src/test/resources/trust_anchors new file mode 100644 index 000000000..0c7458509 --- /dev/null +++ b/src/test/resources/trust_anchors @@ -0,0 +1,3 @@ +. IN DS 19036 8 1 B256BD09DC8DD59F0E0F0D8541B8328DD986DF6E +. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 +. IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D diff --git a/src/test/resources/trust_anchors_dnskey_invalid b/src/test/resources/trust_anchors_dnskey_invalid new file mode 100644 index 000000000..4508bc175 --- /dev/null +++ b/src/test/resources/trust_anchors_dnskey_invalid @@ -0,0 +1,2 @@ +. 148029 IN DNSKEY 257 3 8 BwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= +. 148029 IN DNSKEY 256 3 8 BwEAAc5byZvwmHUlCQt7WSeAr3OZ2ao4x0Yj/3UcbtFzQ0T67N7CpYmNqFmfvXxksS1/E+mtT0axFVDjiJjtklUsyqIm9ZlWGZKU3GZqI9Sfp1BjQkhi+yLa4m4y4z2N28rxWXsWHCY740PREnmUtgXRdthwABYaB2WPum3yRGxNCP1/ diff --git a/src/test/resources/trust_anchors_empty b/src/test/resources/trust_anchors_empty new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/src/test/resources/trust_anchors_empty @@ -0,0 +1 @@ + diff --git a/src/test/resources/trust_anchors_invalid b/src/test/resources/trust_anchors_invalid new file mode 100644 index 000000000..b87b6dcb5 --- /dev/null +++ b/src/test/resources/trust_anchors_invalid @@ -0,0 +1,2 @@ +. IN DS 19036 8 1 B256BD09DC8DD59F0E0F0D8541B8328DD986DF6F +. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB6 diff --git a/src/test/resources/trust_anchors_test b/src/test/resources/trust_anchors_test new file mode 100644 index 000000000..1aa71b07e --- /dev/null +++ b/src/test/resources/trust_anchors_test @@ -0,0 +1,13 @@ +. IN DS 19036 8 1 B256BD09DC8DD59F0E0F0D8541B8328DD986DF6E +. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 +. CH DS 19036 8 1 B256BD09DC8DD59F0E0F0D8541B8328DD986DF6E +bla. IN DS 19036 8 1 B256BD09DC8DD59F0E0F0D8541B8328DD986DF6E +bla. IN DNSKEY 256 3 5 ( AQPSKmynfzW4kyBv015MUG2DeIQ3 + Cbl+BBZH4b/0PY1kxkmvHjcZc8no + kfzj31GajIQKY+5CptLr3buXA10h + WqTkF7H6RfoRqXQeogmMHfpftf6z + Mv1LyBUgia7za6ZEzOJBOztyvhjL + 742iU/TpPSEDhm2SNKLijfUppn1U + aNvv4w== ) +x. IN A 127.0.0.1 +x. IN MX 10 asdf.bla. diff --git a/src/test/resources/unbound/val_adbit.rpl b/src/test/resources/unbound/val_adbit.rpl new file mode 100644 index 000000000..f23760ccb --- /dev/null +++ b/src/test/resources/unbound/val_adbit.rpl @@ -0,0 +1,174 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator AD bit signaling + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD AD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +; ask from cache too +STEP 21 QUERY +ENTRY_BEGIN +REPLY RD AD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 23 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + + +SCENARIO_END diff --git a/src/test/resources/unbound/val_adcopy.rpl b/src/test/resources/unbound/val_adcopy.rpl new file mode 100644 index 000000000..604fd57f2 --- /dev/null +++ b/src/test/resources/unbound/val_adcopy.rpl @@ -0,0 +1,173 @@ +; config options +; The island of trust is at example.com +server: + #trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator AD bit sent by untrusted upstream + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA RA AD NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA RA AD NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA RA AD NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD AD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +; ask from cache too +STEP 21 QUERY +ENTRY_BEGIN +REPLY RD AD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 23 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + + +SCENARIO_END diff --git a/src/test/resources/unbound/val_anchor_nx.rpl b/src/test/resources/unbound/val_anchor_nx.rpl new file mode 100644 index 000000000..5d8855b8a --- /dev/null +++ b/src/test/resources/unbound/val_anchor_nx.rpl @@ -0,0 +1,220 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with secure proof of trust anchor nxdomain + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC +blub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854} +example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.sub.example.com. IN DS +SECTION AUTHORITY +example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC +blub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854} +example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION AUTHORITY +example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC +blub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854} +example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854} +ENTRY_END +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC +blub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854} +example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_anchor_nx_nosig.rpl b/src/test/resources/unbound/val_anchor_nx_nosig.rpl new file mode 100644 index 000000000..e0dc7d8ab --- /dev/null +++ b/src/test/resources/unbound/val_anchor_nx_nosig.rpl @@ -0,0 +1,218 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with unsigned denial of trust anchor + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC +blub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854} +example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.sub.example.com. IN DS +SECTION AUTHORITY +example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC +blub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854} +example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION AUTHORITY +example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC +blub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854} +example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854} +ENTRY_END +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NXDOMAIN +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC +blub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854} +example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_ans_dsent.rpl b/src/test/resources/unbound/val_ans_dsent.rpl new file mode 100644 index 000000000..09ce62169 --- /dev/null +++ b/src/test/resources/unbound/val_ans_dsent.rpl @@ -0,0 +1,247 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with empty nonterminals on the trust chain. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +328.0.0.194.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +328.0.0.194.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; responses to DS empty nonterminal queries. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +194.example.com. IN DS +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. host.example.com. 2007091980 3600 7200 1209600 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCOn5qKBIV7bwFMBA+Qqiblx0cylAhUAoFiGtFm2wHhJpq9MooTYdeVw45s= ;{id = 2854} + +; This NSEC proves the NOERROR/NODATA case. +194.example.com. IN NSEC 0.0.194.example.com. A RRSIG NSEC +194.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDcoKl74U9FjsuYF3Vc0E8GQ2GgzAhUAhlyhO2MMcAWQMxIhEZ4MguokN5g= ;{id = 2854} + +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +; this should be NOERROR. +REPLY QR AA NOERROR +SECTION QUESTION +0.194.example.com. IN DS +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. host.example.com. 2007091980 3600 7200 1209600 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCOn5qKBIV7bwFMBA+Qqiblx0cylAhUAoFiGtFm2wHhJpq9MooTYdeVw45s= ;{id = 2854} + +; This NSEC proves the NOERROR/NODATA case. +194.example.com. IN NSEC 0.0.194.example.com. A RRSIG NSEC +194.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDcoKl74U9FjsuYF3Vc0E8GQ2GgzAhUAhlyhO2MMcAWQMxIhEZ4MguokN5g= ;{id = 2854} + +ENTRY_END + +; response for delegation to sub zone. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +328.0.0.194.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +0.0.194.example.com. IN NS ns.sub.example.com. +0.0.194.example.com. 3600 IN DS 30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c +0.0.194.example.com. 3600 IN RRSIG DS 3 5 3600 20070926135752 20070829135752 2854 example.com. MCwCFC9GIqtp/103hktw6bPpD83gr+0iAhQ8yev2yUaR9l64rYBUYTJqOoTKdw== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response for delegation to sub zone +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +0.0.194.example.com. IN DNSKEY +SECTION ANSWER +SECTION AUTHORITY +0.0.194.example.com. IN NS ns.sub.example.com. +0.0.194.example.com. 3600 IN DS 30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c +0.0.194.example.com. 3600 IN RRSIG DS 3 5 3600 20070926135752 20070829135752 2854 example.com. MCwCFC9GIqtp/103hktw6bPpD83gr+0iAhQ8yev2yUaR9l64rYBUYTJqOoTKdw== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END +RANGE_END + +; ns.sub.example.com. for zone 0.0.194.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +0.0.194.example.com. IN NS +SECTION ANSWER +0.0.194.example.com. IN NS ns.sub.example.com. +0.0.194.example.com. 3600 IN RRSIG NS 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. KXDA+/PJAE+dXhv6O6Z0ZovDwabSRJcIt+GT5AL6ewlj46hzo/SDKUtEhYCeT1IVQvYtXrESwFZjpp7N0rXXBg== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + + +; response to DNSKEY priming query +; 0.0.194.example.com. 3600 IN DS 30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +0.0.194.example.com. IN DNSKEY +SECTION ANSWER +0.0.194.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +0.0.194.example.com. 3600 IN RRSIG DNSKEY 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. fSmc7ef6NwbDXC0o4wPc/aa8LakW5ZJwEZ4xPYl3tTZKmPNM7hPXskl1tFlvst9Va4u37F62v+16trprHb+SCQ== ;{id = 30899} +SECTION AUTHORITY +0.0.194.example.com. IN NS ns.sub.example.com. +0.0.194.example.com. 3600 IN RRSIG NS 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. KXDA+/PJAE+dXhv6O6Z0ZovDwabSRJcIt+GT5AL6ewlj46hzo/SDKUtEhYCeT1IVQvYtXrESwFZjpp7N0rXXBg== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +328.0.0.194.example.com. IN A +SECTION ANSWER +328.0.0.194.example.com. IN A 11.11.11.11 +328.0.0.194.example.com. 3600 IN RRSIG A 5 6 3600 20070926135752 20070829135752 30899 0.0.194.example.com. chZW77mqywhw/4ch6BxXQ4EbFgb9zgh2xF75FLlKq/7ey6CfHSJRpJRjRqtMTn+1i18UL2B4nPS/WnK5DZeqlA== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +328.0.0.194.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +328.0.0.194.example.com. IN A +SECTION ANSWER +328.0.0.194.example.com. 3600 IN A 11.11.11.11 +328.0.0.194.example.com. 3600 IN RRSIG A 5 6 3600 20070926135752 20070829135752 30899 0.0.194.example.com. chZW77mqywhw/4ch6BxXQ4EbFgb9zgh2xF75FLlKq/7ey6CfHSJRpJRjRqtMTn+1i18UL2B4nPS/WnK5DZeqlA== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_ans_nx.rpl b/src/test/resources/unbound/val_ans_nx.rpl new file mode 100644 index 000000000..48f4527df --- /dev/null +++ b/src/test/resources/unbound/val_ans_nx.rpl @@ -0,0 +1,249 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with DS nodata as nxdomain on trust chain +; This is a bug in ANS 2.8.1.0 where it gives an NXDOMAIN instead of +; NOERROR for an empty nonterminal DS query. The proof for this NXDOMAIN +; is the NSEC that proves emptynonterminal. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +328.0.0.194.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +328.0.0.194.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; responses to DS empty nonterminal queries. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +194.example.com. IN DS +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. host.example.com. 2007091980 3600 7200 1209600 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCOn5qKBIV7bwFMBA+Qqiblx0cylAhUAoFiGtFm2wHhJpq9MooTYdeVw45s= ;{id = 2854} + +; This NSEC proves the NOERROR/NODATA case. +194.example.com. IN NSEC 0.0.194.example.com. A RRSIG NSEC +194.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDcoKl74U9FjsuYF3Vc0E8GQ2GgzAhUAhlyhO2MMcAWQMxIhEZ4MguokN5g= ;{id = 2854} + +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +; Bad NXDOMAIN response, this should be NOERROR. +REPLY QR AA NXDOMAIN +SECTION QUESTION +0.194.example.com. IN DS +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. host.example.com. 2007091980 3600 7200 1209600 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCOn5qKBIV7bwFMBA+Qqiblx0cylAhUAoFiGtFm2wHhJpq9MooTYdeVw45s= ;{id = 2854} + +; This NSEC proves the NOERROR/NODATA case. +194.example.com. IN NSEC 0.0.194.example.com. A RRSIG NSEC +194.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDcoKl74U9FjsuYF3Vc0E8GQ2GgzAhUAhlyhO2MMcAWQMxIhEZ4MguokN5g= ;{id = 2854} + +ENTRY_END + +; response for delegation to sub zone. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +328.0.0.194.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +0.0.194.example.com. IN NS ns.sub.example.com. +0.0.194.example.com. 3600 IN DS 30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c +0.0.194.example.com. 3600 IN RRSIG DS 3 5 3600 20070926135752 20070829135752 2854 example.com. MCwCFC9GIqtp/103hktw6bPpD83gr+0iAhQ8yev2yUaR9l64rYBUYTJqOoTKdw== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response for delegation to sub zone +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +0.0.194.example.com. IN DNSKEY +SECTION ANSWER +SECTION AUTHORITY +0.0.194.example.com. IN NS ns.sub.example.com. +0.0.194.example.com. 3600 IN DS 30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c +0.0.194.example.com. 3600 IN RRSIG DS 3 5 3600 20070926135752 20070829135752 2854 example.com. MCwCFC9GIqtp/103hktw6bPpD83gr+0iAhQ8yev2yUaR9l64rYBUYTJqOoTKdw== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END +RANGE_END + +; ns.sub.example.com. for zone 0.0.194.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +0.0.194.example.com. IN NS +SECTION ANSWER +0.0.194.example.com. IN NS ns.sub.example.com. +0.0.194.example.com. 3600 IN RRSIG NS 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. KXDA+/PJAE+dXhv6O6Z0ZovDwabSRJcIt+GT5AL6ewlj46hzo/SDKUtEhYCeT1IVQvYtXrESwFZjpp7N0rXXBg== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response to DNSKEY priming query +; 0.0.194.example.com. 3600 IN DS 30899 RSASHA1 1 aa46f0717075d9750ac3596c659a2e326b33c28c +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +0.0.194.example.com. IN DNSKEY +SECTION ANSWER +0.0.194.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +0.0.194.example.com. 3600 IN RRSIG DNSKEY 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. fSmc7ef6NwbDXC0o4wPc/aa8LakW5ZJwEZ4xPYl3tTZKmPNM7hPXskl1tFlvst9Va4u37F62v+16trprHb+SCQ== ;{id = 30899} +SECTION AUTHORITY +0.0.194.example.com. IN NS ns.sub.example.com. +0.0.194.example.com. 3600 IN RRSIG NS 5 5 3600 20070926135752 20070829135752 30899 0.0.194.example.com. KXDA+/PJAE+dXhv6O6Z0ZovDwabSRJcIt+GT5AL6ewlj46hzo/SDKUtEhYCeT1IVQvYtXrESwFZjpp7N0rXXBg== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +328.0.0.194.example.com. IN A +SECTION ANSWER +328.0.0.194.example.com. IN A 11.11.11.11 +328.0.0.194.example.com. 3600 IN RRSIG A 5 6 3600 20070926135752 20070829135752 30899 0.0.194.example.com. chZW77mqywhw/4ch6BxXQ4EbFgb9zgh2xF75FLlKq/7ey6CfHSJRpJRjRqtMTn+1i18UL2B4nPS/WnK5DZeqlA== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +328.0.0.194.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +328.0.0.194.example.com. IN A +SECTION ANSWER +328.0.0.194.example.com. 3600 IN A 11.11.11.11 +328.0.0.194.example.com. 3600 IN RRSIG A 5 6 3600 20070926135752 20070829135752 30899 0.0.194.example.com. chZW77mqywhw/4ch6BxXQ4EbFgb9zgh2xF75FLlKq/7ey6CfHSJRpJRjRqtMTn+1i18UL2B4nPS/WnK5DZeqlA== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_any.rpl b/src/test/resources/unbound/val_any.rpl new file mode 100644 index 000000000..058f44925 --- /dev/null +++ b/src/test/resources/unbound/val_any.rpl @@ -0,0 +1,203 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with response to qtype ANY + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN ANY +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN ANY +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN ANY +SECTION ANSWER +example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854} +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854} +example.com. 600 IN NAPTR 20 0 "s" "SIP+D2U" "" _sip._udp.example.com. +example.com. 600 IN RRSIG NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854} +example.com. 86400 IN AAAA 2001:7b8:206:1::1 +example.com. 86400 IN RRSIG AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854} +example.com. 86400 IN TXT "Stichting NLnet Labs" +example.com. 86400 IN RRSIG TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854} +example.com. 86400 IN MX 100 v.net.example. +example.com. 86400 IN MX 50 open.example.com. +example.com. 86400 IN RRSIG MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854} +example.com. 86400 IN NS v.net.example. +example.com. 86400 IN NS open.example.com. +example.com. 86400 IN NS ns7.domain-registry.example. +example.com. 86400 IN RRSIG NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854} +example.com. 86400 IN A 213.154.224.1 +example.com. 86400 IN RRSIG A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854} +example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY +example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ns7.domain-registry.example. 80173 IN A 62.4.86.230 +open.example.com. 600 IN A 213.154.224.1 +open.example.com. 600 IN AAAA 2001:7b8:206:1::53 +open.example.com. 600 IN AAAA 2001:7b8:206:1::1 +v.net.example. 28800 IN A 213.154.224.17 +v.net.example. 28800 IN AAAA 2001:7b8:206:1:200:39ff:fe59:b187 +johnny.example.com. 600 IN A 213.154.224.44 +open.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854} +open.example.com. 600 IN RRSIG AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854} +johnny.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MCwCFAh0/zSpCd/9eMNz7AyfnuGQFD1ZAhQEpNFNw4XByNEcbi/vsVeii9kp7g== ;{id = 2854} +_sip._udp.example.com. 600 IN RRSIG SRV 3 4 600 20070926134150 20070829134150 2854 example.com. MCwCFFSRVgOcq1ihVuO6MhCuzWs6SxpVAhRPHHCKy0JxymVkYeFOxTkbVSWMMw== ;{id = 2854} +_sip._udp.example.com. 600 IN SRV 0 0 5060 johnny.example.com. +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +MATCH TCP +REPLY RD DO +SECTION QUESTION +example.com. IN ANY +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +example.com. IN ANY +SECTION ANSWER +example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854} +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854} +example.com. 600 IN NAPTR 20 0 "s" "SIP+D2U" "" _sip._udp.example.com. +example.com. 600 IN RRSIG NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854} +example.com. 86400 IN AAAA 2001:7b8:206:1::1 +example.com. 86400 IN RRSIG AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854} +example.com. 86400 IN TXT "Stichting NLnet Labs" +example.com. 86400 IN RRSIG TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854} +example.com. 86400 IN MX 100 v.net.example. +example.com. 86400 IN MX 50 open.example.com. +example.com. 86400 IN RRSIG MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854} +example.com. 86400 IN NS v.net.example. +example.com. 86400 IN NS open.example.com. +example.com. 86400 IN NS ns7.domain-registry.example. +example.com. 86400 IN RRSIG NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854} +example.com. 86400 IN A 213.154.224.1 +example.com. 86400 IN RRSIG A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854} +example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY +example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +open.example.com. 600 IN A 213.154.224.1 +open.example.com. 600 IN AAAA 2001:7b8:206:1::53 +open.example.com. 600 IN AAAA 2001:7b8:206:1::1 +_sip._udp.example.com. 600 IN SRV 0 0 5060 johnny.example.com. +open.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854} +open.example.com. 600 IN RRSIG AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854} +_sip._udp.example.com. 600 IN RRSIG SRV 3 4 600 20070926134150 20070829134150 2854 example.com. MCwCFFSRVgOcq1ihVuO6MhCuzWs6SxpVAhRPHHCKy0JxymVkYeFOxTkbVSWMMw== ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_any_cname.rpl b/src/test/resources/unbound/val_any_cname.rpl new file mode 100644 index 000000000..5e5d12b08 --- /dev/null +++ b/src/test/resources/unbound/val_any_cname.rpl @@ -0,0 +1,164 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with response to qtype ANY that includes CNAME + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN ANY +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN ANY +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN ANY +SECTION ANSWER +www.example.com. 3600 IN CNAME serf.example.com. +www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AH/qSA7et6tXS08u4UUsWmXbIedGFpBKhiCqqVAgV8Z95dgn/vrB5ag= ;{id = 2854} +www.example.com. 18000 IN NSEC example.com. CNAME RRSIG NSEC +www.example.com. 18000 IN RRSIG NSEC 3 3 18000 20070926134150 20070829134150 2854 example.com. ACqeCl/aLq90zkeSfneQY+HnvJTUAeyTF03HWdXr3WhnYzupKAdnuQ4= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +serf.example.com. IN ANY +SECTION ANSWER +serf.example.com. 3600 IN A 192.0.2.1 +serf.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AGLOiUcDNkSCplT07hT8szlUfMHNfPh6/104ydBt4bJ6UcfXUiM3pV8= ;{id = 2854} +serf.example.com. 18000 IN NSEC www.example.com. A RRSIG NSEC +serf.example.com. 18000 IN RRSIG NSEC 3 3 18000 20070926134150 20070829134150 2854 example.com. AEBNiqg7Uz+NfNvoyA4KjkqJPb7hrjyS7oPE2MGNgVwUgQrcRIxd7DA= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +MATCH TCP +REPLY RD DO +SECTION QUESTION +www.example.com. IN ANY +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN ANY +SECTION ANSWER +www.example.com. 3600 IN CNAME serf.example.com. +www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AH/qSA7et6tXS08u4UUsWmXbIedGFpBKhiCqqVAgV8Z95dgn/vrB5ag= ;{id = 2854} +www.example.com. 18000 IN NSEC example.com. CNAME RRSIG NSEC +www.example.com. 18000 IN RRSIG NSEC 3 3 18000 20070926134150 20070829134150 2854 example.com. ACqeCl/aLq90zkeSfneQY+HnvJTUAeyTF03HWdXr3WhnYzupKAdnuQ4= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_any_dname.rpl b/src/test/resources/unbound/val_any_dname.rpl new file mode 100644 index 000000000..3957f7bae --- /dev/null +++ b/src/test/resources/unbound/val_any_dname.rpl @@ -0,0 +1,207 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with response to qtype ANY that includes DNAME + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN ANY +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN ANY +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN ANY +SECTION ANSWER +example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854} +example.com. 3600 IN DNAME example.net. +example.com. 3600 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCdje5lZfq9kENX9a8lOOKn79BRlQIUbVCx/fXo0kfvAgC5kB8Dvd5LodQ= ;{id = 2854} +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854} +example.com. 600 IN NAPTR 20 0 "s" "SIP+D2U" "" _sip._udp.example.com. +example.com. 600 IN RRSIG NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854} +example.com. 86400 IN AAAA 2001:7b8:206:1::1 +example.com. 86400 IN RRSIG AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854} +example.com. 86400 IN TXT "Stichting NLnet Labs" +example.com. 86400 IN RRSIG TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854} +example.com. 86400 IN MX 100 v.net.example. +example.com. 86400 IN MX 50 open.example.com. +example.com. 86400 IN RRSIG MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854} +example.com. 86400 IN NS v.net.example. +example.com. 86400 IN NS open.example.com. +example.com. 86400 IN NS ns7.domain-registry.example. +example.com. 86400 IN RRSIG NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854} +example.com. 86400 IN A 213.154.224.1 +example.com. 86400 IN RRSIG A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854} +example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY +example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ns7.domain-registry.example. 80173 IN A 62.4.86.230 +open.example.com. 600 IN A 213.154.224.1 +open.example.com. 600 IN AAAA 2001:7b8:206:1::53 +open.example.com. 600 IN AAAA 2001:7b8:206:1::1 +v.net.example. 28800 IN A 213.154.224.17 +v.net.example. 28800 IN AAAA 2001:7b8:206:1:200:39ff:fe59:b187 +johnny.example.com. 600 IN A 213.154.224.44 +open.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854} +open.example.com. 600 IN RRSIG AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854} +johnny.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MCwCFAh0/zSpCd/9eMNz7AyfnuGQFD1ZAhQEpNFNw4XByNEcbi/vsVeii9kp7g== ;{id = 2854} +_sip._udp.example.com. 600 IN RRSIG SRV 3 4 600 20070926134150 20070829134150 2854 example.com. MCwCFFSRVgOcq1ihVuO6MhCuzWs6SxpVAhRPHHCKy0JxymVkYeFOxTkbVSWMMw== ;{id = 2854} +_sip._udp.example.com. 600 IN SRV 0 0 5060 johnny.example.com. +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +MATCH TCP +REPLY RD DO +SECTION QUESTION +example.com. IN ANY +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +example.com. IN ANY +SECTION ANSWER +example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854} +example.com. 3600 IN DNAME example.net. +example.com. 3600 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCdje5lZfq9kENX9a8lOOKn79BRlQIUbVCx/fXo0kfvAgC5kB8Dvd5LodQ= ;{id = 2854} +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854} +example.com. 600 IN NAPTR 20 0 "s" "SIP+D2U" "" _sip._udp.example.com. +example.com. 600 IN RRSIG NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854} +example.com. 86400 IN AAAA 2001:7b8:206:1::1 +example.com. 86400 IN RRSIG AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854} +example.com. 86400 IN TXT "Stichting NLnet Labs" +example.com. 86400 IN RRSIG TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854} +example.com. 86400 IN MX 100 v.net.example. +example.com. 86400 IN MX 50 open.example.com. +example.com. 86400 IN RRSIG MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854} +example.com. 86400 IN NS v.net.example. +example.com. 86400 IN NS open.example.com. +example.com. 86400 IN NS ns7.domain-registry.example. +example.com. 86400 IN RRSIG NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854} +example.com. 86400 IN A 213.154.224.1 +example.com. 86400 IN RRSIG A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854} +example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY +example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +open.example.com. 600 IN A 213.154.224.1 +open.example.com. 600 IN AAAA 2001:7b8:206:1::53 +open.example.com. 600 IN AAAA 2001:7b8:206:1::1 +_sip._udp.example.com. 600 IN SRV 0 0 5060 johnny.example.com. +open.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854} +open.example.com. 600 IN RRSIG AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854} +_sip._udp.example.com. 600 IN RRSIG SRV 3 4 600 20070926134150 20070829134150 2854 example.com. MCwCFFSRVgOcq1ihVuO6MhCuzWs6SxpVAhRPHHCKy0JxymVkYeFOxTkbVSWMMw== ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cname_loop1.rpl b/src/test/resources/unbound/val_cname_loop1.rpl new file mode 100644 index 000000000..b261ecf37 --- /dev/null +++ b/src/test/resources/unbound/val_cname_loop1.rpl @@ -0,0 +1,146 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with cname loop + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME www.example.com. +www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFH0SwLHe7u56TshoVciFRHEl1KqbAhQ3zBOZMlL8bt1DqoDoM5ni8U/1UA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cname_loop2.rpl b/src/test/resources/unbound/val_cname_loop2.rpl new file mode 100644 index 000000000..009616f71 --- /dev/null +++ b/src/test/resources/unbound/val_cname_loop2.rpl @@ -0,0 +1,155 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with cname 2 step loop + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME foo.example.com. +www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFH0SwLHe7u56TshoVciFRHEl1KqbAhQ3zBOZMlL8bt1DqoDoM5ni8U/1UA== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +foo.example.com. IN A +SECTION ANSWER +foo.example.com. IN CNAME www.example.com. +foo.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC7kcWPsMnGbjvzj5UNnxQzM0YvnAhUAgxIKgs1huJHvcAP2Xt3p8Adpy/c= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cname_loop3.rpl b/src/test/resources/unbound/val_cname_loop3.rpl new file mode 100644 index 000000000..acdd110ed --- /dev/null +++ b/src/test/resources/unbound/val_cname_loop3.rpl @@ -0,0 +1,168 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with cname 3 step loop + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME foo.example.com. +www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFH0SwLHe7u56TshoVciFRHEl1KqbAhQ3zBOZMlL8bt1DqoDoM5ni8U/1UA== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +foo.example.com. IN A +SECTION ANSWER +foo.example.com. IN CNAME bar.example.com. +foo.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFFMlXuWrNL/8aYOl9U9WYjgif8gAAhUAqsC/xOXakHP1SYxMSLANziOik94= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +bar.example.com. IN A +SECTION ANSWER +bar.example.com. IN CNAME www.example.com. +bar.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFAsalUJJSV86uPlfiGS3kKDc0JB7AhQ+qmHqagY/r36Re/J3Q1OfvcA1dA== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnameinsectopos.rpl b/src/test/resources/unbound/val_cnameinsectopos.rpl new file mode 100644 index 000000000..8a26febe6 --- /dev/null +++ b/src/test/resources/unbound/val_cnameinsectopos.rpl @@ -0,0 +1,292 @@ +; config options +; The island of trust is at example.com +server: + ;trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with an insecure cname to positive cached + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +insecure.example.com. IN A +SECTION ANSWER +insecure.example.com. IN CNAME www.example.net. +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854} +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + + +; Get www.example.net validated in the cache. +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.net. IN A +ENTRY_END + +; recursion happens here. +STEP 40 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + + +; reference the cache object +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +insecure.example.com. IN A +ENTRY_END + +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +insecure.example.com. IN A +SECTION ANSWER +insecure.example.com. IN CNAME www.example.net. +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnamenx_dblnsec.rpl b/src/test/resources/unbound/val_cnamenx_dblnsec.rpl new file mode 100644 index 000000000..4a0432442 --- /dev/null +++ b/src/test/resources/unbound/val_cnamenx_dblnsec.rpl @@ -0,0 +1,179 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with cname-nxdomain for duplicate NSEC detection + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +cname.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +cname.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +cname.example.com. IN A +SECTION ANSWER +cname.example.com. 3600 IN CNAME www.example.com. +cname.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFBhJC8qi+g+EOYqzT2q6RxE8Im09AhUAotz8NFnpY+cpEDNBKjM940a74/E= ;{id = 2854} +SECTION AUTHORITY +; already includes the necessary NSECs +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} +; wildcard denial +example.com. IN NSEC abc.example.com. SOA NS DNSKEY NSEC RRSIG +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854} +; qname denial +wab.example.com. IN NSEC wzz.example.com. A NSEC RRSIG +wab.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} +; wildcard denial +example.com. IN NSEC abc.example.com. SOA NS DNSKEY NSEC RRSIG +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854} +; qname denial +wab.example.com. IN NSEC wzz.example.com. A NSEC RRSIG +wab.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +cname.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +cname.example.com. IN A +SECTION ANSWER +cname.example.com. 3600 IN CNAME www.example.com. +cname.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFBhJC8qi+g+EOYqzT2q6RxE8Im09AhUAotz8NFnpY+cpEDNBKjM940a74/E= ;{id = 2854} +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} +example.com. IN NSEC abc.example.com. SOA NS DNSKEY NSEC RRSIG +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854} +wab.example.com. IN NSEC wzz.example.com. A NSEC RRSIG +wab.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnamenx_rcodenx.rpl b/src/test/resources/unbound/val_cnamenx_rcodenx.rpl new file mode 100644 index 000000000..09d379363 --- /dev/null +++ b/src/test/resources/unbound/val_cnamenx_rcodenx.rpl @@ -0,0 +1,237 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with cname-nxdomain with rcode nxdomain + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 3600 IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +SECTION AUTHORITY +example.net. IN NSEC abc.example.net. SOA NS DNSKEY NSEC RRSIG +example.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899} +wab.example.net. IN NSEC wzz.example.net. A NSEC RRSIG +wab.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854} +SECTION AUTHORITY +example.net. IN NSEC abc.example.net. SOA NS DNSKEY NSEC RRSIG +example.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899} +wab.example.net. IN NSEC wzz.example.net. A NSEC RRSIG +wab.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnameqtype.rpl b/src/test/resources/unbound/val_cnameqtype.rpl new file mode 100644 index 000000000..05ef47426 --- /dev/null +++ b/src/test/resources/unbound/val_cnameqtype.rpl @@ -0,0 +1,231 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with a query for type cname + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN CNAME +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN CNAME +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN CNAME +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN CNAME +SECTION ANSWER +www.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN CNAME +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN CNAME +SECTION ANSWER +www.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnametocloser.rpl b/src/test/resources/unbound/val_cnametocloser.rpl new file mode 100644 index 000000000..d29478bbf --- /dev/null +++ b/src/test/resources/unbound/val_cnametocloser.rpl @@ -0,0 +1,105 @@ +; config options +server: + trust-anchor: "example.com. 3600 IN DS 30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512" + trust-anchor: "a.b.example.com. 3600 IN DNSKEY 257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8=" + val-override-date: "20091113091234" + fake-sha1: yes + trust-anchor-signaling: no + +forward-zone: + name: "." + forward-addr: 192.0.2.1 +CONFIG_END + +SCENARIO_BEGIN Test validator with CNAME to closer anchor under optout. + +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN AAAA +SECTION ANSWER +www.example.com. IN CNAME www.a.b.example.com. +www.example.com. 3600 IN RRSIG CNAME 5 3 3600 20091213091234 20091111091234 30899 example.com. mfQXJgOsRe8wiqNDZT4+ygSgRqzNowJ20o5+b681Mssp0xc007dq1ZaUYwUCdZjTn/GhF+f74t0UI1oqsFw2XA== ;{id = 30899} + +SECTION AUTHORITY +;; nsec3param 1 1 1 d399eaab +; example.com. -> l0c0e5lac37ai0lpij31sj699hkktdmb. +; b.example.com. -> 1lq6sb4omkd2vgj0l8lro2cbie223hco. +;; closest encloser: example.com. +l0c0e5lac37ai0lpij31sj699hkktdmb.example.com. IN NSEC3 1 1 1 d399eaab l0c0e5lac37ai0lpij31sj699hkktdmc SOA NS DNSKEY NSEC3PARAM RRSIG +l0c0e5lac37ai0lpij31sj699hkktdmb.example.com. 3600 IN RRSIG NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. qjV0zsbDWLuoOQQ3tgCE2zo1z31bK9nv/Wh6xqKhmhyFI87nw2HM0lZGfRQrpWvWfBDczLRxHH9WNZkeIzv28w== ;{id = 30899} + +;; nextcloser is: b.example.com. ; under optout range. +; disproof of DS using the optout range. +1lq4sb4omkd2vgj0l8lro2cbie223hco.example.com. IN NSEC3 1 1 1 d399eaab 1lq8sb4omkd2vgj0l8lro2cbie223hco NS RRSIG +1lq4sb4omkd2vgj0l8lro2cbie223hco.example.com. 3600 IN RRSIG NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. ZOJhHYt+YkGHBxHynuXlyZ8PEGg4YyqD/roWiEtBoP2PiGoPNCNqtWd0WjRgsUT0YFp/VqjqAU/RH8D45B8S8A== ;{id = 30899} + +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.a.b.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +; NSEC that proves there is no AAAA record +www.a.b.example.com. IN NSEC zzz.a.b.example.com. A NSEC RRSIG MX +www.a.b.example.com. 3600 IN RRSIG NSEC 5 5 3600 20091213091234 20091111091234 16486 a.b.example.com. pOj+aOIolZ8VXlLpaLD1NsYVbl8FW4wmsJbiVTYAMcyDOlgxOsbhTtlB4jQ7uV9pRVAzkvdm1V5wc/1PcncTuw== ;{id = 16486} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.com. 3600 IN RRSIG DNSKEY 5 2 3600 20091213091234 20091111091234 30899 example.com. hc+1QLqhy6lcfgH95k6eabsXrYsdH2oTLqDu6BjHYrmLi0kX4ZDiOI+syhIcGw9+hRqW1j8t+lsHvzvi7BgcXg== ;{id = 30899} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.b.example.com. IN DNSKEY +SECTION ANSWER +a.b.example.com. 3600 IN DNSKEY 257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16486 (ksk), size = 512b} +a.b.example.com. 3600 IN RRSIG DNSKEY 5 4 3600 20091213091234 20091111091234 16486 a.b.example.com. kPftbF2Rut5h2Sc2k/gp27XS+4I9WQ/EYa5NJOnqfJZqpw/es7GuLyWAAZyvNhBDIUEenXtZ8k1H8F8poKdNXw== ;{id = 16486} +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN AAAA +ENTRY_END +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN AAAA +SECTION ANSWER +www.example.com. IN CNAME www.a.b.example.com. +www.example.com. 3600 IN RRSIG CNAME 5 3 3600 20091213091234 20091111091234 30899 example.com. mfQXJgOsRe8wiqNDZT4+ygSgRqzNowJ20o5+b681Mssp0xc007dq1ZaUYwUCdZjTn/GhF+f74t0UI1oqsFw2XA== ;{id = 30899} +SECTION AUTHORITY +l0c0e5lac37ai0lpij31sj699hkktdmb.example.com. 3600 IN NSEC3 1 1 1 d399eaab l0c0e5lac37ai0lpij31sj699hkktdmc NS SOA RRSIG DNSKEY NSEC3PARAM ; flags: optout +l0c0e5lac37ai0lpij31sj699hkktdmb.example.com. 3600 IN RRSIG NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. qjV0zsbDWLuoOQQ3tgCE2zo1z31bK9nv/Wh6xqKhmhyFI87nw2HM0lZGfRQrpWvWfBDczLRxHH9WNZkeIzv28w== ;{id = 30899} +1lq4sb4omkd2vgj0l8lro2cbie223hco.example.com. 3600 IN NSEC3 1 1 1 d399eaab 1lq8sb4omkd2vgj0l8lro2cbie223hco NS RRSIG ; flags: optout +1lq4sb4omkd2vgj0l8lro2cbie223hco.example.com. 3600 IN RRSIG NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. ZOJhHYt+YkGHBxHynuXlyZ8PEGg4YyqD/roWiEtBoP2PiGoPNCNqtWd0WjRgsUT0YFp/VqjqAU/RH8D45B8S8A== ;{id = 30899} +www.a.b.example.com. 3600 IN NSEC zzz.a.b.example.com. A MX RRSIG NSEC +www.a.b.example.com. 3600 IN RRSIG NSEC 5 5 3600 20091213091234 20091111091234 16486 a.b.example.com. pOj+aOIolZ8VXlLpaLD1NsYVbl8FW4wmsJbiVTYAMcyDOlgxOsbhTtlB4jQ7uV9pRVAzkvdm1V5wc/1PcncTuw== ;{id = 16486} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnametocloser_nosig.rpl b/src/test/resources/unbound/val_cnametocloser_nosig.rpl new file mode 100644 index 000000000..cfd0d72c8 --- /dev/null +++ b/src/test/resources/unbound/val_cnametocloser_nosig.rpl @@ -0,0 +1,98 @@ +; config options +server: + trust-anchor: "example.com. 3600 IN DS 30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512" + trust-anchor: "a.b.example.com. 3600 IN DNSKEY 257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8=" + val-override-date: "20091113091234" + fake-sha1: yes + trust-anchor-signaling: no + +forward-zone: + name: "." + forward-addr: 192.0.2.1 +CONFIG_END + +SCENARIO_BEGIN Test validator with CNAME to closer anchor optout missing sigs. + +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN AAAA +SECTION ANSWER +www.example.com. IN CNAME www.a.b.example.com. +www.example.com. 3600 IN RRSIG CNAME 5 3 3600 20091213091234 20091111091234 30899 example.com. mfQXJgOsRe8wiqNDZT4+ygSgRqzNowJ20o5+b681Mssp0xc007dq1ZaUYwUCdZjTn/GhF+f74t0UI1oqsFw2XA== ;{id = 30899} + +SECTION AUTHORITY +;; nsec3param 1 1 1 d399eaab +; example.com. -> l0c0e5lac37ai0lpij31sj699hkktdmb. +; b.example.com. -> 1lq6sb4omkd2vgj0l8lro2cbie223hco. +;; closest encloser: example.com. +l0c0e5lac37ai0lpij31sj699hkktdmb.example.com. IN NSEC3 1 1 1 d399eaab l0c0e5lac37ai0lpij31sj699hkktdmc SOA NS DNSKEY NSEC3PARAM RRSIG +l0c0e5lac37ai0lpij31sj699hkktdmb.example.com. 3600 IN RRSIG NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. qjV0zsbDWLuoOQQ3tgCE2zo1z31bK9nv/Wh6xqKhmhyFI87nw2HM0lZGfRQrpWvWfBDczLRxHH9WNZkeIzv28w== ;{id = 30899} + +;; nextcloser is: b.example.com. ; under optout range. +; disproof of DS using the optout range. +1lq4sb4omkd2vgj0l8lro2cbie223hco.example.com. IN NSEC3 1 1 1 d399eaab 1lq8sb4omkd2vgj0l8lro2cbie223hco NS RRSIG +1lq4sb4omkd2vgj0l8lro2cbie223hco.example.com. 3600 IN RRSIG NSEC3 5 3 3600 20091213091234 20091111091234 30899 example.com. ZOJhHYt+YkGHBxHynuXlyZ8PEGg4YyqD/roWiEtBoP2PiGoPNCNqtWd0WjRgsUT0YFp/VqjqAU/RH8D45B8S8A== ;{id = 30899} + +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.a.b.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +; NSEC that proves there is no AAAA record +www.a.b.example.com. IN NSEC zzz.a.b.example.com. A NSEC RRSIG MX +; signature missing! +;www.a.b.example.com. 3600 IN RRSIG NSEC 5 5 3600 20091213091234 20091111091234 16486 a.b.example.com. pOj+aOIolZ8VXlLpaLD1NsYVbl8FW4wmsJbiVTYAMcyDOlgxOsbhTtlB4jQ7uV9pRVAzkvdm1V5wc/1PcncTuw== ;{id = 16486} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.com. 3600 IN RRSIG DNSKEY 5 2 3600 20091213091234 20091111091234 30899 example.com. hc+1QLqhy6lcfgH95k6eabsXrYsdH2oTLqDu6BjHYrmLi0kX4ZDiOI+syhIcGw9+hRqW1j8t+lsHvzvi7BgcXg== ;{id = 30899} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.b.example.com. IN DNSKEY +SECTION ANSWER +a.b.example.com. 3600 IN DNSKEY 257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16486 (ksk), size = 512b} +; signature missing! +;a.b.example.com. 3600 IN RRSIG DNSKEY 5 4 3600 20091213091234 20091111091234 16486 a.b.example.com. kPftbF2Rut5h2Sc2k/gp27XS+4I9WQ/EYa5NJOnqfJZqpw/es7GuLyWAAZyvNhBDIUEenXtZ8k1H8F8poKdNXw== ;{id = 16486} +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN AAAA +ENTRY_END +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnametocnamewctoposwc.rpl b/src/test/resources/unbound/val_cnametocnamewctoposwc.rpl new file mode 100644 index 000000000..1f6a28be3 --- /dev/null +++ b/src/test/resources/unbound/val_cnametocnamewctoposwc.rpl @@ -0,0 +1,211 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. IN DNSKEY 257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b" + val-override-date: "20121030123249" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with a regular cname to wildcard cname to wildcard response + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +start.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +start.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 120 IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U= +SECTION ADDITIONAL +ns.example.com. 3600 IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk= +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdWzfjQD2bfQuoQGNYuS0ByosBxiTkoKcy9kMoWOQ/jx9rvTRhHImWxTxFtIyZOoRgn6E6mE71e5Y1q1nuyH544Em+4rNRMMW4bzecQmMmPk+B97MqW9aW6e4BwiCTt52IGfL++5GORYcaITw9UOlQLYH1oHHUNUC6ebHENofLTj ;{id = 64050 (zsk), size = 1024b} +example.com. 3600 IN DNSKEY 257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b ;{id = 46426 (ksk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20121126123249 20121029123249 46426 example.com. pisNb/A40XDEiMpcYtxc+yO6osISyfpqz+0UZ61pd70+TLXMF197zr9SqOVJHyRI6G2lSnFggxYrZDpxLbxOW0RY/KfjD3xlI14M/2DieJ1NdlQuYFGgTwxcoINUJ/wRd4YUxkF4JS0D4NBdQ0yQYR0KqDr84oyhnULEHX6WB7s= +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +start.example.com. IN A +SECTION ANSWER +start.example.com. 3600 IN CNAME x.y.z.wc.example.com. +start.example.com. 3600 IN RRSIG CNAME 8 3 3600 20121126131853 20121029131853 64050 example.com. uN8+hg2b9kqpso4zTtpb8CdkGkgOdlbayH1Ui7NVSi1Y8un8FDG4NHy2gpCi0zIMpeAOa5bENe3cdTEwYZKHQdvnGjaI/zFWpFAzXsEFg0VlLxDQXSzRB6GtoFoUEYiZBHsmLIy3zWjuihlWK9fRzyPyVtBDDmqU8KK7+H3BYp0= +x.y.z.wc.example.com. 3600 IN CNAME x.y.z.end.example.com. +x.y.z.wc.example.com. 3600 IN RRSIG CNAME 8 3 3600 20121126131853 20121029131853 64050 example.com. NQTIY1uMK1jxVMHOaMB4shedyhdAERZuPiZXytfqSH36hDVMf1C8tSxdbCjJ90lOLEWNtMmT09l5kh14gp1XIaBHzLuDsYmZJVeudBGCaQRkbM5focd2VMd8V4hHQk4odwsRrSY6IETftHeqeFiRifru/rI3x5Dlv8awI6V5TZI= +x.y.z.end.example.com. 3600 IN A 1.2.3.5 +x.y.z.end.example.com. 3600 IN RRSIG A 8 3 3600 20121126131826 20121029131826 64050 example.com. iS1Pe45xt8SLGlmfmrSPTrnIAlwpIX8leTrsoLgpQJc98aA0XJmO/D32CbMTRZzAM1oBVggm80ht2RIQkX3W1NvN/prcu+Gp0Zrm0rtW+7Q7VwcSbo7jyHh5K8Mppp2OsCleexco5NVAKpDMvD0nyG+CsKtNMQpKK2DlumQsraE= +SECTION AUTHORITY +*.wc.example.com. 86400 IN NSEC www.example.com. CNAME RRSIG NSEC +*.wc.example.com. 86400 IN RRSIG NSEC 8 3 86400 20121126131853 20121029131853 64050 example.com. YrmCLu0uGgD2gcU4p12BGnUGYcrKmfg82MJHSF5OnVmmJxXiSbSBnZPahbJNGA/kPLt+SlDyBTcssZKXWxM6bW7WF57OwffOj7rMyr5vhx7J6OsuWKotPVqnUFDx9j/rOum24yCKqoBWvpW/RYUHLuX1Wm05WMCgNWhuN4wqwiU= +*.end.example.com. 86400 IN NSEC escapedtext.example.com. A RRSIG NSEC +*.end.example.com. 86400 IN RRSIG NSEC 8 3 86400 20121126131826 20121029131826 64050 example.com. P6uJSImaee+5NHlTP06pMxgO69qxjJc0Uo1+htjVyE8f15MhG8A7NttvzggbtyzmfLMPr7TilM+Mm7hC3pIk/TeBEdH8p+8qypnY0NzPntz5z1+6C6ZTjDXp6NxDwMz7th31r3B3u4xo/K4qMnXmrAFOIE5Lopk0uDGXfjKPCKE= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20121126131826 20121029131826 64050 example.com. NgY7UAdkXprnCi/O6c5XoB82tqLBd1bY9LmDG9wwN0zEUR5aHQcOmX9waHyqXQI86SOFQbGCvO2wDLqdqWniw1IYf4S66Vf9KrpaH2gVbvHKiEpGJPeDYQcD5xkv50Lsp4ktcLyuO/dk8ORCP7E2yC5IQVNeFgUfaqttZcJoxuQ= +SECTION ADDITIONAL +ns.example.com. 3600 IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 8 2 3600 20121126131826 20121029131826 64050 example.com. L/EsWsRNhM0Lt8877XYfm0FkVc+utuRPYlW/yxEi/Nzs/mTb9BMrOygsW0qfpYakYgfFvinR7S7ce9/naWidzGkWKYR85g2WFms3/TgchpmfjZHEsNyuT8zsiGrj3bQ3RxpT5cmt/IS2QlOak/RhdtawKfd9aqkMTVpP2idEQwY= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x.y.z.wc.example.com. IN A +SECTION ANSWER +x.y.z.wc.example.com. 3600 IN CNAME x.y.z.end.example.com. +x.y.z.wc.example.com. 3600 IN RRSIG CNAME 8 3 3600 20121126131853 20121029131853 64050 example.com. NQTIY1uMK1jxVMHOaMB4shedyhdAERZuPiZXytfqSH36hDVMf1C8tSxdbCjJ90lOLEWNtMmT09l5kh14gp1XIaBHzLuDsYmZJVeudBGCaQRkbM5focd2VMd8V4hHQk4odwsRrSY6IETftHeqeFiRifru/rI3x5Dlv8awI6V5TZI= +x.y.z.end.example.com. 3600 IN A 1.2.3.5 +x.y.z.end.example.com. 3600 IN RRSIG A 8 3 3600 20121126131826 20121029131826 64050 example.com. iS1Pe45xt8SLGlmfmrSPTrnIAlwpIX8leTrsoLgpQJc98aA0XJmO/D32CbMTRZzAM1oBVggm80ht2RIQkX3W1NvN/prcu+Gp0Zrm0rtW+7Q7VwcSbo7jyHh5K8Mppp2OsCleexco5NVAKpDMvD0nyG+CsKtNMQpKK2DlumQsraE= +SECTION AUTHORITY +*.wc.example.com. 86400 IN NSEC www.example.com. CNAME RRSIG NSEC +*.wc.example.com. 86400 IN RRSIG NSEC 8 3 86400 20121126131853 20121029131853 64050 example.com. YrmCLu0uGgD2gcU4p12BGnUGYcrKmfg82MJHSF5OnVmmJxXiSbSBnZPahbJNGA/kPLt+SlDyBTcssZKXWxM6bW7WF57OwffOj7rMyr5vhx7J6OsuWKotPVqnUFDx9j/rOum24yCKqoBWvpW/RYUHLuX1Wm05WMCgNWhuN4wqwiU= +*.end.example.com. 86400 IN NSEC escapedtext.example.com. A RRSIG NSEC +*.end.example.com. 86400 IN RRSIG NSEC 8 3 86400 20121126131826 20121029131826 64050 example.com. P6uJSImaee+5NHlTP06pMxgO69qxjJc0Uo1+htjVyE8f15MhG8A7NttvzggbtyzmfLMPr7TilM+Mm7hC3pIk/TeBEdH8p+8qypnY0NzPntz5z1+6C6ZTjDXp6NxDwMz7th31r3B3u4xo/K4qMnXmrAFOIE5Lopk0uDGXfjKPCKE= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20121126131826 20121029131826 64050 example.com. NgY7UAdkXprnCi/O6c5XoB82tqLBd1bY9LmDG9wwN0zEUR5aHQcOmX9waHyqXQI86SOFQbGCvO2wDLqdqWniw1IYf4S66Vf9KrpaH2gVbvHKiEpGJPeDYQcD5xkv50Lsp4ktcLyuO/dk8ORCP7E2yC5IQVNeFgUfaqttZcJoxuQ= +SECTION ADDITIONAL +ns.example.com. 3600 IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 8 2 3600 20121126131826 20121029131826 64050 example.com. L/EsWsRNhM0Lt8877XYfm0FkVc+utuRPYlW/yxEi/Nzs/mTb9BMrOygsW0qfpYakYgfFvinR7S7ce9/naWidzGkWKYR85g2WFms3/TgchpmfjZHEsNyuT8zsiGrj3bQ3RxpT5cmt/IS2QlOak/RhdtawKfd9aqkMTVpP2idEQwY= +ENTRY_END + +ENTRY_BEGING +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x.y.z.end.example.com. IN A +SECTION ANSWER +x.y.z.end.example.com. 3600 IN A 1.2.3.5 +x.y.z.end.example.com. 3600 IN RRSIG A 8 3 3600 20121126131826 20121029131826 64050 example.com. iS1Pe45xt8SLGlmfmrSPTrnIAlwpIX8leTrsoLgpQJc98aA0XJmO/D32CbMTRZzAM1oBVggm80ht2RIQkX3W1NvN/prcu+Gp0Zrm0rtW+7Q7VwcSbo7jyHh5K8Mppp2OsCleexco5NVAKpDMvD0nyG+CsKtNMQpKK2DlumQsraE= +SECTION AUTHORITY +*.end.example.com. 86400 IN NSEC escapedtext.example.com. A RRSIG NSEC +*.end.example.com. 86400 IN RRSIG NSEC 8 3 86400 20121126131826 20121029131826 64050 example.com. P6uJSImaee+5NHlTP06pMxgO69qxjJc0Uo1+htjVyE8f15MhG8A7NttvzggbtyzmfLMPr7TilM+Mm7hC3pIk/TeBEdH8p+8qypnY0NzPntz5z1+6C6ZTjDXp6NxDwMz7th31r3B3u4xo/K4qMnXmrAFOIE5Lopk0uDGXfjKPCKE= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20121126131826 20121029131826 64050 example.com. NgY7UAdkXprnCi/O6c5XoB82tqLBd1bY9LmDG9wwN0zEUR5aHQcOmX9waHyqXQI86SOFQbGCvO2wDLqdqWniw1IYf4S66Vf9KrpaH2gVbvHKiEpGJPeDYQcD5xkv50Lsp4ktcLyuO/dk8ORCP7E2yC5IQVNeFgUfaqttZcJoxuQ= +SECTION ADDITIONAL +ns.example.com. 3600 IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk= +ENTRY_END +RANGE_END + + + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +start.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +start.example.com. IN A +SECTION ANSWER +start.example.com. 3600 IN CNAME x.y.z.wc.example.com. +start.example.com. 3600 IN RRSIG CNAME 8 3 3600 20121126131853 20121029131853 64050 example.com. uN8+hg2b9kqpso4zTtpb8CdkGkgOdlbayH1Ui7NVSi1Y8un8FDG4NHy2gpCi0zIMpeAOa5bENe3cdTEwYZKHQdvnGjaI/zFWpFAzXsEFg0VlLxDQXSzRB6GtoFoUEYiZBHsmLIy3zWjuihlWK9fRzyPyVtBDDmqU8KK7+H3BYp0= +x.y.z.wc.example.com. 3600 IN CNAME x.y.z.end.example.com. +x.y.z.wc.example.com. 3600 IN RRSIG CNAME 8 3 3600 20121126131853 20121029131853 64050 example.com. NQTIY1uMK1jxVMHOaMB4shedyhdAERZuPiZXytfqSH36hDVMf1C8tSxdbCjJ90lOLEWNtMmT09l5kh14gp1XIaBHzLuDsYmZJVeudBGCaQRkbM5focd2VMd8V4hHQk4odwsRrSY6IETftHeqeFiRifru/rI3x5Dlv8awI6V5TZI= +x.y.z.end.example.com. 3600 IN A 1.2.3.5 +x.y.z.end.example.com. 3600 IN RRSIG A 8 3 3600 20121126131826 20121029131826 64050 example.com. iS1Pe45xt8SLGlmfmrSPTrnIAlwpIX8leTrsoLgpQJc98aA0XJmO/D32CbMTRZzAM1oBVggm80ht2RIQkX3W1NvN/prcu+Gp0Zrm0rtW+7Q7VwcSbo7jyHh5K8Mppp2OsCleexco5NVAKpDMvD0nyG+CsKtNMQpKK2DlumQsraE= +SECTION AUTHORITY +*.wc.example.com. 86400 IN NSEC www.example.com. CNAME RRSIG NSEC +*.wc.example.com. 86400 IN RRSIG NSEC 8 3 86400 20121126131853 20121029131853 64050 example.com. YrmCLu0uGgD2gcU4p12BGnUGYcrKmfg82MJHSF5OnVmmJxXiSbSBnZPahbJNGA/kPLt+SlDyBTcssZKXWxM6bW7WF57OwffOj7rMyr5vhx7J6OsuWKotPVqnUFDx9j/rOum24yCKqoBWvpW/RYUHLuX1Wm05WMCgNWhuN4wqwiU= +*.end.example.com. 86400 IN NSEC escapedtext.example.com. A RRSIG NSEC +*.end.example.com. 86400 IN RRSIG NSEC 8 3 86400 20121126131826 20121029131826 64050 example.com. P6uJSImaee+5NHlTP06pMxgO69qxjJc0Uo1+htjVyE8f15MhG8A7NttvzggbtyzmfLMPr7TilM+Mm7hC3pIk/TeBEdH8p+8qypnY0NzPntz5z1+6C6ZTjDXp6NxDwMz7th31r3B3u4xo/K4qMnXmrAFOIE5Lopk0uDGXfjKPCKE= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20121126131826 20121029131826 64050 example.com. NgY7UAdkXprnCi/O6c5XoB82tqLBd1bY9LmDG9wwN0zEUR5aHQcOmX9waHyqXQI86SOFQbGCvO2wDLqdqWniw1IYf4S66Vf9KrpaH2gVbvHKiEpGJPeDYQcD5xkv50Lsp4ktcLyuO/dk8ORCP7E2yC5IQVNeFgUfaqttZcJoxuQ= +SECTION ADDITIONAL +ns.example.com. 3600 IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk= +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnametodname.rpl b/src/test/resources/unbound/val_cnametodname.rpl new file mode 100644 index 000000000..e064ec59b --- /dev/null +++ b/src/test/resources/unbound/val_cnametodname.rpl @@ -0,0 +1,233 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with a cname to a dname + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN DNAME +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN DNAME +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN DNAME +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN DNAME +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN DNAME +SECTION ANSWER +www.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN DNAME +SECTION ANSWER +www.example.net. IN DNAME blarg.com. +www.example.net. 3600 IN RRSIG DNAME RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. ByevtOI1ChCDb8CD8Qvu2pNcooUWN4LkNXQj0vzSLp62rCltiWWTg8iU6DiojeOx2inVqx+PZXyiX1nX80kCgg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN DNAME +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN DNAME +SECTION ANSWER +www.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854} +www.example.net. IN DNAME blarg.com. +www.example.net. 3600 IN RRSIG DNAME RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. ByevtOI1ChCDb8CD8Qvu2pNcooUWN4LkNXQj0vzSLp62rCltiWWTg8iU6DiojeOx2inVqx+PZXyiX1nX80kCgg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnametodnametocnametopos.rpl b/src/test/resources/unbound/val_cnametodnametocnametopos.rpl new file mode 100644 index 000000000..280e557b8 --- /dev/null +++ b/src/test/resources/unbound/val_cnametodnametocnametopos.rpl @@ -0,0 +1,421 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + trust-anchor: "example.org. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with cname, dname, cname, positive answer + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.org. IN A +SECTION AUTHORITY +org. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +org. IN NS +SECTION ANSWER +org. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.org. IN A +SECTION AUTHORITY +example.org. IN NS ns.example.org. +SECTION ADDITIONAL +ns.example.org. IN A 1.2.3.7 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME www.sub.example.net. +www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFEv1gOb7KEskzkJNtFKKVBxY+Hb2AhUAqKJDIZJvNl+AdzqAt+JgdvnYAF0= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.net. IN DS +SECTION ANSWER +SECTION AUTHORITY +sub.example.net. IN NSEC www.example.net. DNAME RRSIG NSEC +sub.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. PsKlcOSNElUi3u7Cn6c5+Sv8CRLTqmooMbvloTwUCkM53SuAirXcCA+9Pz5y0unO9+5IxwdkwssnoCOX5FqnCQ== ;{id = 30899} +SECTION ADDITIONAL +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.net. IN A +SECTION ANSWER +sub.example.net. IN DNAME sub.example.com. +sub.example.net. 3600 IN RRSIG DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. G/UmcL1VmCF2mjB1O9IeNM2DnvayxEy6vOrvA+Ic/Gqcsgnq/f4VTCV9soQQIAWEir2v5Vt8hqPDP8rCRbMnyA== ;{id = 30899} +www.sub.example.net. IN CNAME www.sub.example.com. +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN CNAME www.example.org. +www.sub.example.com. 3600 IN RRSIG CNAME 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. ZE6A4pkyeUpNCscu2oeBv/3JbbirdwUaAMgmQ/ighzacUJCC6Lh8vAL5aYDEyTk7oktb8uS7gmYan171aM9/tg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.org. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.7 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.org. IN NS +SECTION ANSWER +example.org. IN NS ns.example.org. +example.org. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.org. MCwCFAE1sQemdwqUPt4Qo+mr59a66DlFAhRV1mftIFs2YnkmIWsGtikIOJvh5A== ;{id = 2854} +SECTION ADDITIONAL +ns.example.org. IN A 1.2.3.7 +ns.example.org. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.org. MC0CFQC0yXaA8ywsZF+7dHukVIBFD820wQIUONbyI+UX9SDSDFmFnr+ApuTEooY= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.org. IN DNSKEY +SECTION ANSWER +example.org. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.org. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.org. MC0CFBCSESiUl5XEht/LRecGFuX2Xad7AhUAoURP4DsIEbwMjlB955vziIB798E= ;{id = 2854} +SECTION AUTHORITY +example.org. IN NS ns.example.org. +example.org. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.org. MCwCFAE1sQemdwqUPt4Qo+mr59a66DlFAhRV1mftIFs2YnkmIWsGtikIOJvh5A== ;{id = 2854} +SECTION ADDITIONAL +ns.example.org. IN A 1.2.3.7 +ns.example.org. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.org. MC0CFQC0yXaA8ywsZF+7dHukVIBFD820wQIUONbyI+UX9SDSDFmFnr+ApuTEooY= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.org. IN A +SECTION ANSWER +www.example.org. IN A 11.11.11.11 +www.example.org. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.org. MC0CFB/erEAxSMqW0I51r6VQMq861B+yAhUAqJ7DPU7xHFpWJGILOQ0WW3aDGi0= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 3600 IN CNAME www.sub.example.net. +www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFEv1gOb7KEskzkJNtFKKVBxY+Hb2AhUAqKJDIZJvNl+AdzqAt+JgdvnYAF0= ;{id = 2854} +sub.example.net. 3600 IN DNAME sub.example.com. +sub.example.net. 3600 IN RRSIG DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. G/UmcL1VmCF2mjB1O9IeNM2DnvayxEy6vOrvA+Ic/Gqcsgnq/f4VTCV9soQQIAWEir2v5Vt8hqPDP8rCRbMnyA== ;{id = 30899} +www.sub.example.net. 0 IN CNAME www.sub.example.com. +www.sub.example.com. 3600 IN CNAME www.example.org. +www.sub.example.com. 3600 IN RRSIG CNAME 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. ZE6A4pkyeUpNCscu2oeBv/3JbbirdwUaAMgmQ/ighzacUJCC6Lh8vAL5aYDEyTk7oktb8uS7gmYan171aM9/tg== ;{id = 30899} +www.example.org. 3600 IN A 11.11.11.11 +www.example.org. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.org. MC0CFB/erEAxSMqW0I51r6VQMq861B+yAhUAqJ7DPU7xHFpWJGILOQ0WW3aDGi0= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnametoinsecure.rpl b/src/test/resources/unbound/val_cnametoinsecure.rpl new file mode 100644 index 000000000..78d04de97 --- /dev/null +++ b/src/test/resources/unbound/val_cnametoinsecure.rpl @@ -0,0 +1,139 @@ +; config options +server: + trust-anchor: "example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + trust-anchor: "example.org. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20091011000000" + fake-sha1: yes + trust-anchor-signaling: no + +forward-zone: + name: "." + forward-addr: 192.0.2.1 +CONFIG_END + +SCENARIO_BEGIN Test validator with CNAME to insecure NSEC or NSEC3. + +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.com. 3600 IN RRSIG DNSKEY 5 2 3600 20091012000000 20091010000000 30899 example.com. BeCk6+D0ysmO1+X0CjvXH55AO78C7Vxrq58C3YgO0wt2eTG/deZCiWI3bz+3OC64cICbJr5fvCfqUuJDABU/fw== ;{id = 30899} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN AAAA +SECTION ANSWER +www.example.com. 3600 IN CNAME unsafe.example.com. +www.example.com. 3600 IN RRSIG CNAME 5 3 3600 20091012000000 20091010000000 30899 example.com. FJN0bZitZfxNQNTD1V2vcDBQ9cb4y4YGa35Ilr+VnrBiisAB9ZyrO8umvdtwzV1VPIlfFDQTJrKh5aZparLHPw== ;{id = 30899} +SECTION AUTHORITY +; really an insecure delegation, but co-hosted on the server. +unsafe.example.com. 3600 IN NSEC v.example.com. NS RRSIG NSEC +unsafe.example.com. 3600 IN RRSIG NSEC 5 3 3600 20091012000000 20091010000000 30899 example.com. Le9EsRd2MxkOGRCvGtQkXRDAob5ZJOFQlZbDvcWAh5OXVpmcwZmCHctxw/Zyi4LkNYoYCSCc8PiVRrJM3IsGrQ== ;{id = 30899} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +unsafe.example.com. IN AAAA +SECTION ANSWER +; empty response +ENTRY_END + + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.org. IN DNSKEY +SECTION ANSWER +example.org. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.org. 3600 IN RRSIG DNSKEY 5 2 3600 20091012000000 20091010000000 30899 example.org. rd9aoXbeaE0zyT96Z0sjN3Mz5Nz/wuRsIH1lwcjwUFmAAT7F+SjwVWeo8nGaTBd8JDSUdiL+VwotEE0I22RrnA== ;{id = 30899} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.org. IN AAAA +SECTION ANSWER +www.example.org. 3600 IN CNAME unsafe.example.org. +www.example.org. 3600 IN RRSIG CNAME 5 3 3600 20091012000000 20091010000000 30899 example.org. ZgRbMnunAqa1K46GINIihekkI73/1PkGFSAJRn7bSTxBpLM+qiHJDU1+QgS2SjaSKHqNqbXy/eeG3qX9r9y87g== ;{id = 30899} +SECTION AUTHORITY +; really an insecure delegation, but co-hosted on the server. +; h(unsafe.example.org.) = ltchu0548v0cof8f25u2pj4mjf4shcms. +ltchu0548v0cof8f25u2pj4mjf4shcms.example.org. IN NSEC3 1 0 1 - ltchu0548v0cof8f25u2pj4mjf4shcmt NS +ltchu0548v0cof8f25u2pj4mjf4shcms.example.org. 3600 IN RRSIG NSEC3 5 3 3600 20091012000000 20091010000000 30899 example.org. yxuYgfkg8QTdB5yBMN9Up9GyKu7xjKDScqq95/tsy3lx22tLsdLD9Fojdrq7eB+K7Tr72AejmVJs44v6TmWkZw== ;{id = 30899} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +unsafe.example.org. IN AAAA +SECTION ANSWER +; empty response +ENTRY_END + +RANGE_END + +; NSEC +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN AAAA +ENTRY_END +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.example.com. IN AAAA +SECTION ANSWER +www.example.com. 3600 IN CNAME unsafe.example.com. +www.example.com. 3600 IN RRSIG CNAME 5 3 3600 20091012000000 20091010000000 30899 example.com. FJN0bZitZfxNQNTD1V2vcDBQ9cb4y4YGa35Ilr+VnrBiisAB9ZyrO8umvdtwzV1VPIlfFDQTJrKh5aZparLHPw== ;{id = 30899} +SECTION AUTHORITY +unsafe.example.com. 3600 IN NSEC v.example.com. NS RRSIG NSEC +unsafe.example.com. 3600 IN RRSIG NSEC 5 3 3600 20091012000000 20091010000000 30899 example.com. Le9EsRd2MxkOGRCvGtQkXRDAob5ZJOFQlZbDvcWAh5OXVpmcwZmCHctxw/Zyi4LkNYoYCSCc8PiVRrJM3IsGrQ== ;{id = 30899} +ENTRY_END + +; NSEC3 +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.org. IN AAAA +ENTRY_END +; recursion happens here. +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.example.org. IN AAAA +SECTION ANSWER +www.example.org. 3600 IN CNAME unsafe.example.org. +www.example.org. 3600 IN RRSIG CNAME 5 3 3600 20091012000000 20091010000000 30899 example.org. ZgRbMnunAqa1K46GINIihekkI73/1PkGFSAJRn7bSTxBpLM+qiHJDU1+QgS2SjaSKHqNqbXy/eeG3qX9r9y87g== ;{id = 30899} +SECTION AUTHORITY +ltchu0548v0cof8f25u2pj4mjf4shcms.example.org. 3600 IN NSEC3 1 0 1 - ltchu0548v0cof8f25u2pj4mjf4shcmt NS +ltchu0548v0cof8f25u2pj4mjf4shcms.example.org. 3600 IN RRSIG NSEC3 5 3 3600 20091012000000 20091010000000 30899 example.org. yxuYgfkg8QTdB5yBMN9Up9GyKu7xjKDScqq95/tsy3lx22tLsdLD9Fojdrq7eB+K7Tr72AejmVJs44v6TmWkZw== ;{id = 30899} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnametonodata.rpl b/src/test/resources/unbound/val_cnametonodata.rpl new file mode 100644 index 000000000..c94cfed51 --- /dev/null +++ b/src/test/resources/unbound/val_cnametonodata.rpl @@ -0,0 +1,233 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with cname to nodata + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 3600 IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +SECTION AUTHORITY +www.example.net. IN NSEC example.net. MX NSEC RRSIG +www.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854} +SECTION AUTHORITY +www.example.net. IN NSEC example.net. MX NSEC RRSIG +www.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnametonodata_nonsec.rpl b/src/test/resources/unbound/val_cnametonodata_nonsec.rpl new file mode 100644 index 000000000..c1346ceb4 --- /dev/null +++ b/src/test/resources/unbound/val_cnametonodata_nonsec.rpl @@ -0,0 +1,265 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with cname to nodata + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +; NSEC here ... +SECTION ADDITIONAL +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 3600 IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +; NSEC here +SECTION ADDITIONAL +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +SECTION AUTHORITY +;www.example.net. IN NSEC example.net. MX NSEC RRSIG +;www.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899} +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN DS +SECTION ANSWER +SECTION AUTHORITY +www.example.net. IN NSEC example.net. MX NSEC RRSIG +www.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnametonsec.rpl b/src/test/resources/unbound/val_cnametonsec.rpl new file mode 100644 index 000000000..27a562f3a --- /dev/null +++ b/src/test/resources/unbound/val_cnametonsec.rpl @@ -0,0 +1,191 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with CNAME to insecure NSEC delegation + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +; no NSECs to prove this, not needed in test, but could be there +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME www.sub.example.com. +www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134802 20070829134802 2854 example.com. AKvv+5rFiCFiNRbdpna4rQtyARsLltUL9lXRWgpBVB5voJNJ9g/n/f4= ;{id = 2854} +SECTION AUTHORITY +sub.example.com. IN NSEC zzz.example.com. NS +sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134802 20070829134802 2854 example.com. AJPvjSrqGbe3ZBOxV9J3XyFeOqrcPfIYPIWnlmj6G+PebJdAkvwIu9o= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +; this server also serves the zone sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +sub.example.com. IN SOA a. b. 1 2 3 4 5 +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME www.sub.example.com. +www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134802 20070829134802 2854 example.com. AKvv+5rFiCFiNRbdpna4rQtyARsLltUL9lXRWgpBVB5voJNJ9g/n/f4= ;{id = 2854} +SECTION AUTHORITY +sub.example.com. IN NSEC zzz.example.com. NS +sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134802 20070829134802 2854 example.com. AJPvjSrqGbe3ZBOxV9J3XyFeOqrcPfIYPIWnlmj6G+PebJdAkvwIu9o= ;{id = 2854} +sub.example.com. IN SOA a. b. 1 2 3 4 5 +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnametonx.rpl b/src/test/resources/unbound/val_cnametonx.rpl new file mode 100644 index 000000000..f381029df --- /dev/null +++ b/src/test/resources/unbound/val_cnametonx.rpl @@ -0,0 +1,237 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with cname to nxdomain + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 3600 IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +SECTION AUTHORITY +example.net. IN NSEC abc.example.net. SOA NS DNSKEY NSEC RRSIG +example.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899} +wab.example.net. IN NSEC wzz.example.net. A NSEC RRSIG +wab.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFGtYzScyRnHV8U/jOIPYwrlI9t3oAhRF0PIf+IthUR7uCWIvskWp5CfReQ== ;{id = 2854} +SECTION AUTHORITY +example.net. IN NSEC abc.example.net. SOA NS DNSKEY NSEC RRSIG +example.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899} +wab.example.net. IN NSEC wzz.example.net. A NSEC RRSIG +wab.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnametooptin.rpl b/src/test/resources/unbound/val_cnametooptin.rpl new file mode 100644 index 000000000..77a3c06bd --- /dev/null +++ b/src/test/resources/unbound/val_cnametooptin.rpl @@ -0,0 +1,195 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with CNAME to insecure optin NSEC3 + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME www.sub.example.com. +www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134802 20070829134802 2854 example.com. AKvv+5rFiCFiNRbdpna4rQtyARsLltUL9lXRWgpBVB5voJNJ9g/n/f4= ;{id = 2854} +SECTION AUTHORITY +; NSEC3PARAM 1 0 1 - +; example.com. -> 9vq38lj9qs6s1aruer131mbtsfnvek2p. +; sub.example.com. -> 7t1ect6t5vp0s7se8si9d07roqupr3gc. +; www.example.com. -> 0lverorlcjoa2lji5rik0otij3lgoj3l. +7t1ect6t5vp0s7se8si9d07roqupr3gc.example.com. IN NSEC3 1 0 1 - 7t1ect6t5vp0s7se8si9d07roqupr3gd NS +7t1ect6t5vp0s7se8si9d07roqupr3gc.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134802 20070829134802 2854 example.com. AIiTSxI4hTDiDzo+bMaOKSvjIyoChgjY19y2NQG/Mtt80sNbDBY126I= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +; this server also serves the zone sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +sub.example.com. IN SOA a. b. 1 2 3 4 5 +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME www.sub.example.com. +www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134802 20070829134802 2854 example.com. AKvv+5rFiCFiNRbdpna4rQtyARsLltUL9lXRWgpBVB5voJNJ9g/n/f4= ;{id = 2854} +SECTION AUTHORITY +7t1ect6t5vp0s7se8si9d07roqupr3gc.example.com. IN NSEC3 1 0 1 - 7t1ect6t5vp0s7se8si9d07roqupr3gd NS +7t1ect6t5vp0s7se8si9d07roqupr3gc.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134802 20070829134802 2854 example.com. AIiTSxI4hTDiDzo+bMaOKSvjIyoChgjY19y2NQG/Mtt80sNbDBY126I= ;{id = 2854} +sub.example.com. IN SOA a. b. 1 2 3 4 5 +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnametooptout.rpl b/src/test/resources/unbound/val_cnametooptout.rpl new file mode 100644 index 000000000..c9e982253 --- /dev/null +++ b/src/test/resources/unbound/val_cnametooptout.rpl @@ -0,0 +1,112 @@ +; config options +server: + trust-anchor: "GOV. DS 26079 7 2 4ED5FFBC8A40262B56E1232135B929192804ACC006930D087AAB38A611C89041" + val-override-date: "20091113091234" + fake-sha1: yes + trust-anchor-signaling: no + +forward-zone: + name: "." + forward-addr: 192.0.2.1 +CONFIG_END + +SCENARIO_BEGIN Test validator with CNAME to optout NSEC3 span NODATA + +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.hud.gov. IN AAAA +SECTION ANSWER +www.hud.gov. 86400 IN CNAME www.content.hud.gov. +www.hud.gov. 86400 IN RRSIG CNAME 7 3 86400 20091204150200 20091104150200 64775 hud.gov. taZtumaTp8eSlcj0vEGnY0Up05RtlC2NhHrtHDUdq1TskAPQH8Eu9AoVe6gKrFEyCC1ixprOhT8Ni661d/ZykdzgceZ8KgFIlSQ84Whm59yB2gcbXLen9rApF0+NuyRgdAph6yjMYMtfoRQWAASG7SqS/v52dkHNf/a9PXaDvHBvjoiTK+dXPKFulkmEl0KyhXBdsikl6/Xd68FF41FdDNzWS8ZzYCdd4CWaXXkwTtPSFsKyXGZeXOTxqGQJnD+hNBkn2sAca1oLiAsfaiCHec66I+rHGXT+mPB7HXez32jbbeInkgB7M2TUoRXehifuloR8sur8Xck9FPRv24Si8A== ;{id = 64775} +SECTION AUTHORITY +content.hud.gov. 86400 IN NS drfswitch.hud.gov. +content.hud.gov. 86400 IN NS lanswitch.hud.gov. +3RUD2HK5O5KA0IC6BF22C1T4R1BJGJ3R.hud.gov. 86400 IN NSEC3 1 1 5 abcd 42bsks495i3mb2s3f6nhusc6rfm54g4g A NS SOA MX RRSIG DNSKEY NSEC3PARAM ; flags: optout +3RUD2HK5O5KA0IC6BF22C1T4R1BJGJ3R.hud.gov. 86400 IN RRSIG NSEC3 7 3 86400 20091204150200 20091104150200 64775 hud.gov. APf75Nx4eY9eHov3T9hduDLuG4TJfVfEUEhSgm7HIZRvSPFgajHz2q+Wy6888G3C0T1Zft1qL2PdHMonK6H1OEE+NiOxroDsZaH+aWZjAsbIO86qQ2xcC+/Z9DsddQtONk0zAqpuYxHSn879rAk/BIKeDukNoBChHCSTy8olUFiYt7XEmjz5AOoc8R5VQhMQi/vmbmC0BoFOemDxxowG2MX27Hj2MbVBEJiT8xioFEk41jsdDI0WQtpnory2NT/UM4kWZdmDdxbpwu2F8oixe3oi4AOI9j3EukoOZT9f0Sx+tCg/I9zLNZJi+VuI5oUlpZkSH5EoUyRgK33eO+KJhQ== ;{id = 64775} +GO8CPDSLPULIOURE31GBK5JJKA0BKIVN.hud.gov. 86400 IN NSEC3 1 1 5 abcd gvfjd9enpjtet8a14uhb8hlrfeon2b72 A RRSIG ; flags: optout +GO8CPDSLPULIOURE31GBK5JJKA0BKIVN.hud.gov. 86400 IN RRSIG NSEC3 7 3 86400 20091204150200 20091104150200 64775 hud.gov. eQFg/RvJ640k+Fa5yIUZwkx8FvsYSivykYFjc6dOiGt7r3VprfxwGWeYpyjYr/+mzu0ugE5ePDjZWtr5naK3dvqmt7qKk4/nEvVDoUmrg7joIUmeTzami9RB9lzCq2O/ddempQ6jpwfjiIDuEKUxHMpBFpw8QQZnZSZHKKQCDB4pOj8U8J/wNJXCS+SP7plU1hEVroC+QXCOYS8NHY2wFyeuW7A+xvg9tyYp9PH6c5MoNMkRQt36Kdvfk1nk3osktwalJNLmMhDr/vtErFieGGD6E9Ud9Pg70bPF2G5nqwwLDRevy7hIFjaMDHfYrcWc4B5hrUSpGtLJkYog9vsd2w== ;{id = 64775} +SECTION ADDITIONAL +drfswitch.hud.gov. 86400 IN A 170.97.167.1 +lanswitch.hud.gov. 86400 IN A 170.97.67.78 +drfswitch.hud.gov. 86400 IN RRSIG A 7 3 86400 20091204150200 20091104150200 64775 hud.gov. ub6Anb7XgDMRsTYxqKDRUOYnntLetcJMXM9SVbG7Cb2n+ccp4OO38u6KnGO1i8U5rhTQ6WPlG6iKA+8U0mQuWp3fkzBaE+a5R3eEfzLlRE/MbjUqHjTb0MVYQnMWaA7YXmj/1BNFjBuAam+J3QnU4JR3RqN9WDmHXYx8IUEY9BYSWvTMhOnzebRu6z9MUBQWFfm69pFxf0Z1SkpInznU/mxGdGlslzxL8ScKAUMSBiQG1tyL90OEXW3Yp7kbOtpTxGrXucpMiMB9lXI/z9UiRJenZrJ7swyyyJ5Do0TjCiS3oS8RBhX8ou09sNftUmF9crKz/BdNq90wVYoHXYz9vg== ;{id = 64775} +lanswitch.hud.gov. 86400 IN RRSIG A 7 3 86400 20091204150200 20091104150200 64775 hud.gov. QO+quzaZXrIBZy0JXhx85/8auhBj8dCqeidaUCs6rzCd/lgUDt7B/mH8IanU33o+PyKsBN+B5r9bavFFCNc4sPDUVwNcnZfKCyFQvvUnI3rztCJb/ESYnJ/xu/5g966cRLOajzAvvLAWZ6vT4p3b9+CpaONOJ19D08RpwsWnTkqiEP/UiXaWBpVwyt4JHN0oiNmMGshk5zjbHir1gUInd7QbJk3SpyiIgHT5Z4nhTUGkd1sIve++aIxjsQ8MVrE+INw4v56dJaoYD6bqQewmg2yAr9nYemYUHYi8+USy7/anEaUsOvk9zZfncevTfY/sOORFWoD15bHF2BWUo2YwaQ== ;{id = 64775} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.content.hud.gov. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +GOV. IN DNSKEY +SECTION ANSWER +GOV. 86400 IN DNSKEY 256 3 7 AwEAAaQ6vDoHd2QDRBLwB+n63RxnmJExvIcOz7uv9gM+l8QSMAJTTCDpqJ8R+8UfYs97cn6LM3cT3kcl9V0GnjljNzNMk39W11Ej7htNcbf4u1n5z2e4WsnpjQJJmKoWv2FORIfJmLKbxzGILSK13mrDUETj9onhdtOsjkhcK/7S+h1d ;{id = 51998 (zsk), size = 1024b} +GOV. 86400 IN DNSKEY 257 3 7 AwEAAZ1OCt7zZxeaROvzXNCNlqQWIi++p5ABXSoxqJ65WQko6xrI9RImK7IBT5roFhXjBDGJ8ld9CYIEN94kK83K/QwUGCJ+v3vIQFi09IqsPeRdHTQyghWWbhzAZpnlZ16imXB4yFZjdbV2iM66KcgsESQMPEcIayDQJh6JEi1wmslrYvRRJ6YPOWrlLD0RmdtCaRuzlUE0RiWSem/i8vDFdmsSwChRMcORklKqjqt1+RBIiEFJGKIz7lGc9DXRwkBfb+halii+jrELiZAPzfO7rf08l3QlgHEuxclTTdEaxctPd2O2U/Hl9tRgkxRL/Zv1i0sEx2mOJGcUCeVm4Hf2aM8= ;{id = 26079 (ksk), size = 2048b} +GOV. 86400 IN RRSIG DNSKEY 7 1 86400 20091117211705 20091112211705 26079 gov. OR2ltuGs0IxWqikvqWIoXLy7gPpWafolM+fyQ9uyuzPdxILo8QboVzfRr3Q8X/hOa6MRwR0KHGci2NH/29p9cekafdMbOer0kvh0hndnf+yGLuDcd9HLj5hpoZ5uecZ2r02OWtRHCKetAPF95SYrIQBzoqUNOswdDlSTW1R8v/BQ6UpztuUQcciZJxARbXlovzSkMbnoyjtehgKjXPP/Zy79vSwhjpTJ4XAsc2E3Tw1qAE7ZZUzYpN8uGmAQYVtZraQIjazE/A+xVo+XB0dZdhlM00xUs6GNuZytckUOqecBKZ2IKlxBe+kBEkj2nz1PBRAzmZUoS3ZZPkKaA6ygTA== ;{id = 26079} +GOV. 86400 IN RRSIG DNSKEY 7 1 86400 20091117211705 20091112211705 51998 gov. VDizeuAywZB0tQm4kmbOSGhrK1eJYC9VSSND/wG7oTj/oWDAKMEke1XrQXGEoIFyBKZk5dHpUB6tmEA9RPLMwI51ue66pM9RRT1aNLba08r6TDzr6ZxKjtqBDj4Xy16h6PWZ2jC9JASGeNGINg6zCeVmU75yqXh6+X+KeypO64E= ;{id = 51998} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +hud.gov. IN DS +SECTION ANSWER +hud.gov. 86399 IN DS 52146 7 2 54af554fc3ffc532bb898b9ab39f1276fd17b59d3e44772c3142ea62680d71c7 ; xihap-zehog-zybyz-zecaf-dyvym-nydun-pusan-zagil-kezyc-lutyn-tazog-gyted-sosig-depyk-dypeb-tasas-lexix +hud.gov. 86399 IN RRSIG DS 7 2 86400 20091117211705 20091112211705 51998 gov. FHDstL7xVBBedCaG83M884pnxCV8PY9GjUulwH7BSTVIaFBJe/kxlKGTsD0j5x4QfezjBWKenjpvw5SiMGeQOnIJeA/z6Ze9QBCGVrbx0ZgoKEoSRyfD0vIjvM7J4T2PLgslI8fsMpWFs4KzmujKJNRVq4aFzFk9k8bFCJnEPJk= ;{id = 51998} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +hud.gov. IN DNSKEY +SECTION ANSWER +hud.gov. 86400 IN DNSKEY 256 3 7 AwEAAcAOoW+zclZqs8kCGmm290DImA1DDfKqbifB1oGNjOcmz6xz6PigLa8ORaAG0zpabZwLMXyhMaKbseR+beGnOf2wh5N0oxN8grCNTJm+YAMeyvCn2dz3J8YEoclyST4bhU38MGFsEVVZukXsIniFfvnKfpVxArpO7ocbDXI+EN3RA8EHFTIHOCfEbCS7zyO0mtrdM88Y/tIX9fjsYUig6lfVUNISJUL4TyUMpmi8/hu2dLdTuXXIAEMx/vyQHVFq2ZZM0nnDJ9vJCZEgwFAjUE5/BjlrDgofonxdY8SLDbQvn11z/SPugKiA16bdO6i/ND4FjEhG2HUJHeeQCrZ61rE= ;{id = 64775 (zsk), size = 2048b} +hud.gov. 86400 IN DNSKEY 256 3 7 AwEAAfFubFVJ6m7jO8HvInmFEXivfnqZZpS7SnsucTlfGg5yhIayzS3tC0UMAt1QU+pEIyVH+qa2fG2+/45gAp+iG3zwyepyZuup8eo/SlXefWXZ9CIjBNaaptd2sSDsuF8mPtdQmtm3AbPqGEe7p7edIHHJBxPy90AzJQeKppyRcRcrGO3QNC9Glso177NbHZVZuY46V63RdaY3Qf5t7/03xy/Z68KWFEJKUCBxkHjAVIH0KaT9M37dPzs9L7F/+NyOLfMUzk87ctv4ivW9dcJRf79aulzoIV4LlGu0ZsrvxRZ5t+ind+GDeTvaKseH0NWF5Am2dG/QrHtewQL9qGztjN8= ;{id = 41402 (zsk), size = 2048b} +hud.gov. 86400 IN DNSKEY 257 3 7 AwEAAZ50d20TkOzWzJD+anUMSIMfGaI8m4If6DMax4NQnZ34yta6UOb907SRqBs2vJ+MpcJkyRuLx/Z9vGlfZQ7V9eBgI62EZwmfiitanwSFPZgCzM8nVswpDS+/CmaHhXUoLdgNgUYh4WSl/7fXroluC/18xyMl3ZGQRRjJftpQSMXubP/n9nCHZXE5YiDw1cRklqA4lLyNeXBgadWa8klekr89WNij454KApevbg0GSudEJw7IWzbOb09npvQ1hnLz8pmDsaahfIsGBvcHSUEJrjSkk3J1oHDj0B7Gxm+tZH4Er21RTucEWeroyIJSQmsYN+Cm0FyfgJ75bNEsRe5M4Vc= ;{id = 52146 (ksk), size = 2048b} +hud.gov. 86400 IN RRSIG DNSKEY 7 2 86400 20091204150200 20091104150200 52146 hud.gov. KWIA6wH6BqwuF7d6dyTbfqbcLgbUG2ZKJA4vVfhWqOC76Xnt7gXPLeB2GQwwyhSR0s3IHIzAB0Uj+RAGGcz2NH5JanfxNC9rAvubYESXSlLr/FC33exLeOxGisJZzRnPpk5NynXwyT8TXul1ew48/Mpyi7j6+tlqakqHw2HlId7oblxO2cjN6JV0JLZ44l7tCw6ALYhamA48PQ1WeJbGcfH7buCEG7S1ceZSZlG6kml+u7pb65QL9AZjCnDIecXk7B3HMCdIT8zyrO8QK0GiLMMak9RogF/5gBiH/WDCq7146vcVneW/Hn/+hLnY104iOKuadJcbmStlMF5k0iBzng== ;{id = 52146} +hud.gov. 86400 IN RRSIG DNSKEY 7 2 86400 20091204150200 20091104150200 64775 hud.gov. V0JSAtTmQn76T408nyntg1ydX5sVvq8RSCN/Bf+cqTPXMFlPpmOs4VQv791bY85n28qOehV7Ws2CrhfxbyFbyYRXPBtWkg6jH3JXicYPn7Abm7E5N2Y6Mkm1Z9xt/APCw+aSkt0swMJzYBO5P5aeDesIB+Pz5I+SLuOPin3GFjGYL+YB5j5rTY/Nqnp2eQytF0SoFdqCIPCP7l9ZtYdaxBDQNX3Hklm4dRYP5U9wL8sqaeUwgKjJTGcbXiXdPXF9+3AojshKMpk14lcplHcy+cQ4p5ehSngtDwdWtG8gcWKCg829I/1iOFcnPgJ1YK1DdPVEGTgUFgGGwTx+HYMsPA== ;{id = 64775} +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.hud.gov. IN AAAA +ENTRY_END +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.hud.gov. IN AAAA +SECTION ANSWER +www.hud.gov. 86400 IN CNAME www.content.hud.gov. +www.hud.gov. 86400 IN RRSIG CNAME 7 3 86400 20091204150200 20091104150200 64775 hud.gov. taZtumaTp8eSlcj0vEGnY0Up05RtlC2NhHrtHDUdq1TskAPQH8Eu9AoVe6gKrFEyCC1ixprOhT8Ni661d/ZykdzgceZ8KgFIlSQ84Whm59yB2gcbXLen9rApF0+NuyRgdAph6yjMYMtfoRQWAASG7SqS/v52dkHNf/a9PXaDvHBvjoiTK+dXPKFulkmEl0KyhXBdsikl6/Xd68FF41FdDNzWS8ZzYCdd4CWaXXkwTtPSFsKyXGZeXOTxqGQJnD+hNBkn2sAca1oLiAsfaiCHec66I+rHGXT+mPB7HXez32jbbeInkgB7M2TUoRXehifuloR8sur8Xck9FPRv24Si8A== ;{id = 64775} +SECTION AUTHORITY +3RUD2HK5O5KA0IC6BF22C1T4R1BJGJ3R.hud.gov. 86400 IN NSEC3 1 1 5 abcd 42bsks495i3mb2s3f6nhusc6rfm54g4g A NS SOA MX RRSIG DNSKEY NSEC3PARAM ; flags: optout +3RUD2HK5O5KA0IC6BF22C1T4R1BJGJ3R.hud.gov. 86400 IN RRSIG NSEC3 7 3 86400 20091204150200 20091104150200 64775 hud.gov. APf75Nx4eY9eHov3T9hduDLuG4TJfVfEUEhSgm7HIZRvSPFgajHz2q+Wy6888G3C0T1Zft1qL2PdHMonK6H1OEE+NiOxroDsZaH+aWZjAsbIO86qQ2xcC+/Z9DsddQtONk0zAqpuYxHSn879rAk/BIKeDukNoBChHCSTy8olUFiYt7XEmjz5AOoc8R5VQhMQi/vmbmC0BoFOemDxxowG2MX27Hj2MbVBEJiT8xioFEk41jsdDI0WQtpnory2NT/UM4kWZdmDdxbpwu2F8oixe3oi4AOI9j3EukoOZT9f0Sx+tCg/I9zLNZJi+VuI5oUlpZkSH5EoUyRgK33eO+KJhQ== ;{id = 64775} +GO8CPDSLPULIOURE31GBK5JJKA0BKIVN.hud.gov. 86400 IN NSEC3 1 1 5 abcd gvfjd9enpjtet8a14uhb8hlrfeon2b72 A RRSIG ; flags: optout +GO8CPDSLPULIOURE31GBK5JJKA0BKIVN.hud.gov. 86400 IN RRSIG NSEC3 7 3 86400 20091204150200 20091104150200 64775 hud.gov. eQFg/RvJ640k+Fa5yIUZwkx8FvsYSivykYFjc6dOiGt7r3VprfxwGWeYpyjYr/+mzu0ugE5ePDjZWtr5naK3dvqmt7qKk4/nEvVDoUmrg7joIUmeTzami9RB9lzCq2O/ddempQ6jpwfjiIDuEKUxHMpBFpw8QQZnZSZHKKQCDB4pOj8U8J/wNJXCS+SP7plU1hEVroC+QXCOYS8NHY2wFyeuW7A+xvg9tyYp9PH6c5MoNMkRQt36Kdvfk1nk3osktwalJNLmMhDr/vtErFieGGD6E9Ud9Pg70bPF2G5nqwwLDRevy7hIFjaMDHfYrcWc4B5hrUSpGtLJkYog9vsd2w== ;{id = 64775} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnametopos.rpl b/src/test/resources/unbound/val_cnametopos.rpl new file mode 100644 index 000000000..b71bdb211 --- /dev/null +++ b/src/test/resources/unbound/val_cnametopos.rpl @@ -0,0 +1,233 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with a cname to positive + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854} +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnametoposnowc.rpl b/src/test/resources/unbound/val_cnametoposnowc.rpl new file mode 100644 index 000000000..343c3e2bb --- /dev/null +++ b/src/test/resources/unbound/val_cnametoposnowc.rpl @@ -0,0 +1,265 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with a cname to positive wildcard without proof + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN A +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +; from *.example.net. +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899} +SECTION AUTHORITY +; missing proof +;wab.example.net IN NSEC wzz.example.net. A NSEC RRSIG +;wab.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899} +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.net. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.net. IN AAAA +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnametoposwc.rpl b/src/test/resources/unbound/val_cnametoposwc.rpl new file mode 100644 index 000000000..01801b7d0 --- /dev/null +++ b/src/test/resources/unbound/val_cnametoposwc.rpl @@ -0,0 +1,239 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with a cname to positive wildcard + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +; from *.example.net. +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899} +SECTION AUTHORITY +wab.example.net IN NSEC wzz.example.net. A NSEC RRSIG +wab.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFGcJxnNxpWCBzXejiSdl4p1BKRMnAhUApoJrugVBRwFgAoYAhhqlZFac7fE= ;{id = 2854} +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899} +SECTION AUTHORITY +wab.example.net IN NSEC wzz.example.net. A NSEC RRSIG +wab.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnamewctonodata.rpl b/src/test/resources/unbound/val_cnamewctonodata.rpl new file mode 100644 index 000000000..65c000799 --- /dev/null +++ b/src/test/resources/unbound/val_cnamewctonodata.rpl @@ -0,0 +1,237 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with wildcard cname to nodata + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 3600 IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFDwBErFx90ixZDOdIsKz1QaXA1WzAhUAprOUlV1d5fmUiOp7DZ0TWWcM81Q= ;{id = 2854} +SECTION AUTHORITY +u.example.com. IN NSEC z.example.com. NSEC RRSIG +u.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCdc/AWOi3BbYLOClSaw7uVkEf0/AhRJLUUXhuvEsdxEXESjotO3tJZyog== ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +SECTION AUTHORITY +www.example.net. IN NSEC example.net. MX NSEC RRSIG +www.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFDwBErFx90ixZDOdIsKz1QaXA1WzAhUAprOUlV1d5fmUiOp7DZ0TWWcM81Q= ;{id = 2854} +SECTION AUTHORITY +u.example.com. IN NSEC z.example.com. NSEC RRSIG +u.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCdc/AWOi3BbYLOClSaw7uVkEf0/AhRJLUUXhuvEsdxEXESjotO3tJZyog== ;{id = 2854} +www.example.net. IN NSEC example.net. MX NSEC RRSIG +www.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. Z+3/WKJEqhWoMOQLC7Yb1dTVGaqzmU0bZ2cH9jSfNQZiT0O37yzCNNUmMsW4gsJOh3o61iZ+hxpze3aO3aedqQ== ;{id = 30899} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnamewctonx.rpl b/src/test/resources/unbound/val_cnamewctonx.rpl new file mode 100644 index 000000000..a57629346 --- /dev/null +++ b/src/test/resources/unbound/val_cnamewctonx.rpl @@ -0,0 +1,241 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with wildcard cname to nxdomain + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 3600 IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFDwBErFx90ixZDOdIsKz1QaXA1WzAhUAprOUlV1d5fmUiOp7DZ0TWWcM81Q= ;{id = 2854} +SECTION AUTHORITY +u.example.com. IN NSEC z.example.com. NSEC RRSIG +u.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCdc/AWOi3BbYLOClSaw7uVkEf0/AhRJLUUXhuvEsdxEXESjotO3tJZyog== ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +SECTION AUTHORITY +example.net. IN NSEC abc.example.net. SOA NS DNSKEY NSEC RRSIG +example.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899} +wab.example.net. IN NSEC wzz.example.net. A NSEC RRSIG +wab.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFDwBErFx90ixZDOdIsKz1QaXA1WzAhUAprOUlV1d5fmUiOp7DZ0TWWcM81Q= ;{id = 2854} +SECTION AUTHORITY +u.example.com. IN NSEC z.example.com. NSEC RRSIG +u.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCdc/AWOi3BbYLOClSaw7uVkEf0/AhRJLUUXhuvEsdxEXESjotO3tJZyog== ;{id = 2854} +example.net. IN NSEC abc.example.net. SOA NS DNSKEY NSEC RRSIG +example.net. 3600 IN RRSIG NSEC 5 2 3600 20070926134150 20070829134150 30899 example.net. SEHthmjHyqGlzaOp3Dx6Jn5Fnvvtknw/IF6YSFY8NZLe+YSh1oRJbdEkQ8G92IT08n1jSN6jvKRsFBOUoFOQAw== ;{id = 30899} +wab.example.net. IN NSEC wzz.example.net. A NSEC RRSIG +wab.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_cnamewctoposwc.rpl b/src/test/resources/unbound/val_cnamewctoposwc.rpl new file mode 100644 index 000000000..0c9932d73 --- /dev/null +++ b/src/test/resources/unbound/val_cnamewctoposwc.rpl @@ -0,0 +1,245 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with wildcard cname to positive wildcard + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +; *.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFCA2HhM4cInPoUZ58o6t9CVlqv+kAhRjxWXvnFecgDxnDphpEVEoc0Ps6Q== ;{id = 2854} +SECTION AUTHORITY +; weird NSEC that denies everything. But validly signed, so valid. +; extreme version of 'white lies' :-) +example.com. IN NSEC example.com. SOA NS A NSEC RRSIG DNSKEY +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCSPaRH721mYjuTGb6fZ+nR3pnVxAIUAxEctE1hzMQSw0CWJSMLHS/A+Xk= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +; from *.example.net. +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899} +SECTION AUTHORITY +wab.example.net IN NSEC wzz.example.net. A NSEC RRSIG +wab.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME www.example.net. +www.example.com. 3600 IN RRSIG CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFCA2HhM4cInPoUZ58o6t9CVlqv+kAhRjxWXvnFecgDxnDphpEVEoc0Ps6Q== ;{id = 2854} +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899} +SECTION AUTHORITY +example.com. IN NSEC example.com. SOA NS A NSEC RRSIG DNSKEY +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCSPaRH721mYjuTGb6fZ+nR3pnVxAIUAxEctE1hzMQSw0CWJSMLHS/A+Xk= ;{id = 2854} +wab.example.net IN NSEC wzz.example.net. A NSEC RRSIG +wab.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_deleg_nons.rpl b/src/test/resources/unbound/val_deleg_nons.rpl new file mode 100644 index 000000000..6e8f1bd83 --- /dev/null +++ b/src/test/resources/unbound/val_deleg_nons.rpl @@ -0,0 +1,271 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with unsigned delegation with no NS bit in NSEC + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns3.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +foo.www.example.com. IN A +SECTION ANSWER +foo.www.example.com. IN A 1.2.3.4 +; unsigned, no delegation. +ENTRY_END + +; DS query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +; NSEC3 here: 1 0 1 1234 +; www.example.com. -> h8c0nvkuibedn7ia997iegdl7h0i6h8b. +h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. IN NSEC3 1 0 1 1234 h8c0nvkuibedn7ia997iegdl7h0i6h8c TXT +h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AH+bPQZST3COwJ1vSe05N7E5BM2GmXzJUKsiWwXKrmm/XjYKSxSuNPE= + +;www.example.com. IN NSEC zzz.example.com. RRSIG NSEC +;www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA9Dm626WvHXHPQXJkVyjyTqJ/dCHfZgt6PWCn9gd8ZmPxyl3STW3iI= +example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +; DS query for foo.www.example.com returns the referral without record. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +foo.www.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +mipf0g23547qunto04vboegh9vadsrpo.example.com. IN NSEC3 1 0 1 1234 mipf0g23547qunto04vboegh9vadsrpq TXT +mipf0g23547qunto04vboegh9vadsrpo.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. ADc6JrdKuTmIJe4sAjpKZSUZKdHdfhmREk2F5A5cftU9053b0/3ILQM= + +example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} + + +;www.example.com. IN NS ns3.example.com. +;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. IN NSEC3 1 0 1 1234 h8c0nvkuibedn7ia997iegdl7h0i6h8c TXT +;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AH+bPQZST3COwJ1vSe05N7E5BM2GmXzJUKsiWwXKrmm/XjYKSxSuNPE= +;SECTION ADDITIONAL +;ns3.example.com. IN A 1.2.3.5 + + +; NSEC3 here: 1 0 1 1234 +; www.example.com. -> h8c0nvkuibedn7ia997iegdl7h0i6h8b. +; *.www.example.com. -> cg2lpgpr8k7ck69h7bqu3od9pkht2o79. +; foo.www.example.com. -> mipf0g23547qunto04vboegh9vadsrpo. + +;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. IN NSEC3 1 0 1 1234 h8c0nvkuibedn7ia997iegdl7h0i6h8c TXT +;h8c0nvkuibedn7ia997iegdl7h0i6h8b.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AH+bPQZST3COwJ1vSe05N7E5BM2GmXzJUKsiWwXKrmm/XjYKSxSuNPE= +;cg2lpgpr8k7ck69h7bqu3od9pkht2o78.example.com. IN NSEC3 1 0 1 1234 cg2lpgpr8k7ck69h7bqu3od9pkht2o89 TXT +;cg2lpgpr8k7ck69h7bqu3od9pkht2o78.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. ACzxBHMyDB5tTrXijboPSsB0ws1lJe3/B62QNAMcZv7l9DYNDEDKsXY= +;mipf0g23547qunto04vboegh9vadsrph.example.com. IN NSEC3 1 0 1 1234 mipf0g23547qunto04vboegh9vadsrpp TXT +;mipf0g23547qunto04vboegh9vadsrph.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926134150 20070829134150 2854 example.com. AG2B7lrIVtBgg+WIt0yNYekGDBKkY7xkKfI0GLQ8q3brGy/+jubxba0= + +;www.example.com. IN NSEC zzz.example.com. RRSIG NSEC +;www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA9Dm626WvHXHPQXJkVyjyTqJ/dCHfZgt6PWCn9gd8ZmPxyl3STW3iI= + +;example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 +;example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns3.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +foo.www.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +foo.www.example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +foo.www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +foo.www.example.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_dnametoolong.rpl b/src/test/resources/unbound/val_dnametoolong.rpl new file mode 100644 index 000000000..6cd202ebb --- /dev/null +++ b/src/test/resources/unbound/val_dnametoolong.rpl @@ -0,0 +1,258 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with a dname too long response + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR YXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +; length +; www. = 4 +; long1234567890abcdef. = 21 +; long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef. = 12 * 21 = 252 +example.com. IN DNAME long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef. +example.com. 3600 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFBdWQE6lzktCN4vdAx9HY1zZe6dYAhUAghsHM4lSJAykdvp5p0wppml03K0= ;{id = 2854} +; unsigned CNAME synthesis is too long +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +; from *.example.net. +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO YXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +example.com. IN DNAME long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef.long1234567890abcdef. +example.com. 3600 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFBdWQE6lzktCN4vdAx9HY1zZe6dYAhUAghsHM4lSJAykdvp5p0wppml03K0= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_dnametopos.rpl b/src/test/resources/unbound/val_dnametopos.rpl new file mode 100644 index 000000000..c0ccc5977 --- /dev/null +++ b/src/test/resources/unbound/val_dnametopos.rpl @@ -0,0 +1,264 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with a dname to positive + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +example.com. IN DNAME example.net. +example.com. 3600 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854} +; unsigned CNAME +www.example.com. IN CNAME www.example.net. +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +; from *.example.net. +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +example.com. 3600 IN DNAME example.net. +example.com. 3600 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854} +www.example.com. 0 IN CNAME www.example.net. +www.example.net. 3600 IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; Check cache response for DNAME +; so 100+ the authority will not respond any more : must be from cache. +STEP 110 TIME_PASSES ELAPSE 10 + +STEP 120 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 130 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +example.com. 3590 IN DNAME example.net. +example.com. 3590 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854} +www.example.com. 3590 IN CNAME www.example.net. +www.example.net. 3590 IN A 11.12.13.14 +www.example.net. 3590 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_dnametoposwc.rpl b/src/test/resources/unbound/val_dnametoposwc.rpl new file mode 100644 index 000000000..16481d17f --- /dev/null +++ b/src/test/resources/unbound/val_dnametoposwc.rpl @@ -0,0 +1,241 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with a dname to positive wildcard + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +example.com. IN DNAME example.net. +example.com. 3600 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854} +; unsigned CNAME +www.example.com. IN CNAME www.example.net. +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +; from *.example.net. +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899} +SECTION AUTHORITY +wab.example.net IN NSEC wzz.example.net. A NSEC RRSIG +wab.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +example.com. 3600 IN DNAME example.net. +example.com. 3600 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854} +www.example.com. 0 IN CNAME www.example.net. +www.example.net. 3600 IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899} +SECTION AUTHORITY +wab.example.net IN NSEC wzz.example.net. A NSEC RRSIG +wab.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. gl8vkI3xfSWx4Pyv5OdOthiewE6u/13kclY7UG9ptuFBddamdJO3RQqyxM6Xcmq+ToO4kMCCyaKijp01gTDoGg== ;{id = 30899} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_dnamewc.rpl b/src/test/resources/unbound/val_dnamewc.rpl new file mode 100644 index 000000000..b011af88a --- /dev/null +++ b/src/test/resources/unbound/val_dnamewc.rpl @@ -0,0 +1,268 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with a wildcarded dname + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +; *.example.com. IN DNAME example.net. +sub.example.com. IN DNAME example.net. +sub.example.com. 3600 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFEyO+NY3QgAf/cF0mmZhsj3TqgoGAhRqJhHoCd+aA1FbBp16WGfk1HmeIg== ;{id = 2854} +; unsigned CNAME; one interpretation of the wildcarded DNAME expansion +www.sub.example.com. IN CNAME www.example.net. +SECTION AUTHORITY +; prove original does not exist +ns.example.com. IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCCqvDUT+jMCvfm7OHL2IDY75JDmQIUfOtDiiyeSiwjuq3i3OuLnVRyoJ8= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.net. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.net. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +; from *.example.net. +www.example.net. IN A 11.12.13.14 +www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_ds_afterprime.rpl b/src/test/resources/unbound/val_ds_afterprime.rpl new file mode 100644 index 000000000..733177da6 --- /dev/null +++ b/src/test/resources/unbound/val_ds_afterprime.rpl @@ -0,0 +1,181 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test DS lookup after key prime is done. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DS +SECTION AUTHORITY +com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1251367385 1800 900 604800 86400 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +example.com. IN DS +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +example.com. IN DS +SECTION AUTHORITY +com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1251367385 1800 900 604800 86400 +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_ds_cname.rpl b/src/test/resources/unbound/val_ds_cname.rpl new file mode 100644 index 000000000..7c3e41be3 --- /dev/null +++ b/src/test/resources/unbound/val_ds_cname.rpl @@ -0,0 +1,205 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with CNAME response to DS + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +; not legal NOERROR/NODATA response, but leniently accepted (not validated) +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +; nothing here, not even NSECs +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +; DS query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN DS +SECTION ANSWER +www.example.com. IN CNAME zzz.example.com. +www.example.com. 3600 IN RRSIG CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. AERsv3PiBObAEhZ/dKyamie0sjvYLn7YaEKgv9ExB14KKLgWvzCaOWo= ;{id = 2854} +;*.example.com. IN CNAME zzz.example.com. +;*.example.com. 3600 IN RRSIG CNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. AERsv3PiBObAEhZ/dKyamie0sjvYLn7YaEKgv9ExB14KKLgWvzCaOWo= ;{id = 2854} + +SECTION AUTHORITY +*.example.com. IN NSEC zzz.example.com. CNAME RRSIG NSEC +*.example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AJxl2TXciyhbKqSakVNtjlt8Bbkco02zpl5RlY88iqVmSa6ts+/guU4= ;{id = 2854} +zzz.example.com. IN NSEC *.zzz.example.com. A RRSIG NSEC +zzz.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ACtgx/h0YfGEK79zg4G16jB/0oRWH0nxrMzUc/4hCY3oprsP8DrdjqU= ;{id = 2854} +example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +zzz.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +zzz.example.com. IN NSEC *.zzz.example.com. A RRSIG NSEC +zzz.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ACtgx/h0YfGEK79zg4G16jB/0oRWH0nxrMzUc/4hCY3oprsP8DrdjqU= ;{id = 2854} +example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_ds_cnamesub.rpl b/src/test/resources/unbound/val_ds_cnamesub.rpl new file mode 100644 index 000000000..bbd368997 --- /dev/null +++ b/src/test/resources/unbound/val_ds_cnamesub.rpl @@ -0,0 +1,278 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with CNAME response to DS in chain of trust +; the CNAME is at a nonempty nonterminal name in the parent zone. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR AA NOERROR +SECTION QUESTION +example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.6 +ENTRY_END + +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +; not legal NOERROR/NODATA response, but leniently accepted (not validated) +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +;example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 +;example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DS query for a.example.com, a CNAME +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.example.com. IN DS +SECTION ANSWER +a.example.com. IN CNAME zzz.example.net. +a.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AKM6/j6yowuwqbazKzi4fEsavcLwXo3PjglhH9KD68ANZOrdN9y1ZCc= +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; response to DS query for sub.a.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +sub.a.example.com. IN DS +SECTION ANSWER +sub.a.example.com. 3600 IN DS 57024 7 1 e54100bff773a794854808694c5d217267a53649 +sub.a.example.com. 3600 IN RRSIG DS 3 4 3600 20070926134150 20070829134150 2854 example.com. ALHDGmpgZlXnAb54z4FbBKw/9nXVBdosG0UCEuh4qU7Lm/fs5Dv9aJw= +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; delegation down +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.a.example.com. IN NS +SECTION ANSWER +SECTION AUTHORITY +sub.a.example.com. 3600 IN DS 57024 7 1 e54100bff773a794854808694c5d217267a53649 +sub.a.example.com. 3600 IN RRSIG DS 3 4 3600 20070926134150 20070829134150 2854 example.com. ALHDGmpgZlXnAb54z4FbBKw/9nXVBdosG0UCEuh4qU7Lm/fs5Dv9aJw= +sub.a.example.com. IN NS ns.sub.a.example.com. +SECTION ADDITIONAL +ns.sub.a.example.com. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.sub.a.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 + +; DNSKEY query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +sub.a.example.com. IN DNSKEY +SECTION ANSWER +sub.a.example.com. 3600 IN DNSKEY 257 3 7 AwEAAbvre/wK/WVeoj0SiwVkTD+NefvHPru9YIqLWY0m+0E5NYOpJZdc+PGQQYRzFNOlugVZtFirmv5Lmz7GNiASXtG/IFi//SlE30DxEKQOjt2F6qSZTZ1nZ5XOIMGTwWyp4OoI0egk5JavC5mQbyXqcj82ywt6F5Z3CmnThVl6MtOv ;{id = 57024 (ksk), size = 1024b} +sub.a.example.com. 3600 IN RRSIG DNSKEY 7 4 3600 20070926134150 20070829134150 57024 sub.a.example.com. TB3rkkPBD/ESQR9WBpfq2aV+2howI+EJq2+om2EI6PiemQOdpN6ovLvKwCILb0LOsTEFfPpAvRCOuDzRC24sJqBgWpZ4xLxMTcQJ8hMvv7rIUfZotDPO2JYNHSRmpeQLuDGA6P+AtJLYIr7yfOltJmJ0aCJxy3Fm9RQxJxHVbEQ= +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.sub.a.example.com. IN A +SECTION ANSWER +www.sub.a.example.com. IN A 10.20.30.40 +www.sub.a.example.com. 3600 IN RRSIG A 7 5 3600 20070926134150 20070829134150 57024 sub.a.example.com. az44R7VbfooRtaSOO65W+GP4K/fHlIcKMkF/z3LVvDXOdCK+zuYPJycBCYljH5cAhslMXgDeHMOWdcPhKIZ3EjykYUJIGlMckVIMobBieFKFhIX9r/bRpT0vlsCF2YKbmvyjpeRF/sIg2iSNMf/s6wxpZq02Kq6yuHtUEqgx7uA= +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +zzz.example.net. IN DS +SECTION ANSWER +SECTION AUTHORITY +example.net. IN SOA root. host. 1 2 3 4 5 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.a.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.sub.a.example.com. IN A +SECTION ANSWER +www.sub.a.example.com. 3600 IN A 10.20.30.40 +www.sub.a.example.com. 3600 IN RRSIG A 7 5 3600 20070926134150 20070829134150 57024 sub.a.example.com. az44R7VbfooRtaSOO65W+GP4K/fHlIcKMkF/z3LVvDXOdCK+zuYPJycBCYljH5cAhslMXgDeHMOWdcPhKIZ3EjykYUJIGlMckVIMobBieFKFhIX9r/bRpT0vlsCF2YKbmvyjpeRF/sIg2iSNMf/s6wxpZq02Kq6yuHtUEqgx7uA= +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_ds_cnamesubbogus.rpl b/src/test/resources/unbound/val_ds_cnamesubbogus.rpl new file mode 100644 index 000000000..3f4234a4e --- /dev/null +++ b/src/test/resources/unbound/val_ds_cnamesubbogus.rpl @@ -0,0 +1,277 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-dsa: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with bogus CNAME response to DS in chain of trust +; the CNAME is at a nonempty nonterminal name in the parent zone. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR AA NOERROR +SECTION QUESTION +example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.6 +ENTRY_END + +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +; not legal NOERROR/NODATA response, but leniently accepted (not validated) +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +;example.com. IN SOA alfa.ns.example.com.cz. hostmaster.example.com. 2010030800 10800 86400 604800 86400 +;example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. ADsxLOHjxFzwFmwIiGOubqD9nKWAp4RccRIXQ0+EAUGfSDZMCB0ZiFA= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DS query for a.example.com, a CNAME +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.example.com. IN DS +SECTION ANSWER +;bogus CNAME, must fail validation +a.example.com. IN CNAME zzzz.example.net. +a.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AKM6/j6yowuwqbazKzi4fEsavcLwXo3PjglhH9KD68ANZOrdN9y1ZCc= +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; response to DS query for sub.a.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +sub.a.example.com. IN DS +SECTION ANSWER +sub.a.example.com. 3600 IN DS 57024 7 1 e54100bff773a794854808694c5d217267a53649 +sub.a.example.com. 3600 IN RRSIG DS 3 4 3600 20070926134150 20070829134150 2854 example.com. ALHDGmpgZlXnAb54z4FbBKw/9nXVBdosG0UCEuh4qU7Lm/fs5Dv9aJw= +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; delegation down +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.a.example.com. IN NS +SECTION ANSWER +SECTION AUTHORITY +sub.a.example.com. 3600 IN DS 57024 7 1 e54100bff773a794854808694c5d217267a53649 +sub.a.example.com. 3600 IN RRSIG DS 3 4 3600 20070926134150 20070829134150 2854 example.com. ALHDGmpgZlXnAb54z4FbBKw/9nXVBdosG0UCEuh4qU7Lm/fs5Dv9aJw= +sub.a.example.com. IN NS ns.sub.a.example.com. +SECTION ADDITIONAL +ns.sub.a.example.com. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.sub.a.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 + +; DNSKEY query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +sub.a.example.com. IN DNSKEY +SECTION ANSWER +sub.a.example.com. 3600 IN DNSKEY 257 3 7 AwEAAbvre/wK/WVeoj0SiwVkTD+NefvHPru9YIqLWY0m+0E5NYOpJZdc+PGQQYRzFNOlugVZtFirmv5Lmz7GNiASXtG/IFi//SlE30DxEKQOjt2F6qSZTZ1nZ5XOIMGTwWyp4OoI0egk5JavC5mQbyXqcj82ywt6F5Z3CmnThVl6MtOv ;{id = 57024 (ksk), size = 1024b} +sub.a.example.com. 3600 IN RRSIG DNSKEY 7 4 3600 20070926134150 20070829134150 57024 sub.a.example.com. TB3rkkPBD/ESQR9WBpfq2aV+2howI+EJq2+om2EI6PiemQOdpN6ovLvKwCILb0LOsTEFfPpAvRCOuDzRC24sJqBgWpZ4xLxMTcQJ8hMvv7rIUfZotDPO2JYNHSRmpeQLuDGA6P+AtJLYIr7yfOltJmJ0aCJxy3Fm9RQxJxHVbEQ= +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.sub.a.example.com. IN A +SECTION ANSWER +www.sub.a.example.com. IN A 10.20.30.40 +www.sub.a.example.com. 3600 IN RRSIG A 7 5 3600 20070926134150 20070829134150 57024 sub.a.example.com. az44R7VbfooRtaSOO65W+GP4K/fHlIcKMkF/z3LVvDXOdCK+zuYPJycBCYljH5cAhslMXgDeHMOWdcPhKIZ3EjykYUJIGlMckVIMobBieFKFhIX9r/bRpT0vlsCF2YKbmvyjpeRF/sIg2iSNMf/s6wxpZq02Kq6yuHtUEqgx7uA= +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +zzz.example.net. IN DS +SECTION ANSWER +SECTION AUTHORITY +example.net. IN SOA root. host. 1 2 3 4 5 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.a.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.sub.a.example.com. IN A +SECTION ANSWER +;www.sub.a.example.com. 3600 IN A 10.20.30.40 +;www.sub.a.example.com. 3600 IN RRSIG A 7 5 3600 20070926134150 20070829134150 57024 sub.a.example.com. az44R7VbfooRtaSOO65W+GP4K/fHlIcKMkF/z3LVvDXOdCK+zuYPJycBCYljH5cAhslMXgDeHMOWdcPhKIZ3EjykYUJIGlMckVIMobBieFKFhIX9r/bRpT0vlsCF2YKbmvyjpeRF/sIg2iSNMf/s6wxpZq02Kq6yuHtUEqgx7uA= +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_ds_gost.rpl b/src/test/resources/unbound/val_ds_gost.rpl new file mode 100644 index 000000000..1d61af975 --- /dev/null +++ b/src/test/resources/unbound/val_ds_gost.rpl @@ -0,0 +1,208 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-dsa: yes + bouncycastle: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with GOST DS digest + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. + +; GOST DS for sub.example.com. +sub.example.com. 3600 IN DS 60385 12 3 2be04f63b3d069fd65f81a3b810b661a00d39be3ff00d1c7481a150b93b0d027 ; xepov-bofek-fuset-bipiz-tunoz-mukyf-rybyb-ranic-pobet-fakov-fozob-bagus-ludac-pyheb-rygor-bygyd-lyxyx + +; SHA DS for sub.example.com. +;sub.example.com. 3600 IN DS 60385 12 1 0a66f7923318bb1e208bfd975ffa2e30cfcdf962 ; xedik-katin-dasec-myvic-vumum-rizan-luluz-paraf-befas-tovek-dyxax +;sub.example.com. 3600 IN DS 60385 12 2 cd3290b84b457d02ca29846a005a5eba61640256ced8deca0ef8345d2cd34a58 ; xufef-dugir-modog-hyzyb-dadod-nicuk-pubyh-polor-pomuk-gobuh-kufet-mulus-pofyz-metoh-tarit-fudih-moxex + +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ADwjiGkzrz8RPRJ6LAB37cNEQxTXSaR6Stu/GwGvcQ7KVGH/Qw76ktI= ;{id = 2854} + +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. LAgerMKnwGgapo7tDs2jV8kjA+RminByvkR6qHineRDv4SYbRdDlCtYcFR4CoYo9aigLPej1WBmaZjFV+/7AVA== ;{id = 60385} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. qYVQEwiVNWwRRoDJxK3c3LaXtfvOm/YzOEzXbN2MxPHZXHaa2nCzWLsILNstot/wTAbrk4wNcT16gKxF5JguNw== ;{id = 60385} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 12 9SZY+xB3wKtrLoRHzkBs9L3fjcvazjnk5HF3gMaD1PVp4pthrwgHIm0TUaLrd3YCa2VCl5wj+MzbhZi8NEJ/Cg== ;{id = 60385 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. zyZCppfMjlMS9xs3pJfbWkdA6EgV5MqI11AdVRV8pBsyI7diYLWm8RAHlhEI5MT59A6IT6Di9YjOCvWJjzZ9tA== ;{id = 60385} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 3y6qmOn5GIytQQtXmdhkyL0+8Um7uNzOA0m0CkWFtzN81T98jHdGcCGNC3CIGMyhKaWKqPlOoSwIfm55fa4qRA== ;{id = 60385} + +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. VS97UxG9Kn7DIYFCnBDJQ3n7sQ+aYF42/cU6s8jF1Y4nHSorKPFa0KHn0WVmaW33hA+Vs4BWTvJ1/JOpbiJskA== ;{id = 60385} + +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385} + +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. 3600 IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_ds_gost_downgrade.rpl b/src/test/resources/unbound/val_ds_gost_downgrade.rpl new file mode 100644 index 000000000..3a589c194 --- /dev/null +++ b/src/test/resources/unbound/val_ds_gost_downgrade.rpl @@ -0,0 +1,249 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + bouncycastle: yes + trust-anchor-signaling: no + harden-algo-downgrade: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with GOST DS digest downgrade attack + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. + +; downgrade: false GOST, correct SHA + + +sub.example.com. 3600 IN DS 60385 12 3 2be04f63b3d069fd65f81a3b810b661a00d39be3ff00d1c7481a150b93b0d028 + +; correct GOST DS for sub.example.com. +; sub.example.com. 3600 IN DS 60385 12 3 2be04f63b3d069fd65f81a3b810b661a00d39be3ff00d1c7481a150b93b0d027 ; xepov-bofek-fuset-bipiz-tunoz-mukyf-rybyb-ranic-pobet-fakov-fozob-bagus-ludac-pyheb-rygor-bygyd-lyxyx + +; SHA1 DS for sub.example.com. +sub.example.com. 3600 IN DS 60385 12 1 0a66f7923318bb1e208bfd975ffa2e30cfcdf962 ; xedik-katin-dasec-myvic-vumum-rizan-luluz-paraf-befas-tovek-dyxax +; SHA256 DS for sub.example.com. +sub.example.com. 3600 IN DS 60385 12 2 cd3290b84b457d02ca29846a005a5eba61640256ced8deca0ef8345d2cd34a58 ; xufef-dugir-modog-hyzyb-dadod-nicuk-pubyh-polor-pomuk-gobuh-kufet-mulus-pofyz-metoh-tarit-fudih-moxex + +; signs SHA1, SHA2 and GOST DSes +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ADB1PPtGoPKRrhNtRtkqeqpgnZdbPOdJMgjdZVxPfgGCoMTu3JFQVbo= ;{id = 2854} + +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 6mNrX32/DC2RU1A+yWCccn5H6wnsbNYTlf8e/LyF1fsuNfw6tH12sKGBCtk1mp4HpDIgH02HDHplJskSFOvzTw== ;{id = 60385} + +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. kJEyinL7BkpiPW2HxmFHRLAi68EdrLXToJiK83a5cedDe5ABL7c/k+nFHd3WjATUtVoueY3pSnCDVCJaFmd+/A== ;{id = 60385} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.sub.example.com. IN A +SECTION ANSWER +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. kJEyinL7BkpiPW2HxmFHRLAi68EdrLXToJiK83a5cedDe5ABL7c/k+nFHd3WjATUtVoueY3pSnCDVCJaFmd+/A== ;{id = 60385} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 6mNrX32/DC2RU1A+yWCccn5H6wnsbNYTlf8e/LyF1fsuNfw6tH12sKGBCtk1mp4HpDIgH02HDHplJskSFOvzTw== ;{id = 60385} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 12 9SZY+xB3wKtrLoRHzkBs9L3fjcvazjnk5HF3gMaD1PVp4pthrwgHIm0TUaLrd3YCa2VCl5wj+MzbhZi8NEJ/Cg== ;{id = 60385 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. zyZCppfMjlMS9xs3pJfbWkdA6EgV5MqI11AdVRV8pBsyI7diYLWm8RAHlhEI5MT59A6IT6Di9YjOCvWJjzZ9tA== ;{id = 60385} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 6mNrX32/DC2RU1A+yWCccn5H6wnsbNYTlf8e/LyF1fsuNfw6tH12sKGBCtk1mp4HpDIgH02HDHplJskSFOvzTw== ;{id = 60385} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. kJEyinL7BkpiPW2HxmFHRLAi68EdrLXToJiK83a5cedDe5ABL7c/k+nFHd3WjATUtVoueY3pSnCDVCJaFmd+/A== ;{id = 60385} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385} + +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.sub.example.com. IN AAAA +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +; must servfail bogus +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +;www.sub.example.com. 3600 IN A 11.11.11.11 +;www.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_ds_sha2.rpl b/src/test/resources/unbound/val_ds_sha2.rpl new file mode 100644 index 000000000..4af6693c5 --- /dev/null +++ b/src/test/resources/unbound/val_ds_sha2.rpl @@ -0,0 +1,205 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-dsa: yes + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with SHA256 DS digest + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. + +; SHA256 DS for sub.example.com. +sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652033 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. AJ6FL7yKjrpEEO8WMKlG7TVZoGjgFblJeu0rkJCmJxfdeh6ysUlWQWs= ;{id = 2854} + +; SHA1 DS for sub.example.com. +;sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. 3600 IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_ds_sha2_downgrade.rpl b/src/test/resources/unbound/val_ds_sha2_downgrade.rpl new file mode 100644 index 000000000..b15f39bc5 --- /dev/null +++ b/src/test/resources/unbound/val_ds_sha2_downgrade.rpl @@ -0,0 +1,229 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-dsa: yes + fake-sha1: yes + trust-anchor-signaling: no + harden-algo-downgrade: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with SHA256 DS downgrade to SHA1 + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. + +; Downgrade attack: false SHA2, correct SHA1 + +; SHA256 DS for sub.example.com. +;sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652033 +; BAD SHA256 DS +sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652000 + +; SHA1 DS for sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ACqqpk1ow07XJvN1orEpiWOeqMLdDKQtTgWB8Mp6CF/9VTfHuWWmsu8= ;{id = 2854} + +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.sub.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.sub.example.com. IN AAAA +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +; must servfail, BOGUS +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +;www.sub.example.com. 3600 IN A 11.11.11.11 +;www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_ds_sha2_downgrade_override.rpl b/src/test/resources/unbound/val_ds_sha2_downgrade_override.rpl new file mode 100644 index 000000000..7e1e5ecf1 --- /dev/null +++ b/src/test/resources/unbound/val_ds_sha2_downgrade_override.rpl @@ -0,0 +1,226 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + val-digest-preference: "1,2" + fake-dsa: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with SHA256 DS downgrade to SHA1 + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. + +; Downgrade attack: false SHA2, correct SHA1 + +; SHA256 DS for sub.example.com. +;sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652033 +; BAD SHA256 DS +sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652000 + +; SHA1 DS for sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ACqqpk1ow07XJvN1orEpiWOeqMLdDKQtTgWB8Mp6CF/9VTfHuWWmsu8= ;{id = 2854} + +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.sub.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.sub.example.com. IN AAAA +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +; must NOT servfail, despite the BOGUS SHA2 as the digest order is overriden +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. 3600 IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_ds_sha2_lenient.rpl b/src/test/resources/unbound/val_ds_sha2_lenient.rpl new file mode 100644 index 000000000..631facde0 --- /dev/null +++ b/src/test/resources/unbound/val_ds_sha2_lenient.rpl @@ -0,0 +1,229 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-dsa: yes + fake-sha1: yes + trust-anchor-signaling: no + harden-algo-downgrade: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with SHA256 DS downgrade to SHA1 lenience + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. + +; Downgrade attack: false SHA2, correct SHA1 + +; SHA256 DS for sub.example.com. +;sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652033 +; BAD SHA256 DS +sub.example.com. 3600 IN DS 30899 5 2 51be8e847cc663f2775d0f2b6d15e41553c97ecb99b8dd667f18244e2f652000 + +; SHA1 DS for sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ACqqpk1ow07XJvN1orEpiWOeqMLdDKQtTgWB8Mp6CF/9VTfHuWWmsu8= ;{id = 2854} + +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.sub.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.sub.example.com. IN AAAA +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +; must servfail, BOGUS +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. 3600 IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_dsnsec.rpl b/src/test/resources/unbound/val_dsnsec.rpl new file mode 100644 index 000000000..07dd40340 --- /dev/null +++ b/src/test/resources/unbound/val_dsnsec.rpl @@ -0,0 +1,287 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test pickup of DS NSEC from the cache. +; make sure unbound does not pick up the wrong nsec. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; barely valid nodata for AAAA +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for tub.example.com +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NXDOMAIN +SECTION QUESTION +tub.example.com. IN DNSKEY +SECTION ANSWER +SECTION AUTHORITY +; SOA record +example.com IN SOA ns.iana.org. NSTLD.iana.org. 2009061200 1800 900 604800 86400 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AAvpEruGS0UJzMoO6ou/+y8ZyHjjrFC6HKDWU8a61Ru9qtl4R66fC1c= ;{id = 2854} +; qname denial +sub.example.com. IN NSEC wub.example.com. NS DS RRSIG NSEC +sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA4+SSCI8kQZ2/iGj+9rxpNZyaIJNNRZ4eM0fEw2D5fVR/+WLUZ9GdE= ;{id = 2854} +; wildcard denial +example.com. IN NSEC blub.example.com. NS SOA RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AARheDFiRjrnKHzsPloUJ0FC+8aAM6H49Lnm2AJrgxE9RlBlH2E4sRo= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +; DS query for sub.example.com +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +;sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +;sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; query for a domain next to it, so the wrong NSEC gets in the cache. +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.tub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +www.tub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. 3600 IN SOA ns.iana.org. NSTLD.iana.org. 2009061200 1800 900 604800 86400 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AAvpEruGS0UJzMoO6ou/+y8ZyHjjrFC6HKDWU8a61Ru9qtl4R66fC1c= ;{id = 2854} +sub.example.com. 3600 IN NSEC wub.example.com. NS DS RRSIG NSEC +sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AA4+SSCI8kQZ2/iGj+9rxpNZyaIJNNRZ4eM0fEw2D5fVR/+WLUZ9GdE= ;{id = 2854} +example.com. 3600 IN NSEC blub.example.com. NS SOA RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AARheDFiRjrnKHzsPloUJ0FC+8aAM6H49Lnm2AJrgxE9RlBlH2E4sRo= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +; query of interest. +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +STEP 40 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. 3600 IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + + +SCENARIO_END diff --git a/src/test/resources/unbound/val_entds.rpl b/src/test/resources/unbound/val_entds.rpl new file mode 100644 index 000000000..e389f9de2 --- /dev/null +++ b/src/test/resources/unbound/val_entds.rpl @@ -0,0 +1,278 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with lots of ENTs in the chain of trust +; query is for a.1.2.b.3.4.c.5.6.example.com. +; labels 1-6 are empty nonterminals. +; there are DNSKEYs at labels b, c, example.com. +; and DSes at b and c. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for ENT DS queries. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +6.example.com. IN DS +SECTION AUTHORITY +example.com. NSEC c.5.6.example.com. SOA DNSKEY NS RRSIG NSEC +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCoocKDsR+Hius4e+5zJPlXeeWNowIUO+pa14FBcWH/dCNK5R0vRrlWY5s= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +5.6.example.com. IN DS +SECTION AUTHORITY +example.com. NSEC c.5.6.example.com. SOA DNSKEY NS RRSIG NSEC +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCoocKDsR+Hius4e+5zJPlXeeWNowIUO+pa14FBcWH/dCNK5R0vRrlWY5s= ;{id = 2854} +ENTRY_END + +; response for query in question - delegation +; and all other queries, receive a delegation to c.5.6.example.com. +ENTRY_BEGIN +MATCH opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +a.1.2.b.3.4.c.5.6.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +c.5.6.example.com. IN NS ns.c.5.6.example.com. +c.5.6.example.com. 3600 IN DS 2854 3 1 4449f16fa7d712283aa43cc8dcc8e07c05856e08 +c.5.6.example.com. 3600 IN RRSIG DS 3 5 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCgiF7eFL89mSqjUPEpQuL5QEa1OgIUWdfUmMkwVBwOgmxlxZIKfGs5od0= ;{id = 2854} +SECTION ADDITIONAL +ns.c.5.6.example.com. IN A 1.2.3.6 +ENTRY_END +RANGE_END + +; ns.c.5.6.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +c.5.6.example.com. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +c.5.6.example.com. IN DNSKEY +SECTION ANSWER +c.5.6.example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +c.5.6.example.com. 3600 IN RRSIG DNSKEY 3 5 3600 20070926134150 20070829134150 2854 c.5.6.example.com. MC0CFHsYd4tGO5BotXFzG9d8fzHkX576AhUAoZ2d1FNUBsrwxl6XSz/hoxme/4Q= ;{id = 2854} +ENTRY_END + +; response to DS queries. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +4.c.5.6.example.com. IN DS +SECTION AUTHORITY +3.c.5.6.example.com. IN NSEC b.3.4.c.5.6.example.com. NS DS RRSIG NSEC +3.c.5.6.example.com. 3600 IN RRSIG NSEC 3 6 3600 20070926134150 20070829134150 2854 c.5.6.example.com. MCwCFFFF5WwGibkPunDt0BW2W9lncACcAhQuFh7FbfCE1ulJqBFf1YxjvT/WHQ== ;{id = 2854} + +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY AA QR NOERROR +SECTION QUESTION +3.4.c.5.6.example.com. IN DS +SECTION AUTHORITY +3.c.5.6.example.com. IN NSEC b.3.4.c.5.6.example.com. NS DS RRSIG NSEC +3.c.5.6.example.com. 3600 IN RRSIG NSEC 3 6 3600 20070926134150 20070829134150 2854 c.5.6.example.com. MCwCFFFF5WwGibkPunDt0BW2W9lncACcAhQuFh7FbfCE1ulJqBFf1YxjvT/WHQ== ;{id = 2854} +ENTRY_END + +; any other query gets a referral +ENTRY_BEGIN +MATCH opcode +ADJUST copy_id copy_query +REPLY AA QR NOERROR +SECTION QUESTION +; dnsjava: modify query to avoid overlap in query cache, match is not implemented +4.c.5.6.example.com. IN NS +SECTION AUTHORITY +b.3.4.c.5.6.example.com. IN NS ns.b.3.4.c.5.6.example.com. +b.3.4.c.5.6.example.com. 3600 IN DS 30899 5 1 849ebbdefa338db3e6c3ddffd58851523ba701de +b.3.4.c.5.6.example.com. 3600 IN RRSIG DS 3 8 3600 20070926134150 20070829134150 2854 c.5.6.example.com. MC0CFEuXbvClpAOx7E1SXeH0d+Q4jpySAhUAtbEbQ8qtRF5chUOWNtg31ESAjWg= ;{id = 2854} +SECTION ADDITIONAL +ns.b.3.4.c.5.6.example.com. IN A 1.2.3.7 +ENTRY_END +RANGE_END + +; ns.b.3.4.c.5.6.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.7 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +b.3.4.c.5.6.example.com. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +b.3.4.c.5.6.example.com. IN DNSKEY +SECTION ANSWER +b.3.4.c.5.6.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +b.3.4.c.5.6.example.com. 3600 IN RRSIG DNSKEY 5 8 3600 20070926134150 20070829134150 30899 b.3.4.c.5.6.example.com. KNftlGVkrfvo3l3Wliq+i695MqJI9B8QnTVhCHKhFPZfEq0HCxV8gO3ZlaTUle1YEnr7+yXUritXlzjFOlf1hw== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.1.2.b.3.4.c.5.6.example.com. IN A +SECTION ANSWER +a.1.2.b.3.4.c.5.6.example.com. IN A 11.11.11.11 +a.1.2.b.3.4.c.5.6.example.com. 3600 IN RRSIG A 5 11 3600 20070926134150 20070829134150 30899 b.3.4.c.5.6.example.com. GUZcUHhxAvc6FYwAzVJcTqsjz5L36bGA45dyeSupEGEhhUJj0wm/FaYCAlO8J+H2zcFEqbgK0KzHdrFmNHkgUQ== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.1.2.b.3.4.c.5.6.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +a.1.2.b.3.4.c.5.6.example.com. IN A +SECTION ANSWER +a.1.2.b.3.4.c.5.6.example.com. 3600 IN A 11.11.11.11 +a.1.2.b.3.4.c.5.6.example.com. 3600 IN RRSIG A 5 11 3600 20070926134150 20070829134150 30899 b.3.4.c.5.6.example.com. GUZcUHhxAvc6FYwAzVJcTqsjz5L36bGA45dyeSupEGEhhUJj0wm/FaYCAlO8J+H2zcFEqbgK0KzHdrFmNHkgUQ== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_faildnskey.rpl b/src/test/resources/unbound/val_faildnskey.rpl new file mode 100644 index 000000000..4c3139ac5 --- /dev/null +++ b/src/test/resources/unbound/val_faildnskey.rpl @@ -0,0 +1,170 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + # test that default value of harden-dnssec-stripped is still yes. + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with failed DNSKEY request + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +;REPLY QR AA NOERROR +REPLY QR AA SERVFAIL +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +;example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +;example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +;SECTION AUTHORITY +;example.com. IN NS ns.example.com. +;example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +;SECTION ADDITIONAL +;ns.example.com. IN A 1.2.3.4 +;ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_faildnskey_ok.rpl b/src/test/resources/unbound/val_faildnskey_ok.rpl new file mode 100644 index 000000000..d3ac00c47 --- /dev/null +++ b/src/test/resources/unbound/val_faildnskey_ok.rpl @@ -0,0 +1,180 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + harden-dnssec-stripped: no + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + trust-anchor-signaling: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with failed DNSKEY request, but not hardened. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +ENTRY_END + + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +;REPLY QR AA NOERROR +REPLY QR AA SERVFAIL +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +;example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +;example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +;SECTION AUTHORITY +;example.com. IN NS ns.example.com. +;example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +;SECTION ADDITIONAL +;ns.example.com. IN A 1.2.3.4 +;ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_fwdds.rpl b/src/test/resources/unbound/val_fwdds.rpl new file mode 100644 index 000000000..485e28693 --- /dev/null +++ b/src/test/resources/unbound/val_fwdds.rpl @@ -0,0 +1,231 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +forward-zone: + name: "sub.example.com" + forward-addr: 1.2.3.6 +CONFIG_END + +SCENARIO_BEGIN Test forward-zone with DS query +; The fwd zone is linked validly with a DS to the public internet zone. +; unbound just has to be able to ask the DS from the right server (not +; from the fwd). +; Here the fwd is not even recursive, just the plain server for sub.example.com + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for DS of sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response for qtype DS. This is not available here. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR SERVFAIL +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. 3600 IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_keyprefetch.rpl b/src/test/resources/unbound/val_keyprefetch.rpl new file mode 100644 index 000000000..046283368 --- /dev/null +++ b/src/test/resources/unbound/val_keyprefetch.rpl @@ -0,0 +1,215 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + prefetch-key: yes + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with key prefetch + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. 3600 IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_keyprefetch_verify.rpl b/src/test/resources/unbound/val_keyprefetch_verify.rpl new file mode 100644 index 000000000..f2050fb7f --- /dev/null +++ b/src/test/resources/unbound/val_keyprefetch_verify.rpl @@ -0,0 +1,249 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + prefetch-key: yes + prefetch: yes + fake-sha1: yes + trust-anchor-signaling: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with key prefetch and verify with the anchor + + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. 3600 IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +STEP 20 TIME_PASSES ELAPSE 3400 + +; now the key gets prefetched and has to be verified with the anchor, +; not with the key itself. +; this answer is from cache enyway. +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +sub.example.com. IN DNSKEY +ENTRY_END + +STEP 40 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +STEP 50 TRAFFIC + +SCENARIO_END diff --git a/src/test/resources/unbound/val_mal_wc.rpl b/src/test/resources/unbound/val_mal_wc.rpl new file mode 100644 index 000000000..5279092dc --- /dev/null +++ b/src/test/resources/unbound/val_mal_wc.rpl @@ -0,0 +1,152 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with nodata, wildcards and ENT + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +b.example.com. IN DS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +b.example.com. IN DS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +b.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +example.com. 86394 IN SOA NS.IANA.ORG. NSTLD.IANA.ORG. 2007092000 1800 900 604800 86400 +example.com. 86394 IN RRSIG SOA 3 2 86394 20070926135752 20070829135752 2854 example.com. MCwCFFHjDbVjiPywHcXm669wMUJ7dlcoAhRfuauTUoExMSx96lTVYbBHOXtQEw== ;{id = 2854} + +; note that b.example.com. is an empty nonterminal +*.example.com. 3600 IN NSEC *.b.example.com. A MX RRSIG NSEC +*.example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFE9CopvxP6w/1HqnqxNluh1Qbgk0AhRgKrdjk/YoEm4tcYflNX6McDMCgQ== ;{id = 2854} + +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +b.example.com. IN DS +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +b.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +example.com. 86394 IN SOA NS.IANA.ORG. NSTLD.IANA.ORG. 2007092000 1800 900 604800 86400 +example.com. 86394 IN RRSIG SOA 3 2 86394 20070926135752 20070829135752 2854 example.com. MCwCFFHjDbVjiPywHcXm669wMUJ7dlcoAhRfuauTUoExMSx96lTVYbBHOXtQEw== ;{id = 2854} +*.example.com. 3600 IN NSEC *.b.example.com. A MX RRSIG NSEC +*.example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFE9CopvxP6w/1HqnqxNluh1Qbgk0AhRgKrdjk/YoEm4tcYflNX6McDMCgQ== ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_negcache_ds.rpl b/src/test/resources/unbound/val_negcache_ds.rpl new file mode 100644 index 000000000..3a2c8d5dd --- /dev/null +++ b/src/test/resources/unbound/val_negcache_ds.rpl @@ -0,0 +1,216 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with negative cache DS response + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC +sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; query for missing DS record. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC +sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + + +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. 3600 IN A 11.11.11.11 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; the downstream validator wants the DS record. +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +sub.example.com. IN DS +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC +sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_negcache_dssoa.rpl b/src/test/resources/unbound/val_negcache_dssoa.rpl new file mode 100644 index 000000000..0121d1ff6 --- /dev/null +++ b/src/test/resources/unbound/val_negcache_dssoa.rpl @@ -0,0 +1,256 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with negative cache DS response with cached SOA + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC +sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; query for missing DS record. +; commented out, this query should not happen as negative cache works. +;ENTRY_BEGIN +;MATCH opcode qtype qname +;ADJUST copy_id +;REPLY QR NOERROR +;SECTION QUESTION +;sub.example.com. IN DS +;SECTION ANSWER +;SECTION AUTHORITY +;example.com. IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +;example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +;sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC +;sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854} +;SECTION ADDITIONAL +;ns.sub.example.com. IN A 1.2.3.6 +;ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +nx.example.com. IN A +SECTION AUTHORITY +example.com. 7200 IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 7200 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +nw.example.com. 7200 IN NSEC ny.example.com. A RRSIG +nw.example.com. 7200 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AHMp+sqWyR3JL6P0LhJ10fufMFSkW9+DM3QghOokyqgbRu54Q1XrHoE= ;{id = 2854} +!.example.com. 7200 IN NSEC +.example.com. A RRSIG +!.example.com. 7200 IN RRSIG NSEC 3 3 7200 20070926134150 20070829134150 2854 example.com. AJsNy2VkFTJEMShfEcvIkBe+UViVYDJbNNuGnwf/QecOrhONaVpIXy4= ;{id = 2854} +ENTRY_END + +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. 3600 IN A 11.11.11.11 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; put the SOA into the cache +STEP 14 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +nx.example.com. IN A +ENTRY_END + +STEP 15 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +nx.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. 7200 IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 7200 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +nw.example.com. 7200 IN NSEC ny.example.com. A RRSIG +nw.example.com. 7200 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AHMp+sqWyR3JL6P0LhJ10fufMFSkW9+DM3QghOokyqgbRu54Q1XrHoE= ;{id = 2854} +!.example.com. 7200 IN NSEC +.example.com. A RRSIG +!.example.com. 7200 IN RRSIG NSEC 3 3 7200 20070926134150 20070829134150 2854 example.com. AJsNy2VkFTJEMShfEcvIkBe+UViVYDJbNNuGnwf/QecOrhONaVpIXy4= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +; the downstream validator wants the DS record. +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +sub.example.com. IN DS +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC +sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854} +example.com. 7200 IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 7200 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_negcache_nodata.rpl b/src/test/resources/unbound/val_negcache_nodata.rpl new file mode 100644 index 000000000..2fb9429ec --- /dev/null +++ b/src/test/resources/unbound/val_negcache_nodata.rpl @@ -0,0 +1,167 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "testzone.nlnetlabs.nl. IN DS 2926 8 2 6f8512d1e82eecbd684fc4a76f39f8c5b411af385494873bdead663ddb78a88b" + val-override-date: "20180213111425" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + trust-anchor-signaling: no + aggressive-nsec: yes + +stub-zone: + name: "testzone.nlnetlabs.nl" + stub-addr: 185.49.140.60 +CONFIG_END + +SCENARIO_BEGIN Test validator with negative cache NXDOMAIN response (aggressive NSEC) + +; testzone.nlnetlabs.nl nameserver +RANGE_BEGIN 0 100 + ADDRESS 185.49.140.60 + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +testzone.nlnetlabs.nl. IN DNSKEY +SECTION ANSWER +testzone.nlnetlabs.nl. 3600 IN DNSKEY 256 3 8 AwEAAbrNEg01ByEpUUiip+GNAkNVjUfeX7sl9kPUssR3JQvhCJWVs7aBY0Ae1cNtQWgzCmidGorlXvEY2nNBiMM4l7IXqopJsgyj+Cb3nQPVLi/7yVwUb+AIwSJw1gRFElMYonsMOL9qUrJi8BBCnCR0EqkL+X4slmtkXSJbzQAwvHI7 +testzone.nlnetlabs.nl. 3600 IN DNSKEY 257 3 8 AwEAAbn0eGV0wqMBQNSVTY//BoiOD7bexC7FcVv0fH9bwjKOA8I+ob377E14vZN2xRLC2b1GG5iBckjeI+N2dB9eC2KRnScU3Gbmtw75BBYfm/y4Hu72zEjEZ0ZGv6gjSZRv/1o87ODAwQaxN8/dQD+5U/5xu12XM39bCJZx2GWTbf5L +testzone.nlnetlabs.nl. 3600 IN RRSIG DNSKEY 8 3 3600 20180313101254 20180213101254 2926 testzone.nlnetlabs.nl. gSLZb/dSKutRlAKSo8ZCC1R+SkvABMYBRQsms77WPfYCDbt5GbXeuGqwGdadjEN8gGSU+qrYNxBZRhlYY6d2vtl+DGh67qwteHSwOCw0VvU64eVh38maJA1U673U4JtlBALzBOA/UHmXPlCgPPoW3BG0U3T2Qir/mqOmegmpBcw= +SECTION AUTHORITY +testzone.nlnetlabs.nl. 3600 IN NS ns.nlnetlabs.nl. +testzone.nlnetlabs.nl. 3600 IN RRSIG NS 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. Ox0iKc+z3i1qR1wMr8TBPYzuYO5UTaLrBsDagJAd25fvCkGN+h3HPmWlCIW0cBHsS+IaHXr1JhWutjSCc4UBcY+sT7Y7Fw3V1qdZW2KzbSgWUyPkTXoYcIIVLacSUTXEyltW6jj61WEI/RaUGUCJortvwH5iv1Hzee343isxObI= +SECTION ADDITIONAL +ENTRY_END + +; NODATA response for alligator.testzone.nlnetlabs.nl A type +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +alligator.testzone.nlnetlabs.nl. IN A +SECTION ANSWER +SECTION AUTHORITY +alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC +alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +SECTION ADDITIONAL +ENTRY_END + +; NXDOMAIN response for emu.testzone.nlnetlabs.nl +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +emu.testzone.nlnetlabs.nl. IN TXT +SECTION ANSWER +SECTION AUTHORITY +*.elephant.testzone.nlnetlabs.nl. 3600 IN NSEC duck.ent.testzone.nlnetlabs.nl. TXT RRSIG NSEC +*.elephant.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GC4dtR5zYvfuIgMpr6gF8jV69wsi2GwGlftTl532H2sZP7nWa5cJmJ59+q4evBZ+P3fLxaZeGBpsp3fn1e7yadLW5PGiA25qrjG0TGVQgOPdIV+lo45sxn7Yn8apiXcJf/vtXZMR7FcHYK/BieTo2hafa2zaftfQVRA7hpJ/HDc= +testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY +testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +SECTION ADDITIONAL +ENTRY_END + +; No answer for ant.testzone.nlnetlabs.nl + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +alligator.testzone.nlnetlabs.nl. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO AD NOERROR +SECTION QUESTION +alligator.testzone.nlnetlabs.nl. IN A +SECTION ANSWER +SECTION AUTHORITY +alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC +alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +SECTION ADDITIONAL +ENTRY_END + +; AAAA query for alligator.testzone.nlnetlabs.nl, which isn't on the testzone nameserver +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +alligator.testzone.nlnetlabs.nl. IN AAAA +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +alligator.testzone.nlnetlabs.nl. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC +alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +ENTRY_END + +STEP 40 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +emu.testzone.nlnetlabs.nl. IN TXT +ENTRY_END + +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +emu.testzone.nlnetlabs.nl. IN TXT +SECTION ANSWER +SECTION AUTHORITY +*.elephant.testzone.nlnetlabs.nl. 3600 IN NSEC duck.ent.testzone.nlnetlabs.nl. TXT RRSIG NSEC +*.elephant.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GC4dtR5zYvfuIgMpr6gF8jV69wsi2GwGlftTl532H2sZP7nWa5cJmJ59+q4evBZ+P3fLxaZeGBpsp3fn1e7yadLW5PGiA25qrjG0TGVQgOPdIV+lo45sxn7Yn8apiXcJf/vtXZMR7FcHYK/BieTo2hafa2zaftfQVRA7hpJ/HDc= +testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY +testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +ENTRY_END + +STEP 60 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +ent.testzone.nlnetlabs.nl. IN TXT +ENTRY_END + +; query for ENT, must result in NOERROR answer +STEP 70 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +ent.testzone.nlnetlabs.nl. IN TXT +SECTION ANSWER +SECTION AUTHORITY +*.elephant.testzone.nlnetlabs.nl. 3600 IN NSEC duck.ent.testzone.nlnetlabs.nl. TXT RRSIG NSEC +*.elephant.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GC4dtR5zYvfuIgMpr6gF8jV69wsi2GwGlftTl532H2sZP7nWa5cJmJ59+q4evBZ+P3fLxaZeGBpsp3fn1e7yadLW5PGiA25qrjG0TGVQgOPdIV+lo45sxn7Yn8apiXcJf/vtXZMR7FcHYK/BieTo2hafa2zaftfQVRA7hpJ/HDc= +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_negcache_nta.rpl b/src/test/resources/unbound/val_negcache_nta.rpl new file mode 100644 index 000000000..95c25fd94 --- /dev/null +++ b/src/test/resources/unbound/val_negcache_nta.rpl @@ -0,0 +1,121 @@ +; config options +; The island of trust is at testzone.nlnetlabs.nl +server: + trust-anchor: "testzone.nlnetlabs.nl. IN DS 2926 8 2 6f8512d1e82eecbd684fc4a76f39f8c5b411af385494873bdead663ddb78a88b" + val-override-date: "20180213111425" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + trust-anchor-signaling: no + aggressive-nsec: yes + domain-insecure: "ant.testzone.nlnetlabs.nl" + +stub-zone: + name: "testzone.nlnetlabs.nl" + stub-addr: 185.49.140.60 +stub-zone: + name: "ant.testzone.nlnetlabs.nl" + stub-addr: 185.49.140.61 +CONFIG_END + +SCENARIO_BEGIN Test to not do aggressive NSEC for domains under NTA + +; testzone.nlnetlabs.nl nameserver +RANGE_BEGIN 0 100 + ADDRESS 185.49.140.60 + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +testzone.nlnetlabs.nl. IN DNSKEY +SECTION ANSWER +testzone.nlnetlabs.nl. 3600 IN DNSKEY 256 3 8 AwEAAbrNEg01ByEpUUiip+GNAkNVjUfeX7sl9kPUssR3JQvhCJWVs7aBY0Ae1cNtQWgzCmidGorlXvEY2nNBiMM4l7IXqopJsgyj+Cb3nQPVLi/7yVwUb+AIwSJw1gRFElMYonsMOL9qUrJi8BBCnCR0EqkL+X4slmtkXSJbzQAwvHI7 +testzone.nlnetlabs.nl. 3600 IN DNSKEY 257 3 8 AwEAAbn0eGV0wqMBQNSVTY//BoiOD7bexC7FcVv0fH9bwjKOA8I+ob377E14vZN2xRLC2b1GG5iBckjeI+N2dB9eC2KRnScU3Gbmtw75BBYfm/y4Hu72zEjEZ0ZGv6gjSZRv/1o87ODAwQaxN8/dQD+5U/5xu12XM39bCJZx2GWTbf5L +testzone.nlnetlabs.nl. 3600 IN RRSIG DNSKEY 8 3 3600 20180313101254 20180213101254 2926 testzone.nlnetlabs.nl. gSLZb/dSKutRlAKSo8ZCC1R+SkvABMYBRQsms77WPfYCDbt5GbXeuGqwGdadjEN8gGSU+qrYNxBZRhlYY6d2vtl+DGh67qwteHSwOCw0VvU64eVh38maJA1U673U4JtlBALzBOA/UHmXPlCgPPoW3BG0U3T2Qir/mqOmegmpBcw= +SECTION AUTHORITY +testzone.nlnetlabs.nl. 3600 IN NS ns.nlnetlabs.nl. +testzone.nlnetlabs.nl. 3600 IN RRSIG NS 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. Ox0iKc+z3i1qR1wMr8TBPYzuYO5UTaLrBsDagJAd25fvCkGN+h3HPmWlCIW0cBHsS+IaHXr1JhWutjSCc4UBcY+sT7Y7Fw3V1qdZW2KzbSgWUyPkTXoYcIIVLacSUTXEyltW6jj61WEI/RaUGUCJortvwH5iv1Hzee343isxObI= +SECTION ADDITIONAL +ENTRY_END + +; response for antelope.testzone.nlnetlabs.nl. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +antelope.testzone.nlnetlabs.nl. IN TXT +SECTION ANSWER +SECTION AUTHORITY +testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY +testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= +alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC +alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ant.testzone.nlnetlabs.nl nameserver +RANGE_BEGIN 0 100 + ADDRESS 185.49.140.61 + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ant.testzone.nlnetlabs.nl. IN TXT +SECTION ANSWER +ant.testzone.nlnetlabs.nl. 10 IN TXT "domain under NTA" +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +antelope.testzone.nlnetlabs.nl. IN TXT +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO AD NXDOMAIN +SECTION QUESTION +antelope.testzone.nlnetlabs.nl. IN TXT +SECTION ANSWER +SECTION AUTHORITY +testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY +testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= +alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC +alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +SECTION ADDITIONAL +ENTRY_END + +; query for ant.testzone.nlnetlabs.nl, which is below an NTA +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +ant.testzone.nlnetlabs.nl. IN TXT +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +ant.testzone.nlnetlabs.nl. IN TXT +SECTION ANSWER +ant.testzone.nlnetlabs.nl. 10 IN TXT "domain under NTA" +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_negcache_nxdomain.rpl b/src/test/resources/unbound/val_negcache_nxdomain.rpl new file mode 100644 index 000000000..520c5775d --- /dev/null +++ b/src/test/resources/unbound/val_negcache_nxdomain.rpl @@ -0,0 +1,110 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "testzone.nlnetlabs.nl. IN DS 2926 8 2 6f8512d1e82eecbd684fc4a76f39f8c5b411af385494873bdead663ddb78a88b" + val-override-date: "20180213111425" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + trust-anchor-signaling: no + aggressive-nsec: yes + +stub-zone: + name: "testzone.nlnetlabs.nl" + stub-addr: 185.49.140.60 +CONFIG_END + +SCENARIO_BEGIN Test validator with negative cache NXDOMAIN response (aggressive NSEC) + +; testzone.nlnetlabs.nl nameserver +RANGE_BEGIN 0 100 + ADDRESS 185.49.140.60 + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +testzone.nlnetlabs.nl. IN DNSKEY +SECTION ANSWER +testzone.nlnetlabs.nl. 3600 IN DNSKEY 256 3 8 AwEAAbrNEg01ByEpUUiip+GNAkNVjUfeX7sl9kPUssR3JQvhCJWVs7aBY0Ae1cNtQWgzCmidGorlXvEY2nNBiMM4l7IXqopJsgyj+Cb3nQPVLi/7yVwUb+AIwSJw1gRFElMYonsMOL9qUrJi8BBCnCR0EqkL+X4slmtkXSJbzQAwvHI7 +testzone.nlnetlabs.nl. 3600 IN DNSKEY 257 3 8 AwEAAbn0eGV0wqMBQNSVTY//BoiOD7bexC7FcVv0fH9bwjKOA8I+ob377E14vZN2xRLC2b1GG5iBckjeI+N2dB9eC2KRnScU3Gbmtw75BBYfm/y4Hu72zEjEZ0ZGv6gjSZRv/1o87ODAwQaxN8/dQD+5U/5xu12XM39bCJZx2GWTbf5L +testzone.nlnetlabs.nl. 3600 IN RRSIG DNSKEY 8 3 3600 20180313101254 20180213101254 2926 testzone.nlnetlabs.nl. gSLZb/dSKutRlAKSo8ZCC1R+SkvABMYBRQsms77WPfYCDbt5GbXeuGqwGdadjEN8gGSU+qrYNxBZRhlYY6d2vtl+DGh67qwteHSwOCw0VvU64eVh38maJA1U673U4JtlBALzBOA/UHmXPlCgPPoW3BG0U3T2Qir/mqOmegmpBcw= +SECTION AUTHORITY +testzone.nlnetlabs.nl. 3600 IN NS ns.nlnetlabs.nl. +testzone.nlnetlabs.nl. 3600 IN RRSIG NS 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. Ox0iKc+z3i1qR1wMr8TBPYzuYO5UTaLrBsDagJAd25fvCkGN+h3HPmWlCIW0cBHsS+IaHXr1JhWutjSCc4UBcY+sT7Y7Fw3V1qdZW2KzbSgWUyPkTXoYcIIVLacSUTXEyltW6jj61WEI/RaUGUCJortvwH5iv1Hzee343isxObI= +SECTION ADDITIONAL +ENTRY_END + +; response for antelope.testzone.nlnetlabs.nl. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +antelope.testzone.nlnetlabs.nl. IN TXT +SECTION ANSWER +SECTION AUTHORITY +testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY +testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= +alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC +alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +SECTION ADDITIONAL +ENTRY_END + +; No answer for ant.testzone.nlnetlabs.nl + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +antelope.testzone.nlnetlabs.nl. IN TXT +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO AD NXDOMAIN +SECTION QUESTION +antelope.testzone.nlnetlabs.nl. IN TXT +SECTION ANSWER +SECTION AUTHORITY +testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY +testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= +alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC +alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +SECTION ADDITIONAL +ENTRY_END + +; query for ant.testzone.nlnetlabs.nl, which isn't on the testzone nameserver +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +ant.testzone.nlnetlabs.nl. IN TXT +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +ant.testzone.nlnetlabs.nl. IN TXT +SECTION ANSWER +SECTION AUTHORITY +testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY +testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= +alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC +alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_noadwhennodo.rpl b/src/test/resources/unbound/val_noadwhennodo.rpl new file mode 100644 index 000000000..46e1bad5a --- /dev/null +++ b/src/test/resources/unbound/val_noadwhennodo.rpl @@ -0,0 +1,153 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test if AD bit is returned on non-DO query. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +; it is validated, but no AD bit, because no AD was requested. +; (this is a copy of val_positive.rpl). +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nodata.rpl b/src/test/resources/unbound/val_nodata.rpl new file mode 100644 index 000000000..f19963467 --- /dev/null +++ b/src/test/resources/unbound/val_nodata.rpl @@ -0,0 +1,150 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with nodata response + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +; SOA record is missing in reply. +; Denies A, note this is the end of the NSEC chain. +www.example.com. IN NSEC example.com. RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCreYgWjFPE/E47n+KUp6vAPIfS4gIUaof1QcUQeIcsxVi1/M73CuHVwEc= ;{id = 2854} +; Denies wildcard +;example.com. IN NSEC ns.example.com. NS SOA RRSIG NSEC DNSKEY +;example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +www.example.com. IN NSEC example.com. RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCreYgWjFPE/E47n+KUp6vAPIfS4gIUaof1QcUQeIcsxVi1/M73CuHVwEc= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nodata_ent.rpl b/src/test/resources/unbound/val_nodata_ent.rpl new file mode 100644 index 000000000..96ba7dbbc --- /dev/null +++ b/src/test/resources/unbound/val_nodata_ent.rpl @@ -0,0 +1,156 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with nodata on empty nonterminal response + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +; Denies A, note this is the end of the NSEC chain. +u.example.com. IN NSEC y.www.example.com. RRSIG NSEC +u.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCvUG2P/8Q8b02C6agrgtJX4YfBbwIUaF/fIuS4OFmGVNkFzgiLAkpze3M= ;{id = 2854} + +; Denies wildcard +example.com. IN NSEC ns.example.com. NS SOA RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +u.example.com. IN NSEC y.www.example.com. RRSIG NSEC +u.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCvUG2P/8Q8b02C6agrgtJX4YfBbwIUaF/fIuS4OFmGVNkFzgiLAkpze3M= ;{id = 2854} +example.com. IN NSEC ns.example.com. NS SOA RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nodata_entnx.rpl b/src/test/resources/unbound/val_nodata_entnx.rpl new file mode 100644 index 000000000..c8e704e30 --- /dev/null +++ b/src/test/resources/unbound/val_nodata_entnx.rpl @@ -0,0 +1,151 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. IN DS 29332 8 2 751f8b755718a7b4ef8920a4b42407520889c3d2142a64f6ffad9e12fa9fc262" + val-override-date: "20140301134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with nodata on empty nonterminal response with rcode NXDOMAIN + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +0.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +0.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20140320093645 20140220093645 55566 example.com. Z+gwYHWVcSXkIYX35nm3bHzlARf1AsI51gH7lGUSwKoD+ZEePXgkqnVS3jrzl/VjeNrmGutpl1rP1tZvTLD5Hs7Q04BlmhS5X22jiGpfwfdaKbbBUNDuCLN31+W8A4B6PBA+jNO3m3+vYNctWfemWX2YTIxKIyOppFOZP2+ll4A= +SECTION ADDITIONAL +ns.example.com. 3600 IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20140320093645 20140220093645 55566 example.com. Fgdfl8Jp4xFHxHyjkjaso7pt0AdrRifUEP2fer8pNnW4KIH83uA4OjfYcMwdP4HqSBJFPb04wQLFoDrLDdFp3zSjHwQQm+4OIBffBMXQ42RSWFgjCygOzQ/vdBUsBDV9tf6y/ggQg+CVfI7l2oPrUwMQCrr69KdzzrRRlsivotM= +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN DNSKEY 257 3 8 AwEAAb4WMOTBLTFvmBra5m6SK4VfViOzmvyUAU0qv861ZQXeEFvwlndqNU9rwRsMxrSWAYs5nHErKDn49usC/HyxxW1477iGFHhfgL4mjNreJm9zft2QFB1VLbRbEPYdDMLCn4co0qnG7/KG8W2i8Pym1L7f+aREwbLo+/716AS2PbaKMhfWLKLiq5wnBcUClQMNzCiwhqxDJp1oePqfkVdeUgXOtgi0dYRIKyQFhJ5VWJ22npoi/Gif0XLCADAlAwRLKc8o/yJkCxskzgpHpw5Cki1lclg0aq4ssOuPRQ+ne6IHYCz9D2mwzulblhLFamKdq7aHzNt4NlyxhpANVFiKLD8= ;{id = 29332 (ksk), size = 2048b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20140320093645 20140220093645 29332 example.com. Vjcu4FD2hbHO4jgRXBeWwhUU29DOyUhdcQuRBhcNNZPYS4/MNKrKzhqZ/5jGRx//UffVvZMrVjb2xbJXf0UALrBktbG/yRK0lETXu4JHVtUyCY8jiKlmSl4LabsYC5GvvoLCzXilYFtp1zzagorONmJtmBc9DiP3fp/ju0gZ45/pTn6cLY8cm2/ja5U5SQ4KQ4SVQsiNduvpLAm3CM2qkqOdspWtNEjjG92EXqgBg5lQ0pt5U2wKk3igecACGUiKzrc9qlSBoErS+rDYAZ3TKqUdW489o4hd0vOowvwgb7Z+lqleplyptlCAwpw/djNqA4dX+FTK/oB6lokX5bxnjQ== +SECTION AUTHORITY +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20140320093645 20140220093645 55566 example.com. Z+gwYHWVcSXkIYX35nm3bHzlARf1AsI51gH7lGUSwKoD+ZEePXgkqnVS3jrzl/VjeNrmGutpl1rP1tZvTLD5Hs7Q04BlmhS5X22jiGpfwfdaKbbBUNDuCLN31+W8A4B6PBA+jNO3m3+vYNctWfemWX2YTIxKIyOppFOZP2+ll4A= +SECTION ADDITIONAL +ns.example.com. 3600 IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20140320093645 20140220093645 55566 example.com. Fgdfl8Jp4xFHxHyjkjaso7pt0AdrRifUEP2fer8pNnW4KIH83uA4OjfYcMwdP4HqSBJFPb04wQLFoDrLDdFp3zSjHwQQm+4OIBffBMXQ42RSWFgjCygOzQ/vdBUsBDV9tf6y/ggQg+CVfI7l2oPrUwMQCrr69KdzzrRRlsivotM= +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +0.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. postmaster.example.com. 1337 1200 180 1209600 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20140320093645 20140220093645 55566 example.com. dcglYOgcxQS6G0PIGitAvMsOUdChGmGAKKb9PYewds2CnoBZq9Tn5F27A4agfJJrUcMC1g3m/O9+kbIYSRs3L9qYwpV/hOu7WLAS/fw+8S3ASSWP2RE+uu0IC1qo0YdHtH5y/cNjqEUcH8uhD1CAYfgKdn3hWEwqXKpWAFrUE7U= +; Denies A and wildcard +example.com. 3600 IN NSEC 0.0.0.0.example.com. NS SOA MX TXT RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 8 2 3600 20140320093645 20140220093645 55566 example.com. dL8lR8Wsvow+dCR24E7BTG3NxzxVCJb0wxQ+k8gLVbQMMsMkQEh4gw2zOXkfX21764ULm6RxEww0ibuKnidXLGUEkCc6g+WL2hsnE2DUpwIGZXn/O3VamrB9+GJ+dbCj4NFl+IXNlrfQFsYOiw055jjQjZTxrsCzodnfxqDgwUg= +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +0.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +0.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. postmaster.example.com. 1337 1200 180 1209600 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20140320093645 20140220093645 55566 example.com. dcglYOgcxQS6G0PIGitAvMsOUdChGmGAKKb9PYewds2CnoBZq9Tn5F27A4agfJJrUcMC1g3m/O9+kbIYSRs3L9qYwpV/hOu7WLAS/fw+8S3ASSWP2RE+uu0IC1qo0YdHtH5y/cNjqEUcH8uhD1CAYfgKdn3hWEwqXKpWAFrUE7U= +example.com. 3600 IN NSEC 0.0.0.0.example.com. NS SOA MX TXT RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 8 2 3600 20140320093645 20140220093645 55566 example.com. dL8lR8Wsvow+dCR24E7BTG3NxzxVCJb0wxQ+k8gLVbQMMsMkQEh4gw2zOXkfX21764ULm6RxEww0ibuKnidXLGUEkCc6g+WL2hsnE2DUpwIGZXn/O3VamrB9+GJ+dbCj4NFl+IXNlrfQFsYOiw055jjQjZTxrsCzodnfxqDgwUg= +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nodata_entwc.rpl b/src/test/resources/unbound/val_nodata_entwc.rpl new file mode 100644 index 000000000..c02e9521a --- /dev/null +++ b/src/test/resources/unbound/val_nodata_entwc.rpl @@ -0,0 +1,156 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with wildcard nodata on empty nonterminal response + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +; Denies A, note this is the end of the NSEC chain. +*.u.example.com. IN NSEC y.www.example.com. RRSIG NSEC +*.u.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFEiVqFPbtbpIh8NrE/YjNCDPFYZgAhR9/9SDX2lwxckJZR299JcRRsjnqw== ;{id = 2854} + +; Denies wildcard +example.com. IN NSEC ns.example.com. NS SOA RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +*.u.example.com. IN NSEC y.www.example.com. RRSIG NSEC +*.u.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFEiVqFPbtbpIh8NrE/YjNCDPFYZgAhR9/9SDX2lwxckJZR299JcRRsjnqw== ;{id = 2854} +example.com. IN NSEC ns.example.com. NS SOA RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nodata_failsig.rpl b/src/test/resources/unbound/val_nodata_failsig.rpl new file mode 100644 index 000000000..88b515649 --- /dev/null +++ b/src/test/resources/unbound/val_nodata_failsig.rpl @@ -0,0 +1,167 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with nodata response with bogus RRSIG + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +; SOA record is missing in reply. +; Denies A, note this is the end of the NSEC chain. +; this RRSIG is failed, we set to 0 base64 data to make this easy to detect +www.example.com. IN NSEC example.com. RRSIG NSEC +;www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDA8yqBITvLruoQjn/eqjYjwCwySAhUAk5/f3H1HKMsvM+spmmswwFtndyY= ;{id = 2854} +;encode _something_ as base64 to make dnsjava happy +www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. QQ== +; Denies wildcard +example.com. IN NSEC ns.example.com. NS SOA RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nodata_failwc.rpl b/src/test/resources/unbound/val_nodata_failwc.rpl new file mode 100644 index 000000000..76fa8acac --- /dev/null +++ b/src/test/resources/unbound/val_nodata_failwc.rpl @@ -0,0 +1,72 @@ +; config options +; The island of trust is at nsecwc.nlnetlabs.nl +server: + trust-anchor: "nsecwc.nlnetlabs.nl. 10024 IN DS 565 8 2 0C15C04C022700C8713028F6F64CF2343DE627B8F83CDA1C421C65DB 52908A2E" + val-override-date: "20181202115531" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no +stub-zone: + name: "nsecwc.nlnetlabs.nl" + stub-addr: "185.49.140.60" + +CONFIG_END + +SCENARIO_BEGIN Test validator with nodata response with wildcard expanded NSEC record, original NSEC owner does not provide proof for QNAME. CVE-2017-15105 test. + + ; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 185.49.140.60 + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +nsecwc.nlnetlabs.nl. IN DNSKEY +SECTION ANSWER +nsecwc.nlnetlabs.nl. 3600 IN DNSKEY 257 3 8 AwEAAbTluF4BfJ/FT7Ak5a3VvYG1AqhT8FXxOsVwGTyueyE/hW+fMFMd QlLMf2Lf/gmsnFgn/p7GDmJBLlPTATmLeP3isvAZbK3MDEP2O5UjTVmt LZriTv8xfxYW6emCM54EQjWii64BFWrOeLm9zQqzyaLl53CbIIXqiacV KPteh8GX +nsecwc.nlnetlabs.nl. 3600 IN RRSIG DNSKEY 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. q3bG4e8EtvXKDcNWcyYHeQxLF9l9aJKdmeSubyN6Qc3UVHugd6t3YSxD hlD+g43y7FcdnNHdAPh/jpgC4wtOb5J+5XAuESDHwesmIXOCTJjrb+A8 r+xQK+vsY8FhNZ2r81JZ/KQ/+TcCS5tbYeNZQgENduWAxgGiw3fdrMOV xiU= +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +_25._tcp.mail.nsecwc.nlnetlabs.nl. IN TLSA +SECTION ANSWER +SECTION AUTHORITY +nsecwc.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +nsecwc.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. bYibpCDg1LgrnYJgVahgu94LBqLIcNs4iC0SW8LV7pTI1hhuFKbLkO2O ekPdkJAWmu/KTytf8D+cdcK6X/9VS8QCVIF5S0hraHtNezu0f1B5ztg3 7Rqy+uJSucNKoykueAsz2z43GMgO0rGH3bqM7+3ii8p2E2rhzqEtG/D3 qyY= +; NSEC has a label lenght of 3, indication that the original owner name is: +; *.nsecwc.nlnetlabs.nl. The NSEC therefore does no prove the NODATA answer. +_25._tcp.mail.nsecwc.nlnetlabs.nl. 3600 IN NSEC delegation.nsecwc.nlnetlabs.nl. TXT RRSIG NSEC +_25._tcp.mail.nsecwc.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. ddy1MRbshFuFJswlouNGHsZUF/tYu8BOCztY2JuHeTMyWL7rhRKp73q/ 1RAXMwywKsynT5ioY0bMtEQszeIEn29IYaPDHieLAobjF6BMu1kO7U2/ oEBrSHM/fx28BcaM5G4nfCIm3BlhQhWvk1NDHLn3Q26x4hF/dnmFOUet aXw= +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +_25._tcp.mail.nsecwc.nlnetlabs.nl. IN TLSA +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +_25._tcp.mail.nsecwc.nlnetlabs.nl. IN TLSA +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nodata_hasdata.rpl b/src/test/resources/unbound/val_nodata_hasdata.rpl new file mode 100644 index 000000000..18f420c5c --- /dev/null +++ b/src/test/resources/unbound/val_nodata_hasdata.rpl @@ -0,0 +1,164 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with nodata response, that proves the data. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +; SOA record is missing in reply. +; Denies A, note this is the end of the NSEC chain. +www.example.com. IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDA8yqBITvLruoQjn/eqjYjwCwySAhUAk5/f3H1HKMsvM+spmmswwFtndyY= ;{id = 2854} +; Denies wildcard +example.com. IN NSEC ns.example.com. NS SOA RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFGlz/gvGdVxEo3Kpr+MijEGCZgwaAhRU7qbF13vmCVgR8dFw7LQFKopV6w== ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nodata_zonecut.rpl b/src/test/resources/unbound/val_nodata_zonecut.rpl new file mode 100644 index 000000000..eb84ac01c --- /dev/null +++ b/src/test/resources/unbound/val_nodata_zonecut.rpl @@ -0,0 +1,162 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with nodata response from wrong side of zonecut + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +; SOA record is missing in reply. +; Denies A, note this is the end of the NSEC chain. +; from wrong side of zone-cut +www.example.com. 3600 IN NSEC example.com. NS DS RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. AA+3mzAYPyQ8G9EKxeyNM+UZY+RtCiS5BOkS8h4wSxMT3lfVdadGpn8= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nodatawc.rpl b/src/test/resources/unbound/val_nodatawc.rpl new file mode 100644 index 000000000..542b65e82 --- /dev/null +++ b/src/test/resources/unbound/val_nodatawc.rpl @@ -0,0 +1,152 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with wildcard nodata response + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +; SOA record is missing in reply. +; wildcard, Denies A, note this is the end of the NSEC chain. +*.example.com. IN NSEC example.com. RRSIG NSEC +*.example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFEwIBOyCychIo8y/JnBLLrhQdejHAhUAtKBLVPEvhF2haaX/RNUGLji1Xw0= ;{id = 2854} +; this NSEC denies original query name +ns.example.com. IN NSEC zork.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCfm3mQakqw9pd8SluduiMXYYc+/wIULqIBxw1bK8QEwCrd8E6T50P4BEw= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +*.example.com. IN NSEC example.com. RRSIG NSEC +*.example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFEwIBOyCychIo8y/JnBLLrhQdejHAhUAtKBLVPEvhF2haaX/RNUGLji1Xw0= ;{id = 2854} +ns.example.com. IN NSEC zork.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCfm3mQakqw9pd8SluduiMXYYc+/wIULqIBxw1bK8QEwCrd8E6T50P4BEw= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nodatawc_badce.rpl b/src/test/resources/unbound/val_nodatawc_badce.rpl new file mode 100644 index 000000000..49ee7f17a --- /dev/null +++ b/src/test/resources/unbound/val_nodatawc_badce.rpl @@ -0,0 +1,164 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with wildcard nodata, bad closest encloser + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +; SOA record is missing in reply. +; wildcard is *.com, +*.com. IN NSEC com. RRSIG NSEC +*.com. 3600 IN RRSIG NSEC 3 1 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCdZKVAPYKe6WhoeuK4+J2hd3F2DgIUXv9Dif1uZsSjboLYVx7Wp0DEg78= ;{id = 2854} +; this NSEC denies original query name from a different zone +ns.example.com. IN NSEC zork.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCfm3mQakqw9pd8SluduiMXYYc+/wIULqIBxw1bK8QEwCrd8E6T50P4BEw= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nodatawc_nodeny.rpl b/src/test/resources/unbound/val_nodatawc_nodeny.rpl new file mode 100644 index 000000000..35f154ebc --- /dev/null +++ b/src/test/resources/unbound/val_nodatawc_nodeny.rpl @@ -0,0 +1,164 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with wildcard nodata response without qdenial + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +; SOA record is missing in reply. +; wildcard, Denies A, note this is the end of the NSEC chain. +*.example.com. IN NSEC ns.example.com. RRSIG NSEC +*.example.com. IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFG0+PaReanKYupgDsJMHBBl7qaAOAhRApLLtiHNSl326iqVz/icLUJ6+Kg== ;{id = 2854} +; this NSEC denies original query name +;ns.example.com. IN NSEC zork.example.com. A RRSIG NSEC +;ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCfm3mQakqw9pd8SluduiMXYYc+/wIULqIBxw1bK8QEwCrd8E6T50P4BEw= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nodatawc_one.rpl b/src/test/resources/unbound/val_nodatawc_one.rpl new file mode 100644 index 000000000..081d20c0b --- /dev/null +++ b/src/test/resources/unbound/val_nodatawc_one.rpl @@ -0,0 +1,147 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with wildcard nodata response with one NSEC + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +; SOA record is missing in reply. +; wildcard, Denies A, note this is the end of the NSEC chain. +*.example.com. IN NSEC example.com. RRSIG NSEC +*.example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFEwIBOyCychIo8y/JnBLLrhQdejHAhUAtKBLVPEvhF2haaX/RNUGLji1Xw0= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +*.example.com. IN NSEC example.com. RRSIG NSEC +*.example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFEwIBOyCychIo8y/JnBLLrhQdejHAhUAtKBLVPEvhF2haaX/RNUGLji1Xw0= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nodatawc_wcns.rpl b/src/test/resources/unbound/val_nodatawc_wcns.rpl new file mode 100644 index 000000000..a3fca6a7c --- /dev/null +++ b/src/test/resources/unbound/val_nodatawc_wcns.rpl @@ -0,0 +1,158 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-dsa: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with wildcard nodata response from parent zone with SOA + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +; wildcard, denies A, but has NS and SOA +*.example.com. 3600 IN NSEC ns.example.com. RRSIG NSEC NS SOA +*.example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AFmszt1f4/pJQypUHc3e7izNQnc/eDaK2gB73kt/0H0iYMpOlWjYr8E= +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nodatawc_wrongdeleg.rpl b/src/test/resources/unbound/val_nodatawc_wrongdeleg.rpl new file mode 100644 index 000000000..2727515f5 --- /dev/null +++ b/src/test/resources/unbound/val_nodatawc_wrongdeleg.rpl @@ -0,0 +1,158 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-dsa: yes + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with wildcard nodata response from parent zone + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +; wildcard, denies A, but has NS without SOA +*.example.com. IN NSEC ns.example.com. RRSIG NSEC NS +*.example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AD9PK7JGmYA7yzAMBiDXZNiYf9I8fbNI4MRZ2xebru+u5MBafoXacR8= +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nokeyprime.rpl b/src/test/resources/unbound/val_nokeyprime.rpl new file mode 100644 index 000000000..4675a382b --- /dev/null +++ b/src/test/resources/unbound/val_nokeyprime.rpl @@ -0,0 +1,163 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with failed key prime, no keys. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +ENTRY_END + +; barely valid nodata for AAAA +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +ENTRY_END + + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007101500 28800 7200 604800 18000 +SECTION ADDITIONAL +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_b1_nameerror.rpl b/src/test/resources/unbound/val_nsec3_b1_nameerror.rpl new file mode 100644 index 000000000..f9d1d2660 --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_b1_nameerror.rpl @@ -0,0 +1,134 @@ +; config options +server: + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + val-override-date: "20120420235959" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator NSEC3 B.1 name error. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +. IN A +SECTION AUTHORITY +example. IN NS ns1.example. +; leave out to make unbound take ns1 +;example. IN NS ns2.example. +SECTION ADDITIONAL +ns1.example. IN A 192.0.2.1 +; leave out to make unbound take ns1 +;ns2.example. IN A 192.0.2.2 +ENTRY_END +RANGE_END + +; ns1.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +example. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN DNSKEY +SECTION ANSWER +example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) +example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) +example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NXDOMAIN +SECTION QUESTION +a.c.x.w.example. IN A +SECTION AUTHORITY +example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) +example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) + +;; NSEC3 RR that covers the "next closer" name (c.x.w.example) +;; H(c.x.w.example) = 0va5bpr2ou0vk0lbqeeljri88laipsfh + +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) + +;; NSEC3 RR that matches the closest encloser (x.w.example) +;; H(x.w.example) = b4um86eghhds6nea196smvmlo4ors995 + +b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG ) +b4um86eghhds6nea196smvmlo4ors995.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUiwtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== ) + +;; NSEC3 RR that covers wildcard at the closest encloser (*.x.w.example) +;; H(*.x.w.example) = 92pqneegtaue7pjatc3l3qnk738c6v5m + +35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) +35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.c.x.w.example. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NXDOMAIN +SECTION QUESTION +a.c.x.w.example. IN A +SECTION ANSWER +SECTION AUTHORITY +example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) +example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) +b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG ) +b4um86eghhds6nea196smvmlo4ors995.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUiwtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== ) +35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) +35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_b1_nameerror_noce.rpl b/src/test/resources/unbound/val_nsec3_b1_nameerror_noce.rpl new file mode 100644 index 000000000..ebe93a6b6 --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_b1_nameerror_noce.rpl @@ -0,0 +1,144 @@ +; config options +server: + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + val-override-date: "20120420235959" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator NSEC3 B.1 name error without ce NSEC3. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example. IN A +SECTION AUTHORITY +example. IN NS ns1.example. +; leave out to make unbound take ns1 +;example. IN NS ns2.example. +SECTION ADDITIONAL +ns1.example. IN A 192.0.2.1 +; leave out to make unbound take ns1 +;ns2.example. IN A 192.0.2.2 +ENTRY_END +RANGE_END + +; ns1.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN A +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +example. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN DNSKEY +SECTION ANSWER +example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) +example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) +example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NXDOMAIN +SECTION QUESTION +a.c.x.w.example. IN A +SECTION AUTHORITY +example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) +example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) + +;; NSEC3 RR that covers the "next closer" name (c.x.w.example) +;; H(c.x.w.example) = 0va5bpr2ou0vk0lbqeeljri88laipsfh + +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) + +;; NSEC3 RR that matches the closest encloser (x.w.example) +;; H(x.w.example) = b4um86eghhds6nea196smvmlo4ors995 + +; b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG ) +; b4um86eghhds6nea196smvmlo4ors995.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUiwtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== ) + +;; NSEC3 RR that covers wildcard at the closest encloser (*.x.w.example) +;; H(*.x.w.example) = 92pqneegtaue7pjatc3l3qnk738c6v5m + +35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) +35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +a.c.x.w.example. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +a.c.x.w.example. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_b1_nameerror_nonc.rpl b/src/test/resources/unbound/val_nsec3_b1_nameerror_nonc.rpl new file mode 100644 index 000000000..3fc9db609 --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_b1_nameerror_nonc.rpl @@ -0,0 +1,146 @@ +; config options +server: + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm 3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + val-override-date: "20120420235959" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator NSEC3 B.1 name error without nc NSEC3. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example. IN A +SECTION AUTHORITY +example. IN NS ns1.example. +; leave out to make unbound take ns1 +;example. IN NS ns2.example. +SECTION ADDITIONAL +ns1.example. IN A 192.0.2.1 +; leave out to make unbound take ns1 +;ns2.example. IN A 192.0.2.2 +ENTRY_END +RANGE_END + +; ns1.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN A +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +example. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN DNSKEY +SECTION ANSWER +example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89ep O6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) +example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8 Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) +example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf 3bH+QsCtg== ) + +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NXDOMAIN +SECTION QUESTION +a.c.x.w.example. IN A +SECTION AUTHORITY +example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) +example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd V I2LmKusbZsT0Q== ) + +;; NSEC3 RR that covers the "next closer" name (c.x.w.example) +;; H(c.x.w.example) = 0va5bpr2ou0vk0lbqeeljri88laipsfh + +;0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi 47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) +;0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRx K9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) + +;; NSEC3 RR that matches the closest encloser (x.w.example) +;; H(x.w.example) = b4um86eghhds6nea196smvmlo4ors995 + +b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG ) +b4um86eghhds6nea196smvmlo4ors995.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUi wtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== ) + +;; NSEC3 RR that covers wildcard at the closest encloser (*.x.w.example) +;; H(*.x.w.example) = 92pqneegtaue7pjatc3l3qnk738c6v5m + +35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) +35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH +z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) + +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +a.c.x.w.example. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +a.c.x.w.example. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_b1_nameerror_nowc.rpl b/src/test/resources/unbound/val_nsec3_b1_nameerror_nowc.rpl new file mode 100644 index 000000000..6c77421a2 --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_b1_nameerror_nowc.rpl @@ -0,0 +1,151 @@ +; config options +server: + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + val-override-date: "20120420235959" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator NSEC3 B.1 name error without wc NSEC3. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example. IN A +SECTION AUTHORITY +example. IN NS ns1.example. +; leave out to make unbound take ns1 +;example. IN NS ns2.example. +SECTION ADDITIONAL +ns1.example. IN A 192.0.2.1 +; leave out to make unbound take ns1 +;ns2.example. IN A 192.0.2.2 +ENTRY_END +RANGE_END + +; ns1.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN A +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +example. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN DNSKEY +SECTION ANSWER +example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) +example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) +example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NXDOMAIN +SECTION QUESTION +a.c.x.w.example. IN A +SECTION AUTHORITY +example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) +example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) + +;; NSEC3 RR that covers the "next closer" name (c.x.w.example) +;; H(c.x.w.example) = 0va5bpr2ou0vk0lbqeeljri88laipsfh + +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) + +;; NSEC3 RR that matches the closest encloser (x.w.example) +;; H(x.w.example) = b4um86eghhds6nea196smvmlo4ors995 + +b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG ) +b4um86eghhds6nea196smvmlo4ors995.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUiwtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== ) + +;; NSEC3 RR that covers wildcard at the closest encloser (*.x.w.example) +;; H(*.x.w.example) = 92pqneegtaue7pjatc3l3qnk738c6v5m + + +;35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) +;35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.c.x.w.example. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +a.c.x.w.example. IN A +SECTION ANSWER +SECTION AUTHORITY +; example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) +; example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) +; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) +; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) +; b4um86eghhds6nea196smvmlo4ors995.example. NSEC3 1 1 12 aabbccdd ( gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG ) +; b4um86eghhds6nea196smvmlo4ors995.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh 5u4m/CUiwtblEVOaAKKZd7S959OeiX43aLX3 pOv0TSTyiTxIZg== ) +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_b21_nodataent.rpl b/src/test/resources/unbound/val_nsec3_b21_nodataent.rpl new file mode 100644 index 000000000..e20a285bc --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_b21_nodataent.rpl @@ -0,0 +1,117 @@ +; config options +server: + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + val-override-date: "20120420235959" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator NSEC3 B.2.1 no data empty nonterminal. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +. IN A +SECTION AUTHORITY +example. IN NS ns1.example. +; leave out to make unbound take ns1 +;example. IN NS ns2.example. +SECTION ADDITIONAL +ns1.example. IN A 192.0.2.1 +; leave out to make unbound take ns1 +;ns2.example. IN A 192.0.2.2 +ENTRY_END +RANGE_END + +; ns1.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +example. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN DNSKEY +SECTION ANSWER +example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) +example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) +example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +y.w.example. IN A +SECTION AUTHORITY +example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) +example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) + +;; NSEC3 RR matches the QNAME and shows that the A type bit is not set. +ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. NSEC3 1 1 12 aabbccdd ( k8udemvp1j2f7eg6jebps17vp3n8i58h ) +ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. gPkFp1s2QDQ6wQzcg1uSebZ61W33rUBDcTj7 2F3kQ490fEdp7k1BUIfbcZtPbX3YCpE+sIt0 MpzVSKfTwx4uYA== ) + +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +y.w.example. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +y.w.example. IN A +SECTION ANSWER +SECTION AUTHORITY +example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) +example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) +ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. NSEC3 1 1 12 aabbccdd ( k8udemvp1j2f7eg6jebps17vp3n8i58h ) +ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. gPkFp1s2QDQ6wQzcg1uSebZ61W33rUBDcTj7 2F3kQ490fEdp7k1BUIfbcZtPbX3YCpE+sIt0 MpzVSKfTwx4uYA== ) +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_b21_nodataent_wr.rpl b/src/test/resources/unbound/val_nsec3_b21_nodataent_wr.rpl new file mode 100644 index 000000000..a56f0b82f --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_b21_nodataent_wr.rpl @@ -0,0 +1,135 @@ +; config options +server: + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + val-override-date: "20120420235959" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator NSEC3 B.2.1 no data empty nonterminal, wrong rr. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example. IN A +SECTION AUTHORITY +example. IN NS ns1.example. +; leave out to make unbound take ns1 +;example. IN NS ns2.example. +SECTION ADDITIONAL +ns1.example. IN A 192.0.2.1 +; leave out to make unbound take ns1 +;ns2.example. IN A 192.0.2.2 +ENTRY_END +RANGE_END + +; ns1.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN A +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +example. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN DNSKEY +SECTION ANSWER +example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) +example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) +example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +y.w.example. IN A +SECTION AUTHORITY +example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) +example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) + +;; NSEC3 RR matches the QNAME and shows that the A type bit is not set. +;ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. NSEC3 1 1 12 aabbccdd ( k8udemvp1j2f7eg6jebps17vp3n8i58h ) +;ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. gPkFp1s2QDQ6wQzcg1uSebZ61W33rUBDcTj7 2F3kQ490fEdp7k1BUIfbcZtPbX3YCpE+sIt0 MpzVSKfTwx4uYA== ) + +; instead the wrong NSEC3 rr is included +35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) +35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) + +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +y.w.example. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +y.w.example. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_b2_nodata.rpl b/src/test/resources/unbound/val_nsec3_b2_nodata.rpl new file mode 100644 index 000000000..709c918c1 --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_b2_nodata.rpl @@ -0,0 +1,117 @@ +; config options +server: + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + val-override-date: "20120420235959" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator NSEC3 B.2 no data. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +. IN A +SECTION AUTHORITY +example. IN NS ns1.example. +; leave out to make unbound take ns1 +;example. IN NS ns2.example. +SECTION ADDITIONAL +ns1.example. IN A 192.0.2.1 +; leave out to make unbound take ns1 +;ns2.example. IN A 192.0.2.2 +ENTRY_END +RANGE_END + +; ns1.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +example. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN DNSKEY +SECTION ANSWER +example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) +example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) +example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +ns1.example. IN MX +SECTION AUTHORITY +example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) +example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) + +;; NSEC3 RR matches the QNAME and shows that the MX type bit is not set. +2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. NSEC3 1 1 12 aabbccdd ( 2vptu5timamqttgl4luu9kg21e0aor3s A RRSIG ) +2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OmBvJ1Vgg1hCKMXHFiNeIYHK9XVW0iLDLwJN 4TFoNxZuP03gAXEI634YwOc4YBNITrj413iq NI6mRk/r1dOSUw== ) + +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +ns1.example. IN MX +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +ns1.example. IN MX +SECTION ANSWER +SECTION AUTHORITY +example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) +example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) +2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. NSEC3 1 1 12 aabbccdd ( 2vptu5timamqttgl4luu9kg21e0aor3s A RRSIG ) +2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OmBvJ1Vgg1hCKMXHFiNeIYHK9XVW0iLDLwJN 4TFoNxZuP03gAXEI634YwOc4YBNITrj413iq NI6mRk/r1dOSUw== ) +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_b2_nodata_nons.rpl b/src/test/resources/unbound/val_nsec3_b2_nodata_nons.rpl new file mode 100644 index 000000000..43d815e76 --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_b2_nodata_nons.rpl @@ -0,0 +1,139 @@ +; config options +server: + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + val-override-date: "20120420235959" + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator NSEC3 B.2 no data, without NSEC3. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example. IN A +SECTION AUTHORITY +example. IN NS ns1.example. +; leave out to make unbound take ns1 +;example. IN NS ns2.example. +SECTION ADDITIONAL +ns1.example. IN A 192.0.2.1 +; leave out to make unbound take ns1 +;ns2.example. IN A 192.0.2.2 +ENTRY_END +RANGE_END + +; ns1.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN A +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +example. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN DNSKEY +SECTION ANSWER +example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) +example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) +example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) +ENTRY_END + +; response to DS query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +ns1.example. IN DS +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +ns1.example. IN MX +SECTION AUTHORITY +example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) +example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) + +;; NSEC3 RR matches the QNAME and shows that the MX type bit is not set. +;2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. NSEC3 1 1 12 aabbccdd ( 2vptu5timamqttgl4luu9kg21e0aor3s A RRSIG ) +;2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OmBvJ1Vgg1hCKMXHFiNeIYHK9XVW0iLDLwJN 4TFoNxZuP03gAXEI634YwOc4YBNITrj413iq NI6mRk/r1dOSUw== ) + +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +ns1.example. IN MX +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +ns1.example. IN MX +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_b3_optout.rpl b/src/test/resources/unbound/val_nsec3_b3_optout.rpl new file mode 100644 index 000000000..0b0569201 --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_b3_optout.rpl @@ -0,0 +1,215 @@ +; config options +server: + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + val-override-date: "20120420235959" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator NSEC3 B.3 referral to optout unsigned zone. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +. IN A +SECTION AUTHORITY +example. IN NS ns1.example. +; leave out to make unbound take ns1 +;example. IN NS ns2.example. +SECTION ADDITIONAL +ns1.example. IN A 192.0.2.1 +; leave out to make unbound take ns1 +;ns2.example. IN A 192.0.2.2 +ENTRY_END +RANGE_END + +; ns1.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +example. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN DNSKEY +SECTION ANSWER +example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) +example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) +example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +mc.c.example. IN MX +SECTION AUTHORITY +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. + +;; NSEC3 RR that covers the "next closer" name (c.example) +;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck +35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) +35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) + +;; NSEC3 RR that matches the closest encloser (example) +;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) + +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 + +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +c.example. IN DS +SECTION AUTHORITY +;; NSEC3 RR that covers the "next closer" name (c.example) +;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck +35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) +35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) + +;; NSEC3 RR that matches the closest encloser (example) +;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) +ENTRY_END + +RANGE_END + +; ns1.c.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.7 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +c.example. IN NS +SECTION ANSWER +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +mc.c.example. IN MX +SECTION ANSWER +mc.c.example. IN MX 50 mx.c.example. +SECTION AUTHORITY +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 +ENTRY_END +RANGE_END + +; ns2.c.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.8 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +c.example. IN NS +SECTION ANSWER +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +mc.c.example. IN MX +SECTION ANSWER +mc.c.example. IN MX 50 mx.c.example. +SECTION AUTHORITY +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 +ENTRY_END +RANGE_END + + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +mc.c.example. IN MX +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +mc.c.example. IN MX +SECTION ANSWER +mc.c.example. IN MX 50 mx.c.example. +SECTION AUTHORITY +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_b3_optout_negcache.rpl b/src/test/resources/unbound/val_nsec3_b3_optout_negcache.rpl new file mode 100644 index 000000000..f8ef6f87d --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_b3_optout_negcache.rpl @@ -0,0 +1,217 @@ +; config options +server: + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + val-override-date: "20120420235959" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator NSEC3 B.3 referral optout with negative cache. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +. IN A +SECTION AUTHORITY +example. IN NS ns1.example. +; leave out to make unbound take ns1 +;example. IN NS ns2.example. +SECTION ADDITIONAL +ns1.example. IN A 192.0.2.1 +; leave out to make unbound take ns1 +;ns2.example. IN A 192.0.2.2 +ENTRY_END +RANGE_END + +; ns1.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +example. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN DNSKEY +SECTION ANSWER +example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) +example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) +example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +mc.c.example. IN MX +SECTION AUTHORITY +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. + +;; NSEC3 RR that covers the "next closer" name (c.example) +;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck +35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) +35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) + +;; NSEC3 RR that matches the closest encloser (example) +;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) + +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 + +ENTRY_END + + +; DS must be gotten from neg cache +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR AA DO NOERROR +; SECTION QUESTION +; c.example. IN DS +; SECTION AUTHORITY +; ;; NSEC3 RR that covers the "next closer" name (c.example) +; ;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck +; 35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) +; 35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) +; +; ;; NSEC3 RR that matches the closest encloser (example) +; ;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom +; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) +; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) +; ENTRY_END + +RANGE_END + +; ns1.c.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.7 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +c.example. IN NS +SECTION ANSWER +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +mc.c.example. IN MX +SECTION ANSWER +mc.c.example. IN MX 50 mx.c.example. +SECTION AUTHORITY +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 +ENTRY_END +RANGE_END + +; ns2.c.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.8 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +c.example. IN NS +SECTION ANSWER +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +mc.c.example. IN MX +SECTION ANSWER +mc.c.example. IN MX 50 mx.c.example. +SECTION AUTHORITY +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 +ENTRY_END +RANGE_END + + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +mc.c.example. IN MX +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +mc.c.example. IN MX +SECTION ANSWER +mc.c.example. IN MX 50 mx.c.example. +SECTION AUTHORITY +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_b3_optout_noce.rpl b/src/test/resources/unbound/val_nsec3_b3_optout_noce.rpl new file mode 100644 index 000000000..ddcd4c01a --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_b3_optout_noce.rpl @@ -0,0 +1,255 @@ +; config options +server: + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + val-override-date: "20120420235959" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator NSEC3 B.3 optout unsigned, without ce. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example. IN A +SECTION AUTHORITY +example. IN NS ns1.example. +; leave out to make unbound take ns1 +;example. IN NS ns2.example. +SECTION ADDITIONAL +ns1.example. IN A 192.0.2.1 +; leave out to make unbound take ns1 +;ns2.example. IN A 192.0.2.2 +ENTRY_END +RANGE_END + +; ns1.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN A +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +example. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN DNSKEY +SECTION ANSWER +example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) +example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) +example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +c.example. IN DS +SECTION AUTHORITY +;; NSEC3 RR that covers the "next closer" name (c.example) +;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck +35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) +35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) + +;; NSEC3 RR that matches the closest encloser (example) +;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom +;0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) +;0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR AA DO NOERROR +SECTION QUESTION +c.example. IN MX +SECTION AUTHORITY +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. + +;; NSEC3 RR that covers the "next closer" name (c.example) +;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck +35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) +35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) + +;; NSEC3 RR that matches the closest encloser (example) +;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom +; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) +; 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) + +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 + +ENTRY_END +RANGE_END + +; ns1.c.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.7 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns1.c.example. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns2.c.example. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +c.example. IN NS +SECTION ANSWER +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +mc.c.example. IN MX +SECTION ANSWER +mc.c.example. IN MX 50 mx.c.example. +SECTION AUTHORITY +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 +ENTRY_END +RANGE_END + +; ns2.c.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.8 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns1.c.example. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns2.c.example. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +c.example. IN NS +SECTION ANSWER +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +mc.c.example. IN MX +SECTION ANSWER +mc.c.example. IN MX 50 mx.c.example. +SECTION AUTHORITY +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 +ENTRY_END +RANGE_END + + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +mc.c.example. IN MX +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +mc.c.example. IN MX +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_b3_optout_nonc.rpl b/src/test/resources/unbound/val_nsec3_b3_optout_nonc.rpl new file mode 100644 index 000000000..c4b044e33 --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_b3_optout_nonc.rpl @@ -0,0 +1,256 @@ +; config options +server: + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + val-override-date: "20120420235959" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator NSEC3 B.3 optout unsigned, without nc. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example. IN A +SECTION AUTHORITY +example. IN NS ns1.example. +; leave out to make unbound take ns1 +;example. IN NS ns2.example. +SECTION ADDITIONAL +ns1.example. IN A 192.0.2.1 +; leave out to make unbound take ns1 +;ns2.example. IN A 192.0.2.2 +ENTRY_END +RANGE_END + +; ns1.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN A +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +example. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN DNSKEY +SECTION ANSWER +example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) +example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) +example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +c.example. IN DS +SECTION AUTHORITY +;; NSEC3 RR that covers the "next closer" name (c.example) +;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck +;35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) +;35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) + +;; NSEC3 RR that matches the closest encloser (example) +;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR AA DO NOERROR +SECTION QUESTION +c.example. IN MX +SECTION AUTHORITY +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. + +;; NSEC3 RR that covers the "next closer" name (c.example) +;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck +; 35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG ) +; 35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== ) + +;; NSEC3 RR that matches the closest encloser (example) +;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG ) +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== ) + +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 + +ENTRY_END + +RANGE_END + +; ns1.c.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.7 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns1.c.example. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns2.c.example. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +c.example. IN NS +SECTION ANSWER +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +mc.c.example. IN MX +SECTION ANSWER +mc.c.example. IN MX 50 mx.c.example. +SECTION AUTHORITY +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 +ENTRY_END +RANGE_END + +; ns2.c.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.8 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns1.c.example. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns2.c.example. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +c.example. IN NS +SECTION ANSWER +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +mc.c.example. IN MX +SECTION ANSWER +mc.c.example. IN MX 50 mx.c.example. +SECTION AUTHORITY +c.example. NS ns1.c.example. +c.example. NS ns2.c.example. +SECTION ADDITIONAL +ns1.c.example. A 192.0.2.7 +ns2.c.example. A 192.0.2.8 +ENTRY_END +RANGE_END + + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +mc.c.example. IN MX +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +mc.c.example. IN MX +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_b4_wild.rpl b/src/test/resources/unbound/val_nsec3_b4_wild.rpl new file mode 100644 index 000000000..db205ab23 --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_b4_wild.rpl @@ -0,0 +1,155 @@ +; config options +server: + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + val-override-date: "20120420235959" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator NSEC3 B.4 wildcard expansion. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +. IN A +SECTION AUTHORITY +example. IN NS ns1.example. +; leave out to make unbound take ns1 +;example. IN NS ns2.example. +SECTION ADDITIONAL +ns1.example. IN A 192.0.2.1 +; leave out to make unbound take ns1 +;ns2.example. IN A 192.0.2.2 +ENTRY_END +RANGE_END + +; ns1.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +example. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN DNSKEY +SECTION ANSWER +example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) +example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) +example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +a.z.w.example. IN MX +SECTION ANSWER +a.z.w.example. MX 1 ai.example. +a.z.w.example. RRSIG MX 7 2 3600 20150420235959 20051021000000 ( 40430 example. CikebjQwGQPwijVcxgcZcSJKtfynugtlBiKb 9FcBTrmOoyQ4InoWVudhCWsh/URX3lc4WRUM ivEBP6+4KS3ldA== ) +SECTION AUTHORITY +example. NS ns1.example. +example. NS ns2.example. +example. RRSIG NS 7 1 3600 20150420235959 20051021000000 ( 40430 example. PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJ qOtdEVgg+MA+ai4fWDEhu3qHJyLcQ9tbD2vv CnMXjtz6SyObxA== ) + +;; NSEC3 RR that covers the "next closer" name (z.w.example) +;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03 +q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG ) +q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== ) + +SECTION ADDITIONAL +ai.example. A 192.0.2.9 +ai.example. RRSIG A 7 2 3600 20150420235959 20051021000000 ( 40430 example. hVe+wKYMlObTRPhX0NL67GxeZfdxqr/QeR6F tfdAj5+FgYxyzPEjIzvKWy00hWIl6wD3Vws+ rznEn8sQ64UdqA== ) +ai.example. AAAA 2001:db8:0:0:0:0:f00:baa9 +ai.example. RRSIG AAAA 7 2 3600 20150420235959 20051021000000 ( 40430 example. LcdxKaCB5bGZwPDg+3JJ4O02zoMBrjxqlf6W uaHQZZfTUpb9Nf2nxFGe2XRPfR5tpJT6GdRG cHueLuXkMjBArQ== ) +ENTRY_END + +; catch glue queries +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +ns2.example. IN A +SECTION ANSWER +; nothing to make sure the ns1 server is used for queries. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +ns2.example. IN AAAA +SECTION ANSWER +; nothing to make sure the ns1 server is used for queries. +ENTRY_END + + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.z.w.example. IN MX +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +a.z.w.example. IN MX +SECTION ANSWER +a.z.w.example. MX 1 ai.example. +a.z.w.example. RRSIG MX 7 2 3600 20150420235959 20051021000000 ( 40430 example. CikebjQwGQPwijVcxgcZcSJKtfynugtlBiKb 9FcBTrmOoyQ4InoWVudhCWsh/URX3lc4WRUM ivEBP6+4KS3ldA== ) +SECTION AUTHORITY +example. NS ns1.example. +example. NS ns2.example. +example. RRSIG NS 7 1 3600 20150420235959 20051021000000 ( 40430 example. PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJ qOtdEVgg+MA+ai4fWDEhu3qHJyLcQ9tbD2vv CnMXjtz6SyObxA== ) +q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG ) +q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== ) + +SECTION ADDITIONAL +ai.example. A 192.0.2.9 +ai.example. AAAA 2001:db8:0:0:0:0:f00:baa9 +ai.example. RRSIG A 7 2 3600 20150420235959 20051021000000 ( 40430 example. hVe+wKYMlObTRPhX0NL67GxeZfdxqr/QeR6F tfdAj5+FgYxyzPEjIzvKWy00hWIl6wD3Vws+ rznEn8sQ64UdqA== ) +ai.example. RRSIG AAAA 7 2 3600 20150420235959 20051021000000 ( 40430 example. LcdxKaCB5bGZwPDg+3JJ4O02zoMBrjxqlf6W uaHQZZfTUpb9Nf2nxFGe2XRPfR5tpJT6GdRG cHueLuXkMjBArQ== ) +ENTRY_END +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_b4_wild_wr.rpl b/src/test/resources/unbound/val_nsec3_b4_wild_wr.rpl new file mode 100644 index 000000000..50daf3809 --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_b4_wild_wr.rpl @@ -0,0 +1,166 @@ +; config options +server: + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + val-override-date: "20120420235959" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator NSEC3 B.4 wildcard expansion, wrong NSEC3. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example. IN A +SECTION AUTHORITY +example. IN NS ns1.example. +; leave out to make unbound take ns1 +;example. IN NS ns2.example. +SECTION ADDITIONAL +ns1.example. IN A 192.0.2.1 +; leave out to make unbound take ns1 +;ns2.example. IN A 192.0.2.2 +ENTRY_END +RANGE_END + +; ns1.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN A +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +example. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN DNSKEY +SECTION ANSWER +example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) +example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) +example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +a.z.w.example. IN MX +SECTION ANSWER +a.z.w.example. MX 1 ai.example. +a.z.w.example. RRSIG MX 7 2 3600 20150420235959 20051021000000 ( 40430 example. CikebjQwGQPwijVcxgcZcSJKtfynugtlBiKb 9FcBTrmOoyQ4InoWVudhCWsh/URX3lc4WRUM ivEBP6+4KS3ldA== ) +SECTION AUTHORITY +example. NS ns1.example. +example. NS ns2.example. +example. RRSIG NS 7 1 3600 20150420235959 20051021000000 ( 40430 example. PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJ qOtdEVgg+MA+ai4fWDEhu3qHJyLcQ9tbD2vv CnMXjtz6SyObxA== ) + +;; NSEC3 RR that covers the "next closer" name (z.w.example) +;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03 +;q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG ) +;q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== ) + +; The wrong NSEC3 here +k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi ) +k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== ) + +SECTION ADDITIONAL +ai.example. A 192.0.2.9 +ai.example. RRSIG A 7 2 3600 20150420235959 20051021000000 ( 40430 example. hVe+wKYMlObTRPhX0NL67GxeZfdxqr/QeR6F tfdAj5+FgYxyzPEjIzvKWy00hWIl6wD3Vws+ rznEn8sQ64UdqA== ) +ai.example. AAAA 2001:db8:0:0:0:0:f00:baa9 +ai.example. RRSIG AAAA 7 2 3600 20150420235959 20051021000000 ( 40430 example. LcdxKaCB5bGZwPDg+3JJ4O02zoMBrjxqlf6W uaHQZZfTUpb9Nf2nxFGe2XRPfR5tpJT6GdRG cHueLuXkMjBArQ== ) +ENTRY_END + +; catch glue queries +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +ns2.example. IN A +SECTION ANSWER +; nothing to make sure the ns1 server is used for queries. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +ns2.example. IN AAAA +SECTION ANSWER +; nothing to make sure the ns1 server is used for queries. +ENTRY_END + + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +a.z.w.example. IN MX +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +a.z.w.example. IN MX +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_b5_wcnodata.rpl b/src/test/resources/unbound/val_nsec3_b5_wcnodata.rpl new file mode 100644 index 000000000..a10d6b75a --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_b5_wcnodata.rpl @@ -0,0 +1,156 @@ +; config options +server: + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + val-override-date: "20120420235959" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator NSEC3 B.5 wildcard nodata. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +. IN A +SECTION AUTHORITY +example. IN NS ns1.example. +; leave out to make unbound take ns1 +;example. IN NS ns2.example. +SECTION ADDITIONAL +ns1.example. IN A 192.0.2.1 +; leave out to make unbound take ns1 +;ns2.example. IN A 192.0.2.2 +ENTRY_END +RANGE_END + +; ns1.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +example. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN DNSKEY +SECTION ANSWER +example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) +example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) +example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +a.z.w.example. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) +example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) + +;; NSEC3 RR that matches the closest encloser (w.example) +;; H(w.example) = k8udemvp1j2f7eg6jebps17vp3n8i58h +k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi ) +k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== ) + +;; NSEC3 RR that covers the "next closer" name (z.w.example) +;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03 +q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG ) +q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== ) + +;; NSEC3 RR that matches a wildcard at the closest encloser. +;; H(*.w.example) = r53bq7cc2uvmubfu5ocmm6pers9tk9en +r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. NSEC3 1 1 12 aabbccdd ( t644ebqk9bibcna874givr6joj62mlhv MX RRSIG ) +r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/C ZFKulIGXXLj8B/fsDJarXVDA9bnUoRhEbKp+ HF1FWKW7RIJdtQ== ) + +SECTION ADDITIONAL +ENTRY_END + +; catch glue queries +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +ns2.example. IN A +SECTION ANSWER +; nothing to make sure the ns1 server is used for queries. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +ns2.example. IN AAAA +SECTION ANSWER +; nothing to make sure the ns1 server is used for queries. +ENTRY_END + + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.z.w.example. IN AAAA +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +a.z.w.example. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) +example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) +k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi ) +k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== ) +q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG ) +q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== ) +r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. NSEC3 1 1 12 aabbccdd ( t644ebqk9bibcna874givr6joj62mlhv MX RRSIG ) +r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/C ZFKulIGXXLj8B/fsDJarXVDA9bnUoRhEbKp+ HF1FWKW7RIJdtQ== ) + +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_b5_wcnodata_noce.rpl b/src/test/resources/unbound/val_nsec3_b5_wcnodata_noce.rpl new file mode 100644 index 000000000..f35eae18d --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_b5_wcnodata_noce.rpl @@ -0,0 +1,165 @@ +; config options +server: + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + val-override-date: "20120420235959" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator NSEC3 B.5 wildcard nodata, without ce. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example. IN A +SECTION AUTHORITY +example. IN NS ns1.example. +; leave out to make unbound take ns1 +;example. IN NS ns2.example. +SECTION ADDITIONAL +ns1.example. IN A 192.0.2.1 +; leave out to make unbound take ns1 +;ns2.example. IN A 192.0.2.2 +ENTRY_END +RANGE_END + +; ns1.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN A +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +example. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN DNSKEY +SECTION ANSWER +example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) +example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) +example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +a.z.w.example. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) +example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) + +;; NSEC3 RR that matches the closest encloser (w.example) +;; H(w.example) = k8udemvp1j2f7eg6jebps17vp3n8i58h +;k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi ) +;k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== ) + +;; NSEC3 RR that covers the "next closer" name (z.w.example) +;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03 +q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG ) +q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== ) + +;; NSEC3 RR that matches a wildcard at the closest encloser. +;; H(*.w.example) = r53bq7cc2uvmubfu5ocmm6pers9tk9en +r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. NSEC3 1 1 12 aabbccdd ( t644ebqk9bibcna874givr6joj62mlhv MX RRSIG ) +r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/C ZFKulIGXXLj8B/fsDJarXVDA9bnUoRhEbKp+ HF1FWKW7RIJdtQ== ) + +SECTION ADDITIONAL +ENTRY_END + +; catch glue queries +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +ns2.example. IN A +SECTION ANSWER +; nothing to make sure the ns1 server is used for queries. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +ns2.example. IN AAAA +SECTION ANSWER +; nothing to make sure the ns1 server is used for queries. +ENTRY_END + + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +a.z.w.example. IN AAAA +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +a.z.w.example. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_b5_wcnodata_nonc.rpl b/src/test/resources/unbound/val_nsec3_b5_wcnodata_nonc.rpl new file mode 100644 index 000000000..e4c58c62a --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_b5_wcnodata_nonc.rpl @@ -0,0 +1,165 @@ +; config options +server: + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + val-override-date: "20120420235959" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator NSEC3 B.5 wildcard nodata, without nc. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example. IN A +SECTION AUTHORITY +example. IN NS ns1.example. +; leave out to make unbound take ns1 +;example. IN NS ns2.example. +SECTION ADDITIONAL +ns1.example. IN A 192.0.2.1 +; leave out to make unbound take ns1 +;ns2.example. IN A 192.0.2.2 +ENTRY_END +RANGE_END + +; ns1.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN A +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +example. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN DNSKEY +SECTION ANSWER +example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) +example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) +example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +a.z.w.example. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) +example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) + +;; NSEC3 RR that matches the closest encloser (w.example) +;; H(w.example) = k8udemvp1j2f7eg6jebps17vp3n8i58h +k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi ) +k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== ) + +;; NSEC3 RR that covers the "next closer" name (z.w.example) +;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03 +;q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG ) +;q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== ) + +;; NSEC3 RR that matches a wildcard at the closest encloser. +;; H(*.w.example) = r53bq7cc2uvmubfu5ocmm6pers9tk9en +r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. NSEC3 1 1 12 aabbccdd ( t644ebqk9bibcna874givr6joj62mlhv MX RRSIG ) +r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/C ZFKulIGXXLj8B/fsDJarXVDA9bnUoRhEbKp+ HF1FWKW7RIJdtQ== ) + +SECTION ADDITIONAL +ENTRY_END + +; catch glue queries +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +ns2.example. IN A +SECTION ANSWER +; nothing to make sure the ns1 server is used for queries. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +ns2.example. IN AAAA +SECTION ANSWER +; nothing to make sure the ns1 server is used for queries. +ENTRY_END + + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +a.z.w.example. IN AAAA +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +a.z.w.example. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_b5_wcnodata_nowc.rpl b/src/test/resources/unbound/val_nsec3_b5_wcnodata_nowc.rpl new file mode 100644 index 000000000..27f68d614 --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_b5_wcnodata_nowc.rpl @@ -0,0 +1,167 @@ +; config options +server: + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + val-override-date: "20120420235959" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator NSEC3 B.5 wildcard nodata, without wc. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example. IN A +SECTION AUTHORITY +example. IN NS ns1.example. +; leave out to make unbound take ns1 +;example. IN NS ns2.example. +SECTION ADDITIONAL +ns1.example. IN A 192.0.2.1 +; leave out to make unbound take ns1 +;ns2.example. IN A 192.0.2.2 +ENTRY_END +RANGE_END + +; ns1.example. +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN A +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +ns1.example. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR REFUSED +SECTION QUESTION +example. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN DNSKEY +SECTION ANSWER +example. DNSKEY 256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= ) +example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= ) +example. RRSIG DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example. AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== ) +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +a.z.w.example. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example. SOA ns1.example. bugs.x.w.example. 1 3600 300 ( 3600000 3600 ) +example. RRSIG SOA 7 1 3600 20150420235959 20051021000000 ( 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8i q4ZLlYWfUUbbAS41pG+68z81q1xhkYAcEyHd VI2LmKusbZsT0Q== ) + +;; NSEC3 RR that matches the closest encloser (w.example) +;; H(w.example) = k8udemvp1j2f7eg6jebps17vp3n8i58h +k8udemvp1j2f7eg6jebps17vp3n8i58h.example. NSEC3 1 1 12 aabbccdd ( kohar7mbb8dc2ce8a9qvl8hon4k53uhi ) +k8udemvp1j2f7eg6jebps17vp3n8i58h.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBK S6qCcftVtfH4yVzsEZquJ27NHR7ruxJWDNMt Otx7w9WfcIg62A== ) + +;; NSEC3 RR that covers the "next closer" name (z.w.example) +;; H(z.w.example) = qlu7gtfaeh0ek0c05ksfhdpbcgglbe03 +q04jkcevqvmu85r014c7dkba38o0ji5r.example. NSEC3 1 1 12 aabbccdd ( r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG ) +q04jkcevqvmu85r014c7dkba38o0ji5r.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3 ZxlMKimoPAyqletMlEWwLfFia7sdpSzn+ZlN NlkxWcLsIlMmUg== ) + +;; NSEC3 RR that matches a wildcard at the closest encloser. +;; H(*.w.example) = r53bq7cc2uvmubfu5ocmm6pers9tk9en +;r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. NSEC3 1 1 12 aabbccdd ( t644ebqk9bibcna874givr6joj62mlhv MX RRSIG ) +;r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example. aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/C ZFKulIGXXLj8B/fsDJarXVDA9bnUoRhEbKp+ HF1FWKW7RIJdtQ== ) + +SECTION ADDITIONAL +ENTRY_END + +; catch glue queries +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +ns2.example. IN A +SECTION ANSWER +; nothing to make sure the ns1 server is used for queries. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA DO NOERROR +SECTION QUESTION +ns2.example. IN AAAA +SECTION ANSWER +; nothing to make sure the ns1 server is used for queries. +ENTRY_END + + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +a.z.w.example. IN AAAA +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +; insecure! not bogus! (due to optout) +REPLY QR RD RA NOERROR +SECTION QUESTION +a.z.w.example. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example. 3600 IN SOA ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600 +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_cname_ds.rpl b/src/test/resources/unbound/val_nsec3_cname_ds.rpl new file mode 100644 index 000000000..a3c2b8a11 --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_cname_ds.rpl @@ -0,0 +1,214 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with NSEC3 CNAME for qtype DS. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN DS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN DS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854} + +; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3 +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854} + +ENTRY_END + +; refer to server one down +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN DS +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.10 +ENTRY_END +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.10 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.10 +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +sub.example.com. 3600 IN RRSIG DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854} + +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN DS +SECTION ANSWER +; from *.sub.example.com. IN CNAME sub.example.com. +www.sub.example.com. IN CNAME sub.example.com. +www.sub.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFFyXwAzONbrkZD3oQ50zRYXOr1vvAhQAmzDTm7YYloe6F96eBS1L+KE9hg== ;{id = 2854} +SECTION AUTHORITY +; cover qname next closer name, for the wildcard. +; H(www.sub.example.com.) = ecllopkacmb753v6jlld4d371l1u8gme +ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG +ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFD4bIeWulXj9lhAGsqCfsKg6jQheAhQ9kkYqd9AVdomcl2YzWOupJnV5wQ== ;{id = 2854} + +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN DS +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.sub.example.com. IN DS +SECTION ANSWER +www.sub.example.com. IN CNAME sub.example.com. +www.sub.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFFyXwAzONbrkZD3oQ50zRYXOr1vvAhQAmzDTm7YYloe6F96eBS1L+KE9hg== ;{id = 2854} +sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854} +SECTION AUTHORITY +ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG +ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFD4bIeWulXj9lhAGsqCfsKg6jQheAhQ9kkYqd9AVdomcl2YzWOupJnV5wQ== ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_cname_par.rpl b/src/test/resources/unbound/val_nsec3_cname_par.rpl new file mode 100644 index 000000000..e07a4aea4 --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_cname_par.rpl @@ -0,0 +1,218 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with NSEC3 wildcard CNAME to parent. +; to test the zone determination routines in nsec3. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854} + +; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3 +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854} + +ENTRY_END + +; refer to server one down +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.10 +ENTRY_END +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.10 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.10 +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +sub.example.com. 3600 IN RRSIG DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854} + +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +; from *.sub.example.com. IN CNAME www.example.com. +www.sub.example.com. IN CNAME www.example.com. +www.sub.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFFKPEuHCx2R69zF2Nd4c7Vu/4RUxAhRB9zHHPCihRU4HT5HhpPJxJykeFg== ;{id = 2854} +SECTION AUTHORITY +; cover qname next closer name, for the wildcard. +; H(www.sub.example.com.) = ecllopkacmb753v6jlld4d371l1u8gme +ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG +ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFD4bIeWulXj9lhAGsqCfsKg6jQheAhQ9kkYqd9AVdomcl2YzWOupJnV5wQ== ;{id = 2854} + +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN CNAME www.example.com. +www.sub.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFFKPEuHCx2R69zF2Nd4c7Vu/4RUxAhRB9zHHPCihRU4HT5HhpPJxJykeFg== ;{id = 2854} +SECTION AUTHORITY +ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG +ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFD4bIeWulXj9lhAGsqCfsKg6jQheAhQ9kkYqd9AVdomcl2YzWOupJnV5wQ== ;{id = 2854} +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854} +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854} + +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_cname_sub.rpl b/src/test/resources/unbound/val_nsec3_cname_sub.rpl new file mode 100644 index 000000000..233afb086 --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_cname_sub.rpl @@ -0,0 +1,228 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with NSEC3 wildcard CNAME to subzone. +; to test the zone determination routines in nsec3. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +;from *.example.com. IN CNAME www.sub.example.com. +www.example.com. IN CNAME www.sub.example.com. +www.example.com. 3600 IN RRSIG CNAME 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCjVxqOi0bcgHgxVkwzJqIi6iNJswIUZxbmItvoyEczTclgVtHsr9Jmf+w= ;{id = 2854} +SECTION AUTHORITY +; cover qname next closer name. +; H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3. +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854} +ENTRY_END + +; refer to server one down +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.10 +ENTRY_END +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.10 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.10 +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +sub.example.com. 3600 IN RRSIG DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854} + +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +sub.example.com. IN SOA ns.sub.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +sub.example.com. 3600 IN RRSIG SOA 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBLls0z0ncWxTXzDt4uLAuJsr932AhQvVeUJevgwAL6mfmLL6fAf2IZ7mg== ;{id = 2854} + +; closest encloser, H(sub.example.com). = 8r1f0ieoutlnjc03meng9e3bn2n0o9pd +8r1f0ieoutlnjc03meng9e3bn2n0o9pd.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd SOA NS MX RRSIG +8r1f0ieoutlnjc03meng9e3bn2n0o9pd.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBX1qVlth+YE+y57p5C7X00bLthDAhRIF2xoHF0exs29obE7JjVthwXfHA== ;{id = 2854} + +; wildcard denial, H(*.sub.example.com.) = hq432j8q183b54mejh50200pqo8rvlog +hq432j8q183b54mejh50200pqo7rvlog.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd hq432j8q183b54mejh50200pqo9rvlog A RRSIG +hq432j8q183b54mejh50200pqo7rvlog.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFAOXoeUk1d0cxT9p1gUvBrybAQCSAhQ5eLWaK932TxxY4U6NAxgst4O4uA== ;{id = 2854} + +; next closer denial H(www.sub.example.com.) = ecllopkacmb753v6jlld4d371l1u8gme +ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG +ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFAuD3qb/+CWyqjBRt/RDjZvsSyCGAhQivfP3zr1+2Uknw9RhXUcUO0g6Lg== ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN CNAME www.sub.example.com. +www.example.com. 3600 IN RRSIG CNAME 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCjVxqOi0bcgHgxVkwzJqIi6iNJswIUZxbmItvoyEczTclgVtHsr9Jmf+w= ;{id = 2854} +SECTION AUTHORITY +SECTION AUTHORITY +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854} +sub.example.com. IN SOA ns.sub.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +sub.example.com. 3600 IN RRSIG SOA 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBLls0z0ncWxTXzDt4uLAuJsr932AhQvVeUJevgwAL6mfmLL6fAf2IZ7mg== ;{id = 2854} +8r1f0ieoutlnjc03meng9e3bn2n0o9pd.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd SOA NS MX RRSIG +8r1f0ieoutlnjc03meng9e3bn2n0o9pd.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBX1qVlth+YE+y57p5C7X00bLthDAhRIF2xoHF0exs29obE7JjVthwXfHA== ;{id = 2854} +hq432j8q183b54mejh50200pqo7rvlog.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd hq432j8q183b54mejh50200pqo9rvlog A RRSIG +hq432j8q183b54mejh50200pqo7rvlog.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFAOXoeUk1d0cxT9p1gUvBrybAQCSAhQ5eLWaK932TxxY4U6NAxgst4O4uA== ;{id = 2854} +ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd ecllopkacmb753v6jlld4d371l1u9gme A RRSIG +ecllopkacmb753v6jlld4d371l1u7gme.sub.example.com. 3600 IN RRSIG NSEC3 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFAuD3qb/+CWyqjBRt/RDjZvsSyCGAhQivfP3zr1+2Uknw9RhXUcUO0g6Lg== ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_cnametocnamewctoposwc.rpl b/src/test/resources/unbound/val_nsec3_cnametocnamewctoposwc.rpl new file mode 100644 index 000000000..c7b7a904b --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_cnametocnamewctoposwc.rpl @@ -0,0 +1,209 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. IN DNSKEY 257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b" + val-override-date: "20121030123249" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with a regular cname to wildcard cname to wildcard response + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +start.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +start.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 120 IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U= +SECTION ADDITIONAL +ns.example.com. 3600 IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk= +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdWzfjQD2bfQuoQGNYuS0ByosBxiTkoKcy9kMoWOQ/jx9rvTRhHImWxTxFtIyZOoRgn6E6mE71e5Y1q1nuyH544Em+4rNRMMW4bzecQmMmPk+B97MqW9aW6e4BwiCTt52IGfL++5GORYcaITw9UOlQLYH1oHHUNUC6ebHENofLTj ;{id = 64050 (zsk), size = 1024b} +example.com. 3600 IN DNSKEY 257 3 8 AwEAAdL6YJdvoKQJEt/SgB6MrbQ2RDwnrcQQb6bDE8FpGgLen6hvF31ntVsZ3RZzhCmwL6lvumOLFIRKaP9ZBEVutT9iMoF2dNRbT0TCUrv6uQNHcuCZ0BJhuDNBU42f3yOnfFv7PKxd0NP+yFHJkvDQAVLMB5GeUQuYnvgQGeZsf/3b ;{id = 46426 (ksk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20121126123249 20121029123249 46426 example.com. pisNb/A40XDEiMpcYtxc+yO6osISyfpqz+0UZ61pd70+TLXMF197zr9SqOVJHyRI6G2lSnFggxYrZDpxLbxOW0RY/KfjD3xlI14M/2DieJ1NdlQuYFGgTwxcoINUJ/wRd4YUxkF4JS0D4NBdQ0yQYR0KqDr84oyhnULEHX6WB7s= +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +start.example.com. IN A +SECTION ANSWER +start.example.com. 3600 IN CNAME x.y.z.wc.example.com. +start.example.com. 3600 IN RRSIG CNAME 8 3 3600 20121126123316 20121029123316 64050 example.com. LHpx5n++Z0Jgjjalac+e7wdYSbfurqSDpLRAOI1PybTJkwrMvgDKfp0ycT4HwsLVy7spumZ/Ahg/5II9pai7jCiqv1Iyh6fx19ZVeClTFMOLotCK8xMHACYJIY39BhTwD2D3r9BxbK+RopUlXypwV02yzdY2xEnPCBJVDUn5d0g= +x.y.z.wc.example.com. 3600 IN CNAME x.y.z.end.example.com. +x.y.z.wc.example.com. 3600 IN RRSIG CNAME 8 3 3600 20121126123316 20121029123316 64050 example.com. BCnT6CIuqvF1U9LfiHIovgvXIVFJsCXqQWmnjHtbFvzUlTlfGj+56YBSOEpyCep4CBJ0CBgZ8gl5kWip8N+sTlveU/UWMv4FAkqLXRYjp4CZegslmJIuXU5uS+Q0GlLbWdSB9ZCZcbbO0qrOtUfrJ2ozcSTCS+D+oIZ+CkwvDlQ= +x.y.z.end.example.com. 3600 IN A 1.2.3.5 +x.y.z.end.example.com. 3600 IN RRSIG A 8 3 3600 20121126123249 20121029123249 64050 example.com. MyXXd3MvXtEYVNqWDepM3+Ra/j/b63QehzSHXZe5gL954WxW8KGHPYmeWyhDtruThpZS6s6jeARY2xt0lmEDnMgNyPJGA6UWwTIgvGD0u9Qw5kocCq3ZH4cSG4xu4rmZoi+h8OGrHxUb4jIKzipzAQDxhnAcp/wKF7e+p+OE+Fo= +SECTION AUTHORITY +; H(z.wc.example.com.) = isn85psesctb6afn2q105mv966tqqepi. +isjq5aarcp8p5sukc56g961cccjus5u2.example.com. 86400 IN NSEC3 1 0 1 abcd isoaarjsq14bkqaamivn1t1milkv95lc A RRSIG +isjq5aarcp8p5sukc56g961cccjus5u2.example.com. 86400 IN RRSIG NSEC3 8 3 86400 20121126123259 20121029123259 64050 example.com. Cxwzq1DUQvhkTVHEJHlb92c511Y+uJy/C0yL9br6W/5lB/usuSiK2DjW58ibPh2kLH1P3SpGqd1Y7LigptdXoPBDFakcNcimPWCN93R3J80+vrHHPkPyIsBaywwYI3SNGgfnHfPF+wmH+tZ1vfEHbigOxqPFK+T0ntKq7dkSndg= +; H(z.end.example.com.) = a62608t4becqb6233m87ar7a3648rj3b. +a61sejfu6am5a36p628t4s089s309o44.example.com. 86400 IN NSEC3 1 0 1 abcd a64lt5ij9a1up15h5cdsn1u2071901hu A RRSIG +a61sejfu6am5a36p628t4s089s309o44.example.com. 86400 IN RRSIG NSEC3 8 3 86400 20121126123315 20121029123315 64050 example.com. gfBu4oqo9cVxJbqrw2Ly7mK638kGPOF8l8eh7ovalniwkU3F+PNYJyfSE9yGX8tMGbXrkEW9mAzAh39igr2+Bbzi9WPTRp4RDVM0qw+eyMmQRPWKt7FeanDtP+OcdVp0Hf2aPzsgmgTdS6s0AboUq1rX53H2M6F8xAiwPrBJXDQ= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U= +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x.y.z.wc.example.com. IN A +SECTION ANSWER +x.y.z.wc.example.com. 3600 IN CNAME x.y.z.end.example.com. +x.y.z.wc.example.com. 3600 IN RRSIG CNAME 8 3 3600 20121126123316 20121029123316 64050 example.com. BCnT6CIuqvF1U9LfiHIovgvXIVFJsCXqQWmnjHtbFvzUlTlfGj+56YBSOEpyCep4CBJ0CBgZ8gl5kWip8N+sTlveU/UWMv4FAkqLXRYjp4CZegslmJIuXU5uS+Q0GlLbWdSB9ZCZcbbO0qrOtUfrJ2ozcSTCS+D+oIZ+CkwvDlQ= +x.y.z.end.example.com. 3600 IN A 1.2.3.5 +x.y.z.end.example.com. 3600 IN RRSIG A 8 3 3600 20121126123249 20121029123249 64050 example.com. MyXXd3MvXtEYVNqWDepM3+Ra/j/b63QehzSHXZe5gL954WxW8KGHPYmeWyhDtruThpZS6s6jeARY2xt0lmEDnMgNyPJGA6UWwTIgvGD0u9Qw5kocCq3ZH4cSG4xu4rmZoi+h8OGrHxUb4jIKzipzAQDxhnAcp/wKF7e+p+OE+Fo= +SECTION AUTHORITY +isjq5aarcp8p5sukc56g961cccjus5u2.example.com. 86400 IN NSEC3 1 0 1 abcd isoaarjsq14bkqaamivn1t1milkv95lc A RRSIG +isjq5aarcp8p5sukc56g961cccjus5u2.example.com. 86400 IN RRSIG NSEC3 8 3 86400 20121126123259 20121029123259 64050 example.com. Cxwzq1DUQvhkTVHEJHlb92c511Y+uJy/C0yL9br6W/5lB/usuSiK2DjW58ibPh2kLH1P3SpGqd1Y7LigptdXoPBDFakcNcimPWCN93R3J80+vrHHPkPyIsBaywwYI3SNGgfnHfPF+wmH+tZ1vfEHbigOxqPFK+T0ntKq7dkSndg= +a61sejfu6am5a36p628t4s089s309o44.example.com. 86400 IN NSEC3 1 0 1 abcd a64lt5ij9a1up15h5cdsn1u2071901hu A RRSIG +a61sejfu6am5a36p628t4s089s309o44.example.com. 86400 IN RRSIG NSEC3 8 3 86400 20121126123315 20121029123315 64050 example.com. gfBu4oqo9cVxJbqrw2Ly7mK638kGPOF8l8eh7ovalniwkU3F+PNYJyfSE9yGX8tMGbXrkEW9mAzAh39igr2+Bbzi9WPTRp4RDVM0qw+eyMmQRPWKt7FeanDtP+OcdVp0Hf2aPzsgmgTdS6s0AboUq1rX53H2M6F8xAiwPrBJXDQ= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U= +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGING +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x.y.z.end.example.com. IN A +SECTION ANSWER +x.y.z.end.example.com. 3600 IN A 1.2.3.5 +x.y.z.end.example.com. 3600 IN RRSIG A 8 3 3600 20121126123249 20121029123249 64050 example.com. MyXXd3MvXtEYVNqWDepM3+Ra/j/b63QehzSHXZe5gL954WxW8KGHPYmeWyhDtruThpZS6s6jeARY2xt0lmEDnMgNyPJGA6UWwTIgvGD0u9Qw5kocCq3ZH4cSG4xu4rmZoi+h8OGrHxUb4jIKzipzAQDxhnAcp/wKF7e+p+OE+Fo= +SECTION AUTHORITY +a61sejfu6am5a36p628t4s089s309o44.example.com. 86400 IN NSEC3 1 0 1 abcd a64lt5ij9a1up15h5cdsn1u2071901hu A RRSIG +a61sejfu6am5a36p628t4s089s309o44.example.com. 86400 IN RRSIG NSEC3 8 3 86400 20121126123315 20121029123315 64050 example.com. gfBu4oqo9cVxJbqrw2Ly7mK638kGPOF8l8eh7ovalniwkU3F+PNYJyfSE9yGX8tMGbXrkEW9mAzAh39igr2+Bbzi9WPTRp4RDVM0qw+eyMmQRPWKt7FeanDtP+OcdVp0Hf2aPzsgmgTdS6s0AboUq1rX53H2M6F8xAiwPrBJXDQ= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U= +SECTION ADDITIONAL +ns.example.com. 3600 IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk= +ENTRY_END +RANGE_END + + + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +start.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +start.example.com. IN A +SECTION ANSWER +start.example.com. 3600 IN CNAME x.y.z.wc.example.com. +start.example.com. 3600 IN RRSIG CNAME 8 3 3600 20121126123316 20121029123316 64050 example.com. LHpx5n++Z0Jgjjalac+e7wdYSbfurqSDpLRAOI1PybTJkwrMvgDKfp0ycT4HwsLVy7spumZ/Ahg/5II9pai7jCiqv1Iyh6fx19ZVeClTFMOLotCK8xMHACYJIY39BhTwD2D3r9BxbK+RopUlXypwV02yzdY2xEnPCBJVDUn5d0g= +x.y.z.wc.example.com. 3600 IN CNAME x.y.z.end.example.com. +x.y.z.wc.example.com. 3600 IN RRSIG CNAME 8 3 3600 20121126123316 20121029123316 64050 example.com. BCnT6CIuqvF1U9LfiHIovgvXIVFJsCXqQWmnjHtbFvzUlTlfGj+56YBSOEpyCep4CBJ0CBgZ8gl5kWip8N+sTlveU/UWMv4FAkqLXRYjp4CZegslmJIuXU5uS+Q0GlLbWdSB9ZCZcbbO0qrOtUfrJ2ozcSTCS+D+oIZ+CkwvDlQ= +x.y.z.end.example.com. 3600 IN A 1.2.3.5 +x.y.z.end.example.com. 3600 IN RRSIG A 8 3 3600 20121126123249 20121029123249 64050 example.com. MyXXd3MvXtEYVNqWDepM3+Ra/j/b63QehzSHXZe5gL954WxW8KGHPYmeWyhDtruThpZS6s6jeARY2xt0lmEDnMgNyPJGA6UWwTIgvGD0u9Qw5kocCq3ZH4cSG4xu4rmZoi+h8OGrHxUb4jIKzipzAQDxhnAcp/wKF7e+p+OE+Fo= +SECTION AUTHORITY +isjq5aarcp8p5sukc56g961cccjus5u2.example.com. 86400 IN NSEC3 1 0 1 abcd isoaarjsq14bkqaamivn1t1milkv95lc A RRSIG +isjq5aarcp8p5sukc56g961cccjus5u2.example.com. 86400 IN RRSIG NSEC3 8 3 86400 20121126123259 20121029123259 64050 example.com. Cxwzq1DUQvhkTVHEJHlb92c511Y+uJy/C0yL9br6W/5lB/usuSiK2DjW58ibPh2kLH1P3SpGqd1Y7LigptdXoPBDFakcNcimPWCN93R3J80+vrHHPkPyIsBaywwYI3SNGgfnHfPF+wmH+tZ1vfEHbigOxqPFK+T0ntKq7dkSndg= +a61sejfu6am5a36p628t4s089s309o44.example.com. 86400 IN NSEC3 1 0 1 abcd a64lt5ij9a1up15h5cdsn1u2071901hu A RRSIG +a61sejfu6am5a36p628t4s089s309o44.example.com. 86400 IN RRSIG NSEC3 8 3 86400 20121126123315 20121029123315 64050 example.com. gfBu4oqo9cVxJbqrw2Ly7mK638kGPOF8l8eh7ovalniwkU3F+PNYJyfSE9yGX8tMGbXrkEW9mAzAh39igr2+Bbzi9WPTRp4RDVM0qw+eyMmQRPWKt7FeanDtP+OcdVp0Hf2aPzsgmgTdS6s0AboUq1rX53H2M6F8xAiwPrBJXDQ= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U= +SECTION ADDITIONAL +ns.example.com. 3600 IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk= +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_entnodata_optout.rpl b/src/test/resources/unbound/val_nsec3_entnodata_optout.rpl new file mode 100644 index 000000000..b0554707d --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_entnodata_optout.rpl @@ -0,0 +1,202 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with NSEC3 response for NODATA ENT with optout. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854} + +; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3 +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854} + +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ent.example.com. IN DS +SECTION AUTHORITY +; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg. +; OPTOUT +b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG +b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78= + +; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag. +; OPTOUT SPAN around it +2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag +2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AFgtC3UEm/Tu4HIjfDHIDmZkvgwHF0kWKcD3wP2hs+/wOfaILtXBr4c= +ENTRY_END + +; refer to server one down +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +ent.example.com. IN A +SECTION AUTHORITY +; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg. +; OPTOUT +b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG +b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78= + +; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag. +; OPTOUT SPAN around it +2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag +2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AFgtC3UEm/Tu4HIjfDHIDmZkvgwHF0kWKcD3wP2hs+/wOfaILtXBr4c= +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +ent.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +ent.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG +b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78= +2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag +2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AFgtC3UEm/Tu4HIjfDHIDmZkvgwHF0kWKcD3wP2hs+/wOfaILtXBr4c= +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_entnodata_optout_badopt.rpl b/src/test/resources/unbound/val_nsec3_entnodata_optout_badopt.rpl new file mode 100644 index 000000000..7bf202e3a --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_entnodata_optout_badopt.rpl @@ -0,0 +1,198 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with NSEC3 response for NODATA ENT with optout. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854} + +; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3 +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854} + +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ent.example.com. IN DS +SECTION AUTHORITY +; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg. +; OPTOUT +b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG +b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78= + +; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag. +; the span does not have OPTOUT +2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag +2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AAaGjBrmbElksOWsOAU0vdNwbRKsbsQgOwhFkONaynSk9M+2QpJQ6+k= +ENTRY_END + +; refer to server one down +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +ent.example.com. IN A +SECTION AUTHORITY +; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg. +; OPTOUT +b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG +b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78= + +; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag. +; the span does not have OPTOUT +2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag +2kekcu37chvrqjb272ptidu9jhk7oqag.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AAaGjBrmbElksOWsOAU0vdNwbRKsbsQgOwhFkONaynSk9M+2QpJQ6+k= +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +ent.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +ent.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_entnodata_optout_match.rpl b/src/test/resources/unbound/val_nsec3_entnodata_optout_match.rpl new file mode 100644 index 000000000..daea3809c --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_entnodata_optout_match.rpl @@ -0,0 +1,202 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator NODATA ENT with nsec3 optout matches the ent. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854} + +; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3 +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854} + +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ent.example.com. IN DS +SECTION AUTHORITY +; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg. +; OPTOUT +b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG +b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78= + +; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag. +; OPTOUT +2kekcu37chvrqjb272ptidu9jhk8oqag.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag +2kekcu37chvrqjb272ptidu9jhk8oqag.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AJl6kanB5RTIcTJysEzDUNqQAr0ftIqzGzQw2+v8RLEbn3Yhi1bEfOQ= +ENTRY_END + +; refer to server one down +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +ent.example.com. IN A +SECTION AUTHORITY +; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg. +; OPTOUT +b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG +b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78= + +; ent.example.com. -> 2kekcu37chvrqjb272ptidu9jhk8oqag. +; OPTOUT +2kekcu37chvrqjb272ptidu9jhk8oqag.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag +2kekcu37chvrqjb272ptidu9jhk8oqag.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AJl6kanB5RTIcTJysEzDUNqQAr0ftIqzGzQw2+v8RLEbn3Yhi1bEfOQ= +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +ent.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +ent.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA RRSIG DNSKEY +b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AHNLlpOM8cBFBBdzUO9nQC/O6mw3rDUrqcdiSwMKAIckd3k5WZvoP78= +2kekcu37chvrqjb272ptidu9jhk8oqag.example.com. 3600 IN NSEC3 1 1 123 aabb00123456bbccdd 2kekcu37chvrqjb272ptidu9jhk9oqag +2kekcu37chvrqjb272ptidu9jhk8oqag.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AJl6kanB5RTIcTJysEzDUNqQAr0ftIqzGzQw2+v8RLEbn3Yhi1bEfOQ= +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_iter_high.rpl b/src/test/resources/unbound/val_nsec3_iter_high.rpl new file mode 100644 index 000000000..2b78f0b7f --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_iter_high.rpl @@ -0,0 +1,165 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + val-nsec3-keysize-iterations: "1024 100 2048 200 4096 500" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with nxdomain NSEC3 with too high iterations + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} + +; closest encloser, H(example.com). +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854} + +; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854} + +; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3. +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854} + +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854} +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854} +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854} + +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_nodatawccname.rpl b/src/test/resources/unbound/val_nsec3_nodatawccname.rpl new file mode 100644 index 000000000..48631bcb6 --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_nodatawccname.rpl @@ -0,0 +1,170 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with nodata NSEC3 abused wildcarded CNAME. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} +; closest encloser +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854} + +; wildcard H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub +4f3cnt8cu22tngec382jj4gde4rb47ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub CNAME RRSIG +4f3cnt8cu22tngec382jj4gde4rb47ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFHo9PHBS+MkNWl2DVXH1h1Z8p0yFAhUAjBVKA5s0q5Bt8YOGdY1+9J6GmDU= ;{id = 2854} + +; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3. +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854} + +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_nods.rpl b/src/test/resources/unbound/val_nsec3_nods.rpl new file mode 100644 index 000000000..7151e11ee --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_nods.rpl @@ -0,0 +1,221 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with NSEC3 with no DS referral. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854} + +; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3 +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854} + +ENTRY_END + +; refer to server one down +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +; proof that there is no DS here. +;sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31 +;sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854} +; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd. +8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG +8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854} + +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.10 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION AUTHORITY +; proof that there is no DS here. +;sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31 +;sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854} +; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd. +8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG +8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854} +ENTRY_END +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.10 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR REFUSED +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +ENTRY_END + + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +sub.example.com. 3600 IN RRSIG DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854} + +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 1.2.3.123 +www.sub.example.com. 3600 IN RRSIG A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 1.2.3.123 +www.sub.example.com. 3600 IN RRSIG A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_nods_badopt.rpl b/src/test/resources/unbound/val_nsec3_nods_badopt.rpl new file mode 100644 index 000000000..6ddd47431 --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_nods_badopt.rpl @@ -0,0 +1,249 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with NSEC3 with no DS with wrong optout bit. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854} + +; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3 +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854} + +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION AUTHORITY +; proof that there is no DS here. +;sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31 +;sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854} +; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg. +b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG +b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEtLEiFNr2V6qJOHUxIRQ4ittparAhUAm+WN3aqAHEgiQQEeX9z4S0Ub/dM= ;{id = 2854} +; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd. +8r1f0ieoutlnjc03meng9e3bn1n0o9pd.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG +8r1f0ieoutlnjc03meng9e3bn1n0o9pd.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCategdxsiQTpOMHED1ehjPT7PO2gIUDJ9f/zGCEUHy/UVp97aOh0RRoks= ;{id = 2854} +ENTRY_END + +; refer to server one down +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN A +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +; proof that there is no DS here. +;sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31 +;sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854} +; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg. +b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig54sqg NS SOA DNSKEY RRSIG +b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEtLEiFNr2V6qJOHUxIRQ4ittparAhUAm+WN3aqAHEgiQQEeX9z4S0Ub/dM= ;{id = 2854} +; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd. +8r1f0ieoutlnjc03meng9e3bn1n0o9pd.example.com. IN NSEC3 1 0 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG +8r1f0ieoutlnjc03meng9e3bn1n0o9pd.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCategdxsiQTpOMHED1ehjPT7PO2gIUDJ9f/zGCEUHy/UVp97aOh0RRoks= ;{id = 2854} + +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.10 +ENTRY_END + +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.10 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.sub.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR REFUSED +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +sub.example.com. 3600 IN RRSIG DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854} + +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 1.2.3.123 +www.sub.example.com. 3600 IN RRSIG A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_nods_badsig.rpl b/src/test/resources/unbound/val_nsec3_nods_badsig.rpl new file mode 100644 index 000000000..1c37d21e1 --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_nods_badsig.rpl @@ -0,0 +1,238 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with NSEC3 with no DS referral with bad signature. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854} + +; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3 +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854} + +ENTRY_END + +; refer to server one down +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +; proof that there is no DS here. +;sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31 +;sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854} +; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd. +8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG +; bad signature: +8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20010926135752 20010829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854} +;8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.10 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION AUTHORITY +; proof that there is no DS here. +;sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31 +;sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854} +; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd. +8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG +; bad signature +8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20010926135752 20010829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854} +;8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854} +ENTRY_END +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.10 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR REFUSED +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +ENTRY_END + + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +sub.example.com. 3600 IN RRSIG DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854} + +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 1.2.3.123 +www.sub.example.com. 3600 IN RRSIG A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_nods_negcache.rpl b/src/test/resources/unbound/val_nsec3_nods_negcache.rpl new file mode 100644 index 000000000..d2ba7309a --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_nods_negcache.rpl @@ -0,0 +1,222 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with NSEC3 with no DS referral from neg cache. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854} + +; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3 +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854} + +ENTRY_END + +; refer to server one down +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +; proof that there is no DS here. +;sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31 +;sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854} +; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd. +8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG +8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854} + +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.10 +ENTRY_END + +; get DS proof from neg cache +; ENTRY_BEGIN +; MATCH opcode qtype qname +; ADJUST copy_id +; REPLY QR NOERROR +; SECTION QUESTION +; sub.example.com. IN DS +; SECTION AUTHORITY +; ; proof that there is no DS here. +; ;sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31 +; ;sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854} +; ; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd. +; 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS RRSIG +; 8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFEC78oZJjqlV6kVyQb4X0o6tsUpUAhUAk+bgth7eeN+aO8ts2+yLSyzSX9g= ;{id = 2854} +; ENTRY_END +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.10 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR REFUSED +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +ENTRY_END + + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +sub.example.com. 3600 IN RRSIG DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854} + +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 1.2.3.123 +www.sub.example.com. 3600 IN RRSIG A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 1.2.3.123 +www.sub.example.com. 3600 IN RRSIG A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_nods_soa.rpl b/src/test/resources/unbound/val_nsec3_nods_soa.rpl new file mode 100644 index 000000000..bbb0633aa --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_nods_soa.rpl @@ -0,0 +1,253 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with NSEC3 with no DS referral abuse of apex. +; abusing subzone apex NSEC3. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA SERVFAIL +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA SERVFAIL +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCM6lsu9byZIQ1yYjJmyYfFWM2RWAIUcR5t84r2La824oWCkLjmHXRQlco= ;{id = 2854} + +; NODATA response. H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3 +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m3.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFE/a24nsY2luhQmZjY/ObAIgNSMkAhQWd4MUOUVK55bD6AbMHWrDA0yvEA== ;{id = 2854} + +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION AUTHORITY +; proof that there is no DS here. +;sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31 +;sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854} +; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd. +8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS SOA DNSKEY RRSIG +8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC4CFQCeKcyw76yvOvfa2+qtxv8bKcEyJwIVAJBeIGST4Y8Tk8YkQI0suee3Bxb1 ;{id = 2854} +ENTRY_END + +; refer to server one down +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN A +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +; proof that there is no DS here. +;sub.example.com. 3600 IN DS 2854 DSA 1 be4d46cd7489cce25a31af0dff2968ce0425dd31 +;sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQC1WMTfb25sTgeUEXCFR4+YiJqecwIUc2R/jrO4amyQxovSnld2reg8eyo= ;{id = 2854} +; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd. +8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 8r1f0ieoutlnjc03meng9e3bn3n0o9pd NS SOA DNSKEY RRSIG +8r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC4CFQCeKcyw76yvOvfa2+qtxv8bKcEyJwIVAJBeIGST4Y8Tk8YkQI0suee3Bxb1 ;{id = 2854} + +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.10 +ENTRY_END +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.10 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.sub.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.sub.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR REFUSED +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +sub.example.com. 3600 IN RRSIG DNSKEY 3 3 3600 20070926135752 20070829135752 2854 sub.example.com. MCwCFBznBTYM/SrdUnjQdBnLtRO79KAaAhQReG5nRuL7Xsdf6D0KKwPa1GpWyQ== ;{id = 2854} + +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 1.2.3.123 +www.sub.example.com. 3600 IN RRSIG A 3 4 3600 20070926135752 20070829135752 2854 sub.example.com. MC0CFEExteiCsLkRi/md6o5K8BhRJAKFAhUAgg2tkvwaDn8Xbm9q+5xnjvgIB8k= ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_optout_ad.rpl b/src/test/resources/unbound/val_nsec3_optout_ad.rpl new file mode 100644 index 000000000..824cf6d43 --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_optout_ad.rpl @@ -0,0 +1,362 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. DS 57024 7 1 46d134be319b2cc910b9938f1cb25dc41abb27bf" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with optout NSEC3 response that gets no AD. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 7 2 3600 20070926134150 20070829134150 57024 example.com. fIE3H2v3wAm3GPajsdgJn+A8R4Cp7dMXf1PSUQ8BfklzMBMJjpc0oM/S7u/HVLYQs1jx8CMdw2TZEpIPfo6Rl0TekDqNtVk6IBw1H+zxDFwf3v7UdOjm8s6FfoEJcZ5yEFV/Lps82NzHCR9uqprhv6ddQdAeVNA5QHis1c5Y1P0= ;{id = 57024} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 7 3 3600 20070926134150 20070829134150 57024 example.com. b0iX5vuTqngB5F0ORFrFLx8sAeTHGJVcPpD34iNFY71ZoFnHrHfAMWC3RAWz+nQ1NmH1oDdA8NTYN/aQQNzwEz4VmVYA2PANBSiwSY3q3gp9PWZU6CfRNf2dU/210H0y35FroQpADszmwC+Hlbcvll+bQj3fSyT2W/69kRVssj4= ;{id = 57024} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 257 3 7 AwEAAbvre/wK/WVeoj0SiwVkTD+NefvHPru9YIqLWY0m+0E5NYOpJZdc+PGQQYRzFNOlugVZtFirmv5Lmz7GNiASXtG/IFi//SlE30DxEKQOjt2F6qSZTZ1nZ5XOIMGTwWyp4OoI0egk5JavC5mQbyXqcj82ywt6F5Z3CmnThVl6MtOv ;{id = 57024 (ksk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 7 2 3600 20070926134150 20070829134150 57024 example.com. lqOo8W7UffLZIKBoIJg8OAPkmCWptnstiLIg1bAtzuEZDZFr2KNZGv+5k6hbRJKYnZRLReY4v8G9Eg0GCC/44gLm8BZlnh/4jLOjMH9MKusFV/jNqz/HABITYn1pBwvVak7lzqN+bmL0KMyWf1MzPWilx4fM9YWinsQFILVLPL0= ;{id = 57024} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 7 2 3600 20070926134150 20070829134150 57024 example.com. fIE3H2v3wAm3GPajsdgJn+A8R4Cp7dMXf1PSUQ8BfklzMBMJjpc0oM/S7u/HVLYQs1jx8CMdw2TZEpIPfo6Rl0TekDqNtVk6IBw1H+zxDFwf3v7UdOjm8s6FfoEJcZ5yEFV/Lps82NzHCR9uqprhv6ddQdAeVNA5QHis1c5Y1P0= ;{id = 57024} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 7 3 3600 20070926134150 20070829134150 57024 example.com. b0iX5vuTqngB5F0ORFrFLx8sAeTHGJVcPpD34iNFY71ZoFnHrHfAMWC3RAWz+nQ1NmH1oDdA8NTYN/aQQNzwEz4VmVYA2PANBSiwSY3q3gp9PWZU6CfRNf2dU/210H0y35FroQpADszmwC+Hlbcvll+bQj3fSyT2W/69kRVssj4= ;{id = 57024} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400 +example.com. 3600 IN RRSIG SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024} + +; optout +; example.com. -> onib9mgub9h0rml3cdf5bgrj59dkjhvk. +; sub.example.com. -> kg19n32806c832kijdnglq8p9m2r5mdj. +; *.example.com. -> 4f3cnt8cu22tngec382jj4gde4rb47ub. +onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM +jg19n32806c832kijdnglq8p9m2r5mdj.example.com. NSEC3 1 1 0 - lg19n32806c832kijdnglq8p9m2r5mdj NS DS RRSIG + +onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024} +jg19n32806c832kijdnglq8p9m2r5mdj.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. f7ZSCahAuKOLXquM0jpdU6I9AX31CgGicRiB3aU4jvqQp/EygbCNn5kfpyXY0FvZvzggpl8naXSStOPN9dy3bb0NwGQkJcYD94NEw307T8uEunOvx1ug5TuakBAwqjY8xKM3xab3LnWYRtx4zdln/3ZDHvBUwfzkxUZrzeKjpiI= ;{id = 57024} +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN MX +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400 +example.com. 3600 IN RRSIG SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024} + +; optout +; example.com. -> onib9mgub9h0rml3cdf5bgrj59dkjhvk. +; sub.example.com. -> kg19n32806c832kijdnglq8p9m2r5mdj. +; *.example.com. -> 4f3cnt8cu22tngec382jj4gde4rb47ub. +onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM +jg19n32806c832kijdnglq8p9m2r5mdj.example.com. NSEC3 1 1 0 - lg19n32806c832kijdnglq8p9m2r5mdj NS DS RRSIG + +onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024} +jg19n32806c832kijdnglq8p9m2r5mdj.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. f7ZSCahAuKOLXquM0jpdU6I9AX31CgGicRiB3aU4jvqQp/EygbCNn5kfpyXY0FvZvzggpl8naXSStOPN9dy3bb0NwGQkJcYD94NEw307T8uEunOvx1ug5TuakBAwqjY8xKM3xab3LnWYRtx4zdln/3ZDHvBUwfzkxUZrzeKjpiI= ;{id = 57024} +SECTION ADDITIONAL +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +rub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400 +example.com. 3600 IN RRSIG SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024} + +; optout +; example.com. -> onib9mgub9h0rml3cdf5bgrj59dkjhvk. +; rub.example.com. -> c2bqk3tb4foaenfbp1v0pdk6mor3r7vo. +; *.example.com. -> 4f3cnt8cu22tngec382jj4gde4rb47ub. +onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM +22bqk3tb4foaenfbp1v0pdk6mor3r7vo.example.com. NSEC3 1 1 0 - f2bqk3tb4foaenfbp1v0pdk6mor3r7vo NS RRSIG + +onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024} +22bqk3tb4foaenfbp1v0pdk6mor3r7vo.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jk6EYU9qTrmNeeKuQRG7iKyfNJnBt45MToPVpAQ+LoGDC3muy4bkWeKspj68cN9E5wNijfmm1eFK3khSSEnM50mfJbpiwlbKgL0VZz33Zn+Wu8b7sTtdDwDH7MUBLRwHeb7W+NtQIEXPLs4Z3BXHzAXy5ZpSjQ3PJZn6zBx4/dw= ;{id = 57024} +SECTION ADDITIONAL +ENTRY_END + +; wildcard expansion +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.wild.example.com. IN A +SECTION ANSWER +; *.wild.example.com. IN A 77.88.99.0 +a.wild.example.com. IN A 77.88.99.0 +a.wild.example.com. 3600 IN RRSIG A 7 3 3600 20070926134150 20070829134150 57024 example.com. GWV6cQprrpAsaYla5z7N9tppdb+X0ZjOsiWBuBueSACHU8CzsYPMbwKUZlTNbQ4mSVRRDa0rM1niYoZF9oqyAfbn5HBLi62TRjrBLHfvatDgSiZCa4mauUfzUS+U7FfUXikNIigG0aN0xdpJ//urmecjNSKg2aW4M0DYsm7keMI= ;{id = 57024} +SECTION AUTHORITY +; a.wild.example.com -> ad1535hlgg914unuuaei9jfh4ofr44uo. covered by optout +ac1535hlgg914unuuaei9jfh4ofr44uo.example.com. IN NSEC3 1 1 0 - ae1535hlgg914unuuaei9jfh4ofr44uo NS RRSIG +ac1535hlgg914unuuaei9jfh4ofr44uo.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. imoxsXE1c3FaXu6uSantJfMPGBgsauf1GhmNpS1lLuaNRjXOhf1PDXwt/GoD/dm2GXJAlWT8u6EK3RXkFwlDIsP7vYFuDfUNCQ/hvYq300sXl1nfW0O1bsoBJahQJuNM+xcbwbnQf0krCTxNthyi2cuiY7RYug6ZTZ3gz4DMkhU= ;{id = 57024} +; for wild.example.com the closest encloser +; wild.example.com -> 8aeigskl5tmraedgji7v1lqbmqs8qv7u. +8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com. IN NSEC3 1 1 0 - 9aeigskl5tmraedgji7v1lqbmqs8qv7u +8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. afV7c9knpxmD5c6UKrqw5J/06eokPwSb3HZi3TI63tzFcswuMjj4d7NKJmdpA+uo0aweVZgcOp+O+v9urgNYNYbxOy02qqOetLph8YWH7MQTftaGBwKD7gZMbnUArryPCtrlJz0i0GzoWvVTZnsjrrlDtP/ogLDnCKyi7Q0si+k= ;{id = 57024} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.wild.example.com. IN MX +SECTION ANSWER +SECTION AUTHORITY +; wildcard no data +example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400 +example.com. 3600 IN RRSIG SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024} +; wild.example.com -> 8aeigskl5tmraedgji7v1lqbmqs8qv7u. +; *.wild.example.com. -> nvec78au1hpuma9eebeji5n06eq33gbk. +; the NSEC3 for the wildcard *.wild.example.com. , with optout, A RRSIG +nvec78au1hpuma9eebeji5n06eq33gbk.example.com. IN NSEC3 1 1 0 - ovec78au1hpuma9eebeji5n06eq33gbk A RRSIG +nvec78au1hpuma9eebeji5n06eq33gbk.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jE+b5p+stQumm+tLZdaBT+KBpwYI7wRXijRHWcqiUp2SY1uV7HxBdW8aedVTqpFe8kYbMUgI3pCOAitmiI9R6SJg3q7022QOb9y+0/xSmIDqxATVPTJbkzVBInfWrulRtn7o3HmOyoIc9/w7NnNxFYpwtFL08jTBRr8XRTWDM7Q= ;{id = 57024} +; NSEC3 for the closest encloser, wild.example.com. (an empty nonterminal) +8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com. IN NSEC3 1 1 0 - 9aeigskl5tmraedgji7v1lqbmqs8qv7u +8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. afV7c9knpxmD5c6UKrqw5J/06eokPwSb3HZi3TI63tzFcswuMjj4d7NKJmdpA+uo0aweVZgcOp+O+v9urgNYNYbxOy02qqOetLph8YWH7MQTftaGBwKD7gZMbnUArryPCtrlJz0i0GzoWvVTZnsjrrlDtP/ogLDnCKyi7Q0si+k= ;{id = 57024} +; a.wild.example.com -> ad1535hlgg914unuuaei9jfh4ofr44uo. covered by optout +ac1535hlgg914unuuaei9jfh4ofr44uo.example.com. IN NSEC3 1 1 0 - ae1535hlgg914unuuaei9jfh4ofr44uo NS RRSIG +ac1535hlgg914unuuaei9jfh4ofr44uo.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. imoxsXE1c3FaXu6uSantJfMPGBgsauf1GhmNpS1lLuaNRjXOhf1PDXwt/GoD/dm2GXJAlWT8u6EK3RXkFwlDIsP7vYFuDfUNCQ/hvYq300sXl1nfW0O1bsoBJahQJuNM+xcbwbnQf0krCTxNthyi2cuiY7RYug6ZTZ3gz4DMkhU= ;{id = 57024} +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +sub.example.com. IN MX +ENTRY_END + +; recursion happens here. +; no AD flag on this because an optout NSEC3 is used. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +sub.example.com. IN MX +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400 +example.com. 3600 IN RRSIG SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024} +onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM +onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024} +jg19n32806c832kijdnglq8p9m2r5mdj.example.com. NSEC3 1 1 0 - lg19n32806c832kijdnglq8p9m2r5mdj NS DS RRSIG +jg19n32806c832kijdnglq8p9m2r5mdj.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. f7ZSCahAuKOLXquM0jpdU6I9AX31CgGicRiB3aU4jvqQp/EygbCNn5kfpyXY0FvZvzggpl8naXSStOPN9dy3bb0NwGQkJcYD94NEw307T8uEunOvx1ug5TuakBAwqjY8xKM3xab3LnWYRtx4zdln/3ZDHvBUwfzkxUZrzeKjpiI= ;{id = 57024} +SECTION ADDITIONAL +ENTRY_END + +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +sub.example.com. IN DS +ENTRY_END + +; recursion happens here. +; no AD flag here because of RFC5155 9.2 section. +; even though we are sure there is no DS, this is what the RFC says. +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400 +example.com. 3600 IN RRSIG SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024} +onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM +onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024} +jg19n32806c832kijdnglq8p9m2r5mdj.example.com. NSEC3 1 1 0 - lg19n32806c832kijdnglq8p9m2r5mdj NS DS RRSIG +jg19n32806c832kijdnglq8p9m2r5mdj.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. f7ZSCahAuKOLXquM0jpdU6I9AX31CgGicRiB3aU4jvqQp/EygbCNn5kfpyXY0FvZvzggpl8naXSStOPN9dy3bb0NwGQkJcYD94NEw307T8uEunOvx1ug5TuakBAwqjY8xKM3xab3LnWYRtx4zdln/3ZDHvBUwfzkxUZrzeKjpiI= ;{id = 57024} +SECTION ADDITIONAL +ENTRY_END + +STEP 40 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +rub.example.com. IN A +ENTRY_END + +; recursion happens here. +; no AD flag here because of RFC5155 9.2 section. +; also for NXDOMAIN +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NXDOMAIN +SECTION QUESTION +rub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400 +example.com. 3600 IN RRSIG SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024} +onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. NSEC3 1 1 0 - pnib9mgub9h0rml3cdf5bgrj59dkjhvk NS SOA RRSIG DNSKEY NSEC3PARAM +onib9mgub9h0rml3cdf5bgrj59dkjhvk.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jHrF+lnyRL1LE/Bwz6C+jZg3E/2qQkVSboGxya6iX71v0zA3eUsob9m9l3gHNlhwhyahbamHUKx+OMvtYuzRa+RMv4ObuLRIt8StdixeXaUU+rx7C2qCKOFsa5q4HzK4bLYPfyb5T9w67HbzHPLEllXPA7tghzyzCM9qBtbvwK4= ;{id = 57024} +22bqk3tb4foaenfbp1v0pdk6mor3r7vo.example.com. NSEC3 1 1 0 - f2bqk3tb4foaenfbp1v0pdk6mor3r7vo NS RRSIG +22bqk3tb4foaenfbp1v0pdk6mor3r7vo.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jk6EYU9qTrmNeeKuQRG7iKyfNJnBt45MToPVpAQ+LoGDC3muy4bkWeKspj68cN9E5wNijfmm1eFK3khSSEnM50mfJbpiwlbKgL0VZz33Zn+Wu8b7sTtdDwDH7MUBLRwHeb7W+NtQIEXPLs4Z3BXHzAXy5ZpSjQ3PJZn6zBx4/dw= ;{id = 57024} +SECTION ADDITIONAL +ENTRY_END + +STEP 60 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.wild.example.com. IN A +ENTRY_END + +; query is a wildcard expansion, covered by optout. +; hence it is without AD flag (even though we are sure this wildcard exists, +; we are not sure that there is no delegation covered by the optout span +; with the name a.wild.example.com). +STEP 70 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +a.wild.example.com. IN A +SECTION ANSWER +a.wild.example.com. IN A 77.88.99.0 +a.wild.example.com. 3600 IN RRSIG A 7 3 3600 20070926134150 20070829134150 57024 example.com. GWV6cQprrpAsaYla5z7N9tppdb+X0ZjOsiWBuBueSACHU8CzsYPMbwKUZlTNbQ4mSVRRDa0rM1niYoZF9oqyAfbn5HBLi62TRjrBLHfvatDgSiZCa4mauUfzUS+U7FfUXikNIigG0aN0xdpJ//urmecjNSKg2aW4M0DYsm7keMI= ;{id = 57024} +SECTION AUTHORITY +ac1535hlgg914unuuaei9jfh4ofr44uo.example.com. IN NSEC3 1 1 0 - ae1535hlgg914unuuaei9jfh4ofr44uo NS RRSIG +ac1535hlgg914unuuaei9jfh4ofr44uo.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. imoxsXE1c3FaXu6uSantJfMPGBgsauf1GhmNpS1lLuaNRjXOhf1PDXwt/GoD/dm2GXJAlWT8u6EK3RXkFwlDIsP7vYFuDfUNCQ/hvYq300sXl1nfW0O1bsoBJahQJuNM+xcbwbnQf0krCTxNthyi2cuiY7RYug6ZTZ3gz4DMkhU= ;{id = 57024} +8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com. IN NSEC3 1 1 0 - 9aeigskl5tmraedgji7v1lqbmqs8qv7u +8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. afV7c9knpxmD5c6UKrqw5J/06eokPwSb3HZi3TI63tzFcswuMjj4d7NKJmdpA+uo0aweVZgcOp+O+v9urgNYNYbxOy02qqOetLph8YWH7MQTftaGBwKD7gZMbnUArryPCtrlJz0i0GzoWvVTZnsjrrlDtP/ogLDnCKyi7Q0si+k= ;{id = 57024} +ENTRY_END + +STEP 80 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.wild.example.com. IN MX +ENTRY_END + +; nodata wildcard expansion, we are sure that the wildcard does not have +; the data that is requested, but there an optout flag set on the wildcard +; expansion denial, thus we are not sure of a.wild.example.com delegation +; under the optout. +STEP 90 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +a.wild.example.com. IN MX +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. noc.example.com. 2009310622 1800 900 604800 86400 +example.com. 3600 IN RRSIG SOA 7 2 3600 20070926134150 20070829134150 57024 example.com. HlyER7bYPiSJ9jdjjRBucQexYr932Oor1TvxSLPWw5fuWvr/fFitKVnLqC+lqBIeOby44KiDr0rIk+ZqYjWWKNjaLm5wMfhQzbsAgGTQxmO07jnYOGQG9SI6DSbR9GJdZ7imu5sx5oo5dze73MxgLMZIethGaFMkktYN53+AzG0= ;{id = 57024} +nvec78au1hpuma9eebeji5n06eq33gbk.example.com. IN NSEC3 1 1 0 - ovec78au1hpuma9eebeji5n06eq33gbk A RRSIG +nvec78au1hpuma9eebeji5n06eq33gbk.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. jE+b5p+stQumm+tLZdaBT+KBpwYI7wRXijRHWcqiUp2SY1uV7HxBdW8aedVTqpFe8kYbMUgI3pCOAitmiI9R6SJg3q7022QOb9y+0/xSmIDqxATVPTJbkzVBInfWrulRtn7o3HmOyoIc9/w7NnNxFYpwtFL08jTBRr8XRTWDM7Q= ;{id = 57024} +8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com. IN NSEC3 1 1 0 - 9aeigskl5tmraedgji7v1lqbmqs8qv7u +8aeigskl5tmraedgji7v1lqbmqs8qv7u.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. afV7c9knpxmD5c6UKrqw5J/06eokPwSb3HZi3TI63tzFcswuMjj4d7NKJmdpA+uo0aweVZgcOp+O+v9urgNYNYbxOy02qqOetLph8YWH7MQTftaGBwKD7gZMbnUArryPCtrlJz0i0GzoWvVTZnsjrrlDtP/ogLDnCKyi7Q0si+k= ;{id = 57024} +ac1535hlgg914unuuaei9jfh4ofr44uo.example.com. IN NSEC3 1 1 0 - ae1535hlgg914unuuaei9jfh4ofr44uo NS RRSIG +ac1535hlgg914unuuaei9jfh4ofr44uo.example.com. 3600 IN RRSIG NSEC3 7 3 3600 20070926134150 20070829134150 57024 example.com. imoxsXE1c3FaXu6uSantJfMPGBgsauf1GhmNpS1lLuaNRjXOhf1PDXwt/GoD/dm2GXJAlWT8u6EK3RXkFwlDIsP7vYFuDfUNCQ/hvYq300sXl1nfW0O1bsoBJahQJuNM+xcbwbnQf0krCTxNthyi2cuiY7RYug6ZTZ3gz4DMkhU= ;{id = 57024} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_optout_cache.rpl b/src/test/resources/unbound/val_nsec3_optout_cache.rpl new file mode 100644 index 000000000..215cca676 --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_optout_cache.rpl @@ -0,0 +1,280 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with NSEC3 span change and cache effects. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +; blacklisted address to stop it from using it, the negative answer uses its +; nsec3-hash which is alittle inconvenient +; ns.example.com. -> 7l9dbddmge35f7vr9mec78dqr6l3236k. +ns.example.com. IN AAAA ::1 +ns.example.com. 3600 IN RRSIG AAAA 3 3 3600 20070926135752 20070829135752 2854 example.com. AExGBc6JU/xwwoSIeK/DtX8kr7AgOecx5Z2FnRiz/YSpnWGnFDt26ec= +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; DS query +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION AUTHORITY +example.com. IN SOA a. b. 1 2 3 4 5 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926135752 20070829135752 2854 example.com. AAkQt1yoMF7s4gCYlojFzi0ubw6Uo4uWPSJTz6Dp/2iWUVDbxDKpy+E= + +; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd. +; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg. +; proof that there is no DS here. +; ce: +b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig53sqh NS SOA DNSKEY NSEC3PARAM RRSIG +b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AKHQ0gnNP5WDab1yqbd+Bt12CSSff88sqeDR40dvhiWOcYA8mmyjYNA= + +; span around sub.example.com., same span as foo.example.com, but it has +; just changed and it is now larger to accomodate sub.example.com. +6obgmo062d9935unjnnj2su5otaj9334.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 9r1f0ieoutlnjc03meng9e3bn2n0o9pd NS DS RRSIG +6obgmo062d9935unjnnj2su5otaj9334.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. ABzruSKUUcJRNlYDqZ4UmQH/WnzeXt9Gozp3chS4cR0sqsEeGjL54eQ= + +; span around sub.example.com. from previous delegation in nsec3-chain +;7r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 9r1f0ieoutlnjc03meng9e3bn2n0o9pd NS DS RRSIG +;7r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AF2FOKiIfOV9KrDTuP4RwnDI6lZnmhRHE+HAh8UHEq87uakYUEHfGUY= +ENTRY_END + +; refer to server one down +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN A +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd. +; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg. +; proof that there is no DS here. +; ce: +b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig53sqh NS SOA DNSKEY NSEC3PARAM RRSIG +b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AKHQ0gnNP5WDab1yqbd+Bt12CSSff88sqeDR40dvhiWOcYA8mmyjYNA= + +; span around sub.example.com., same span as foo.example.com, but it has +; just changed and it is now larger to accomodate sub.example.com. +6obgmo062d9935unjnnj2su5otaj9334.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 9r1f0ieoutlnjc03meng9e3bn2n0o9pd NS DS RRSIG +6obgmo062d9935unjnnj2su5otaj9334.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. ABzruSKUUcJRNlYDqZ4UmQH/WnzeXt9Gozp3chS4cR0sqsEeGjL54eQ= + +; span around sub.example.com. from previous delegation in nsec3-chain +;7r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 9r1f0ieoutlnjc03meng9e3bn2n0o9pd NS DS RRSIG +;7r1f0ieoutlnjc03meng9e3bn2n0o9pd.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AF2FOKiIfOV9KrDTuP4RwnDI6lZnmhRHE+HAh8UHEq87uakYUEHfGUY= + +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.10 +ENTRY_END + +; refer to server one down +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +foo.example.com. IN A +SECTION AUTHORITY +foo.example.com. IN NS ns.sub.example.com. +; sub.example.com. -> 8r1f0ieoutlnjc03meng9e3bn2n0o9pd. +; foo.example.com. -> 7obgmo062d9935unjnnj2su5otaj9334. +; example.com. -> b6fuorg741ufili49mg9j4328ig53sqg. +; proof that there is no DS here. +; ce: +b6fuorg741ufili49mg9j4328ig53sqg.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig53sqh NS SOA DNSKEY NSEC3PARAM RRSIG +b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AKHQ0gnNP5WDab1yqbd+Bt12CSSff88sqeDR40dvhiWOcYA8mmyjYNA= + +; span around sub.example.com. from previous delegation in nsec3-chain +; note it does not cover sub.example.com. +6obgmo062d9935unjnnj2su5otaj9334.example.com. IN NSEC3 1 1 123 aabb00123456bbccdd 7r1f0ieoutlnjc03meng9e3bn2n0o9pd NS DS RRSIG +6obgmo062d9935unjnnj2su5otaj9334.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. ABQZ49PmeXGxUmMebbKcYI/Y3mhMdlHmshohKTbGhEsNF11OjPYmr9c= + +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.10 +ENTRY_END + +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.10 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR REFUSED +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 1.2.3.123 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.foo.example.com. IN A +SECTION ANSWER +www.foo.example.com. IN A 1.2.3.124 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.foo.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.foo.example.com. IN A +SECTION ANSWER +www.foo.example.com. IN A 1.2.3.124 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 1.2.3.123 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_wcany.rpl b/src/test/resources/unbound/val_nsec3_wcany.rpl new file mode 100644 index 000000000..24bdaeb18 --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_wcany.rpl @@ -0,0 +1,162 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with NSEC3 wildcard qtype ANY response. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN ANY +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN ANY +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN ANY +SECTION ANSWER +; *.example.com. IN A 1.2.3.123 +; *.example.com. IN AAAA ::5 +; *.example.com. IN MX 10 mail.example.com. +www.example.com. 3600 IN MX 10 mail.example.com. +www.example.com. 3600 IN RRSIG MX 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFBncNdBkFSOTvqF7RtZ4bZuojWF8AhQlEv7Iw8BpQ7YkZQidRDJdx+BrGw== ;{id = 2854} +www.example.com. 3600 IN AAAA ::5 +www.example.com. 3600 IN RRSIG AAAA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCWSH0WGURY1mQwpL08SN1XF9p39AhUAgwbFk0frQC62UxhNfn4pu7iq8q4= ;{id = 2854} +www.example.com. 3600 IN A 1.2.3.123 +www.example.com. 3600 IN RRSIG A 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFCypz6dZfecwPbJ3BKrXEA7jw5kkAhRz1vprGL0idsKos8szoybKXe17Jw== ;{id = 2854} + +SECTION AUTHORITY +; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3. +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854} + +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN ANY +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.example.com. IN ANY +SECTION ANSWER +www.example.com. 3600 IN MX 10 mail.example.com. +www.example.com. 3600 IN RRSIG MX 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFBncNdBkFSOTvqF7RtZ4bZuojWF8AhQlEv7Iw8BpQ7YkZQidRDJdx+BrGw== ;{id = 2854} +www.example.com. 3600 IN AAAA ::5 +www.example.com. 3600 IN RRSIG AAAA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCWSH0WGURY1mQwpL08SN1XF9p39AhUAgwbFk0frQC62UxhNfn4pu7iq8q4= ;{id = 2854} +www.example.com. 3600 IN A 1.2.3.123 +www.example.com. 3600 IN RRSIG A 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFCypz6dZfecwPbJ3BKrXEA7jw5kkAhRz1vprGL0idsKos8szoybKXe17Jw== ;{id = 2854} +SECTION AUTHORITY +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nsec3_wcany_nodeny.rpl b/src/test/resources/unbound/val_nsec3_wcany_nodeny.rpl new file mode 100644 index 000000000..2e27fb502 --- /dev/null +++ b/src/test/resources/unbound/val_nsec3_wcany_nodeny.rpl @@ -0,0 +1,171 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with NSEC3 wildcard qtype ANY without denial. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN ANY +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN ANY +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN ANY +SECTION ANSWER +; *.example.com. IN A 1.2.3.123 +; *.example.com. IN AAAA ::5 +; *.example.com. IN MX 10 mail.example.com. +www.example.com. 3600 IN MX 10 mail.example.com. +www.example.com. 3600 IN RRSIG MX 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFBncNdBkFSOTvqF7RtZ4bZuojWF8AhQlEv7Iw8BpQ7YkZQidRDJdx+BrGw== ;{id = 2854} +www.example.com. 3600 IN AAAA ::5 +www.example.com. 3600 IN RRSIG AAAA 3 2 3600 20070926135752 20070829135752 2854 example.com. MC0CFCWSH0WGURY1mQwpL08SN1XF9p39AhUAgwbFk0frQC62UxhNfn4pu7iq8q4= ;{id = 2854} +www.example.com. 3600 IN A 1.2.3.123 +www.example.com. 3600 IN RRSIG A 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFCypz6dZfecwPbJ3BKrXEA7jw5kkAhRz1vprGL0idsKos8szoybKXe17Jw== ;{id = 2854} + +SECTION AUTHORITY +; no qname denial! +; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3. +;s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +;s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854} + +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN ANY +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN ANY +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nx.rpl b/src/test/resources/unbound/val_nx.rpl new file mode 100644 index 000000000..d0e4bb339 --- /dev/null +++ b/src/test/resources/unbound/val_nx.rpl @@ -0,0 +1,155 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with nxdomain response + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} +; wildcard denial +example.com. IN NSEC abc.example.com. SOA NS DNSKEY NSEC RRSIG +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854} +; qname denial +wab.example.com. IN NSEC wzz.example.com. A NSEC RRSIG +wab.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} +example.com. IN NSEC abc.example.com. SOA NS DNSKEY NSEC RRSIG +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854} +wab.example.com. IN NSEC wzz.example.com. A NSEC RRSIG +wab.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nx_failwc.rpl b/src/test/resources/unbound/val_nx_failwc.rpl new file mode 100644 index 000000000..eb2f5ba7e --- /dev/null +++ b/src/test/resources/unbound/val_nx_failwc.rpl @@ -0,0 +1,70 @@ +; config options +; The island of trust is at nsecwc.nlnetlabs.nl +server: + trust-anchor: "nsecwc.nlnetlabs.nl. 10024 IN DS 565 8 2 0C15C04C022700C8713028F6F64CF2343DE627B8F83CDA1C421C65DB 52908A2E" + val-override-date: "20181202115531" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no +stub-zone: + name: "nsecwc.nlnetlabs.nl" + stub-addr: "185.49.140.60" + +CONFIG_END + +SCENARIO_BEGIN Test validator with nxdomain response with wildcard expanded NSEC record, original NSEC owner does not provide proof for QNAME. CVE-2017-15105 test. + + ; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 185.49.140.60 + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +nsecwc.nlnetlabs.nl. IN DNSKEY +SECTION ANSWER +nsecwc.nlnetlabs.nl. 3600 IN DNSKEY 257 3 8 AwEAAbTluF4BfJ/FT7Ak5a3VvYG1AqhT8FXxOsVwGTyueyE/hW+fMFMd QlLMf2Lf/gmsnFgn/p7GDmJBLlPTATmLeP3isvAZbK3MDEP2O5UjTVmt LZriTv8xfxYW6emCM54EQjWii64BFWrOeLm9zQqzyaLl53CbIIXqiacV KPteh8GX +nsecwc.nlnetlabs.nl. 3600 IN RRSIG DNSKEY 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. q3bG4e8EtvXKDcNWcyYHeQxLF9l9aJKdmeSubyN6Qc3UVHugd6t3YSxD hlD+g43y7FcdnNHdAPh/jpgC4wtOb5J+5XAuESDHwesmIXOCTJjrb+A8 r+xQK+vsY8FhNZ2r81JZ/KQ/+TcCS5tbYeNZQgENduWAxgGiw3fdrMOV xiU= +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +a.nsecwc.nlnetlabs.nl. IN TXT +SECTION ANSWER +SECTION AUTHORITY +!.nsecwc.nlnetlabs.nl. 3600 IN NSEC delegation.nsecwc.nlnetlabs.nl. TXT RRSIG NSEC +!.nsecwc.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. ddy1MRbshFuFJswlouNGHsZUF/tYu8BOCztY2JuHeTMyWL7rhRKp73q/ 1RAXMwywKsynT5ioY0bMtEQszeIEn29IYaPDHieLAobjF6BMu1kO7U2/ oEBrSHM/fx28BcaM5G4nfCIm3BlhQhWvk1NDHLn3Q26x4hF/dnmFOUet aXw= +nsecwc.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +nsecwc.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. bYibpCDg1LgrnYJgVahgu94LBqLIcNs4iC0SW8LV7pTI1hhuFKbLkO2O ekPdkJAWmu/KTytf8D+cdcK6X/9VS8QCVIF5S0hraHtNezu0f1B5ztg3 7Rqy+uJSucNKoykueAsz2z43GMgO0rGH3bqM7+3ii8p2E2rhzqEtG/D3 qyY= +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.nsecwc.nlnetlabs.nl. IN TXT +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +a.nsecwc.nlnetlabs.nl. IN TXT +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nx_nodeny.rpl b/src/test/resources/unbound/val_nx_nodeny.rpl new file mode 100644 index 000000000..311b6ab7e --- /dev/null +++ b/src/test/resources/unbound/val_nx_nodeny.rpl @@ -0,0 +1,165 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with nxdomain response missing qname denial + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} +; wildcard denial +example.com. IN NSEC abc.example.com. SOA NS DNSKEY NSEC RRSIG +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854} +; qname denial +;wab.example.com. IN NSEC wzz.example.com. A NSEC RRSIG +;wab.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nx_nowc.rpl b/src/test/resources/unbound/val_nx_nowc.rpl new file mode 100644 index 000000000..3a5aa18dd --- /dev/null +++ b/src/test/resources/unbound/val_nx_nowc.rpl @@ -0,0 +1,165 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with nxdomain response missing wildcard denial + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} +; wildcard denial +;example.com. IN NSEC abc.example.com. SOA NS DNSKEY NSEC RRSIG +;example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854} +; qname denial +wab.example.com. IN NSEC wzz.example.com. A NSEC RRSIG +wab.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nx_nsec3_collision.rpl b/src/test/resources/unbound/val_nx_nsec3_collision.rpl new file mode 100644 index 000000000..41cd0d6e7 --- /dev/null +++ b/src/test/resources/unbound/val_nx_nsec3_collision.rpl @@ -0,0 +1,188 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with nxdomain NSEC3 with a collision. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} + +; some collisions added here. Say different chains are being signed +; and some colliding NSEC3 RRs are generated. + +; closest encloser, H(example.com) = 6md8numosa4q9ugkffdo1bmm82t5j39s +; for 1 1 8 - +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHndWrEEbuzezs/4lxeiMgEuUsUbAhR72gJgd/Zmhf80yoxCauw9k5OkCw== ;{id = 2854} + +; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub +; for 1 1 0 - +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854} + +; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3. +; for 1 1 123 aaabb... +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 - s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 - s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854} + +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHndWrEEbuzezs/4lxeiMgEuUsUbAhR72gJgd/Zmhf80yoxCauw9k5OkCw== ;{id = 2854} +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854} +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 - s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 - s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854} + +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nx_nsec3_collision2.rpl b/src/test/resources/unbound/val_nx_nsec3_collision2.rpl new file mode 100644 index 000000000..5c8bed3fa --- /dev/null +++ b/src/test/resources/unbound/val_nx_nsec3_collision2.rpl @@ -0,0 +1,185 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with nxdomain NSEC3 with a salt mismatch. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} + +; some collisions added here. Say different chains are being signed +; and some colliding NSEC3 RRs are generated. + +; closest encloser, H(example.com) = 6md8numosa4q9ugkffdo1bmm82t5j39s +; for 1 1 8 - +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 123 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. AD1r+7exm2FOOkSqFvmoLt/VrovAYWd5Ouz9m5MxGlLFbTU2ja2Hupk= + +; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub +; for 1 1 0 - +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854} + +; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3. +; for 1 1 123 aaabb... +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 - s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 - s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854} + +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 123 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. AD1r+7exm2FOOkSqFvmoLt/VrovAYWd5Ouz9m5MxGlLFbTU2ja2Hupk= +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854} +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 - s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 - s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854} + +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nx_nsec3_collision3.rpl b/src/test/resources/unbound/val_nx_nsec3_collision3.rpl new file mode 100644 index 000000000..f17aec4b1 --- /dev/null +++ b/src/test/resources/unbound/val_nx_nsec3_collision3.rpl @@ -0,0 +1,185 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with nxdomain NSEC3 with a collision. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} + +; some collisions added here. Say different chains are being signed +; and some colliding NSEC3 RRs are generated. + +; closest encloser, H(example.com) = 6md8numosa4q9ugkffdo1bmm82t5j39s +; for 1 1 8 - +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 123 aabb00123456bbccde 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. ACVnRA7g5H4x/BMgcw6xpoS9amkqcAVSQA0G+QC4G3eIyjBbIogvHic= + +; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub +; for 1 1 0 - +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854} + +; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3. +; for 1 1 123 aaabb... +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 - s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 - s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854} + +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 123 aabb00123456bbccde 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. ACVnRA7g5H4x/BMgcw6xpoS9amkqcAVSQA0G+QC4G3eIyjBbIogvHic= +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854} +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 - s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 - s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854} + +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nx_nsec3_collision4.rpl b/src/test/resources/unbound/val_nx_nsec3_collision4.rpl new file mode 100644 index 000000000..2d20bfd5e --- /dev/null +++ b/src/test/resources/unbound/val_nx_nsec3_collision4.rpl @@ -0,0 +1,185 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with nxdomain NSEC3 with a collision. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} + +; some collisions added here. Say different chains are being signed +; and some colliding NSEC3 RRs are generated. + +; closest encloser, H(example.com) = 6md8numosa4q9ugkffdo1bmm82t5j39s +; for 1 1 8 - +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 255 1 123 aabb00123456bbccde 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. AD8aB+T5nfcJUatP7WxLgUMzwByVMnTWY2T5ZDPKZri011kQC3lt7qQ= + +; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub +; for 1 1 0 - +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854} + +; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3. +; for 1 1 123 aaabb... +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 - s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 - s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854} + +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 255 1 123 aabb00123456bbccde 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. AD8aB+T5nfcJUatP7WxLgUMzwByVMnTWY2T5ZDPKZri011kQC3lt7qQ= +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854} +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 - s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 - s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854} + +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nx_nsec3_hashalg.rpl b/src/test/resources/unbound/val_nx_nsec3_hashalg.rpl new file mode 100644 index 000000000..b4741103f --- /dev/null +++ b/src/test/resources/unbound/val_nx_nsec3_hashalg.rpl @@ -0,0 +1,161 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with unknown NSEC3 hash algorithm. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} + +; closest encloser, H(example.com). +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN NSEC3 255 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. AAjRJ6G5VolBi6wQ8fO1gzgDZTEAPVLPc0YhnDLLNfl1hYxJVyLqd6A= + +; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854} + +; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3. +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854} + +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN NSEC3 255 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926115752 20070829115752 2854 example.com. AAjRJ6G5VolBi6wQ8fO1gzgDZTEAPVLPc0YhnDLLNfl1hYxJVyLqd6A= +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854} +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854} + +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nx_nsec3_nsecmix.rpl b/src/test/resources/unbound/val_nx_nsec3_nsecmix.rpl new file mode 100644 index 000000000..0396c6132 --- /dev/null +++ b/src/test/resources/unbound/val_nx_nsec3_nsecmix.rpl @@ -0,0 +1,167 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with NSEC3 responses that has an NSEC mixed in. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} + +wab.example.com. IN NSEC wzz.example.com. A NSEC RRSIG +wab.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854} + +; NSEC3 +; closest encloser, H(example.com). +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854} + +; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854} + +; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3. +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854} + +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} +wab.example.com. IN NSEC wzz.example.com. A NSEC RRSIG +wab.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFG5DZSEIZC088rjcB1e6sQx8nQz4AhUAtQ09tP1YYLJkhL/Wg1KV2pW4Ivk= ;{id = 2854} +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854} +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854} +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854} + +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nx_nsec3_params.rpl b/src/test/resources/unbound/val_nx_nsec3_params.rpl new file mode 100644 index 000000000..dd3ab6b57 --- /dev/null +++ b/src/test/resources/unbound/val_nx_nsec3_params.rpl @@ -0,0 +1,164 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with nxdomain NSEC3 several parameters. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} + +; closest encloser, H(example.com). +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854} + +; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854} + +; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3. +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854} + +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG +6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854} +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG +4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854} +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854} + +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_nx_overreach.rpl b/src/test/resources/unbound/val_nx_overreach.rpl new file mode 100644 index 000000000..c63d4da5c --- /dev/null +++ b/src/test/resources/unbound/val_nx_overreach.rpl @@ -0,0 +1,166 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with overreaching NSEC record + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} +; wildcard denial +example.com. IN NSEC abc.example.com. SOA NS DNSKEY NSEC RRSIG +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHV2IBWyTmDJvZ+sT+WsGrJX0op/AhQkAijjnjPAtx/tNub2FAGqcexJSg== ;{id = 2854} +; qname denial +; The overreaching NSEC record; it tries to deny other .com zones! +wab.example.com. IN NSEC wzz.foo.com. A NSEC RRSIG +wab.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AEimIB2N5u7AQOb5IBMnckASZ4MlhBxziJy+zVUjLov/s7q85j8eWQc= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_pos_truncns.rpl b/src/test/resources/unbound/val_pos_truncns.rpl new file mode 100644 index 000000000..57f320ea3 --- /dev/null +++ b/src/test/resources/unbound/val_pos_truncns.rpl @@ -0,0 +1,151 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with badly truncated positive response + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. + +; Truncated, no signature for NS record. +;;;example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +;;;SECTION ADDITIONAL +;;;ns.example.com. IN A 1.2.3.4 +;;;ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_positive.rpl b/src/test/resources/unbound/val_positive.rpl new file mode 100644 index 000000000..512b1653a --- /dev/null +++ b/src/test/resources/unbound/val_positive.rpl @@ -0,0 +1,154 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with positive response + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_positive_nosigs.rpl b/src/test/resources/unbound/val_positive_nosigs.rpl new file mode 100644 index 000000000..e57836f90 --- /dev/null +++ b/src/test/resources/unbound/val_positive_nosigs.rpl @@ -0,0 +1,181 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with positive response, signatures removed. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +ENTRY_END + +; barely valid nodata for AAAA +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +ENTRY_END + + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DS query for subzone +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN DS +SECTION ANSWER +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AD NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_positive_wc.rpl b/src/test/resources/unbound/val_positive_wc.rpl new file mode 100644 index 000000000..5384acf63 --- /dev/null +++ b/src/test/resources/unbound/val_positive_wc.rpl @@ -0,0 +1,162 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with positive wildcard response + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +; from +; *.example.com. IN A 10.20.30.40 +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFFi0g6v/20JyUxoQq7XM0iQnaMMOAhRjhUCLZjMqR1tj2MGGOgfhb1BSyw== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +; denies www.example.com. +ns.example.com. IN NSEC zork.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFGbrr95DAxBIRKFmr4BUm5OxXWMUAhUAsduS0iF2Pa7FagrbAPrJxZ2KPNs= ;{id = 2854} + +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFFi0g6v/20JyUxoQq7XM0iQnaMMOAhRjhUCLZjMqR1tj2MGGOgfhb1BSyw== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +ns.example.com. IN NSEC zork.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFGbrr95DAxBIRKFmr4BUm5OxXWMUAhUAsduS0iF2Pa7FagrbAPrJxZ2KPNs= ;{id = 2854} + +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_positive_wc_nodeny.rpl b/src/test/resources/unbound/val_positive_wc_nodeny.rpl new file mode 100644 index 000000000..e87611e89 --- /dev/null +++ b/src/test/resources/unbound/val_positive_wc_nodeny.rpl @@ -0,0 +1,169 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with positive wildcard without qname denial + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN A +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA REFUSED +SECTION QUESTION +ns.example.com. IN AAAA +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +; from +; *.example.com. IN A 10.20.30.40 +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFFi0g6v/20JyUxoQq7XM0iQnaMMOAhRjhUCLZjMqR1tj2MGGOgfhb1BSyw== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +; denies www.example.com. +; ns.example.com. IN NSEC zork.example.com. A RRSIG NSEC +; ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFGbrr95DAxBIRKFmr4BUm5OxXWMUAhUAsduS0iF2Pa7FagrbAPrJxZ2KPNs= ;{id = 2854} + +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_qds_badanc.rpl b/src/test/resources/unbound/val_qds_badanc.rpl new file mode 100644 index 000000000..dc686153f --- /dev/null +++ b/src/test/resources/unbound/val_qds_badanc.rpl @@ -0,0 +1,224 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with DS query and a bad anchor +; The anchor is the wrong side of the zone cut; no parent anchor. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response to DS query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +sub.example.com. IN DS +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_qds_oneanc.rpl b/src/test/resources/unbound/val_qds_oneanc.rpl new file mode 100644 index 000000000..f21ab422b --- /dev/null +++ b/src/test/resources/unbound/val_qds_oneanc.rpl @@ -0,0 +1,224 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with DS query and one anchor + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response to DS query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +sub.example.com. IN DS +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_qds_twoanc.rpl b/src/test/resources/unbound/val_qds_twoanc.rpl new file mode 100644 index 000000000..4e4f2e732 --- /dev/null +++ b/src/test/resources/unbound/val_qds_twoanc.rpl @@ -0,0 +1,225 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with DS query and two anchors + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response to DS query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +sub.example.com. IN DS +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_refer_unsignadd.rpl b/src/test/resources/unbound/val_refer_unsignadd.rpl new file mode 100644 index 000000000..90e0f0421 --- /dev/null +++ b/src/test/resources/unbound/val_refer_unsignadd.rpl @@ -0,0 +1,353 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + trust-anchor: "example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}" + val-override-date: "20070916134226" + access-control: 127.0.0.1 allow_snoop + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with a referral with unsigned additional +; but the additional record is from a signed zone, +; and a proper proof for no DS or DSNKEY types is forthcoming. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +; Skip .com, to provide unsigned referral A record for ns.example.net +; and go straight to example.com. +example.com. IN NS ns.example.com. +example.com. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.net IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.net IN A 1.2.3.5 +ENTRY_END +ENTRY_BEGIN +MATCH opcode qname +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. IN NS ns.example.net. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to example.com. DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NS ns.example.net. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 11.12.13.14 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFC6+BbFcL95vH6SOhMLGotcBospIAhUAhjfof+1VY5GsCp5b9UOD7UydBzI= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. IN NS ns.example.net. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; example.com zone in ns.example.net. +; response to example.com. DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NS ns.example.net. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 11.12.13.14 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFC6+BbFcL95vH6SOhMLGotcBospIAhUAhjfof+1VY5GsCp5b9UOD7UydBzI= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; example.net zone in ns.example.net. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; deny DS and DNSKEY types +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN DS +SECTION AUTHORITY +example.net. IN SOA ns-pri.ripe.net. ops.ripe.net. 2007092101 3600 7200 1209600 7200 +example.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. E1T+LAsAk7rtA6mnKRlgca5Lk+NJYUNNkfco1CrUp5IZZ1+QL7u7CINQBcndJkvoBwKhdVI8rz2LLW19wIywTw== ;{id = 30899} +ns.example.net IN NSEC ns-new.example.net. A AAAA RRSIG NSEC +ns.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. HLkPBWA8Hstub8e/zdp/A8xyI6+fnnMsA9oiZ20VBuSTaBknX0SXmVulNhVGfdmz9fYmYFUr1zjqvPFG+ErO8A== ;{id = 30899} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN DNSKEY +SECTION AUTHORITY +example.net. IN SOA ns-pri.ripe.net. ops.ripe.net. 2007092101 3600 7200 1209600 7200 +example.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. E1T+LAsAk7rtA6mnKRlgca5Lk+NJYUNNkfco1CrUp5IZZ1+QL7u7CINQBcndJkvoBwKhdVI8rz2LLW19wIywTw== ;{id = 30899} +ns.example.net IN NSEC ns-new.example.net. A RRSIG NSEC +ns.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. fAbDxuMP6lMqi71Wa9nsByG7buoJpfxyQhjps6HXOPzOC24UCCjdvZfZltlRy7Yrfrs28MjHwYEmHFmCeFpfPw== ;{id = 30899} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN SOA ns-pri.ripe.net. ops.ripe.net. 2007092101 3600 7200 1209600 7200 +example.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. E1T+LAsAk7rtA6mnKRlgca5Lk+NJYUNNkfco1CrUp5IZZ1+QL7u7CINQBcndJkvoBwKhdVI8rz2LLW19wIywTw== ;{id = 30899} +ns.example.net IN NSEC ns-new.example.net. A RRSIG NSEC +ns.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. fAbDxuMP6lMqi71Wa9nsByG7buoJpfxyQhjps6HXOPzOC24UCCjdvZfZltlRy7Yrfrs28MjHwYEmHFmCeFpfPw== ;{id = 30899} +ENTRY_END + +RANGE_END + +; prime cache with example.com. NS rrset. +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 11.12.13.14 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFC6+BbFcL95vH6SOhMLGotcBospIAhUAhjfof+1VY5GsCp5b9UOD7UydBzI= ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; test nonrec referral validation +STEP 11 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +bla.example.com. IN A +ENTRY_END + +STEP 12 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AD DO NOERROR +SECTION QUESTION +bla.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NS ns.example.net. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926135752 20070829135752 2854 example.com. MCwCFEsWNXjGDFwH/0NGClonWUQlBaiFAhR/dt0asVj8M0VKs7PdTEKN/Y9i5w== ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_referd.rpl b/src/test/resources/unbound/val_referd.rpl new file mode 100644 index 000000000..d475f835e --- /dev/null +++ b/src/test/resources/unbound/val_referd.rpl @@ -0,0 +1,176 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + harden-referral-path: no + access-control: 127.0.0.1 allow_snoop + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with cache referral + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. AD8qRJvXxOtmSuy8Ogyo0roA294qOtNT2E1m05kSU0jbxN4qLYn0OmU= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END +RANGE_END + +; first ask for +CD and get the data in the cache. +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD CD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 3 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA CD NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +; now the data is in the cache, validate a referral from cache +; note, no recursion desired +STEP 5 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +bla.example.com. IN A +ENTRY_END + +STEP 6 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AD DO NOERROR +SECTION QUESTION +bla.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_referglue.rpl b/src/test/resources/unbound/val_referglue.rpl new file mode 100644 index 000000000..dd7e7de91 --- /dev/null +++ b/src/test/resources/unbound/val_referglue.rpl @@ -0,0 +1,301 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + directory: "" + access-control: 127.0.0.1 allow_snoop + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with cache referral with unsigned glue + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. IN NS ns2.sub.example.com. +example.com. 3600 IN RRSIG NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ns2.sub.example.com. IN A 100.200.30.40 +ENTRY_END + +; referral, for all types +ENTRY_BEGIN +MATCH opcode qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns2.sub.example.com. IN A +SECTION AUTHORITY +sub.example.com. IN NS ns2.sub.example.com. +sub.example.com. IN NSEC tlib.example.com. NS RRSIG NSEC +sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. ABdrfr+eKT1syk2qFlV01wLOqQdvNMpEtPmGAM6CrtyQAje/ddXSi9A= ;{id = 2854} +ns2.sub.example.com. IN A 100.200.30.40 +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NS ns2.sub.example.com. +example.com. 3600 IN RRSIG NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ns2.sub.example.com. IN A 100.200.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NS ns2.sub.example.com. +example.com. 3600 IN RRSIG NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +; This is from an unsigned subzone +ns2.sub.example.com. IN A 100.200.30.40 +ENTRY_END +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC +sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFEG4WWIYBDknWlr2d8S42UZHRuByAhRgnDELUAccGZTCVzG+xl/locivpA== ;{id = 2854} +ENTRY_END +RANGE_END + +; ns2.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 100.200.30.40 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. IN NS ns2.sub.example.com. +example.com. 3600 IN RRSIG NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NS ns2.sub.example.com. +example.com. 3600 IN RRSIG NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NS ns2.sub.example.com. +example.com. 3600 IN RRSIG NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +; This is from an unsigned subzone +ns2.sub.example.com. IN A 100.200.30.40 +ENTRY_END +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC +sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFEG4WWIYBDknWlr2d8S42UZHRuByAhRgnDELUAccGZTCVzG+xl/locivpA== ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns2.sub.example.com. IN A +SECTION ANSWER +ns2.sub.example.com. IN A 100.200.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns2.sub.example.com. IN AAAA +SECTION ANSWER +ENTRY_END + +RANGE_END + +; first ask for +CD and get the data in the cache. +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD CD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +STEP 3 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA CD NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NS ns2.sub.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +; already validated and thus stripped from the answer. +;ns2.sub.example.com. IN A 100.200.30.40 +ENTRY_END + +; now the data is in the cache, validate a referral from cache +; note, no recursion desired +STEP 5 QUERY +ENTRY_BEGIN +REPLY DO +SECTION QUESTION +bla.example.com. IN A +ENTRY_END + +STEP 6 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AD DO NOERROR +SECTION QUESTION +bla.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN NS ns2.sub.example.com. +example.com. 3600 IN RRSIG NS DSA 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCiyp/3hxwKS5QZPnjk36t16s4QTwIUI0m+MBVOAPacANrXXFKieyZd39o= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_rrsig.rpl b/src/test/resources/unbound/val_rrsig.rpl new file mode 100644 index 000000000..0b672e0f2 --- /dev/null +++ b/src/test/resources/unbound/val_rrsig.rpl @@ -0,0 +1,170 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with qtype RRSIG response + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query for A +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +ENTRY_END + +; RRSIG query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN RRSIG +SECTION ANSWER +;www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN RRSIG +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.example.com. IN RRSIG +SECTION ANSWER +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_secds.rpl b/src/test/resources/unbound/val_secds.rpl new file mode 100644 index 000000000..61786276d --- /dev/null +++ b/src/test/resources/unbound/val_secds.rpl @@ -0,0 +1,214 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with secure delegation + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. 3600 IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_secds_nosig.rpl b/src/test/resources/unbound/val_secds_nosig.rpl new file mode 100644 index 000000000..453cfa6ad --- /dev/null +++ b/src/test/resources/unbound/val_secds_nosig.rpl @@ -0,0 +1,232 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with no signatures after secure delegation + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; barely valid nodata for AAAA +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +;sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +;ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; barely valid nodata for AAAA +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.sub.example.com. IN AAAA +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +;sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +;ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.sub.example.com. IN A +SECTION ANSWER +ns.sub.example.com. IN A 1.2.3.6 +;ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +;sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +;sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +;ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +;www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_spurious_ns.rpl b/src/test/resources/unbound/val_spurious_ns.rpl new file mode 100644 index 000000000..bd79db19c --- /dev/null +++ b/src/test/resources/unbound/val_spurious_ns.rpl @@ -0,0 +1,155 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with spurious unsigned NS in auth section + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +;example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +SECTION AUTHORITY +; removed by spurious NS record removal code +;;example.com. IN NS ns.example.com. +;;example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_stub_noroot.rpl b/src/test/resources/unbound/val_stub_noroot.rpl new file mode 100644 index 000000000..4235bcc52 --- /dev/null +++ b/src/test/resources/unbound/val_stub_noroot.rpl @@ -0,0 +1,86 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "lp0.eu. IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3" + val-override-date: "20100913111500" + ; the dlv anchor is completely ignored, but here to test that. + dlv-anchor: "dlv.isc.org. IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3" + fake-sha1: yes + trust-anchor-signaling: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 81.187.81.187 +stub-zone: + name: "lp0.eu" + stub-addr: 81.2.80.65 + stub-prime: no +CONFIG_END + +SCENARIO_BEGIN Test validation of stub zone without root prime. + +; this server does not respond. (for the root) +RANGE_BEGIN 0 100 + ADDRESS 81.187.81.187 +ENTRY_BEGIN +MATCH +ADJUST copy_id copy_query +REPLY QR SERVFAIL +SECTION QUESTION +. IN NS +ENTRY_END +RANGE_END + +; lp0.eu server +RANGE_BEGIN 0 100 + ADDRESS 81.2.80.65 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +lp0.eu. IN DNSKEY +SECTION ANSWER +lp0.eu. 3600 IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30900 (ksk), size = 512b} +lp0.eu. 3600 IN RRSIG DNSKEY 5 2 3600 20101013111500 20100909111500 30900 lp0.eu. zWYOT1zmB2k7hMl7mke7k1UNp4lDveUxi2EnF0tW++j2/qJopiAAcFHBo2GOo88jHcLWycurf0Qo+YGXfFbpEg== ;{id = 30900} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +proxima.lp0.eu. IN A +SECTION ANSWER +proxima.lp0.eu. IN A 81.2.80.65 +proxima.lp0.eu. 3600 IN RRSIG A 5 3 3600 20101013111500 20100909111500 30900 lp0.eu. xwS3PLSlxh500pDYh/t6fnLzxQAra6n3nhzk4fVqLzwmneBIfcx4F/vO44wRzXSprz1UbMkVUcruTbQYlLFBEg== ;{id = 30900} +SECTION AUTHORITY +lp0.eu. IN NS proxima.lp0.eu. +lp0.eu. 3600 IN RRSIG NS 5 2 3600 20101013111500 20100909111500 30900 lp0.eu. KM7Zfwc1b0Ay8Ezer0ZAERPbmgGzKIrTfZMxzXzSkVx5DWirTtdgPTNVG/y9fkN4tUARNhElN2eb0ufb04Hdgw== ;{id = 30900} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +proxima.lp0.eu. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +proxima.lp0.eu. IN A +SECTION ANSWER +proxima.lp0.eu. IN A 81.2.80.65 +proxima.lp0.eu. 3600 IN RRSIG A 5 3 3600 20101013111500 20100909111500 30900 lp0.eu. xwS3PLSlxh500pDYh/t6fnLzxQAra6n3nhzk4fVqLzwmneBIfcx4F/vO44wRzXSprz1UbMkVUcruTbQYlLFBEg== ;{id = 30900} +SECTION AUTHORITY +lp0.eu. IN NS proxima.lp0.eu. +lp0.eu. 3600 IN RRSIG NS 5 2 3600 20101013111500 20100909111500 30900 lp0.eu. KM7Zfwc1b0Ay8Ezer0ZAERPbmgGzKIrTfZMxzXzSkVx5DWirTtdgPTNVG/y9fkN4tUARNhElN2eb0ufb04Hdgw== ;{id = 30900} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_stubds.rpl b/src/test/resources/unbound/val_stubds.rpl new file mode 100644 index 000000000..7e1dfedec --- /dev/null +++ b/src/test/resources/unbound/val_stubds.rpl @@ -0,0 +1,230 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +stub-zone: + name: "sub.example.com" + stub-addr: 1.2.3.6 +CONFIG_END + +SCENARIO_BEGIN Test stub with DS query +; The stub zone is linked validly with a DS to the public internet zone. +; unbound just has to be able to ask the DS from the right server (not +; from the stub). + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for DS of sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response for qtype DS. This is not available here. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR SERVFAIL +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. 3600 IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_ta_algo_dnskey.rpl b/src/test/resources/unbound/val_ta_algo_dnskey.rpl new file mode 100644 index 000000000..074295ec5 --- /dev/null +++ b/src/test/resources/unbound/val_ta_algo_dnskey.rpl @@ -0,0 +1,185 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}" + trust-anchor: "example.com. 3600 IN DS 30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with multiple algorithm trust anchor + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} +ENTRY_END + + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 512b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. AKIIYDOGHogglFqJK94ZtOnF7EfGikgAyloMNRSMCrQgFaFkmcOyjrc= ;{id = 2854} +example.com. 3600 IN RRSIG DNSKEY 5 2 3600 20070926134150 20070829134150 30899 example.com. J55fsz1GGMnngc4r50xvXDUdaVMlfcLKLVsfMhwNLF+ERac5XV/lLRAc/aSER+qQdsSo0CrjYjy1wat7YQpDAA== ;{id = 30899} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +www.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899} +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_ta_algo_dnskey_dp.rpl b/src/test/resources/unbound/val_ta_algo_dnskey_dp.rpl new file mode 100644 index 000000000..06de4351a --- /dev/null +++ b/src/test/resources/unbound/val_ta_algo_dnskey_dp.rpl @@ -0,0 +1,186 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}" + trust-anchor: "example.com. 3600 IN DS 30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + harden-algo-downgrade: no + fake-sha1: yes + trust-anchor-signaling: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with multiple algorithm trust anchor without harden + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} +ENTRY_END + + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 512b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. AKIIYDOGHogglFqJK94ZtOnF7EfGikgAyloMNRSMCrQgFaFkmcOyjrc= ;{id = 2854} +example.com. 3600 IN RRSIG DNSKEY 5 2 3600 20070926134150 20070829134150 30899 example.com. J55fsz1GGMnngc4r50xvXDUdaVMlfcLKLVsfMhwNLF+ERac5XV/lLRAc/aSER+qQdsSo0CrjYjy1wat7YQpDAA== ;{id = 30899} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899} +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899} +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_ta_algo_missing.rpl b/src/test/resources/unbound/val_ta_algo_missing.rpl new file mode 100644 index 000000000..a905c223b --- /dev/null +++ b/src/test/resources/unbound/val_ta_algo_missing.rpl @@ -0,0 +1,175 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}" + trust-anchor: "example.com. 3600 IN DS 30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512" + trust-anchor: "example.com. 3600 IN DS 30899 7 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + harden-algo-downgrade: yes + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with multiple algorithm missing one + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} +ENTRY_END + + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 512b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. AKIIYDOGHogglFqJK94ZtOnF7EfGikgAyloMNRSMCrQgFaFkmcOyjrc= ;{id = 2854} +example.com. 3600 IN RRSIG DNSKEY 5 2 3600 20070926134150 20070829134150 30899 example.com. J55fsz1GGMnngc4r50xvXDUdaVMlfcLKLVsfMhwNLF+ERac5XV/lLRAc/aSER+qQdsSo0CrjYjy1wat7YQpDAA== ;{id = 30899} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +www.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_ta_algo_missing_dp.rpl b/src/test/resources/unbound/val_ta_algo_missing_dp.rpl new file mode 100644 index 000000000..363d161c0 --- /dev/null +++ b/src/test/resources/unbound/val_ta_algo_missing_dp.rpl @@ -0,0 +1,189 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}" + trust-anchor: "example.com. 3600 IN DS 30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512" + trust-anchor: "example.com. 3600 IN DS 30899 7 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + harden-algo-downgrade: no + fake-sha1: yes + trust-anchor-signaling: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with multiple algorithm missing one + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} +ENTRY_END + + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 512b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. AKIIYDOGHogglFqJK94ZtOnF7EfGikgAyloMNRSMCrQgFaFkmcOyjrc= ;{id = 2854} +example.com. 3600 IN RRSIG DNSKEY 5 2 3600 20070926134150 20070829134150 30899 example.com. J55fsz1GGMnngc4r50xvXDUdaVMlfcLKLVsfMhwNLF+ERac5XV/lLRAc/aSER+qQdsSo0CrjYjy1wat7YQpDAA== ;{id = 30899} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +www.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 3600 IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. JNWECShNE+nCLQwOXJJ3xpUkh2G+FCh5nk8uYAHIVQRse/BIvCMSlvRrtVyw9RnXvk5RR2bEgN0pRdLWW7ug5Q== ;{id = 30899} +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} + +SECTION AUTHORITY +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +example.com. 3600 IN RRSIG NS 5 2 3600 20070926134150 20070829134150 30899 example.com. YTqtYba73HIOQuPr5oDyIX9pfmz1ybEBjwlD/jUgcPmFINUOZ9FeqG6ywgRKwn4AizkKTK00p1sxZYMKxl91wg== ;{id = 30899} + +SECTION ADDITIONAL +ns.example.com. 3600 IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ns.example.com. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.com. Dn1ziMKrc3NdJkSv8g61Y9WNk3+BAuwCwnYzAZiHmkejkSCPViLJN7+f4Conp9l8LkTl50ZnLgoYrrUYNhMj6w== ;{id = 30899} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_twocname.rpl b/src/test/resources/unbound/val_twocname.rpl new file mode 100644 index 000000000..d8e8cf316 --- /dev/null +++ b/src/test/resources/unbound/val_twocname.rpl @@ -0,0 +1,135 @@ +; config options +server: + trust-anchor: "ORG. DS 21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2" + val-override-date: "20091116100204" + fake-sha1: yes + trust-anchor-signaling: no + minimal-responses: no + +forward-zone: + name: "." + forward-addr: 192.0.2.1 +CONFIG_END + +SCENARIO_BEGIN Test validator with unsigned CNAME to signed CNAME to data + +RANGE_BEGIN 0 100 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +k.root-servers.org. IN A +SECTION ANSWER +k.root-servers.org. 3600 IN CNAME www.ripe.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.ripe.net. IN A +SECTION ANSWER +www.ripe.net. 900 IN CNAME aquila-www.ripe.net. +www.ripe.net. 900 IN RRSIG CNAME 5 3 900 20091216060007 20091116060007 19386 ripe.net. NjCpVZC/LLnoV1pa91GSL9SP65n7eFKoe/OcuKzUPHumXIDrXnE23F1rNfbjYpVrQDEsG6iInI7Edh2MCS4NI4tLwrytEDgCX7ZnqIMIOV2/gJa5ZkLlmVT71Agnfi788q7ozEq14zlhY+brD5kyBiEcfOhH/qkX+zJuGdt1AcQwMxYn/GQ0Z32k5ulBnzrIFWObBksO ;{id = 19386} +SECTION AUTHORITY +ripe.net. 172800 IN NS ns3.nic.fr. +ripe.net. 172800 IN NS sunic.sunet.se. +ripe.net. 172800 IN NS ns-pri.ripe.net. +ripe.net. 172800 IN NS sns-pb.isc.org. +ripe.net. 172800 IN RRSIG NS 5 2 172800 20091216060007 20091116060007 19386 ripe.net. Km2zmkvPOjRddE+SlFBokj2QVroW/R8D2C6u6uCtFI5HVLZTV+oxrIw1ZYYWwe/Jf2CpVBzh3P6iHtWvojM8DHhfkO84wsO33ssqzIzq7e8nDOinqeeGB7yyl642xHCt0jObRewX1hU6Deubs42pFZmO6YKL8Tx6Jb5oe2yyoVebv4bX2qLoEPFw9plE0VavfD397Y4g ;{id = 19386} +SECTION ADDITIONAL +ns-pri.ripe.net. 172800 IN A 193.0.0.195 +ns-pri.ripe.net. 172800 IN AAAA 2001:610:240:0:53::3 +ns-pri.ripe.net. 172800 IN RRSIG A 5 3 172800 20091216060007 20091116060007 19386 ripe.net. BRxWwUNDivDxXnrPlj3/VPUBrf/bk8tKljRG0pQ/7XucTUMR9ae1huNVTC+FTrfZjggqU9/PZlyJ9TwI1lp7J1lEua1mByCHObzHlO7Cq/m7sjZ9cFvpIm6ke2c+xxjs3X8mHsiyftSsCCSvB43DLhgcJtib6QZlCpFxa4Y3sg1fx+1GENrbKlcuJGGqkdrAw0irvKEv ;{id = 19386} +ns-pri.ripe.net. 172800 IN RRSIG AAAA 5 3 172800 20091216060007 20091116060007 19386 ripe.net. Ngd/GLGHakPj1A4rna19OPFpMPVSgCj7CgBtsuwjGwurMFEje4F4miNleazkdQKqe2kRMpB+Kg2OBnnRZpjR2PR9ZjRv6rss6/DL5qMRkDH6Xghwl5ZZzIONTgRSZlHKaHQZ7BHR2azZTo9wupK7VuE7f7EWmjBc5SDNiNOfwuEujUg2DvO1JOv16P2JLeQ3Vst4ovxW ;{id = 19386} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +aquila-www.ripe.net. IN A +SECTION ANSWER +aquila-www.ripe.net. 600 IN A 193.0.19.25 +aquila-www.ripe.net. 600 IN RRSIG A 5 3 600 20091216060007 20091116060007 19386 ripe.net. RuPSSATpwiS5hY4WTt7x9Hzq1tQ+ttWgq0hpgJPSorqJHlLbvgucXd8LhrcIFmBm/K/3sj9UYP1viCjbqfvjGToUdv+g4z9KrNq3FoAal6WSyTBgxAgvnHjNi9gRTZBm4O+rUQCKUD8XwlG6r3SKo6iOeSM84CHeQkGjsp5GNxpGnIagWkr5BzjKhaaUc+i82vk1SrNa ;{id = 19386} +SECTION AUTHORITY +ripe.net. 172800 IN NS ns3.nic.fr. +ripe.net. 172800 IN NS sunic.sunet.se. +ripe.net. 172800 IN NS ns-pri.ripe.net. +ripe.net. 172800 IN NS sns-pb.isc.org. +ripe.net. 172800 IN RRSIG NS 5 2 172800 20091216060007 20091116060007 19386 ripe.net. Km2zmkvPOjRddE+SlFBokj2QVroW/R8D2C6u6uCtFI5HVLZTV+oxrIw1ZYYWwe/Jf2CpVBzh3P6iHtWvojM8DHhfkO84wsO33ssqzIzq7e8nDOinqeeGB7yyl642xHCt0jObRewX1hU6Deubs42pFZmO6YKL8Tx6Jb5oe2yyoVebv4bX2qLoEPFw9plE0VavfD397Y4g ;{id = 19386} +SECTION ADDITIONAL +ns-pri.ripe.net. 172800 IN A 193.0.0.195 +ns-pri.ripe.net. 172800 IN AAAA 2001:610:240:0:53::3 +ns-pri.ripe.net. 172800 IN RRSIG A 5 3 172800 20091216060007 20091116060007 19386 ripe.net. BRxWwUNDivDxXnrPlj3/VPUBrf/bk8tKljRG0pQ/7XucTUMR9ae1huNVTC+FTrfZjggqU9/PZlyJ9TwI1lp7J1lEua1mByCHObzHlO7Cq/m7sjZ9cFvpIm6ke2c+xxjs3X8mHsiyftSsCCSvB43DLhgcJtib6QZlCpFxa4Y3sg1fx+1GENrbKlcuJGGqkdrAw0irvKEv ;{id = 19386} +ns-pri.ripe.net. 172800 IN RRSIG AAAA 5 3 172800 20091216060007 20091116060007 19386 ripe.net. Ngd/GLGHakPj1A4rna19OPFpMPVSgCj7CgBtsuwjGwurMFEje4F4miNleazkdQKqe2kRMpB+Kg2OBnnRZpjR2PR9ZjRv6rss6/DL5qMRkDH6Xghwl5ZZzIONTgRSZlHKaHQZ7BHR2azZTo9wupK7VuE7f7EWmjBc5SDNiNOfwuEujUg2DvO1JOv16P2JLeQ3Vst4ovxW ;{id = 19386} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ORG. IN DNSKEY +SECTION ANSWER +ORG. 900 IN DNSKEY 256 3 7 AwEAAdV7bl0omw53nFPoUZSowSTSTDpQO4K8th19coBjlS0iMIWb0NF5YzGkoeditMS8ZLkgc9wS9txeH6XGHzwqJNc5eQcQEOasmC7vqaopoeN/GP/ZkUMbtNTcN1qzS9WzJ4gToxeNCHkAc7LZGh5XY/v1n599hk/ifotV/ZDGhN+H ;{id = 5273 (zsk), size = 1024b} +ORG. 900 IN DNSKEY 257 3 7 AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDodnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mmGssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3AbSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6tXC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2mx7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rjCG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8KjDqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU= ;{id = 21366 (ksk), size = 2048b} +ORG. 900 IN DNSKEY 257 3 7 AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1bdq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsUACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jIR2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tpdbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r8ti6MNoJEHU= ;{id = 9795 (ksk), size = 2048b} +ORG. 900 IN DNSKEY 256 3 7 AwEAAaT7yoAEj5kX1rW40gMxUgPYGIc6hIPXihtK44jq6UQlZxTeFdsNX6aNaFpSq9pbI19y4JfQvCPPjw2248fwNzgwxfkdyRk7vzKagad2hs8wQ/C7vYuTUoTjrOBRwnsEHix+jYgKZH+lX1ZRKo/YXyMz05KWH+3j5y0VSrKBcdBZ ;{id = 53990 (zsk), size = 1024b} +ORG. 900 IN RRSIG DNSKEY 7 1 900 20091123154522 20091109144522 5273 org. zHcY20bnIBzsl1CXmZdtt8PWPy079Ic3dQ/pLH2z1yCoC+kWGzLIlU/EcWa0rrQzqc9oK+v63xzXFoib3LewcijiGmKYtFcyi3HGfVdJrDFIxmN52x4pZerVZq9NA/FLQ8ZrobkVgYiEAmjMU1OesPPZPwwlPRdSG421q3o3N4Q= ;{id = 5273} +ORG. 900 IN RRSIG DNSKEY 7 1 900 20091123154522 20091109144522 21366 org. Xlh0UQl+Ldig/jBS7Ty9rfeUztG5P7Brjr/Du+XlC7KjUkk/gNfpxgPmIKuA3ZLwgwTvEF6i7CD7b5gEKKC2P8Y5kQjKcjcDZl0+5W1IfpFF1Ka546erCy5cznXT23W5bzODNiraMs7KwvwMlD3LeOCiBeldPKeZ0yxWI/3YXmwAbkky4MApX9khSnilSaewcVSzQM/iOVuCR/+5esNvcKqjgWbT3M4vorzjc7YxVxF2BTgxybDOn4OkWvdeSlDiIVVS+VtxK0U7yIc59mpE7WxoRLtw/Qkd8bjh+KF5izQO2Q/7VxhkJ6pBxxumHwQahlgOQYxWMLqUc/EZnXSQpQ== ;{id = 21366} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +root-servers.org. IN DS +SECTION ANSWER +SECTION AUTHORITY +h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86399 IN NSEC3 1 1 1 d399eaab h9rsfb7fpf2l8hg35cmpc765tdk23rp6 NS SOA RRSIG DNSKEY NSEC3PARAM ; flags: optout +h9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86399 IN RRSIG NSEC3 7 2 86400 20091130090148 20091116080148 5273 org. FL7e/4Lhihh9LKAPDKNmlvEHbjkPY/6GLhtVMWtbSfBS8rAaHuInCD/tbQxCmFmT6e3HXHXkUcjC7BSDFPnlhtB8P2iNjvkdZJ72jVTXDY1P6LuK/OJhRT8DjFlHlvjdNgS5/0HCuGYU5A1GPkWGx1waUmblryPApb8HNSAmdYA= ;{id = 5273} +i8i48ibuph5kgh999ld485qnt660qdag.org. 86399 IN NSEC3 1 1 1 d399eaab i94atlaqkvkoms2q45m5msds8r3414ft A RRSIG ; flags: optout +i8i48ibuph5kgh999ld485qnt660qdag.org. 86399 IN RRSIG NSEC3 7 2 86400 20091125010858 20091111000858 5273 org. WrWFYs2FuzPRYh+hgc8B3ZKL6jiMee2F1FsPNVEx9Ojv76BMELWomI0Zcd90NZbs7kvs5FP1G79s9o3oQHeWVfa6as8Wi6RLn97nX3FVqYI39r7GZnoKj8QGrCsRCatqK4Lsh426X0vzR5CwIA14/XL1w6UQ1KuTHlIu51RidA4= ;{id = 5273} +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +k.root-servers.org. IN A +ENTRY_END +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +k.root-servers.org. IN A +SECTION ANSWER +k.root-servers.org. IN CNAME www.ripe.net. +www.ripe.net. 900 IN CNAME aquila-www.ripe.net. +www.ripe.net. 900 IN RRSIG CNAME 5 3 900 20091216060007 20091116060007 19386 ripe.net. NjCpVZC/LLnoV1pa91GSL9SP65n7eFKoe/OcuKzUPHumXIDrXnE23F1rNfbjYpVrQDEsG6iInI7Edh2MCS4NI4tLwrytEDgCX7ZnqIMIOV2/gJa5ZkLlmVT71Agnfi788q7ozEq14zlhY+brD5kyBiEcfOhH/qkX+zJuGdt1AcQwMxYn/GQ0Z32k5ulBnzrIFWObBksO ;{id = 19386} +aquila-www.ripe.net. 600 IN A 193.0.19.25 +aquila-www.ripe.net. 600 IN RRSIG A 5 3 600 20091216060007 20091116060007 19386 ripe.net. RuPSSATpwiS5hY4WTt7x9Hzq1tQ+ttWgq0hpgJPSorqJHlLbvgucXd8LhrcIFmBm/K/3sj9UYP1viCjbqfvjGToUdv+g4z9KrNq3FoAal6WSyTBgxAgvnHjNi9gRTZBm4O+rUQCKUD8XwlG6r3SKo6iOeSM84CHeQkGjsp5GNxpGnIagWkr5BzjKhaaUc+i82vk1SrNa ;{id = 19386} +SECTION AUTHORITY +ripe.net. 172800 IN NS ns3.nic.fr. +ripe.net. 172800 IN NS sunic.sunet.se. +ripe.net. 172800 IN NS ns-pri.ripe.net. +ripe.net. 172800 IN NS sns-pb.isc.org. +ripe.net. 172800 IN RRSIG NS 5 2 172800 20091216060007 20091116060007 19386 ripe.net. Km2zmkvPOjRddE+SlFBokj2QVroW/R8D2C6u6uCtFI5HVLZTV+oxrIw1ZYYWwe/Jf2CpVBzh3P6iHtWvojM8DHhfkO84wsO33ssqzIzq7e8nDOinqeeGB7yyl642xHCt0jObRewX1hU6Deubs42pFZmO6YKL8Tx6Jb5oe2yyoVebv4bX2qLoEPFw9plE0VavfD397Y4g ;{id = 19386} +SECTION ADDITIONAL +ns-pri.ripe.net. 172800 IN A 193.0.0.195 +ns-pri.ripe.net. 172800 IN AAAA 2001:610:240:0:53::3 +ns-pri.ripe.net. 172800 IN RRSIG A 5 3 172800 20091216060007 20091116060007 19386 ripe.net. BRxWwUNDivDxXnrPlj3/VPUBrf/bk8tKljRG0pQ/7XucTUMR9ae1huNVTC+FTrfZjggqU9/PZlyJ9TwI1lp7J1lEua1mByCHObzHlO7Cq/m7sjZ9cFvpIm6ke2c+xxjs3X8mHsiyftSsCCSvB43DLhgcJtib6QZlCpFxa4Y3sg1fx+1GENrbKlcuJGGqkdrAw0irvKEv ;{id = 19386} +ns-pri.ripe.net. 172800 IN RRSIG AAAA 5 3 172800 20091216060007 20091116060007 19386 ripe.net. Ngd/GLGHakPj1A4rna19OPFpMPVSgCj7CgBtsuwjGwurMFEje4F4miNleazkdQKqe2kRMpB+Kg2OBnnRZpjR2PR9ZjRv6rss6/DL5qMRkDH6Xghwl5ZZzIONTgRSZlHKaHQZ7BHR2azZTo9wupK7VuE7f7EWmjBc5SDNiNOfwuEujUg2DvO1JOv16P2JLeQ3Vst4ovxW ;{id = 19386} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_unalgo_anchor.rpl b/src/test/resources/unbound/val_unalgo_anchor.rpl new file mode 100644 index 000000000..fbbf288a5 --- /dev/null +++ b/src/test/resources/unbound/val_unalgo_anchor.rpl @@ -0,0 +1,153 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 208 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with unsupported algorithm trust anchor + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_unalgo_dlv.rpl b/src/test/resources/unbound/val_unalgo_dlv.rpl new file mode 100644 index 000000000..142beae8d --- /dev/null +++ b/src/test/resources/unbound/val_unalgo_dlv.rpl @@ -0,0 +1,284 @@ +; config options +; The island of trust is at example.com (the DLV repository) +server: + dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with unknown algorithm DLV anchor +; positive response for DLV. +; but only has unknown algos +; have to treat zone as insecure + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +net. IN A +SECTION AUTHORITY +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net. IN NS +SECTION ANSWER +net. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.net. IN A +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; DLV query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net.example.com. IN DLV +SECTION ANSWER +; algo 208 is unknown +example.net.example.com. 3600 IN DLV 30899 208 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix +example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. AFBU1dN/KstcLfQQzy7ZKvPq+2hQg7D6QynqgwI3f8envPQGj782/NA= ;{id = 2854} +;example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix +;example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +net.example.com. IN DLV +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} +example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +com.example.com. IN DLV +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} +example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.5 +; DS RR is +; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix +; DNSKEY prime query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN DNSKEY +SECTION ANSWER +example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; NS query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +; www.example.net query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +www.example.net. 3600 IN A 10.20.30.40 +www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.net. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.example.net. IN A +SECTION ANSWER +www.example.net. 3600 IN A 10.20.30.40 +www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} +SECTION AUTHORITY +example.net. IN NS ns.example.net. +example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.5 +ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_unalgo_ds.rpl b/src/test/resources/unbound/val_unalgo_ds.rpl new file mode 100644 index 000000000..65db9b236 --- /dev/null +++ b/src/test/resources/unbound/val_unalgo_ds.rpl @@ -0,0 +1,203 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with unknown algorithm delegation +; DS has unknown algo only. +; so subzone has to be treated as unsigned. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +; algorithm 208 is unknown. +sub.example.com. 3600 IN DS 30899 208 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. AEMPMNVJAygL0TyRUU+MVgP4FA7jSIpVj6628IdLe7eY3OwWp3hUTnU= ;{id = 2854} +;sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +;sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. 3600 IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_unsec_cname.rpl b/src/test/resources/unbound/val_unsec_cname.rpl new file mode 100644 index 000000000..ad02daec8 --- /dev/null +++ b/src/test/resources/unbound/val_unsec_cname.rpl @@ -0,0 +1,362 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with DS, unsec, cname sequence. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.b.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.b.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for delegation to c.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +c.c.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +c.example.com. IN NS ns.c.example.com. +c.example.com. IN NSEC d.example.com. NS RRSIG NSEC +c.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDQ1xBqQ8Yxy7d7MbfAOg9g+dInHAhUAgP2w61bvME+hLWFiNg42Ny02/vo= ;{id = 2854} +SECTION ADDITIONAL +ns.c.example.com. IN A 1.2.3.8 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +c.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +c.example.com. IN NSEC d.example.com. NS RRSIG NSEC +c.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFDQ1xBqQ8Yxy7d7MbfAOg9g+dInHAhUAgP2w61bvME+hLWFiNg42Ny02/vo= ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.b.sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to query of interest +; another delegation, validated unsecure. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a.b.sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +b.sub.example.com. IN NS ns.b.sub.example.com. +b.sub.example.com. IN NSEC c.sub.example.com. NS NSEC RRSIG +b.sub.example.com. 3600 IN RRSIG NSEC 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. KPdURTUrbQvc6OXtDZaH3+14uO2qPUPIFO86aTNZ/Ujy3d2RMSB7fkSSulDO6QDSBEUhr9WgbQr0/YoljCBirA== ;{id = 30899} +SECTION ADDITIONAL +ns.b.sub.example.com. IN A 1.2.3.7 +ENTRY_END + +; b DS query. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +b.sub.example.com. IN DS +SECTION AUTHORITY +b.sub.example.com. IN NSEC c.sub.example.com. NS NSEC RRSIG +b.sub.example.com. 3600 IN RRSIG NSEC 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. KPdURTUrbQvc6OXtDZaH3+14uO2qPUPIFO86aTNZ/Ujy3d2RMSB7fkSSulDO6QDSBEUhr9WgbQr0/YoljCBirA== ;{id = 30899} +ENTRY_END +RANGE_END + +; server ns.b.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.7 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +b.sub.example.com. IN NS +SECTION ANSWER +b.sub.example.com. IN NS ns.b.sub.example.com. +SECTION ADDITIONAL +ns.b.sub.example.com. IN A 1.2.3.7 +ENTRY_END + +ENTRY_BEGIN +; query of interest, give a cname to another unsecure zone. +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.b.sub.example.com. IN A +SECTION ANSWER +a.b.sub.example.com. IN CNAME c.c.example.com. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +a.b.sub.example.com. IN DS +SECTION AUTHORITY +b.sub.example.com. IN SOA B-EXAMPLE. b-example. 1 2 3 7 7 +ENTRY_END +RANGE_END + +; server ns.c.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.8 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +c.sub.example.com. IN NS +SECTION ANSWER +c.sub.example.com. IN NS ns.c.sub.example.com. +SECTION ADDITIONAL +ns.c.sub.example.com. IN A 1.2.3.8 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +c.example.com. IN NS +SECTION ANSWER +c.example.com. IN NS ns.c.example.com. +SECTION ADDITIONAL +ns.c.example.com. IN A 1.2.3.8 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +c.c.example.com. IN A +SECTION ANSWER +c.c.example.com. IN A 11.11.11.11 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +c.c.example.com. IN DS +SECTION AUTHORITY +c.example.com. IN SOA C-EXAMPLE. c-example. 1 2 3 4 5 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.b.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +a.b.sub.example.com. IN A +SECTION ANSWER +a.b.sub.example.com. IN CNAME c.c.example.com. +c.c.example.com. 3600 IN A 11.11.11.11 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; test that a DS query does not get CNAME redirected, but instead +; asked to the right server that has to respond to it. +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.b.sub.example.com. IN DS +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +a.b.sub.example.com. IN DS +SECTION AUTHORITY +b.sub.example.com. IN SOA B-EXAMPLE. b-example. 1 2 3 7 7 +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_unsecds.rpl b/src/test/resources/unbound/val_unsecds.rpl new file mode 100644 index 000000000..8678160ca --- /dev/null +++ b/src/test/resources/unbound/val_unsecds.rpl @@ -0,0 +1,194 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with insecure delegation + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC +sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; query for missing DS record. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC +sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + + +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. 3600 IN A 11.11.11.11 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_unsecds_negcache.rpl b/src/test/resources/unbound/val_unsecds_negcache.rpl new file mode 100644 index 000000000..2e9b1e795 --- /dev/null +++ b/src/test/resources/unbound/val_unsecds_negcache.rpl @@ -0,0 +1,195 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with insecure delegation and DS negative cache + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC +sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; query for missing DS record. +; get it from the negative cache instead! +;ENTRY_BEGIN +;MATCH opcode qtype qname +;ADJUST copy_id +;REPLY QR NOERROR +;SECTION QUESTION +;sub.example.com. IN DS +;SECTION ANSWER +;SECTION AUTHORITY +;example.com. IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +;example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +;sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC +;sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854} +;SECTION ADDITIONAL +;ns.sub.example.com. IN A 1.2.3.6 +;ENTRY_END + + +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.sub.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. 3600 IN A 11.11.11.11 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_unsecds_qtypeds.rpl b/src/test/resources/unbound/val_unsecds_qtypeds.rpl new file mode 100644 index 000000000..e277fd788 --- /dev/null +++ b/src/test/resources/unbound/val_unsecds_qtypeds.rpl @@ -0,0 +1,210 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with insecure delegation and qtype DS. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; query for missing DS record. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC +sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC +sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + + +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; query for missing DS record. on wrong side of zone cut. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN SOA ns.sub.example.com. h.sub.example.com. 2007090504 1800 1800 2419200 7200 +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +sub.example.com. IN DS +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +example.com. IN SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +sub.example.com. IN NSEC www.example.com. NS RRSIG NSEC +sub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFDCaiDM6G+glwNW276HWdH+McmjgAhRSwF5OfimNQCqkWgnYotLOwUghKQ== ;{id = 2854} +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/src/test/resources/unbound/val_wild_pos.rpl b/src/test/resources/unbound/val_wild_pos.rpl new file mode 100644 index 000000000..624d8e07b --- /dev/null +++ b/src/test/resources/unbound/val_wild_pos.rpl @@ -0,0 +1,163 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + fake-sha1: yes + trust-anchor-signaling: no + minimal-responses: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with direct wildcard positive response + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +*.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +*.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION ANSWER +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +*.example.com. IN A +SECTION ANSWER +*.example.com. IN A 10.20.30.40 +*.example.com. 3600 IN RRSIG A 3 2 3600 20070926134150 20070829134150 2854 example.com. AG3iIIzflgRHsIlOKiSHADHIn/NmfNgESAslc1wIjxys5r9w4CxNIGs= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +*.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +*.example.com. IN A +SECTION ANSWER +*.example.com. IN A 10.20.30.40 +*.example.com. 3600 IN RRSIG A 3 2 3600 20070926134150 20070829134150 2854 example.com. AG3iIIzflgRHsIlOKiSHADHIn/NmfNgESAslc1wIjxys5r9w4CxNIGs= ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} +ENTRY_END + +SCENARIO_END From 3da29a10f34c47a4bb35ccc7e9d7ef55ad60f2e7 Mon Sep 17 00:00:00 2001 From: Ingo Bauersachs Date: Sun, 15 Aug 2021 21:14:17 +0200 Subject: [PATCH 02/12] Keep dnssec classes package-private as much as possible --- .../{validator => }/ByteArrayComparator.java | 4 ++-- .../{validator => }/DnsSecVerifier.java | 6 ++---- .../dnssec/{validator => }/FindKeyState.java | 5 ++--- .../{validator => }/JustifiedSecStatus.java | 7 ++----- .../DNS/dnssec/{validator => }/KeyCache.java | 2 +- .../DNS/dnssec/{validator => }/KeyEntry.java | 5 +---- .../dnssec/{validator => }/NSEC3ValUtils.java | 4 +--- .../ResponseClassification.java | 2 +- .../java/org/xbill/DNS/dnssec/SMessage.java | 2 +- .../java/org/xbill/DNS/dnssec/SRRset.java | 2 +- .../{validator => }/TrustAnchorStore.java | 6 ++---- .../DNS/dnssec/{validator => }/ValUtils.java | 8 ++----- .../{validator => }/ValidatingResolver.java | 21 ++++++++++++------- .../DNS/dnssec/{unbound/rpl => }/Check.java | 2 +- .../org/xbill/DNS/dnssec/ResolveExample.java | 1 - .../DNS/dnssec/{unbound/rpl => }/Rpl.java | 3 +-- .../dnssec/{unbound/rpl => }/RplParser.java | 4 +--- .../{validator => }/TestAlgorithmSupport.java | 5 +---- .../java/org/xbill/DNS/dnssec/TestBase.java | 3 ++- .../TestByteArrayComparator.java | 2 +- .../dnssec/{validator => }/TestKeyCache.java | 4 +--- .../TestNormallyUnreachableCode.java | 5 +---- .../{validator => }/TestNsec3ValUtils.java | 4 +--- .../TestNsec3ValUtilsPublicKeyLoading.java | 4 +--- .../{validator => }/TestTrustAnchorStore.java | 3 +-- .../dnssec/{validator => }/TestValUtils.java | 5 +---- .../{unbound/rpl => }/UnboundTests.java | 5 +---- .../testAlgIsUnknown_eccgost | 0 .../testAlgIsUnknown_rsamd5 | 0 .../testDigestIdIsUnknown | 0 .../testEd_ed25519 | 0 .../testEd_ed448 | 0 .../testInvalidIterationCountMarksInsecure | 0 .../testNsec3ClosestEncloserIsDelegation | 0 ...stNsec3ClosestEncloserIsInsecureDelegation | 0 .../testNsec3NodataChangedToNxdomainIsBogus | 0 .../testNsec3WithoutClosestEncloser | 0 .../testNsecEcdsa256 | 0 .../testNsecEcdsa384 | 0 .../testTooLargeIterationCountMustThrow | 0 .../testPublicKeyLoadingException | 0 ...eastOneDigestSupportedWithOnlyNonDSRecords | 0 ...tOneSupportedAlgorithmWithOnlyNonDSRecords | 0 .../testDsNoDataWhenNsecProvesDs | 0 ...asSignedNsecsWithoutSignedSigsReturnsFalse | 0 .../testLongestCommonNameRootIsRoot | 0 .../testNameErrorWhenNsecIsLastAndQnameBefore | 0 ...ErrorWhenNsecIsLastAndQnameDifferentDomain | 0 ...tNameErrorWhenNsecIsLastAndQnameIsZoneApex | 0 .../testNameErrorWhenNsecIsNotFromApex | 0 ...stNameErrorWhenResultIsFromDelegationPoint | 0 .../testNoDataOfDSForRoot | 0 .../testNoDataOnEntWithWrongNsec | 0 .../testNoDataWhenDSResultIsFromChild | 0 .../testNoDataWhenNsecHasCname | 0 .../testNoDataWhenNsecProvesExistence | 0 .../testNoDataWhenResultIsFromDelegationPoint | 0 .../testNoDataWhenWcNsecIsForDifferentName | 0 .../testNoDataWhenWcNsecProvesCname | 0 .../testNoDataWhenWcNsecProvesType | 0 .../testNsecProvesNoDS | 0 .../testNsecProvesNoDSWithDSPresentForRoot | 0 .../testNsecProvesNoDSWithSOAForNonRoot | 0 63 files changed, 45 insertions(+), 79 deletions(-) rename src/main/java/org/xbill/DNS/dnssec/{validator => }/ByteArrayComparator.java (88%) rename src/main/java/org/xbill/DNS/dnssec/{validator => }/DnsSecVerifier.java (97%) rename src/main/java/org/xbill/DNS/dnssec/{validator => }/FindKeyState.java (90%) rename src/main/java/org/xbill/DNS/dnssec/{validator => }/JustifiedSecStatus.java (82%) rename src/main/java/org/xbill/DNS/dnssec/{validator => }/KeyCache.java (99%) rename src/main/java/org/xbill/DNS/dnssec/{validator => }/KeyEntry.java (96%) rename src/main/java/org/xbill/DNS/dnssec/{validator => }/NSEC3ValUtils.java (99%) rename src/main/java/org/xbill/DNS/dnssec/{validator => }/ResponseClassification.java (95%) rename src/main/java/org/xbill/DNS/dnssec/{validator => }/TrustAnchorStore.java (94%) rename src/main/java/org/xbill/DNS/dnssec/{validator => }/ValUtils.java (99%) rename src/main/java/org/xbill/DNS/dnssec/{validator => }/ValidatingResolver.java (99%) rename src/test/java/org/xbill/DNS/dnssec/{unbound/rpl => }/Check.java (75%) rename src/test/java/org/xbill/DNS/dnssec/{unbound/rpl => }/Rpl.java (87%) rename src/test/java/org/xbill/DNS/dnssec/{unbound/rpl => }/RplParser.java (98%) rename src/test/java/org/xbill/DNS/dnssec/{validator => }/TestAlgorithmSupport.java (96%) rename src/test/java/org/xbill/DNS/dnssec/{validator => }/TestByteArrayComparator.java (94%) rename src/test/java/org/xbill/DNS/dnssec/{validator => }/TestKeyCache.java (97%) rename src/test/java/org/xbill/DNS/dnssec/{validator => }/TestNormallyUnreachableCode.java (93%) rename src/test/java/org/xbill/DNS/dnssec/{validator => }/TestNsec3ValUtils.java (97%) rename src/test/java/org/xbill/DNS/dnssec/{validator => }/TestNsec3ValUtilsPublicKeyLoading.java (96%) rename src/test/java/org/xbill/DNS/dnssec/{validator => }/TestTrustAnchorStore.java (97%) rename src/test/java/org/xbill/DNS/dnssec/{validator => }/TestValUtils.java (98%) rename src/test/java/org/xbill/DNS/dnssec/{unbound/rpl => }/UnboundTests.java (99%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestAlgorithmSupport => org_xbill_DNS_dnssec_TestAlgorithmSupport}/testAlgIsUnknown_eccgost (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestAlgorithmSupport => org_xbill_DNS_dnssec_TestAlgorithmSupport}/testAlgIsUnknown_rsamd5 (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestAlgorithmSupport => org_xbill_DNS_dnssec_TestAlgorithmSupport}/testDigestIdIsUnknown (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestAlgorithmSupport => org_xbill_DNS_dnssec_TestAlgorithmSupport}/testEd_ed25519 (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestAlgorithmSupport => org_xbill_DNS_dnssec_TestAlgorithmSupport}/testEd_ed448 (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestNsec3ValUtils => org_xbill_DNS_dnssec_TestNsec3ValUtils}/testInvalidIterationCountMarksInsecure (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestNsec3ValUtils => org_xbill_DNS_dnssec_TestNsec3ValUtils}/testNsec3ClosestEncloserIsDelegation (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestNsec3ValUtils => org_xbill_DNS_dnssec_TestNsec3ValUtils}/testNsec3ClosestEncloserIsInsecureDelegation (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestNsec3ValUtils => org_xbill_DNS_dnssec_TestNsec3ValUtils}/testNsec3NodataChangedToNxdomainIsBogus (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestNsec3ValUtils => org_xbill_DNS_dnssec_TestNsec3ValUtils}/testNsec3WithoutClosestEncloser (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestNsec3ValUtils => org_xbill_DNS_dnssec_TestNsec3ValUtils}/testNsecEcdsa256 (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestNsec3ValUtils => org_xbill_DNS_dnssec_TestNsec3ValUtils}/testNsecEcdsa384 (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestNsec3ValUtils => org_xbill_DNS_dnssec_TestNsec3ValUtils}/testTooLargeIterationCountMustThrow (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestNsec3ValUtilsPublicKeyLoading => org_xbill_DNS_dnssec_TestNsec3ValUtilsPublicKeyLoading}/testPublicKeyLoadingException (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testAtLeastOneDigestSupportedWithOnlyNonDSRecords (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testAtLeastOneSupportedAlgorithmWithOnlyNonDSRecords (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testDsNoDataWhenNsecProvesDs (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testHasSignedNsecsWithoutSignedSigsReturnsFalse (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testLongestCommonNameRootIsRoot (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testNameErrorWhenNsecIsLastAndQnameBefore (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testNameErrorWhenNsecIsLastAndQnameDifferentDomain (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testNameErrorWhenNsecIsLastAndQnameIsZoneApex (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testNameErrorWhenNsecIsNotFromApex (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testNameErrorWhenResultIsFromDelegationPoint (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testNoDataOfDSForRoot (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testNoDataOnEntWithWrongNsec (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testNoDataWhenDSResultIsFromChild (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testNoDataWhenNsecHasCname (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testNoDataWhenNsecProvesExistence (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testNoDataWhenResultIsFromDelegationPoint (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testNoDataWhenWcNsecIsForDifferentName (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testNoDataWhenWcNsecProvesCname (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testNoDataWhenWcNsecProvesType (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testNsecProvesNoDS (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testNsecProvesNoDSWithDSPresentForRoot (100%) rename src/test/resources/recordings/{org_xbill_DNS_dnssec_validator_TestValUtils => org_xbill_DNS_dnssec_TestValUtils}/testNsecProvesNoDSWithSOAForNonRoot (100%) diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/ByteArrayComparator.java b/src/main/java/org/xbill/DNS/dnssec/ByteArrayComparator.java similarity index 88% rename from src/main/java/org/xbill/DNS/dnssec/validator/ByteArrayComparator.java rename to src/main/java/org/xbill/DNS/dnssec/ByteArrayComparator.java index 85bacd9a6..dbf5643fa 100644 --- a/src/main/java/org/xbill/DNS/dnssec/validator/ByteArrayComparator.java +++ b/src/main/java/org/xbill/DNS/dnssec/ByteArrayComparator.java @@ -1,7 +1,7 @@ // SPDX-License-Identifier: BSD-3-Clause // Copyright (c) 2005 VeriSign. All rights reserved. // Copyright (c) 2013-2021 Ingo Bauersachs -package org.xbill.DNS.dnssec.validator; +package org.xbill.DNS.dnssec; import java.util.Comparator; @@ -11,7 +11,7 @@ * * @since 3.5 */ -class ByteArrayComparator implements Comparator { +final class ByteArrayComparator implements Comparator { private static final int MAX_BYTE = 0xFF; /** {@inheritDoc} */ diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/DnsSecVerifier.java b/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java similarity index 97% rename from src/main/java/org/xbill/DNS/dnssec/validator/DnsSecVerifier.java rename to src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java index e67eca746..c382411c8 100644 --- a/src/main/java/org/xbill/DNS/dnssec/validator/DnsSecVerifier.java +++ b/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java @@ -1,7 +1,7 @@ // SPDX-License-Identifier: BSD-3-Clause // Copyright (c) 2005 VeriSign. All rights reserved. // Copyright (c) 2013-2021 Ingo Bauersachs -package org.xbill.DNS.dnssec.validator; +package org.xbill.DNS.dnssec; import java.time.Instant; import java.util.ArrayList; @@ -15,8 +15,6 @@ import org.xbill.DNS.RRset; import org.xbill.DNS.Record; import org.xbill.DNS.Type; -import org.xbill.DNS.dnssec.SRRset; -import org.xbill.DNS.dnssec.SecurityStatus; /** * A class for performing basic DNSSEC verification. The DNSJAVA package contains a similar class. @@ -25,7 +23,7 @@ * @since 3.5 */ @Slf4j -class DnsSecVerifier { +final class DnsSecVerifier { /** * Find the matching DNSKEY(s) to an RRSIG within a DNSKEY rrset. Normally this will only return * one DNSKEY. It can return more than one, since KeyID/Footprints are not guaranteed to be diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/FindKeyState.java b/src/main/java/org/xbill/DNS/dnssec/FindKeyState.java similarity index 90% rename from src/main/java/org/xbill/DNS/dnssec/validator/FindKeyState.java rename to src/main/java/org/xbill/DNS/dnssec/FindKeyState.java index b0cfe19f1..a566ad2fa 100644 --- a/src/main/java/org/xbill/DNS/dnssec/validator/FindKeyState.java +++ b/src/main/java/org/xbill/DNS/dnssec/FindKeyState.java @@ -2,17 +2,16 @@ // Copyright (c) 2005 VeriSign. All rights reserved. // Copyright (c) 2013-2021 Ingo Bauersachs -package org.xbill.DNS.dnssec.validator; +package org.xbill.DNS.dnssec; import org.xbill.DNS.Name; -import org.xbill.DNS.dnssec.SRRset; /** * State-object for the key-finding phase. * * @since 3.5 */ -class FindKeyState { +final class FindKeyState { /** The (initial) DS RRset for the following DNSKEY search and validate phase. */ SRRset dsRRset; diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/JustifiedSecStatus.java b/src/main/java/org/xbill/DNS/dnssec/JustifiedSecStatus.java similarity index 82% rename from src/main/java/org/xbill/DNS/dnssec/validator/JustifiedSecStatus.java rename to src/main/java/org/xbill/DNS/dnssec/JustifiedSecStatus.java index 5e71d2efc..4dbe661ce 100644 --- a/src/main/java/org/xbill/DNS/dnssec/validator/JustifiedSecStatus.java +++ b/src/main/java/org/xbill/DNS/dnssec/JustifiedSecStatus.java @@ -1,15 +1,12 @@ // SPDX-License-Identifier: BSD-3-Clause -package org.xbill.DNS.dnssec.validator; - -import org.xbill.DNS.dnssec.SMessage; -import org.xbill.DNS.dnssec.SecurityStatus; +package org.xbill.DNS.dnssec; /** * Codes for DNSSEC security statuses along with a reason why the status was determined. * * @since 3.5 */ -class JustifiedSecStatus { +final class JustifiedSecStatus { SecurityStatus status; String reason; diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/KeyCache.java b/src/main/java/org/xbill/DNS/dnssec/KeyCache.java similarity index 99% rename from src/main/java/org/xbill/DNS/dnssec/validator/KeyCache.java rename to src/main/java/org/xbill/DNS/dnssec/KeyCache.java index 5104323f8..db1ad9ef3 100644 --- a/src/main/java/org/xbill/DNS/dnssec/validator/KeyCache.java +++ b/src/main/java/org/xbill/DNS/dnssec/KeyCache.java @@ -1,7 +1,7 @@ // SPDX-License-Identifier: BSD-3-Clause // Copyright (c) 2005 VeriSign. All rights reserved. // Copyright (c) 2013-2021 Ingo Bauersachs -package org.xbill.DNS.dnssec.validator; +package org.xbill.DNS.dnssec; import java.time.Clock; import java.time.Instant; diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/KeyEntry.java b/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java similarity index 96% rename from src/main/java/org/xbill/DNS/dnssec/validator/KeyEntry.java rename to src/main/java/org/xbill/DNS/dnssec/KeyEntry.java index 421649937..c811c279d 100644 --- a/src/main/java/org/xbill/DNS/dnssec/validator/KeyEntry.java +++ b/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java @@ -2,16 +2,13 @@ // Copyright (c) 2005 VeriSign. All rights reserved. // Copyright (c) 2013-2021 Ingo Bauersachs -package org.xbill.DNS.dnssec.validator; +package org.xbill.DNS.dnssec; import lombok.EqualsAndHashCode; import lombok.extern.slf4j.Slf4j; import org.xbill.DNS.Name; import org.xbill.DNS.Record; import org.xbill.DNS.Type; -import org.xbill.DNS.dnssec.R; -import org.xbill.DNS.dnssec.SRRset; -import org.xbill.DNS.dnssec.SecurityStatus; /** * DNSKEY cache entry for a given {@link Name}, with or without actual keys. diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/NSEC3ValUtils.java b/src/main/java/org/xbill/DNS/dnssec/NSEC3ValUtils.java similarity index 99% rename from src/main/java/org/xbill/DNS/dnssec/validator/NSEC3ValUtils.java rename to src/main/java/org/xbill/DNS/dnssec/NSEC3ValUtils.java index 86911ca79..e509fa585 100644 --- a/src/main/java/org/xbill/DNS/dnssec/validator/NSEC3ValUtils.java +++ b/src/main/java/org/xbill/DNS/dnssec/NSEC3ValUtils.java @@ -1,7 +1,7 @@ // SPDX-License-Identifier: BSD-3-Clause // Copyright (c) 2005 VeriSign. All rights reserved. // Copyright (c) 2013-2021 Ingo Bauersachs -package org.xbill.DNS.dnssec.validator; +package org.xbill.DNS.dnssec; import java.security.NoSuchAlgorithmException; import java.security.interfaces.DSAPublicKey; @@ -24,8 +24,6 @@ import org.xbill.DNS.Record; import org.xbill.DNS.TextParseException; import org.xbill.DNS.Type; -import org.xbill.DNS.dnssec.SRRset; -import org.xbill.DNS.dnssec.SecurityStatus; import org.xbill.DNS.utils.base32; /** diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/ResponseClassification.java b/src/main/java/org/xbill/DNS/dnssec/ResponseClassification.java similarity index 95% rename from src/main/java/org/xbill/DNS/dnssec/validator/ResponseClassification.java rename to src/main/java/org/xbill/DNS/dnssec/ResponseClassification.java index 5ce8ecb7c..195ba132c 100644 --- a/src/main/java/org/xbill/DNS/dnssec/validator/ResponseClassification.java +++ b/src/main/java/org/xbill/DNS/dnssec/ResponseClassification.java @@ -1,7 +1,7 @@ // SPDX-License-Identifier: BSD-3-Clause // Copyright (c) 2005 VeriSign. All rights reserved. // Copyright (c) 2013-2021 Ingo Bauersachs -package org.xbill.DNS.dnssec.validator; +package org.xbill.DNS.dnssec; /** * These are response subtypes. They are necessary for determining the validation strategy. They diff --git a/src/main/java/org/xbill/DNS/dnssec/SMessage.java b/src/main/java/org/xbill/DNS/dnssec/SMessage.java index 19155faa8..23d9b6e94 100644 --- a/src/main/java/org/xbill/DNS/dnssec/SMessage.java +++ b/src/main/java/org/xbill/DNS/dnssec/SMessage.java @@ -25,7 +25,7 @@ * @since 3.5 */ @Slf4j -public final class SMessage { +final class SMessage { private static final int NUM_SECTIONS = 3; private static final int MAX_FLAGS = 16; private static final int EXTENDED_FLAGS_BIT_OFFSET = 4; diff --git a/src/main/java/org/xbill/DNS/dnssec/SRRset.java b/src/main/java/org/xbill/DNS/dnssec/SRRset.java index b614d5ee3..3e65006ed 100644 --- a/src/main/java/org/xbill/DNS/dnssec/SRRset.java +++ b/src/main/java/org/xbill/DNS/dnssec/SRRset.java @@ -18,7 +18,7 @@ @EqualsAndHashCode( callSuper = true, of = {"securityStatus", "ownerName"}) -public class SRRset extends RRset { +class SRRset extends RRset { private SecurityStatus securityStatus; private Name ownerName; diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/TrustAnchorStore.java b/src/main/java/org/xbill/DNS/dnssec/TrustAnchorStore.java similarity index 94% rename from src/main/java/org/xbill/DNS/dnssec/validator/TrustAnchorStore.java rename to src/main/java/org/xbill/DNS/dnssec/TrustAnchorStore.java index 47913ac0c..e4e3ac018 100644 --- a/src/main/java/org/xbill/DNS/dnssec/validator/TrustAnchorStore.java +++ b/src/main/java/org/xbill/DNS/dnssec/TrustAnchorStore.java @@ -1,7 +1,7 @@ // SPDX-License-Identifier: BSD-3-Clause // Copyright (c) 2005 VeriSign. All rights reserved. // Copyright (c) 2013-2021 Ingo Bauersachs -package org.xbill.DNS.dnssec.validator; +package org.xbill.DNS.dnssec; import java.util.Collection; import java.util.Collections; @@ -13,15 +13,13 @@ import org.xbill.DNS.Name; import org.xbill.DNS.Record; import org.xbill.DNS.Type; -import org.xbill.DNS.dnssec.SRRset; -import org.xbill.DNS.dnssec.SecurityStatus; /** * Storage for DS or DNSKEY records that are known to be trusted. * * @since 3.5 */ -public final class TrustAnchorStore { +final class TrustAnchorStore { private final Map map; /** Creates a new instance of this class. */ diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/ValUtils.java b/src/main/java/org/xbill/DNS/dnssec/ValUtils.java similarity index 99% rename from src/main/java/org/xbill/DNS/dnssec/validator/ValUtils.java rename to src/main/java/org/xbill/DNS/dnssec/ValUtils.java index 0f53451f0..021ebf2e2 100644 --- a/src/main/java/org/xbill/DNS/dnssec/validator/ValUtils.java +++ b/src/main/java/org/xbill/DNS/dnssec/ValUtils.java @@ -1,7 +1,7 @@ // SPDX-License-Identifier: BSD-3-Clause // Copyright (c) 2005 VeriSign. All rights reserved. // Copyright (c) 2013-2021 Ingo Bauersachs -package org.xbill.DNS.dnssec.validator; +package org.xbill.DNS.dnssec; import java.security.Security; import java.time.Instant; @@ -23,10 +23,6 @@ import org.xbill.DNS.Record; import org.xbill.DNS.Section; import org.xbill.DNS.Type; -import org.xbill.DNS.dnssec.R; -import org.xbill.DNS.dnssec.SMessage; -import org.xbill.DNS.dnssec.SRRset; -import org.xbill.DNS.dnssec.SecurityStatus; /** * This is a collection of routines encompassing the logic of validating different message types. @@ -34,7 +30,7 @@ * @since 3.5 */ @Slf4j -public final class ValUtils { +final class ValUtils { public static final String DIGEST_PREFERENCE = "dnsjava.dnssec.digest_preference"; public static final String DIGEST_ENABLED = "dnsjava.dnssec.digest"; public static final String DIGEST_HARDEN_DOWNGRADE = "dnsjava.dnssec.harden_algo_downgrade"; diff --git a/src/main/java/org/xbill/DNS/dnssec/validator/ValidatingResolver.java b/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java similarity index 99% rename from src/main/java/org/xbill/DNS/dnssec/validator/ValidatingResolver.java rename to src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java index c6615b0a2..8296bf800 100644 --- a/src/main/java/org/xbill/DNS/dnssec/validator/ValidatingResolver.java +++ b/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java @@ -1,7 +1,7 @@ // SPDX-License-Identifier: BSD-3-Clause // Copyright (c) 2005 VeriSign. All rights reserved. // Copyright (c) 2013-2021 Ingo Bauersachs -package org.xbill.DNS.dnssec.validator; +package org.xbill.DNS.dnssec; import static java.util.concurrent.CompletableFuture.completedFuture; @@ -41,11 +41,7 @@ import org.xbill.DNS.TSIG; import org.xbill.DNS.TXTRecord; import org.xbill.DNS.Type; -import org.xbill.DNS.dnssec.R; -import org.xbill.DNS.dnssec.SMessage; -import org.xbill.DNS.dnssec.SRRset; -import org.xbill.DNS.dnssec.SecurityStatus; -import org.xbill.DNS.dnssec.validator.ValUtils.NsecProvesNodataResponse; +import org.xbill.DNS.dnssec.ValUtils.NsecProvesNodataResponse; /** * This resolver validates responses with DNSSEC. @@ -121,9 +117,18 @@ public ValidatingResolver(Resolver headResolver, Clock clock) { // ---------------- Module Initialization ------------------- /** - * Initialize the module. The only recognized configuration value is - * dnsjava.dnssec.trust_anchor_file. + * Initialize the module. Recognized configuration values: * + *
+ *
dnsjava.dnssec.trust_anchor_file + *
A filename from where to load the trust anchors + *
+ * + * See links for other initialized classes and their configuration values (or the readme). + * + * @see KeyCache#init(Properties) + * @see ValUtils#init(Properties) + * @see NSEC3ValUtils#init(Properties) * @param config The configuration data for this module. * @throws IOException When the file specified in the config does not exist or cannot be read. */ diff --git a/src/test/java/org/xbill/DNS/dnssec/unbound/rpl/Check.java b/src/test/java/org/xbill/DNS/dnssec/Check.java similarity index 75% rename from src/test/java/org/xbill/DNS/dnssec/unbound/rpl/Check.java rename to src/test/java/org/xbill/DNS/dnssec/Check.java index b286bd0e0..81fa752b6 100644 --- a/src/test/java/org/xbill/DNS/dnssec/unbound/rpl/Check.java +++ b/src/test/java/org/xbill/DNS/dnssec/Check.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: BSD-3-Clause -package org.xbill.DNS.dnssec.unbound.rpl; +package org.xbill.DNS.dnssec; import org.xbill.DNS.Message; diff --git a/src/test/java/org/xbill/DNS/dnssec/ResolveExample.java b/src/test/java/org/xbill/DNS/dnssec/ResolveExample.java index 1e75d0610..bcc7f18a5 100644 --- a/src/test/java/org/xbill/DNS/dnssec/ResolveExample.java +++ b/src/test/java/org/xbill/DNS/dnssec/ResolveExample.java @@ -16,7 +16,6 @@ import org.xbill.DNS.SimpleResolver; import org.xbill.DNS.TXTRecord; import org.xbill.DNS.Type; -import org.xbill.DNS.dnssec.validator.ValidatingResolver; class ResolveExample { static String ROOT = diff --git a/src/test/java/org/xbill/DNS/dnssec/unbound/rpl/Rpl.java b/src/test/java/org/xbill/DNS/dnssec/Rpl.java similarity index 87% rename from src/test/java/org/xbill/DNS/dnssec/unbound/rpl/Rpl.java rename to src/test/java/org/xbill/DNS/dnssec/Rpl.java index 026719c2b..71562e381 100644 --- a/src/test/java/org/xbill/DNS/dnssec/unbound/rpl/Rpl.java +++ b/src/test/java/org/xbill/DNS/dnssec/Rpl.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: BSD-3-Clause -package org.xbill.DNS.dnssec.unbound.rpl; +package org.xbill.DNS.dnssec; import java.time.Instant; import java.util.ArrayList; @@ -7,7 +7,6 @@ import java.util.Map; import java.util.TreeMap; import org.xbill.DNS.Message; -import org.xbill.DNS.dnssec.SRRset; class Rpl { List trustAnchors = new ArrayList<>(1); diff --git a/src/test/java/org/xbill/DNS/dnssec/unbound/rpl/RplParser.java b/src/test/java/org/xbill/DNS/dnssec/RplParser.java similarity index 98% rename from src/test/java/org/xbill/DNS/dnssec/unbound/rpl/RplParser.java rename to src/test/java/org/xbill/DNS/dnssec/RplParser.java index e6cc18eb9..b61c12ffb 100644 --- a/src/test/java/org/xbill/DNS/dnssec/unbound/rpl/RplParser.java +++ b/src/test/java/org/xbill/DNS/dnssec/RplParser.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: BSD-3-Clause -package org.xbill.DNS.dnssec.unbound.rpl; +package org.xbill.DNS.dnssec; import java.io.BufferedReader; import java.io.ByteArrayInputStream; @@ -31,8 +31,6 @@ import org.xbill.DNS.Section; import org.xbill.DNS.TextParseException; import org.xbill.DNS.Type; -import org.xbill.DNS.dnssec.SRRset; -import org.xbill.DNS.dnssec.SecurityStatus; /** Parser for the RPL unit-test files of unbound. */ class RplParser { diff --git a/src/test/java/org/xbill/DNS/dnssec/validator/TestAlgorithmSupport.java b/src/test/java/org/xbill/DNS/dnssec/TestAlgorithmSupport.java similarity index 96% rename from src/test/java/org/xbill/DNS/dnssec/validator/TestAlgorithmSupport.java rename to src/test/java/org/xbill/DNS/dnssec/TestAlgorithmSupport.java index 99dba4ac1..94603c3cd 100644 --- a/src/test/java/org/xbill/DNS/dnssec/validator/TestAlgorithmSupport.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestAlgorithmSupport.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: BSD-3-Clause -package org.xbill.DNS.dnssec.validator; +package org.xbill.DNS.dnssec; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; @@ -23,9 +23,6 @@ import org.xbill.DNS.Message; import org.xbill.DNS.Name; import org.xbill.DNS.Rcode; -import org.xbill.DNS.dnssec.AlwaysOffline; -import org.xbill.DNS.dnssec.SRRset; -import org.xbill.DNS.dnssec.TestBase; class TestAlgorithmSupport extends TestBase { @ParameterizedTest(name = "testAlgIsUnknown_{arguments}") diff --git a/src/test/java/org/xbill/DNS/dnssec/TestBase.java b/src/test/java/org/xbill/DNS/dnssec/TestBase.java index 4bc292011..917601718 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestBase.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestBase.java @@ -20,6 +20,7 @@ import java.time.format.DateTimeFormatter; import java.util.HashMap; import java.util.List; +import java.util.Locale; import java.util.Map; import java.util.concurrent.CompletableFuture; import java.util.concurrent.CompletionStage; @@ -42,7 +43,6 @@ import org.xbill.DNS.SimpleResolver; import org.xbill.DNS.TXTRecord; import org.xbill.DNS.Type; -import org.xbill.DNS.dnssec.validator.ValidatingResolver; public abstract class TestBase { private static final Logger logger = LoggerFactory.getLogger(TestBase.class); @@ -84,6 +84,7 @@ private void starting(TestInfo description) { .getTestClass() .orElseThrow(RuntimeException::new) .getName() + .toLowerCase(Locale.ROOT) .contains("unbound")) { unboundTest = true; return; diff --git a/src/test/java/org/xbill/DNS/dnssec/validator/TestByteArrayComparator.java b/src/test/java/org/xbill/DNS/dnssec/TestByteArrayComparator.java similarity index 94% rename from src/test/java/org/xbill/DNS/dnssec/validator/TestByteArrayComparator.java rename to src/test/java/org/xbill/DNS/dnssec/TestByteArrayComparator.java index 59678ba93..b1e22b314 100644 --- a/src/test/java/org/xbill/DNS/dnssec/validator/TestByteArrayComparator.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestByteArrayComparator.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: BSD-3-Clause -package org.xbill.DNS.dnssec.validator; +package org.xbill.DNS.dnssec; import static org.junit.jupiter.api.Assertions.assertEquals; diff --git a/src/test/java/org/xbill/DNS/dnssec/validator/TestKeyCache.java b/src/test/java/org/xbill/DNS/dnssec/TestKeyCache.java similarity index 97% rename from src/test/java/org/xbill/DNS/dnssec/validator/TestKeyCache.java rename to src/test/java/org/xbill/DNS/dnssec/TestKeyCache.java index 864bafd0c..0befb69b2 100644 --- a/src/test/java/org/xbill/DNS/dnssec/validator/TestKeyCache.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestKeyCache.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: BSD-3-Clause -package org.xbill.DNS.dnssec.validator; +package org.xbill.DNS.dnssec; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNull; @@ -15,8 +15,6 @@ import org.xbill.DNS.DSRecord; import org.xbill.DNS.Name; import org.xbill.DNS.TextParseException; -import org.xbill.DNS.dnssec.SRRset; -import org.xbill.DNS.dnssec.SecurityStatus; class TestKeyCache { @Test diff --git a/src/test/java/org/xbill/DNS/dnssec/validator/TestNormallyUnreachableCode.java b/src/test/java/org/xbill/DNS/dnssec/TestNormallyUnreachableCode.java similarity index 93% rename from src/test/java/org/xbill/DNS/dnssec/validator/TestNormallyUnreachableCode.java rename to src/test/java/org/xbill/DNS/dnssec/TestNormallyUnreachableCode.java index 0c6ce576e..3e097416c 100644 --- a/src/test/java/org/xbill/DNS/dnssec/validator/TestNormallyUnreachableCode.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestNormallyUnreachableCode.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: BSD-3-Clause -package org.xbill.DNS.dnssec.validator; +package org.xbill.DNS.dnssec; import static org.junit.jupiter.api.Assertions.assertEquals; @@ -17,9 +17,6 @@ import org.xbill.DNS.Record; import org.xbill.DNS.Section; import org.xbill.DNS.Type; -import org.xbill.DNS.dnssec.SMessage; -import org.xbill.DNS.dnssec.SRRset; -import org.xbill.DNS.dnssec.SecurityStatus; /** * These test run checks that are unable to occur during actual validations. diff --git a/src/test/java/org/xbill/DNS/dnssec/validator/TestNsec3ValUtils.java b/src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtils.java similarity index 97% rename from src/test/java/org/xbill/DNS/dnssec/validator/TestNsec3ValUtils.java rename to src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtils.java index fd41c6539..319d7c4b5 100644 --- a/src/test/java/org/xbill/DNS/dnssec/validator/TestNsec3ValUtils.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtils.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: BSD-3-Clause -package org.xbill.DNS.dnssec.validator; +package org.xbill.DNS.dnssec; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; @@ -19,8 +19,6 @@ import org.xbill.DNS.Rcode; import org.xbill.DNS.Record; import org.xbill.DNS.Section; -import org.xbill.DNS.dnssec.AlwaysOffline; -import org.xbill.DNS.dnssec.TestBase; class TestNsec3ValUtils extends TestBase { @Test diff --git a/src/test/java/org/xbill/DNS/dnssec/validator/TestNsec3ValUtilsPublicKeyLoading.java b/src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtilsPublicKeyLoading.java similarity index 96% rename from src/test/java/org/xbill/DNS/dnssec/validator/TestNsec3ValUtilsPublicKeyLoading.java rename to src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtilsPublicKeyLoading.java index a8ac5d066..fcbc85108 100644 --- a/src/test/java/org/xbill/DNS/dnssec/validator/TestNsec3ValUtilsPublicKeyLoading.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtilsPublicKeyLoading.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: BSD-3-Clause -package org.xbill.DNS.dnssec.validator; +package org.xbill.DNS.dnssec; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; @@ -20,8 +20,6 @@ import org.xbill.DNS.Name; import org.xbill.DNS.Rcode; import org.xbill.DNS.Type; -import org.xbill.DNS.dnssec.PrepareMocks; -import org.xbill.DNS.dnssec.TestBase; class TestNsec3ValUtilsPublicKeyLoading extends TestBase { @Test diff --git a/src/test/java/org/xbill/DNS/dnssec/validator/TestTrustAnchorStore.java b/src/test/java/org/xbill/DNS/dnssec/TestTrustAnchorStore.java similarity index 97% rename from src/test/java/org/xbill/DNS/dnssec/validator/TestTrustAnchorStore.java rename to src/test/java/org/xbill/DNS/dnssec/TestTrustAnchorStore.java index 153290660..f1c408c6a 100644 --- a/src/test/java/org/xbill/DNS/dnssec/validator/TestTrustAnchorStore.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestTrustAnchorStore.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: BSD-3-Clause -package org.xbill.DNS.dnssec.validator; +package org.xbill.DNS.dnssec; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertIterableEquals; @@ -15,7 +15,6 @@ import org.xbill.DNS.Name; import org.xbill.DNS.TXTRecord; import org.xbill.DNS.TextParseException; -import org.xbill.DNS.dnssec.SRRset; class TestTrustAnchorStore { @Test diff --git a/src/test/java/org/xbill/DNS/dnssec/validator/TestValUtils.java b/src/test/java/org/xbill/DNS/dnssec/TestValUtils.java similarity index 98% rename from src/test/java/org/xbill/DNS/dnssec/validator/TestValUtils.java rename to src/test/java/org/xbill/DNS/dnssec/TestValUtils.java index 76120e531..f6ce875cf 100644 --- a/src/test/java/org/xbill/DNS/dnssec/validator/TestValUtils.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestValUtils.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: BSD-3-Clause -package org.xbill.DNS.dnssec.validator; +package org.xbill.DNS.dnssec; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; @@ -18,9 +18,6 @@ import org.xbill.DNS.Record; import org.xbill.DNS.Section; import org.xbill.DNS.Type; -import org.xbill.DNS.dnssec.SMessage; -import org.xbill.DNS.dnssec.SecurityStatus; -import org.xbill.DNS.dnssec.TestBase; class TestValUtils extends TestBase { @Test diff --git a/src/test/java/org/xbill/DNS/dnssec/unbound/rpl/UnboundTests.java b/src/test/java/org/xbill/DNS/dnssec/UnboundTests.java similarity index 99% rename from src/test/java/org/xbill/DNS/dnssec/unbound/rpl/UnboundTests.java rename to src/test/java/org/xbill/DNS/dnssec/UnboundTests.java index 9ad6cf6b2..11f9bdf5f 100644 --- a/src/test/java/org/xbill/DNS/dnssec/unbound/rpl/UnboundTests.java +++ b/src/test/java/org/xbill/DNS/dnssec/UnboundTests.java @@ -1,5 +1,5 @@ // SPDX-License-Identifier: BSD-3-Clause -package org.xbill.DNS.dnssec.unbound.rpl; +package org.xbill.DNS.dnssec; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.mockito.Mockito.when; @@ -30,9 +30,6 @@ import org.xbill.DNS.Record; import org.xbill.DNS.Section; import org.xbill.DNS.Type; -import org.xbill.DNS.dnssec.SRRset; -import org.xbill.DNS.dnssec.TestBase; -import org.xbill.DNS.dnssec.validator.ValUtils; class UnboundTests extends TestBase { void runUnboundTest() throws ParseException, IOException { diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testAlgIsUnknown_eccgost b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testAlgIsUnknown_eccgost similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testAlgIsUnknown_eccgost rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testAlgIsUnknown_eccgost diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testAlgIsUnknown_rsamd5 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testAlgIsUnknown_rsamd5 similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testAlgIsUnknown_rsamd5 rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testAlgIsUnknown_rsamd5 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testDigestIdIsUnknown b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testDigestIdIsUnknown similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testDigestIdIsUnknown rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testDigestIdIsUnknown diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testEd_ed25519 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testEd_ed25519 similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testEd_ed25519 rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testEd_ed25519 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testEd_ed448 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testEd_ed448 similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestAlgorithmSupport/testEd_ed448 rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestAlgorithmSupport/testEd_ed448 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testInvalidIterationCountMarksInsecure b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testInvalidIterationCountMarksInsecure similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testInvalidIterationCountMarksInsecure rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testInvalidIterationCountMarksInsecure diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3ClosestEncloserIsDelegation b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3ClosestEncloserIsDelegation similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3ClosestEncloserIsDelegation rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3ClosestEncloserIsDelegation diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3ClosestEncloserIsInsecureDelegation b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3ClosestEncloserIsInsecureDelegation similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3ClosestEncloserIsInsecureDelegation rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3ClosestEncloserIsInsecureDelegation diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3NodataChangedToNxdomainIsBogus b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3NodataChangedToNxdomainIsBogus similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3NodataChangedToNxdomainIsBogus rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3NodataChangedToNxdomainIsBogus diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3WithoutClosestEncloser b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3WithoutClosestEncloser similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsec3WithoutClosestEncloser rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsec3WithoutClosestEncloser diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsecEcdsa256 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsecEcdsa256 similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsecEcdsa256 rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsecEcdsa256 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsecEcdsa384 b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsecEcdsa384 similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testNsecEcdsa384 rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testNsecEcdsa384 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testTooLargeIterationCountMustThrow b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testTooLargeIterationCountMustThrow similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtils/testTooLargeIterationCountMustThrow rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtils/testTooLargeIterationCountMustThrow diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtilsPublicKeyLoading/testPublicKeyLoadingException b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtilsPublicKeyLoading/testPublicKeyLoadingException similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestNsec3ValUtilsPublicKeyLoading/testPublicKeyLoadingException rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestNsec3ValUtilsPublicKeyLoading/testPublicKeyLoadingException diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testAtLeastOneDigestSupportedWithOnlyNonDSRecords b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testAtLeastOneDigestSupportedWithOnlyNonDSRecords similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testAtLeastOneDigestSupportedWithOnlyNonDSRecords rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testAtLeastOneDigestSupportedWithOnlyNonDSRecords diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testAtLeastOneSupportedAlgorithmWithOnlyNonDSRecords b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testAtLeastOneSupportedAlgorithmWithOnlyNonDSRecords similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testAtLeastOneSupportedAlgorithmWithOnlyNonDSRecords rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testAtLeastOneSupportedAlgorithmWithOnlyNonDSRecords diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testDsNoDataWhenNsecProvesDs b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testDsNoDataWhenNsecProvesDs similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testDsNoDataWhenNsecProvesDs rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testDsNoDataWhenNsecProvesDs diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testHasSignedNsecsWithoutSignedSigsReturnsFalse b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testHasSignedNsecsWithoutSignedSigsReturnsFalse similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testHasSignedNsecsWithoutSignedSigsReturnsFalse rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testHasSignedNsecsWithoutSignedSigsReturnsFalse diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testLongestCommonNameRootIsRoot b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testLongestCommonNameRootIsRoot similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testLongestCommonNameRootIsRoot rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testLongestCommonNameRootIsRoot diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsLastAndQnameBefore b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameBefore similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsLastAndQnameBefore rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameBefore diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsLastAndQnameDifferentDomain b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameDifferentDomain similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsLastAndQnameDifferentDomain rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameDifferentDomain diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsLastAndQnameIsZoneApex b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameIsZoneApex similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsLastAndQnameIsZoneApex rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsLastAndQnameIsZoneApex diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsNotFromApex b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsNotFromApex similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenNsecIsNotFromApex rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenNsecIsNotFromApex diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenResultIsFromDelegationPoint b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenResultIsFromDelegationPoint similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNameErrorWhenResultIsFromDelegationPoint rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNameErrorWhenResultIsFromDelegationPoint diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataOfDSForRoot b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataOfDSForRoot similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataOfDSForRoot rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataOfDSForRoot diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataOnEntWithWrongNsec b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataOnEntWithWrongNsec similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataOnEntWithWrongNsec rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataOnEntWithWrongNsec diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenDSResultIsFromChild b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenDSResultIsFromChild similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenDSResultIsFromChild rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenDSResultIsFromChild diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenNsecHasCname b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenNsecHasCname similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenNsecHasCname rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenNsecHasCname diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenNsecProvesExistence b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenNsecProvesExistence similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenNsecProvesExistence rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenNsecProvesExistence diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenResultIsFromDelegationPoint b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenResultIsFromDelegationPoint similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenResultIsFromDelegationPoint rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenResultIsFromDelegationPoint diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenWcNsecIsForDifferentName b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecIsForDifferentName similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenWcNsecIsForDifferentName rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecIsForDifferentName diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenWcNsecProvesCname b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecProvesCname similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenWcNsecProvesCname rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecProvesCname diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenWcNsecProvesType b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecProvesType similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNoDataWhenWcNsecProvesType rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNoDataWhenWcNsecProvesType diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNsecProvesNoDS b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDS similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNsecProvesNoDS rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDS diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNsecProvesNoDSWithDSPresentForRoot b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDSWithDSPresentForRoot similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNsecProvesNoDSWithDSPresentForRoot rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDSWithDSPresentForRoot diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNsecProvesNoDSWithSOAForNonRoot b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDSWithSOAForNonRoot similarity index 100% rename from src/test/resources/recordings/org_xbill_DNS_dnssec_validator_TestValUtils/testNsecProvesNoDSWithSOAForNonRoot rename to src/test/resources/recordings/org_xbill_DNS_dnssec_TestValUtils/testNsecProvesNoDSWithSOAForNonRoot From 9119b5d2ecff0d0a61762a3b1b7fa2c41f893946 Mon Sep 17 00:00:00 2001 From: Ingo Bauersachs Date: Sat, 21 Aug 2021 15:15:32 +0200 Subject: [PATCH 03/12] Avoid unnecessary object creations --- LICENSE | 1 + .../org/xbill/DNS/dnssec/ByteArrayComparator.java | 5 +++-- .../java/org/xbill/DNS/dnssec/NSEC3ValUtils.java | 12 ++++++------ .../xbill/DNS/dnssec/TestByteArrayComparator.java | 11 +++++------ 4 files changed, 15 insertions(+), 14 deletions(-) diff --git a/LICENSE b/LICENSE index b3024ea73..3f092bc74 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,5 @@ Copyright (c) 1998-2019, Brian Wellington +Copyright (c) 2005 VeriSign. All rights reserved. Copyright (c) 2019-2021, dnsjava authors All rights reserved. diff --git a/src/main/java/org/xbill/DNS/dnssec/ByteArrayComparator.java b/src/main/java/org/xbill/DNS/dnssec/ByteArrayComparator.java index dbf5643fa..27de617ab 100644 --- a/src/main/java/org/xbill/DNS/dnssec/ByteArrayComparator.java +++ b/src/main/java/org/xbill/DNS/dnssec/ByteArrayComparator.java @@ -3,7 +3,7 @@ // Copyright (c) 2013-2021 Ingo Bauersachs package org.xbill.DNS.dnssec; -import java.util.Comparator; +import lombok.experimental.UtilityClass; /** * This class implements a basic comparator for byte arrays. It is primarily useful for comparing @@ -11,7 +11,8 @@ * * @since 3.5 */ -final class ByteArrayComparator implements Comparator { +@UtilityClass +final class ByteArrayComparator { private static final int MAX_BYTE = 0xFF; /** {@inheritDoc} */ diff --git a/src/main/java/org/xbill/DNS/dnssec/NSEC3ValUtils.java b/src/main/java/org/xbill/DNS/dnssec/NSEC3ValUtils.java index e509fa585..81719f45f 100644 --- a/src/main/java/org/xbill/DNS/dnssec/NSEC3ValUtils.java +++ b/src/main/java/org/xbill/DNS/dnssec/NSEC3ValUtils.java @@ -195,15 +195,16 @@ private boolean nsec3Covers(NSEC3Record nsec3, Name zonename, byte[] hash) { byte[] next = nsec3.getNext(); // This is the "normal case: owner < next and owner < hash < next - ByteArrayComparator bac = new ByteArrayComparator(); - if (bac.compare(owner, hash) < 0 && bac.compare(hash, next) < 0) { + if (ByteArrayComparator.compare(owner, hash) < 0 + && ByteArrayComparator.compare(hash, next) < 0) { return true; } // this is the end of zone case: next <= owner AND (hash > owner OR hash < next) // Otherwise, the NSEC3 does not cover the hash. - return bac.compare(next, owner) <= 0 - && (bac.compare(hash, owner) > 0 || bac.compare(hash, next) < 0); + return ByteArrayComparator.compare(next, owner) <= 0 + && (ByteArrayComparator.compare(hash, owner) > 0 + || ByteArrayComparator.compare(hash, next) < 0); } /** @@ -385,7 +386,6 @@ private boolean validIterations(SRRset nsec, KeyCache keyCache) { */ public boolean allNSEC3sIgnoreable(List nsec3s, KeyCache dnskeyRrset) { Map foundNsecs = new HashMap<>(); - ByteArrayComparator comp = new ByteArrayComparator(); for (SRRset set : nsec3s) { for (Record r : set.rrs()) { NSEC3Record current = (NSEC3Record) r; @@ -405,7 +405,7 @@ public boolean allNSEC3sIgnoreable(List nsec3s, KeyCache dnskeyRrset) { } if (current.getSalt() != null - && comp.compare(current.getSalt(), previous.getSalt()) != 0) { + && ByteArrayComparator.compare(current.getSalt(), previous.getSalt()) != 0) { return true; } } else { diff --git a/src/test/java/org/xbill/DNS/dnssec/TestByteArrayComparator.java b/src/test/java/org/xbill/DNS/dnssec/TestByteArrayComparator.java index b1e22b314..b288d60a5 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestByteArrayComparator.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestByteArrayComparator.java @@ -6,7 +6,6 @@ import org.junit.jupiter.api.Test; class TestByteArrayComparator { - private final ByteArrayComparator c = new ByteArrayComparator(); private final byte[] b1 = new byte[] {0}; private final byte[] b2 = new byte[] {0}; private final byte[] b3 = new byte[] {1}; @@ -14,18 +13,18 @@ class TestByteArrayComparator { @Test void testEquals() { - assertEquals(0, c.compare(b1, b2)); + assertEquals(0, ByteArrayComparator.compare(b1, b2)); } @Test void testLessThan() { - assertEquals(-1, c.compare(b2, b3)); - assertEquals(-1, c.compare(b1, b4)); + assertEquals(-1, ByteArrayComparator.compare(b2, b3)); + assertEquals(-1, ByteArrayComparator.compare(b1, b4)); } @Test void testGreaterThan() { - assertEquals(1, c.compare(b3, b2)); - assertEquals(1, c.compare(b4, b1)); + assertEquals(1, ByteArrayComparator.compare(b3, b2)); + assertEquals(1, ByteArrayComparator.compare(b4, b1)); } } From a9e493a4628def2e9c3a530401b961203f678bd1 Mon Sep 17 00:00:00 2001 From: Ingo Bauersachs Date: Sun, 26 Sep 2021 11:40:54 +0200 Subject: [PATCH 04/12] Fix doc --- README.adoc | 72 ++++++++++++++++++++++++++++------------------------- 1 file changed, 38 insertions(+), 34 deletions(-) diff --git a/README.adoc b/README.adoc index ba957a1c5..ebecb8865 100644 --- a/README.adoc +++ b/README.adoc @@ -113,12 +113,6 @@ Do NOT use it. |true |false -.2+|dnsjava.disable_idn -3+|Disable parsing of Internationalized Domain Names (IDN). -|Boolean -|false -|true - 4+h|dnssec options .2+|dnsjava.dnssec.keycache.max_ttl 3+|Maximum time-to-live (TTL) of entries in the key cache in seconds. @@ -195,12 +189,12 @@ Please refer to the Javadoc for details. [cols="1,1,1,4",options=header] |=== -| Key| Type | Default | Explanation -| BINDTTL | Boolean | false | Print TTLs in BIND format -| multiline | Boolean | false | Print records in multiline format -| noPrintIN | Boolean | false | Do not print the class of a record if it is `IN` -| tsigfudge | Integer | 300 | Sets the default TSIG fudge value (in seconds) -| sig0validity | Integer | 300 | Sets the default SIG(0) validity period (in seconds) +| Key | Type | Default | Explanation +| `BINDTTL` | Boolean | false | Print TTLs in BIND format +| `multiline` | Boolean | false | Print records in multiline format +| `noPrintIN` | Boolean | false | Do not print the class of a record if it is `IN` +| `tsigfudge` | Integer | 300 | Sets the default TSIG fudge value (in seconds) +| `sig0validity` | Integer | 300 | Sets the default SIG(0) validity period (in seconds) |=== === Resolvers @@ -211,7 +205,7 @@ Basic resolver that uses UDP by default and falls back to TCP if required. ==== ExtendedResolver -Resolver that uses multiple `SimpleResolver` s to send the queries. +Resolver that uses multiple ``SimpleResolver``s to send the queries. Can be configured to query the servers in a round-robin order. Blacklists a server if it times out. @@ -238,39 +232,49 @@ The link:EXAMPLES.md[examples] contain a small demo. dnsjava v3 has significant API changes compared to version 2.1.x and is neither source nor binary compatible. The most important changes are: -- The minimum supported version is Java 8 -- Uses http://www.slf4j.org/[slf4j] for logging and thus needs `slf4j-api` +* Requires at least Java 8 + +* Uses http://www.slf4j.org/[slf4j] for logging and thus needs `slf4j-api` on the classpath -- The link:USAGE.md[command line tools] were moved to the `org.xbill.DNS.tools` + +* The link:USAGE.md[command line tools] were moved to the `org.xbill.DNS.tools` package -- On Windows, https://github.com/java-native-access/jna[JNA] should be on the classpath for the search path and proper DNS server finding -- The `Resolver` API for custom resolvers has changed to use + +* On Windows, https://github.com/java-native-access/jna[JNA] should be on the classpath for the search path and proper DNS server finding + +* The `Resolver` API for custom resolvers has changed to use `CompletionStage` for asynchronous resolving. The built-in resolvers are now fully non-blocking and do not start a thread per query anymore. -- Many methods return a `List` instead of an array. + +* Many methods return a `List` instead of an array. Ideally, use a for-each loop. If this is not possible, call `size()` instead of using `length`: -- Cache#findAnyRecords -- Cache#findRecords -- Lookup#getDefaultSearchPath -- Message#getSectionRRsets -- SetResponse#answers -- ResolverConfig -- RRset returns a List instead of an `Iterator`. +** Cache#findAnyRecords +** Cache#findRecords +** Lookup#getDefaultSearchPath +** Message#getSectionRRsets +** SetResponse#answers +** ResolverConfig + +* RRset returns a List instead of an `Iterator`. Ideally, modify your code to use a for-each loop. If this is not possible, create an iterator on the returned list: -- RRset#rrs -- RRset#sigs -- Methods using `java.util.Date` are deprecated. +** RRset#rrs +** RRset#sigs + +* Methods using `java.util.Date` are deprecated. Use the new versions with `java.time.Instant` or `java.time.Duration` instead -- The type hierarchy of `SMIMEARecord` changed, it now inherits from + +* The type hierarchy of `SMIMEARecord` changed, it now inherits from `TLSARecord` and constants are shared -- `Record`s are no longer marked as `Serializable`. + +* ``Record``s are no longer marked as `Serializable`. Use the RFC defined serialization formats: -- `toString()`, `rrToString()` <-> `fromString()` -- `toWire()` <-> `fromWire()`, `newRecord()` -- `Message` and `Header` properly support `clone()` +** `toString()`, `rrToString()` ↔ `fromString()` +** `toWire()` ↔ `fromWire()`, `newRecord()` + +* `Message` and `Header` properly support `clone()` === Replacing the standard Java DNS functionality From 407ab361d2494fc1c16518e0aaa1a5ee90af3821 Mon Sep 17 00:00:00 2001 From: Ingo Bauersachs Date: Sat, 2 Oct 2021 17:50:00 +0200 Subject: [PATCH 05/12] Add intial support for EDE --- .../org/xbill/DNS/dnssec/DnsSecVerifier.java | 64 +++++-- .../xbill/DNS/dnssec/JustifiedSecStatus.java | 6 +- .../java/org/xbill/DNS/dnssec/KeyEntry.java | 23 ++- .../java/org/xbill/DNS/dnssec/SMessage.java | 29 ++-- .../java/org/xbill/DNS/dnssec/ValUtils.java | 63 +++---- .../xbill/DNS/dnssec/ValidatingResolver.java | 160 ++++++++++++------ src/main/resources/messages.properties | 8 +- .../DNS/dnssec/TestAlgorithmSupport.java | 4 + .../java/org/xbill/DNS/dnssec/TestBase.java | 14 ++ .../java/org/xbill/DNS/dnssec/TestCNames.java | 17 ++ .../dnssec/TestNormallyUnreachableCode.java | 4 +- 11 files changed, 268 insertions(+), 124 deletions(-) diff --git a/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java b/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java index c382411c8..9b2a2f0b7 100644 --- a/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java +++ b/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java @@ -11,6 +11,10 @@ import org.xbill.DNS.DNSKEYRecord; import org.xbill.DNS.DNSSEC; import org.xbill.DNS.DNSSEC.DNSSECException; +import org.xbill.DNS.DNSSEC.KeyMismatchException; +import org.xbill.DNS.DNSSEC.SignatureExpiredException; +import org.xbill.DNS.DNSSEC.SignatureNotYetValidException; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.RRSIGRecord; import org.xbill.DNS.RRset; import org.xbill.DNS.Record; @@ -67,34 +71,52 @@ private List findKey(RRset dnskeyRrset, RRSIGRecord signature) { * if it did not verify (for any reason), and {@link SecurityStatus#UNCHECKED} if verification * could not be completed (usually because the public key was not available). */ - private SecurityStatus verifySignature( + private JustifiedSecStatus verifySignature( SRRset rrset, RRSIGRecord sigrec, RRset keyRrset, Instant date) { + if (!rrset.getName().subdomain(keyRrset.getName())) { + log.debug("signer name is off-tree"); + return new JustifiedSecStatus( + SecurityStatus.BOGUS, + ExtendedErrorCodeOption.DNSSEC_BOGUS, + R.get("dnskey.key_offtree", keyRrset.getName(), rrset.getName())); + } + List keys = this.findKey(keyRrset, sigrec); if (keys.isEmpty()) { log.trace("could not find appropriate key"); - return SecurityStatus.BOGUS; + return new JustifiedSecStatus( + SecurityStatus.BOGUS, + ExtendedErrorCodeOption.DNSKEY_MISSING, + R.get("dnskey.no_key", sigrec.getSigner())); } - SecurityStatus status = SecurityStatus.UNCHECKED; for (DNSKEYRecord key : keys) { try { - if (!rrset.getName().subdomain(keyRrset.getName())) { - log.debug("signer name is off-tree"); - status = SecurityStatus.BOGUS; - continue; - } - DNSSEC.verify(rrset, sigrec, key, date); ValUtils.setCanonicalNsecOwner(rrset, sigrec); - return SecurityStatus.SECURE; + return new JustifiedSecStatus(SecurityStatus.SECURE, -1, null); + } catch (KeyMismatchException kme) { + return new JustifiedSecStatus( + SecurityStatus.BOGUS, ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("dnskey.no_match")); + } catch (SignatureExpiredException e) { + return new JustifiedSecStatus( + SecurityStatus.BOGUS, + ExtendedErrorCodeOption.SIGNATURE_EXPIRED, + R.get("dnskey.expired")); + } catch (SignatureNotYetValidException e) { + return new JustifiedSecStatus( + SecurityStatus.BOGUS, + ExtendedErrorCodeOption.SIGNATURE_NOT_YET_VALID, + R.get("dnskey.not_yet_valid")); } catch (DNSSECException e) { log.error( "Failed to validate RRset {}/{}", rrset.getName(), Type.string(rrset.getType()), e); - status = SecurityStatus.BOGUS; + return new JustifiedSecStatus( + SecurityStatus.BOGUS, ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("dnskey.invalid")); } } - return status; + return new JustifiedSecStatus(SecurityStatus.UNCHECKED, -1, null); } /** @@ -106,22 +128,30 @@ private SecurityStatus verifySignature( * @param date The date against which to verify the rrset. * @return SecurityStatus.SECURE if the rrest verified positively, SecurityStatus.BOGUS otherwise. */ - public SecurityStatus verify(SRRset rrset, RRset keyRrset, Instant date) { + public JustifiedSecStatus verify(SRRset rrset, RRset keyRrset, Instant date) { List sigs = rrset.sigs(); if (sigs.isEmpty()) { log.info("RRset failed to verify due to lack of signatures"); - return SecurityStatus.BOGUS; + return new JustifiedSecStatus( + SecurityStatus.BOGUS, + ExtendedErrorCodeOption.RRSIGS_MISSING, + R.get("validate.bogus.missingsig")); } + JustifiedSecStatus res = + new JustifiedSecStatus( + SecurityStatus.BOGUS, + ExtendedErrorCodeOption.RRSIGS_MISSING, + R.get("validate.bogus.missingsig")); for (RRSIGRecord sigrec : sigs) { - SecurityStatus res = this.verifySignature(rrset, sigrec, keyRrset, date); - if (res == SecurityStatus.SECURE) { + res = this.verifySignature(rrset, sigrec, keyRrset, date); + if (res.status == SecurityStatus.SECURE) { return res; } } log.info("RRset failed to verify: all signatures were BOGUS"); - return SecurityStatus.BOGUS; + return res; } /** diff --git a/src/main/java/org/xbill/DNS/dnssec/JustifiedSecStatus.java b/src/main/java/org/xbill/DNS/dnssec/JustifiedSecStatus.java index 4dbe661ce..944c3e9fe 100644 --- a/src/main/java/org/xbill/DNS/dnssec/JustifiedSecStatus.java +++ b/src/main/java/org/xbill/DNS/dnssec/JustifiedSecStatus.java @@ -8,6 +8,7 @@ */ final class JustifiedSecStatus { SecurityStatus status; + int edeReason; String reason; /** @@ -16,8 +17,9 @@ final class JustifiedSecStatus { * @param status The security status. * @param reason The reason why the status was determined. */ - JustifiedSecStatus(SecurityStatus status, String reason) { + JustifiedSecStatus(SecurityStatus status, int edeReason, String reason) { this.status = status; + this.edeReason = edeReason; this.reason = reason; } @@ -27,6 +29,6 @@ final class JustifiedSecStatus { * @param response The response to which to apply this status. */ void applyToResponse(SMessage response) { - response.setStatus(this.status, this.reason); + response.setStatus(this.status, edeReason, this.reason); } } diff --git a/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java b/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java index c811c279d..71a585e21 100644 --- a/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java +++ b/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java @@ -6,6 +6,7 @@ import lombok.EqualsAndHashCode; import lombok.extern.slf4j.Slf4j; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.Name; import org.xbill.DNS.Record; import org.xbill.DNS.Type; @@ -20,6 +21,7 @@ callSuper = true, of = {"badReason", "isEmpty"}) final class KeyEntry extends SRRset { + private int edeReason; private String badReason; private boolean isEmpty; @@ -107,7 +109,8 @@ public boolean isGood() { * * @param reason The reason why this key entry is bad. */ - public void setBadReason(String reason) { + public void setBadReason(int edeReason, String reason) { + this.edeReason = edeReason; this.badReason = reason; log.debug(this.badReason); } @@ -130,19 +133,27 @@ JustifiedSecStatus validateKeyFor(Name signerName) { reason = R.get("validate.insecure_unsigned"); } - return new JustifiedSecStatus(SecurityStatus.INSECURE, reason); + return new JustifiedSecStatus(SecurityStatus.INSECURE, edeReason, reason); } if (this.isGood()) { - return new JustifiedSecStatus(SecurityStatus.BOGUS, R.get("validate.bogus.missingsig")); + return new JustifiedSecStatus( + SecurityStatus.BOGUS, + ExtendedErrorCodeOption.RRSIGS_MISSING, + R.get("validate.bogus.missingsig")); } - return new JustifiedSecStatus(SecurityStatus.BOGUS, R.get("validate.bogus", this.badReason)); + return new JustifiedSecStatus( + SecurityStatus.BOGUS, + ExtendedErrorCodeOption.DNSSEC_BOGUS, + R.get("validate.bogus", this.badReason)); } if (this.isBad()) { return new JustifiedSecStatus( - SecurityStatus.BOGUS, R.get("validate.bogus.badkey", this.getName(), this.badReason)); + SecurityStatus.BOGUS, + ExtendedErrorCodeOption.DNSSEC_BOGUS, + R.get("validate.bogus.badkey", this.getName(), this.badReason)); } if (this.isNull()) { @@ -151,7 +162,7 @@ JustifiedSecStatus validateKeyFor(Name signerName) { reason = R.get("validate.insecure"); } - return new JustifiedSecStatus(SecurityStatus.INSECURE, reason); + return new JustifiedSecStatus(SecurityStatus.INSECURE, edeReason, reason); } return null; diff --git a/src/main/java/org/xbill/DNS/dnssec/SMessage.java b/src/main/java/org/xbill/DNS/dnssec/SMessage.java index 23d9b6e94..447f83575 100644 --- a/src/main/java/org/xbill/DNS/dnssec/SMessage.java +++ b/src/main/java/org/xbill/DNS/dnssec/SMessage.java @@ -8,6 +8,7 @@ import java.util.LinkedList; import java.util.List; import lombok.extern.slf4j.Slf4j; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.Flags; import org.xbill.DNS.Header; import org.xbill.DNS.Message; @@ -36,6 +37,7 @@ final class SMessage { private final List[] sections; private SecurityStatus securityStatus; private String bogusReason; + private int edeReason = -1; /** * Creates a instance of this class. @@ -181,8 +183,8 @@ public SecurityStatus getStatus() { * * @param status the new security status for this message. */ - public void setStatus(SecurityStatus status) { - this.securityStatus = status; + public void setStatus(SecurityStatus status, int edeReason) { + setStatus(status, edeReason, null); } /** @@ -191,12 +193,22 @@ public void setStatus(SecurityStatus status) { * @param status the new security status for this message. * @param reason Why this message's status is set as indicated. */ - public void setStatus(SecurityStatus status, String reason) { + public void setStatus(SecurityStatus status, int edeReason, String reason) { this.securityStatus = status; + this.edeReason = edeReason; this.bogusReason = reason; log.debug(this.bogusReason); } + /** + * Sets the security status of this message to bogus and sets the reason. + * + * @param reason Why this message's status is bogus. + */ + public void setBogus(String reason) { + setStatus(SecurityStatus.BOGUS, ExtendedErrorCodeOption.DNSSEC_BOGUS, reason); + } + /** * Gets the reason why this messages' status is bogus. * @@ -207,14 +219,11 @@ public String getBogusReason() { } /** - * Sets the security status of this message to bogus and sets the reason. - * - * @param reason Why this message's status is bogus. + * Gets the {@link org.xbill.DNS.ExtendedErrorCodeOption} reason why this messages' status is + * bogus. */ - public void setBogus(String reason) { - this.setStatus(SecurityStatus.BOGUS); - this.bogusReason = reason; - log.debug(this.bogusReason); + public int getEdeReason() { + return this.edeReason; } /** diff --git a/src/main/java/org/xbill/DNS/dnssec/ValUtils.java b/src/main/java/org/xbill/DNS/dnssec/ValUtils.java index 021ebf2e2..17c589288 100644 --- a/src/main/java/org/xbill/DNS/dnssec/ValUtils.java +++ b/src/main/java/org/xbill/DNS/dnssec/ValUtils.java @@ -13,6 +13,7 @@ import org.xbill.DNS.DNSSEC; import org.xbill.DNS.DNSSEC.Algorithm; import org.xbill.DNS.DSRecord; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.Message; import org.xbill.DNS.NSECRecord; import org.xbill.DNS.Name; @@ -232,14 +233,18 @@ public KeyEntry verifyNewDNSKEYs( if (!atLeastOneDigestSupported(dsRrset)) { KeyEntry ke = KeyEntry.newNullKeyEntry(dsRrset.getName(), dsRrset.getDClass(), dsRrset.getTTL()); - ke.setBadReason(R.get("failed.ds.nodigest", dsRrset.getName())); + ke.setBadReason( + ExtendedErrorCodeOption.UNSUPPORTED_DS_DIGEST_TYPE, + R.get("failed.ds.nodigest", dsRrset.getName())); return ke; } if (!atLeastOneSupportedAlgorithm(dsRrset)) { KeyEntry ke = KeyEntry.newNullKeyEntry(dsRrset.getName(), dsRrset.getDClass(), dsRrset.getTTL()); - ke.setBadReason(R.get("failed.ds.noalg", dsRrset.getName())); + ke.setBadReason( + ExtendedErrorCodeOption.UNSUPPORTED_DNSKEY_ALGORITHM, + R.get("failed.ds.noalg", dsRrset.getName())); return ke; } @@ -270,7 +275,7 @@ public KeyEntry verifyNewDNSKEYs( // If any were understandable, then it is bad. KeyEntry badKey = KeyEntry.newBadKeyEntry(dsRrset.getName(), dsRrset.getDClass(), badKeyTTL); - badKey.setBadReason(R.get("dnskey.no_ds_match")); + badKey.setBadReason(ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("dnskey.no_ds_match")); return badKey; } @@ -348,7 +353,7 @@ && isAlgorithmSupported(ds.getAlgorithm())) { * @param date The date against which to verify the rrset. * @return The status (BOGUS or SECURE). */ - public SecurityStatus verifySRRset(SRRset rrset, SRRset keyRrset, Instant date) { + public JustifiedSecStatus verifySRRset(SRRset rrset, SRRset keyRrset, Instant date) { String rrsetName = rrset.getName() + "/" @@ -358,19 +363,12 @@ public SecurityStatus verifySRRset(SRRset rrset, SRRset keyRrset, Instant date) if (rrset.getSecurityStatus() == SecurityStatus.SECURE) { log.trace("verifySRRset: rrset <{}> previously found to be SECURE", rrsetName); - return SecurityStatus.SECURE; + return new JustifiedSecStatus(SecurityStatus.SECURE, -1, null); } - SecurityStatus status = this.verifier.verify(rrset, keyRrset, date); - if (status != SecurityStatus.SECURE) { - log.debug("verifySRRset: rrset <{}> found to be BAD", rrsetName); - status = SecurityStatus.BOGUS; - } else { - log.trace("verifySRRset: rrset <{}> found to be SECURE", rrsetName); - } - - rrset.setSecurityStatus(status); - return status; + JustifiedSecStatus res = this.verifier.verify(rrset, keyRrset, date); + rrset.setSecurityStatus(res.status); + return res; } /** @@ -674,28 +672,27 @@ public JustifiedSecStatus nsecProvesNodataDsReply( Name qname = request.getQuestion().getName(); int qclass = request.getQuestion().getDClass(); - // If we have a NSEC at the same name, it must prove one of two - // things - // -- + // If we have a NSEC at the same name, it must prove one of two things: // 1) this is a delegation point and there is no DS // 2) this is not a delegation point SRRset nsecRrset = response.findRRset(qname, Type.NSEC, qclass, Section.AUTHORITY); if (nsecRrset != null) { // The NSEC must verify, first of all. - SecurityStatus status = this.verifySRRset(nsecRrset, keyRrset, date); - if (status != SecurityStatus.SECURE) { - return new JustifiedSecStatus(SecurityStatus.BOGUS, R.get("failed.ds.nsec")); + JustifiedSecStatus res = this.verifySRRset(nsecRrset, keyRrset, date); + if (res.status != SecurityStatus.SECURE) { + return new JustifiedSecStatus(SecurityStatus.BOGUS, res.edeReason, R.get("failed.ds.nsec")); } NSECRecord nsec = (NSECRecord) nsecRrset.first(); - status = ValUtils.nsecProvesNoDS(nsec, qname); + SecurityStatus status = ValUtils.nsecProvesNoDS(nsec, qname); switch (status) { case INSECURE: // this wasn't a delegation point. - return new JustifiedSecStatus(status, R.get("failed.ds.nodelegation")); + return new JustifiedSecStatus(status, -1, R.get("failed.ds.nodelegation")); case SECURE: // this proved no DS. - return new JustifiedSecStatus(status, R.get("insecure.ds.nsec")); + return new JustifiedSecStatus(status, -1, R.get("insecure.ds.nsec")); default: // something was wrong. - return new JustifiedSecStatus(status, R.get("failed.ds.nsec.hasdata")); + return new JustifiedSecStatus( + status, ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("failed.ds.nsec.hasdata")); } } @@ -706,9 +703,9 @@ public JustifiedSecStatus nsecProvesNodataDsReply( boolean hasValidNSEC = false; NSECRecord wcNsec = null; for (SRRset set : response.getSectionRRsets(Section.AUTHORITY, Type.NSEC)) { - SecurityStatus status = this.verifySRRset(set, keyRrset, date); - if (status != SecurityStatus.SECURE) { - return new JustifiedSecStatus(status, R.get("failed.ds.nsec.ent")); + JustifiedSecStatus res = this.verifySRRset(set, keyRrset, date); + if (res.status != SecurityStatus.SECURE) { + return new JustifiedSecStatus(res.status, res.edeReason, R.get("failed.ds.nsec.ent")); } NSECRecord nsec = (NSECRecord) set.rrs().get(0); @@ -735,13 +732,17 @@ public JustifiedSecStatus nsecProvesNodataDsReply( if (hasValidNSEC) { if (ndp.wc != null) { SecurityStatus status = nsecProvesNoDS(wcNsec, qname); - return new JustifiedSecStatus(status, R.get("failed.ds.nowildcardproof")); + return new JustifiedSecStatus( + status, ExtendedErrorCodeOption.NSEC_MISSING, R.get("failed.ds.nowildcardproof")); } - return new JustifiedSecStatus(SecurityStatus.INSECURE, R.get("insecure.ds.nsec.ent")); + return new JustifiedSecStatus(SecurityStatus.INSECURE, -1, R.get("insecure.ds.nsec.ent")); } - return new JustifiedSecStatus(SecurityStatus.UNCHECKED, R.get("failed.ds.nonconclusive")); + return new JustifiedSecStatus( + SecurityStatus.UNCHECKED, + ExtendedErrorCodeOption.DNSSEC_INDETERMINATE, + R.get("failed.ds.nonconclusive")); } /** diff --git a/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java b/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java index 8296bf800..b9f051778 100644 --- a/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java +++ b/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java @@ -21,11 +21,14 @@ import java.util.concurrent.CompletableFuture; import java.util.concurrent.CompletionStage; import java.util.concurrent.atomic.AtomicInteger; +import lombok.Getter; +import lombok.Setter; import lombok.extern.slf4j.Slf4j; import org.xbill.DNS.CNAMERecord; import org.xbill.DNS.DClass; import org.xbill.DNS.DNAMERecord; import org.xbill.DNS.EDNSOption; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.ExtendedFlags; import org.xbill.DNS.Flags; import org.xbill.DNS.Header; @@ -34,10 +37,12 @@ import org.xbill.DNS.NSECRecord; import org.xbill.DNS.Name; import org.xbill.DNS.NameTooLongException; +import org.xbill.DNS.OPTRecord; import org.xbill.DNS.Rcode; import org.xbill.DNS.Record; import org.xbill.DNS.Resolver; import org.xbill.DNS.Section; +import org.xbill.DNS.SimpleResolver; import org.xbill.DNS.TSIG; import org.xbill.DNS.TXTRecord; import org.xbill.DNS.Type; @@ -80,6 +85,13 @@ public final class ValidatingResolver implements Resolver { /** The clock used to validate messages. */ private final Clock clock; + /** + * If {@code true}, an additional record with the validation reason is added to the {@link + * Section#ADDITIONAL} section. The record is available at {@code ./TXT/}{@value + * #VALIDATION_REASON_QCLASS}. + */ + @Getter @Setter private boolean isAddReasonToAdditional = true; + /** * Creates a new instance of this class. * @@ -330,7 +342,8 @@ private CompletionStage validatePositiveResponse(Message request, SMessage // using the NSEC3 records. if (!wcNsecOk && !nsec3s.isEmpty()) { if (this.n3valUtils.allNSEC3sIgnoreable(nsec3s, this.keyCache)) { - response.setStatus(SecurityStatus.INSECURE, R.get("failed.nsec3_ignored")); + response.setStatus( + SecurityStatus.INSECURE, -1, R.get("failed.nsec3_ignored")); return; } @@ -338,7 +351,7 @@ private CompletionStage validatePositiveResponse(Message request, SMessage this.n3valUtils.proveWildcard( nsec3s, wc.getKey(), nsec3s.get(0).getSignerName(), wc.getValue()); if (status == SecurityStatus.INSECURE) { - response.setStatus(status); + response.setStatus(status, -1); return; } else if (status == SecurityStatus.SECURE) { wcNsecOk = true; @@ -354,7 +367,7 @@ private CompletionStage validatePositiveResponse(Message request, SMessage } } - response.setStatus(SecurityStatus.SECURE); + response.setStatus(SecurityStatus.SECURE, -1); }); } @@ -391,10 +404,10 @@ private CompletionStage validatePositiveResponseRecursive( return completedFuture(false); } - SecurityStatus status = this.valUtils.verifySRRset(set, ke, this.clock.instant()); + JustifiedSecStatus res = this.valUtils.verifySRRset(set, ke, this.clock.instant()); // If anything in the authority section fails to be secure, we // have a bad message. - if (status != SecurityStatus.SECURE) { + if (res.status != SecurityStatus.SECURE) { response.setBogus(R.get("failed.authority.positive", set)); return completedFuture(false); } @@ -438,9 +451,9 @@ private CompletionStage validateAnswerAndGetWildcardsRecursive( return completedFuture(false); } - SecurityStatus status = this.valUtils.verifySRRset(set, ke, this.clock.instant()); + JustifiedSecStatus res = this.valUtils.verifySRRset(set, ke, this.clock.instant()); // If the answer rrset failed to validate, then this message is BAD - if (status != SecurityStatus.SECURE) { + if (res.status != SecurityStatus.SECURE) { response.setBogus(R.get("failed.answer.positive", set)); return completedFuture(false); } @@ -596,14 +609,14 @@ private CompletionStage validateNodataResponse(Message request, SMessage r // try to prove NODATA with our NSEC3 record(s) if (this.n3valUtils.allNSEC3sIgnoreable(nsec3s, this.keyCache)) { - response.setStatus(SecurityStatus.BOGUS, R.get("failed.nsec3_ignored")); + response.setBogus(R.get("failed.nsec3_ignored")); return null; } SecurityStatus status = this.n3valUtils.proveNodata(nsec3s, qname, qtype, nsec3Signer); if (status == SecurityStatus.INSECURE) { - response.setStatus(SecurityStatus.INSECURE); + response.setStatus(SecurityStatus.INSECURE, -1); return null; } @@ -617,7 +630,7 @@ private CompletionStage validateNodataResponse(Message request, SMessage r } log.trace("successfully validated NODATA response"); - response.setStatus(SecurityStatus.SECURE); + response.setStatus(SecurityStatus.SECURE, -1); return null; }); } @@ -638,8 +651,8 @@ private CompletionStage validateNodataResponseRecursive( return this.failedFuture(new Exception(kve.reason)); } - SecurityStatus status = this.valUtils.verifySRRset(set, ke, this.clock.instant()); - if (status != SecurityStatus.SECURE) { + JustifiedSecStatus res = this.valUtils.verifySRRset(set, ke, this.clock.instant()); + if (res.status != SecurityStatus.SECURE) { response.setBogus(R.get("failed.authority.nodata", set)); return this.failedFuture(new Exception("failed.authority.nodata")); } @@ -730,16 +743,19 @@ private CompletionStage validateNameErrorResponse(Message request, SMessag // Attempt to prove name error with nsec3 records. if (this.n3valUtils.allNSEC3sIgnoreable(nsec3s, this.keyCache)) { - response.setStatus(SecurityStatus.INSECURE, R.get("failed.nsec3_ignored")); + response.setStatus(SecurityStatus.INSECURE, -1, R.get("failed.nsec3_ignored")); return completedFuture(null); } SecurityStatus status = this.n3valUtils.proveNameError(nsec3s, qname, nsec3Signer); if (status != SecurityStatus.SECURE) { if (status == SecurityStatus.INSECURE) { - response.setStatus(status, R.get("failed.nxdomain.nsec3_insecure")); + response.setStatus(status, -1, R.get("failed.nxdomain.nsec3_insecure")); } else { - response.setStatus(status, R.get("failed.nxdomain.nsec3_bogus")); + response.setStatus( + status, + ExtendedErrorCodeOption.DNSSEC_BOGUS, + R.get("failed.nxdomain.nsec3_bogus")); } return completedFuture(null); @@ -776,7 +792,7 @@ private CompletionStage validateNameErrorResponse(Message request, SMessag // Otherwise, we consider the message secure. log.trace("successfully validated NAME ERROR response."); - response.setStatus(SecurityStatus.SECURE); + response.setStatus(SecurityStatus.SECURE, -1); return completedFuture(null); }) .exceptionally(ex -> null); @@ -798,8 +814,8 @@ private CompletionStage validateNameErrorResponseRecursive( return this.failedFuture(new Exception(kve.reason)); } - SecurityStatus status = this.valUtils.verifySRRset(set, ke, this.clock.instant()); - if (status != SecurityStatus.SECURE) { + JustifiedSecStatus res = this.valUtils.verifySRRset(set, ke, this.clock.instant()); + if (res.status != SecurityStatus.SECURE) { response.setBogus(R.get("failed.nxdomain.authority", set)); return this.failedFuture(new Exception("failed.nxdomain.authority")); } @@ -940,7 +956,7 @@ private KeyEntry dsResponseToKE(SMessage response, Message request, SRRset keyRr Name qname = request.getQuestion().getName(); int qclass = request.getQuestion().getDClass(); - SecurityStatus status; + JustifiedSecStatus res; ResponseClassification subtype = ValUtils.classifyResponse(request, response); KeyEntry bogusKE = KeyEntry.newBadKeyEntry(qname, qclass, DEFAULT_TA_BAD_KEY_TTL); @@ -949,15 +965,17 @@ private KeyEntry dsResponseToKE(SMessage response, Message request, SRRset keyRr // Verify only returns BOGUS or SECURE. If the rrset is bogus, // then we are done. SRRset dsRrset = response.findAnswerRRset(qname, Type.DS, qclass); - status = this.valUtils.verifySRRset(dsRrset, keyRrset, this.clock.instant()); - if (status != SecurityStatus.SECURE) { - bogusKE.setBadReason(R.get("failed.ds")); + res = this.valUtils.verifySRRset(dsRrset, keyRrset, this.clock.instant()); + if (res.status != SecurityStatus.SECURE) { + bogusKE.setBadReason(ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("failed.ds")); return bogusKE; } if (!valUtils.atLeastOneSupportedAlgorithm(dsRrset)) { KeyEntry nullKey = KeyEntry.newNullKeyEntry(qname, qclass, dsRrset.getTTL()); - nullKey.setBadReason(R.get("insecure.ds.noalgorithms", qname)); + nullKey.setBadReason( + ExtendedErrorCodeOption.UNSUPPORTED_DNSKEY_ALGORITHM, + R.get("insecure.ds.noalgorithms", qname)); return nullKey; } @@ -969,12 +987,12 @@ private KeyEntry dsResponseToKE(SMessage response, Message request, SRRset keyRr // Verify only returns BOGUS or SECURE. If the rrset is bogus, // then we are done. SRRset cnameRrset = response.findAnswerRRset(qname, Type.CNAME, qclass); - status = this.valUtils.verifySRRset(cnameRrset, keyRrset, this.clock.instant()); - if (status == SecurityStatus.SECURE) { + res = this.valUtils.verifySRRset(cnameRrset, keyRrset, this.clock.instant()); + if (res.status == SecurityStatus.SECURE) { return null; } - bogusKE.setBadReason(R.get("failed.ds.cname")); + bogusKE.setBadReason(ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("failed.ds.cname")); return bogusKE; case NODATA: @@ -984,7 +1002,8 @@ private KeyEntry dsResponseToKE(SMessage response, Message request, SRRset keyRr default: // We've encountered an unhandled classification for this // response. - bogusKE.setBadReason(R.get("failed.ds.notype", subtype)); + bogusKE.setBadReason( + ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("failed.ds.notype", subtype)); return bogusKE; } } @@ -1006,7 +1025,8 @@ private KeyEntry dsReponseToKeForNodata(SMessage response, Message request, SRRs KeyEntry bogusKE = KeyEntry.newBadKeyEntry(qname, qclass, DEFAULT_TA_BAD_KEY_TTL); if (!this.valUtils.hasSignedNsecs(response)) { - bogusKE.setBadReason(R.get("failed.ds.nonsec", qname)); + bogusKE.setBadReason( + ExtendedErrorCodeOption.RRSIGS_MISSING, R.get("failed.ds.nonsec", qname)); return bogusKE; } @@ -1016,12 +1036,12 @@ private KeyEntry dsReponseToKeForNodata(SMessage response, Message request, SRRs switch (status.status) { case SECURE: KeyEntry nullKey = KeyEntry.newNullKeyEntry(qname, qclass, DEFAULT_TA_BAD_KEY_TTL); - nullKey.setBadReason(R.get("insecure.ds.nsec")); + nullKey.setBadReason(-1, R.get("insecure.ds.nsec")); return nullKey; case INSECURE: return null; case BOGUS: - bogusKE.setBadReason(status.reason); + bogusKE.setBadReason(status.edeReason, status.reason); return bogusKE; default: // NSEC proof did not work, try NSEC3 @@ -1036,9 +1056,9 @@ private KeyEntry dsReponseToKeForNodata(SMessage response, Message request, SRRs if (!nsec3Rrsets.isEmpty()) { // Attempt to prove no DS with NSEC3s. for (SRRset nsec3set : nsec3Rrsets) { - SecurityStatus sstatus = + JustifiedSecStatus res = this.valUtils.verifySRRset(nsec3set, keyRrset, this.clock.instant()); - if (sstatus != SecurityStatus.SECURE) { + if (res.status != SecurityStatus.SECURE) { // We could just fail here as there is an invalid rrset, but // skipping doesn't matter because we might not need it or // the proof will fail anyway. @@ -1060,23 +1080,23 @@ private KeyEntry dsReponseToKeForNodata(SMessage response, Message request, SRRs // If nsec3-iter-count too high or optout, then treat below as unsigned case SECURE: KeyEntry nullKey = KeyEntry.newNullKeyEntry(qname, qclass, nsec3TTL); - nullKey.setBadReason(R.get("insecure.ds.nsec3")); + nullKey.setBadReason(-1, R.get("insecure.ds.nsec3")); return nullKey; case INDETERMINATE: log.debug("nsec3s for the referral proved no delegation."); return null; case BOGUS: - bogusKE.setBadReason(R.get("failed.ds.nsec3")); + bogusKE.setBadReason(ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("failed.ds.nsec3")); return bogusKE; default: - bogusKE.setBadReason(R.get("unknown.ds.nsec3")); + bogusKE.setBadReason(ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("unknown.ds.nsec3")); return bogusKE; } } - // Apparently, no available NSEC/NSEC3 proved NODATA, so this is + // Apparently no available NSEC/NSEC3 proved NODATA, so this is // BOGUS. - bogusKE.setBadReason(R.get("failed.ds.unknown")); + bogusKE.setBadReason(ExtendedErrorCodeOption.NSEC_MISSING, R.get("failed.ds.unknown")); return bogusKE; } @@ -1125,7 +1145,8 @@ private CompletionStage processDNSKEYResponse( if (dnskeyRrset == null) { // If the DNSKEY rrset was missing, this is the end of the line. state.keyEntry = KeyEntry.newBadKeyEntry(qname, qclass, DEFAULT_TA_BAD_KEY_TTL); - state.keyEntry.setBadReason(R.get("dnskey.no_rrset", qname)); + state.keyEntry.setBadReason( + ExtendedErrorCodeOption.DNSKEY_MISSING, R.get("dnskey.no_rrset", qname)); return completedFuture(null); } @@ -1173,7 +1194,7 @@ private CompletionStage processValidate(Message request, SMessage resp .thenCompose( v -> { if (response.getStatus() != SecurityStatus.INSECURE) { - response.setStatus(SecurityStatus.UNCHECKED); + response.setStatus(SecurityStatus.UNCHECKED, -1); return this.validateNodataResponse(request, response); } @@ -1193,7 +1214,7 @@ private CompletionStage processValidate(Message request, SMessage resp .thenCompose( v -> { if (response.getStatus() != SecurityStatus.INSECURE) { - response.setStatus(SecurityStatus.UNCHECKED); + response.setStatus(SecurityStatus.UNCHECKED, -1); return this.validateNameErrorResponse(request, response); } @@ -1202,7 +1223,7 @@ private CompletionStage processValidate(Message request, SMessage resp break; default: - response.setStatus(SecurityStatus.BOGUS, R.get("validate.response.unknown", subtype)); + response.setBogus(R.get("validate.response.unknown", subtype)); completionStage = completedFuture(null); break; } @@ -1218,6 +1239,7 @@ private SMessage processFinishedState(Message request, SMessage response) { // If the response message validated, set the AD bit. SecurityStatus status = response.getStatus(); String reason = response.getBogusReason(); + int edeReason = response.getEdeReason(); switch (status) { case BOGUS: // For now, in the absence of any other API information, we @@ -1239,7 +1261,7 @@ private SMessage processFinishedState(Message request, SMessage response) { throw new IllegalArgumentException("unexpected security status"); } - response.setStatus(status, reason); + response.setStatus(status, edeReason, reason); return response; } @@ -1349,19 +1371,10 @@ public CompletionStage sendAsync(Message query) { Message m = validated.getMessage(); String reason = validated.getBogusReason(); if (reason != null) { - final int maxTxtRecordStringLength = 255; - String[] parts = - new String[reason.length() / maxTxtRecordStringLength + 1]; - for (int i = 0; i < parts.length; i++) { - int length = - Math.min((i + 1) * maxTxtRecordStringLength, reason.length()); - parts[i] = reason.substring(i * maxTxtRecordStringLength, length); + applyEdeToOpt(validated, m); + if (isAddReasonToAdditional) { + addValidationReasonTxtRecord(m, reason); } - - m.addRecord( - new TXTRecord( - Name.root, VALIDATION_REASON_QCLASS, 0, Arrays.asList(parts)), - Section.ADDITIONAL); } return m; @@ -1369,6 +1382,45 @@ public CompletionStage sendAsync(Message query) { }); } + private void applyEdeToOpt(SMessage validated, Message m) { + if (validated.getEdeReason() <= -1) { + return; + } + + OPTRecord old = m.getOPT(); + OPTRecord newOpt; + List options = new ArrayList<>(); + if (old != null) { + options.addAll(old.getOptions()); + newOpt = + new OPTRecord( + old.getPayloadSize(), + old.getExtendedRcode(), + old.getVersion(), + old.getFlags(), + options); + m.removeRecord(m.getOPT(), Section.ADDITIONAL); + } else { + options.add( + new ExtendedErrorCodeOption(validated.getEdeReason(), validated.getBogusReason())); + newOpt = new OPTRecord(SimpleResolver.DEFAULT_EDNS_PAYLOADSIZE, 0, 0, 0, options); + } + m.addRecord(newOpt, Section.ADDITIONAL); + } + + private void addValidationReasonTxtRecord(Message m, String reason) { + final int maxTxtRecordStringLength = 255; + String[] parts = new String[reason.length() / maxTxtRecordStringLength + 1]; + for (int i = 0; i < parts.length; i++) { + int length = Math.min((i + 1) * maxTxtRecordStringLength, reason.length()); + parts[i] = reason.substring(i * maxTxtRecordStringLength, length); + } + + m.addRecord( + new TXTRecord(Name.root, VALIDATION_REASON_QCLASS, 0, Arrays.asList(parts)), + Section.ADDITIONAL); + } + /** * Creates a response message with the given return code. * diff --git a/src/main/resources/messages.properties b/src/main/resources/messages.properties index c1630186a..9ecf571b9 100644 --- a/src/main/resources/messages.properties +++ b/src/main/resources/messages.properties @@ -18,11 +18,15 @@ failed.nxdomain.exists=NameError response has failed to prove that {0} does not failed.nxdomain.haswildcard=NameError response has failed to prove that the covering wildcard does not exist. dnskey.no_rrset=Missing DNSKEY RRset in response to DNSKEY query for {0}. dnskey.no_ds_match=Did not match a DS to a DNSKEY. -dnskey.anchor_verify_failed=The DNSKEY trust anchor for {0} did not verify the DNSKEY RRset for {1}. +dnskey.no_key=No key for signature {0} +dnskey.key_offtree=Key {0} for signature {1} is off tree +dnskey.no_match=Key does not match signature +dnskey.expired=Key exired +dnskey.not_yet_valid=Key is not yet valid +dnskey.invalid=Key does not verify signaure failed.ds=DS rrset in DS response did not verify. failed.ds.cname=CNAME in DS response was not secure. ds.secure=CNAME validated, proof that DS does not exist. -failed.ds.cname.nocname=Validator classified CNAME but no CNAME of {0} for DS. failed.ds.nsec=NSEC RRset for the referral did not verify. failed.ds.nsec.hasdata=NSEC RRset for the referral did not prove no DS. failed.ds.nonsec=No signed NSEC/NSEC3 records for query to {0}/DS. diff --git a/src/test/java/org/xbill/DNS/dnssec/TestAlgorithmSupport.java b/src/test/java/org/xbill/DNS/dnssec/TestAlgorithmSupport.java index 94603c3cd..ed50b0a5f 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestAlgorithmSupport.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestAlgorithmSupport.java @@ -19,6 +19,7 @@ import org.xbill.DNS.DNSSEC.Algorithm; import org.xbill.DNS.DNSSEC.Digest; import org.xbill.DNS.DSRecord; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.Flags; import org.xbill.DNS.Message; import org.xbill.DNS.Name; @@ -32,6 +33,7 @@ void testAlgIsUnknown(String param) throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals("insecure.ds.noalgorithms:" + param + ".ingotronic.ch.", getReason(response)); + assertEquals(ExtendedErrorCodeOption.UNSUPPORTED_DNSKEY_ALGORITHM, getEdeReason(response)); } @ParameterizedTest(name = "testEd_{arguments}") @@ -44,6 +46,7 @@ void testEd(String param) throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); + assertEquals(-1, getEdeReason(response)); } finally { Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME); } @@ -55,6 +58,7 @@ void testDigestIdIsUnknown() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals("failed.ds.nodigest:unknown-alg.ingotronic.ch.", getReason(response)); + assertEquals(ExtendedErrorCodeOption.UNSUPPORTED_DS_DIGEST_TYPE, getEdeReason(response)); } @AlwaysOffline diff --git a/src/test/java/org/xbill/DNS/dnssec/TestBase.java b/src/test/java/org/xbill/DNS/dnssec/TestBase.java index 917601718..5698a71cd 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestBase.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestBase.java @@ -22,6 +22,7 @@ import java.util.List; import java.util.Locale; import java.util.Map; +import java.util.Optional; import java.util.concurrent.CompletableFuture; import java.util.concurrent.CompletionStage; import java.util.concurrent.ExecutionException; @@ -34,6 +35,8 @@ import org.xbill.DNS.ARecord; import org.xbill.DNS.DClass; import org.xbill.DNS.DNSSEC.DNSSECException; +import org.xbill.DNS.EDNSOption.Code; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.Master; import org.xbill.DNS.Message; import org.xbill.DNS.Name; @@ -241,6 +244,17 @@ protected String firstA(Message response) { return null; } + protected int getEdeReason(Message m) { + return Optional.ofNullable(m.getOPT()) + .flatMap( + opt -> + opt.getOptions(Code.EDNS_EXTENDED_ERROR).stream() + .filter(o -> o instanceof ExtendedErrorCodeOption) + .findFirst() + .map(o -> ((ExtendedErrorCodeOption) o).getErrorCode())) + .orElse(-1); + } + protected String getReason(Message m) { for (RRset set : m.getSectionRRsets(Section.ADDITIONAL)) { if (set.getName().equals(Name.root) diff --git a/src/test/java/org/xbill/DNS/dnssec/TestCNames.java b/src/test/java/org/xbill/DNS/dnssec/TestCNames.java index 19eb756be..87ec433ef 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestCNames.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestCNames.java @@ -10,6 +10,7 @@ import org.junit.jupiter.api.Test; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.CsvSource; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.Flags; import org.xbill.DNS.Message; import org.xbill.DNS.Rcode; @@ -23,6 +24,7 @@ void testCNameToUnsignedA() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals(3, response.getSection(Section.ANSWER).size()); assertEquals("insecure.ds.nsec3", getReason(response)); + assertEquals(-1, getEdeReason(response)); } @Test @@ -32,6 +34,7 @@ void testCNameToUnsignedMX() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals(2, response.getSection(Section.ANSWER).size()); assertEquals("insecure.ds.nsec3", getReason(response)); + assertEquals(-1, getEdeReason(response)); } @Test @@ -41,6 +44,7 @@ void testCNameToSignedA() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals(4, response.getSection(Section.ANSWER).size()); assertNull(getReason(response)); + assertEquals(-1, getEdeReason(response)); } @Test @@ -50,6 +54,7 @@ void testCNameToSignedMX() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals(2, response.getSection(Section.ANSWER).size()); assertNull(getReason(response)); + assertEquals(-1, getEdeReason(response)); } @Test @@ -60,6 +65,7 @@ void testCNameToSignedAExternal() throws IOException { assertEquals(4, response.getSection(Section.ANSWER).size()); assertEquals(5, response.getSection(Section.AUTHORITY).size()); assertNull(getReason(response)); + assertEquals(-1, getEdeReason(response)); } @Test @@ -69,6 +75,7 @@ void testCNameToInvalidSigned() throws IOException { assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals( "validate.bogus.badkey:dnssec-failed.org.:dnskey.no_ds_match", getReason(response)); + assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); } @Test @@ -77,6 +84,7 @@ void testCNameToUnsignedNsec3() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals("insecure.ds.nsec3", getReason(response)); + assertEquals(-1, getEdeReason(response)); } @Test @@ -85,6 +93,7 @@ void testCNameToSignedNsec3() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); + assertEquals(-1, getEdeReason(response)); } @Test @@ -94,6 +103,7 @@ void testCNameToInvalidSignedNsec3() throws IOException { assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals( "validate.bogus.badkey:dnssec-failed.org.:dnskey.no_ds_match", getReason(response)); + assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); } @ParameterizedTest(name = "testCNameToVoid_{index}") @@ -104,6 +114,7 @@ void testCNameToVoid(String subdomain, int acount) throws IOException { assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertEquals(acount, response.getSection(Section.ANSWER).size()); assertNull(getReason(response)); + assertEquals(-1, getEdeReason(response)); } @Test @@ -112,6 +123,7 @@ void testCNameToUnsignedVoid() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertEquals("insecure.ds.nsec", getReason(response)); + assertEquals(-1, getEdeReason(response)); } @Test @@ -120,6 +132,7 @@ void testCNameToExternalUnsignedVoid() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertEquals("insecure.ds.nsec3", getReason(response)); + assertEquals(-1, getEdeReason(response)); } @Test @@ -128,6 +141,7 @@ void testCNameToSubSigned() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); + assertEquals(-1, getEdeReason(response)); } @Test @@ -137,6 +151,7 @@ void testCNameToVoidExternalInvalidTld() throws IOException { assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertEquals(2, response.getSection(Section.ANSWER).size()); assertNull(getReason(response)); + assertEquals(-1, getEdeReason(response)); } @Test @@ -145,6 +160,7 @@ void testCNameToVoidExternalValidTld() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertNull(getReason(response)); + assertEquals(-1, getEdeReason(response)); } @Test @@ -153,5 +169,6 @@ void testCNameToVoidNsec3() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertNull(getReason(response)); + assertEquals(-1, getEdeReason(response)); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNormallyUnreachableCode.java b/src/test/java/org/xbill/DNS/dnssec/TestNormallyUnreachableCode.java index 3e097416c..eb16fee96 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestNormallyUnreachableCode.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestNormallyUnreachableCode.java @@ -38,8 +38,8 @@ void testVerifyWithoutSignaturesIsBogus() { SRRset set = new SRRset(); set.addRR(record); RRset keys = new RRset(); - SecurityStatus result = verifier.verify(set, keys, Instant.now()); - assertEquals(SecurityStatus.BOGUS, result); + JustifiedSecStatus res = verifier.verify(set, keys, Instant.now()); + assertEquals(SecurityStatus.BOGUS, res.status); } @Test From 4c75884e0d34c15903ee1e5aef9072d6965e362d Mon Sep 17 00:00:00 2001 From: Ingo Bauersachs Date: Sat, 23 Oct 2021 00:11:37 +0200 Subject: [PATCH 06/12] Prepare dnssec for EDE answers --- .../xbill/DNS/ExtendedErrorCodeOption.java | 68 ++++++++++++------- .../java/org/xbill/DNS/dnssec/KeyEntry.java | 4 +- .../xbill/DNS/dnssec/ValidatingResolver.java | 2 +- src/main/resources/messages.properties | 2 +- .../java/org/xbill/DNS/dnssec/TestBase.java | 18 ++++- .../DNS/dnssec/TestBogusReasonMessage.java | 2 + .../java/org/xbill/DNS/dnssec/TestDNames.java | 12 ++++ .../org/xbill/DNS/dnssec/TestInvalid.java | 27 ++++---- 8 files changed, 93 insertions(+), 42 deletions(-) diff --git a/src/main/java/org/xbill/DNS/ExtendedErrorCodeOption.java b/src/main/java/org/xbill/DNS/ExtendedErrorCodeOption.java index d3e12405f..c8648aecb 100644 --- a/src/main/java/org/xbill/DNS/ExtendedErrorCodeOption.java +++ b/src/main/java/org/xbill/DNS/ExtendedErrorCodeOption.java @@ -46,31 +46,49 @@ public class ExtendedErrorCodeOption extends EDNSOption { static { codes.setMaximum(0xFFFF); codes.setPrefix("EDE"); - codes.add(OTHER, "Other"); - codes.add(UNSUPPORTED_DNSKEY_ALGORITHM, "Unsupported DNSKEY Algorithm"); - codes.add(UNSUPPORTED_DS_DIGEST_TYPE, "Unsupported DS Digest Type"); - codes.add(STALE_ANSWER, "Stale Answer"); - codes.add(FORGED_ANSWER, "Forged Answer"); - codes.add(DNSSEC_INDETERMINATE, "DNSSEC Indeterminate"); - codes.add(DNSSEC_BOGUS, "DNSSEC Bogus"); - codes.add(SIGNATURE_EXPIRED, "Signature Expired"); - codes.add(SIGNATURE_NOT_YET_VALID, "Signature Not Yet Valid"); - codes.add(DNSKEY_MISSING, "DNSKEY Missing"); - codes.add(RRSIGS_MISSING, "RRSIGs Missing"); - codes.add(NO_ZONE_KEY_BIT_SET, "No Zone Key Bit Set"); - codes.add(NSEC_MISSING, "NSEC Missing"); - codes.add(CACHED_ERROR, "Cached Error"); - codes.add(NOT_READY, "Not Ready"); - codes.add(BLOCKED, "Blocked"); - codes.add(CENSORED, "Censored"); - codes.add(FILTERED, "Filtered"); - codes.add(PROHIBITED, "Prohibited"); - codes.add(STALE_NXDOMAIN_ANSWER, "Stale NXDOMAIN Answer"); - codes.add(NOT_AUTHORITATIVE, "Not Authoritative"); - codes.add(NOT_SUPPORTED, "Not Supported"); - codes.add(NO_REACHABLE_AUTHORITY, "No Reachable Authority"); - codes.add(NETWORK_ERROR, "Network Error"); - codes.add(INVALID_DATA, "Invalid Data"); + codes.add(OTHER, "OTHER"); + codes.add(UNSUPPORTED_DNSKEY_ALGORITHM, "UNSUPPORTED_DNSKEY_ALGORITHM"); + codes.add(UNSUPPORTED_DS_DIGEST_TYPE, "UNSUPPORTED_DS_DIGEST_TYPE"); + codes.add(STALE_ANSWER, "STALE_ANSWER"); + codes.add(FORGED_ANSWER, "FORGED_ANSWER"); + codes.add(DNSSEC_INDETERMINATE, "DNSSEC_INDETERMINATE"); + codes.add(DNSSEC_BOGUS, "DNSSEC_BOGUS"); + codes.add(SIGNATURE_EXPIRED, "SIGNATURE_EXPIRED"); + codes.add(SIGNATURE_NOT_YET_VALID, "SIGNATURE_NOT_YET_VALID"); + codes.add(DNSKEY_MISSING, "DNSKEY_MISSING"); + codes.add(RRSIGS_MISSING, "RRSIGS_MISSING"); + codes.add(NO_ZONE_KEY_BIT_SET, "NO_ZONE_KEY_BIT_SET"); + codes.add(NSEC_MISSING, "NSEC_MISSING"); + codes.add(CACHED_ERROR, "CACHED_ERROR"); + codes.add(NOT_READY, "NOT_READY"); + codes.add(BLOCKED, "BLOCKED"); + codes.add(CENSORED, "CENSORED"); + codes.add(FILTERED, "FILTERED"); + codes.add(PROHIBITED, "PROHIBITED"); + codes.add(STALE_NXDOMAIN_ANSWER, "STALE_NXDOMAIN_ANSWER"); + codes.add(NOT_AUTHORITATIVE, "NOT_AUTHORITATIVE"); + codes.add(NOT_SUPPORTED, "NOT_SUPPORTED"); + codes.add(NO_REACHABLE_AUTHORITY, "NO_REACHABLE_AUTHORITY"); + codes.add(NETWORK_ERROR, "NETWORK_ERROR"); + codes.add(INVALID_DATA, "INVALID_DATA"); + } + + /** + * Gets the text mnemonic corresponding to an EDE value. + * + * @since 3.5 + */ + public static String text(int code) { + return codes.getText(code); + } + + /** + * Gets the numeric value corresponding to an EDE text mnemonic. + * + * @since 3.5 + */ + public static int code(String text) { + return codes.getValue(text); } /** Creates an extended error code EDNS option. */ diff --git a/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java b/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java index 71a585e21..0605f047e 100644 --- a/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java +++ b/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java @@ -145,14 +145,14 @@ JustifiedSecStatus validateKeyFor(Name signerName) { return new JustifiedSecStatus( SecurityStatus.BOGUS, - ExtendedErrorCodeOption.DNSSEC_BOGUS, + edeReason, R.get("validate.bogus", this.badReason)); } if (this.isBad()) { return new JustifiedSecStatus( SecurityStatus.BOGUS, - ExtendedErrorCodeOption.DNSSEC_BOGUS, + edeReason, R.get("validate.bogus.badkey", this.getName(), this.badReason)); } diff --git a/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java b/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java index b9f051778..40a2f1f5b 100644 --- a/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java +++ b/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java @@ -967,7 +967,7 @@ private KeyEntry dsResponseToKE(SMessage response, Message request, SRRset keyRr SRRset dsRrset = response.findAnswerRRset(qname, Type.DS, qclass); res = this.valUtils.verifySRRset(dsRrset, keyRrset, this.clock.instant()); if (res.status != SecurityStatus.SECURE) { - bogusKE.setBadReason(ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("failed.ds")); + bogusKE.setBadReason(res.edeReason, res.reason); return bogusKE; } diff --git a/src/main/resources/messages.properties b/src/main/resources/messages.properties index 9ecf571b9..89cd7ac01 100644 --- a/src/main/resources/messages.properties +++ b/src/main/resources/messages.properties @@ -23,7 +23,7 @@ dnskey.key_offtree=Key {0} for signature {1} is off tree dnskey.no_match=Key does not match signature dnskey.expired=Key exired dnskey.not_yet_valid=Key is not yet valid -dnskey.invalid=Key does not verify signaure +dnskey.invalid=Key does not verify signature failed.ds=DS rrset in DS response did not verify. failed.ds.cname=CNAME in DS response was not secure. ds.secure=CNAME validated, proof that DS does not exist. diff --git a/src/test/java/org/xbill/DNS/dnssec/TestBase.java b/src/test/java/org/xbill/DNS/dnssec/TestBase.java index 5698a71cd..9d390c837 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestBase.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestBase.java @@ -1,6 +1,7 @@ // SPDX-License-Identifier: BSD-3-Clause package org.xbill.DNS.dnssec; +import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.fail; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; @@ -245,7 +246,7 @@ protected String firstA(Message response) { } protected int getEdeReason(Message m) { - return Optional.ofNullable(m.getOPT()) + int edeReason = Optional.ofNullable(m.getOPT()) .flatMap( opt -> opt.getOptions(Code.EDNS_EXTENDED_ERROR).stream() @@ -253,6 +254,21 @@ protected int getEdeReason(Message m) { .findFirst() .map(o -> ((ExtendedErrorCodeOption) o).getErrorCode())) .orElse(-1); + if (edeReason != -1) { + assertEquals(getReason(m), getEdeText(m)); + } + return edeReason; + } + + protected String getEdeText(Message m) { + return Optional.ofNullable(m.getOPT()) + .flatMap( + opt -> + opt.getOptions(Code.EDNS_EXTENDED_ERROR).stream() + .filter(o -> o instanceof ExtendedErrorCodeOption) + .findFirst() + .map(o -> ((ExtendedErrorCodeOption) o).getText())) + .orElse(null); } protected String getReason(Message m) { diff --git a/src/test/java/org/xbill/DNS/dnssec/TestBogusReasonMessage.java b/src/test/java/org/xbill/DNS/dnssec/TestBogusReasonMessage.java index feacb9778..e9bd5f237 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestBogusReasonMessage.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestBogusReasonMessage.java @@ -6,6 +6,7 @@ import java.io.IOException; import org.junit.jupiter.api.Test; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.Flags; import org.xbill.DNS.Message; import org.xbill.DNS.Rcode; @@ -22,5 +23,6 @@ void testLongBogusReasonIsSplitCorrectly() throws IOException { assertEquals( "failed.nxdomain.authority:{ isc.org. 2962 IN NSEC [01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.isc.org. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY SPF] sigs: [NSEC 5 2 3600 20160706234032 20160606234032 13953 isc.org. fnOJeQG2vOwrERAPIqAenLOosbIBT7UvmxOV8Az2ExOhlGxP2CEqZEc5NPVbidq4oZC2kHyG7x31D6LBJXeXgOuanv+uqPNe9UIiUhdj+Egf8FEWIOKp8nxgjQGiGSNbQenWjeWoR91sReFEU+Pn7NPlEI072MzEESOT8oVucx8=] }", getReason(response)); + assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestDNames.java b/src/test/java/org/xbill/DNS/dnssec/TestDNames.java index b43898ed3..ad05d33ad 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestDNames.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestDNames.java @@ -11,6 +11,7 @@ import org.junit.jupiter.api.Test; import org.xbill.DNS.DClass; import org.xbill.DNS.DNAMERecord; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.Flags; import org.xbill.DNS.Lookup; import org.xbill.DNS.Message; @@ -30,6 +31,7 @@ void testDNameToExistingIsValid() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals(5, response.getSection(Section.ANSWER).size()); assertNull(getReason(response)); + assertEquals(-1, getEdeReason(response)); } @Test @@ -39,6 +41,7 @@ void testDNameToNoDataIsValid() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals(3, response.getSection(Section.ANSWER).size()); assertNull(getReason(response)); + assertEquals(-1, getEdeReason(response)); } @Test @@ -47,6 +50,7 @@ void testDNameToNxDomainIsValid() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertNull(getReason(response)); + assertEquals(-1, getEdeReason(response)); } @Test @@ -61,6 +65,7 @@ void testDNameDirectQueryIsValid() throws IOException { assertEquals(Name.fromString("ingotronic.ch."), r.getTarget()); } } + assertEquals(-1, getEdeReason(response)); } @Test @@ -74,6 +79,7 @@ void testDNameWithFakedCnameIsInvalid() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.synthesize.nomatch:www.isc.org.:www.ingotronic.ch.", getReason(response)); + assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); } @Test @@ -92,6 +98,7 @@ void testDNameWithNoCnameIsValid() throws IOException { Record[] results = l.run(); assertNotNull(results); assertTrue(results.length >= 1); + assertEquals(-1, getEdeReason(response)); } @Test @@ -105,6 +112,7 @@ void testDNameWithMultipleCnamesIsInvalid() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.synthesize.multiple", getReason(response)); + assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); } @Test @@ -122,6 +130,7 @@ void testDNameWithTooLongCnameIsInvalid() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.synthesize.toolong", getReason(response)); + assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); } @Test @@ -154,6 +163,7 @@ void testDNameInNsecIsUnderstood_Rfc6672_5_3_4_1() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nxdomain.exists:www.alias.ingotronic.ch.", getReason(response)); + assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); } @Test @@ -162,6 +172,7 @@ void testDNameToExternal() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); + assertEquals(-1, getEdeReason(response)); } @Test @@ -170,5 +181,6 @@ void testDNameChain() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); + assertEquals(-1, getEdeReason(response)); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestInvalid.java b/src/test/java/org/xbill/DNS/dnssec/TestInvalid.java index 846972bfb..b363770de 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestInvalid.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestInvalid.java @@ -10,10 +10,12 @@ import java.time.Instant; import org.junit.jupiter.api.Test; import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.CsvSource; import org.junit.jupiter.params.provider.ValueSource; import org.xbill.DNS.ARecord; import org.xbill.DNS.DClass; import org.xbill.DNS.DNSSEC.Algorithm; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.Flags; import org.xbill.DNS.Message; import org.xbill.DNS.Name; @@ -24,22 +26,22 @@ import org.xbill.DNS.Type; class TestInvalid extends TestBase { - @ParameterizedTest(name = "testInvalid_{arguments}") - @ValueSource( - strings = { - "unknownalgorithm.dnssec", - "sigexpired.dnssec", - "bogussig.dnssec", - "unknownalgorithm.nsec3", - "sigexpired.nsec3", - "bogussig.nsec3" - }) + @ParameterizedTest(name = "testInvalid_{0}") + @CsvSource({ + "bogussig.dnssec,dnskey.invalid,DNSSEC_BOGUS", + "bogussig.nsec3,dnskey.invalid,DNSSEC_BOGUS", + "sigexpired.dnssec,dnskey.expired,SIGNATURE_EXPIRED", + "sigexpired.nsec3,dnskey.expired,SIGNATURE_EXPIRED", + "unknownalgorithm.dnssec,failed.ds.noalg,UNSUPPORTED_DNSKEY_ALGORITHM", + "unknownalgorithm.nsec3,failed.ds.noalg,UNSUPPORTED_DNSKEY_ALGORITHM", + }) @AlwaysOffline - void testInvalid(String param) throws IOException { + void testInvalid(String param, String dnssecReason, String edeMnemonic) throws IOException { Message response = resolver.send(createMessage(param + ".tjeb.nl./A")); assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); - assertEquals("validate.bogus.badkey:" + param + ".tjeb.nl.:failed.ds", getReason(response)); + assertEquals("validate.bogus.badkey:" + param + ".tjeb.nl.:" + dnssecReason, getReason(response)); + assertEquals(ExtendedErrorCodeOption.code(edeMnemonic), getEdeReason(response)); } @Test @@ -50,6 +52,7 @@ void testSignedBelowUnsignedBelowSigned() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertFalse(isEmptyAnswer(response)); assertEquals("insecure.ds.nsec", getReason(response)); + assertEquals(-1, getEdeReason(response)); } @Test From a55b940eb138ec1ec49fe374ffbdaae4e078aeac Mon Sep 17 00:00:00 2001 From: Ingo Bauersachs Date: Sat, 13 Nov 2021 11:46:03 +0100 Subject: [PATCH 07/12] Work on EDE --- .../org/xbill/DNS/dnssec/DnsSecVerifier.java | 1 + .../java/org/xbill/DNS/dnssec/KeyEntry.java | 4 +--- .../java/org/xbill/DNS/dnssec/SMessage.java | 9 +++++++++ .../xbill/DNS/dnssec/ValidatingResolver.java | 2 +- .../xbill/DNS/ExtendedErrorCodeOptionTest.java | 4 ++-- .../java/org/xbill/DNS/dnssec/TestBase.java | 17 +++++++++-------- .../java/org/xbill/DNS/dnssec/TestInvalid.java | 16 ++++++++++++---- .../org/xbill/DNS/dnssec/TestKeyCacheUsage.java | 2 ++ .../java/org/xbill/DNS/dnssec/TestNoData.java | 3 +++ .../org/xbill/DNS/dnssec/TestNonExistence.java | 8 ++++++++ 10 files changed, 48 insertions(+), 18 deletions(-) diff --git a/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java b/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java index 9b2a2f0b7..ed6bad871 100644 --- a/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java +++ b/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java @@ -143,6 +143,7 @@ public JustifiedSecStatus verify(SRRset rrset, RRset keyRrset, Instant date) { SecurityStatus.BOGUS, ExtendedErrorCodeOption.RRSIGS_MISSING, R.get("validate.bogus.missingsig")); + for (RRSIGRecord sigrec : sigs) { res = this.verifySignature(rrset, sigrec, keyRrset, date); if (res.status == SecurityStatus.SECURE) { diff --git a/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java b/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java index 0605f047e..a7a71d8a7 100644 --- a/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java +++ b/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java @@ -144,9 +144,7 @@ JustifiedSecStatus validateKeyFor(Name signerName) { } return new JustifiedSecStatus( - SecurityStatus.BOGUS, - edeReason, - R.get("validate.bogus", this.badReason)); + SecurityStatus.BOGUS, edeReason, R.get("validate.bogus", this.badReason)); } if (this.isBad()) { diff --git a/src/main/java/org/xbill/DNS/dnssec/SMessage.java b/src/main/java/org/xbill/DNS/dnssec/SMessage.java index 447f83575..b0344821d 100644 --- a/src/main/java/org/xbill/DNS/dnssec/SMessage.java +++ b/src/main/java/org/xbill/DNS/dnssec/SMessage.java @@ -209,6 +209,15 @@ public void setBogus(String reason) { setStatus(SecurityStatus.BOGUS, ExtendedErrorCodeOption.DNSSEC_BOGUS, reason); } + /** + * Sets the security status of this message to bogus and sets the reason. + * + * @param reason Why this message's status is bogus. + */ + public void setBogus(String reason, int edeReason) { + setStatus(SecurityStatus.BOGUS, edeReason, reason); + } + /** * Gets the reason why this messages' status is bogus. * diff --git a/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java b/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java index 40a2f1f5b..8dd04e32e 100644 --- a/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java +++ b/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java @@ -624,7 +624,7 @@ private CompletionStage validateNodataResponse(Message request, SMessage r } if (!hasValidNSEC) { - response.setBogus(R.get("failed.nodata")); + response.setBogus(R.get("failed.nodata"), ExtendedErrorCodeOption.NSEC_MISSING); log.trace("Failed NODATA for " + qname); return null; } diff --git a/src/test/java/org/xbill/DNS/ExtendedErrorCodeOptionTest.java b/src/test/java/org/xbill/DNS/ExtendedErrorCodeOptionTest.java index d76a2ebd1..f5cc714d6 100644 --- a/src/test/java/org/xbill/DNS/ExtendedErrorCodeOptionTest.java +++ b/src/test/java/org/xbill/DNS/ExtendedErrorCodeOptionTest.java @@ -89,7 +89,7 @@ void testCodeAndTextNullTerminated() throws IOException { @Test void testToStringCodeOnly() { ExtendedErrorCodeOption option = new ExtendedErrorCodeOption(1); - assertEquals("Unsupported DNSKEY Algorithm", option.optionToString()); + assertEquals("UNSUPPORTED_DNSKEY_ALGORITHM", option.optionToString()); } @Test @@ -101,6 +101,6 @@ void testToStringUnknownCode() { @Test void testToStringCodeAndText() { ExtendedErrorCodeOption option = new ExtendedErrorCodeOption(1, "ab"); - assertEquals("Unsupported DNSKEY Algorithm: ab", option.optionToString()); + assertEquals("UNSUPPORTED_DNSKEY_ALGORITHM: ab", option.optionToString()); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestBase.java b/src/test/java/org/xbill/DNS/dnssec/TestBase.java index 9d390c837..6892e0608 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestBase.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestBase.java @@ -246,14 +246,15 @@ protected String firstA(Message response) { } protected int getEdeReason(Message m) { - int edeReason = Optional.ofNullable(m.getOPT()) - .flatMap( - opt -> - opt.getOptions(Code.EDNS_EXTENDED_ERROR).stream() - .filter(o -> o instanceof ExtendedErrorCodeOption) - .findFirst() - .map(o -> ((ExtendedErrorCodeOption) o).getErrorCode())) - .orElse(-1); + int edeReason = + Optional.ofNullable(m.getOPT()) + .flatMap( + opt -> + opt.getOptions(Code.EDNS_EXTENDED_ERROR).stream() + .filter(o -> o instanceof ExtendedErrorCodeOption) + .findFirst() + .map(o -> ((ExtendedErrorCodeOption) o).getErrorCode())) + .orElse(-1); if (edeReason != -1) { assertEquals(getReason(m), getEdeText(m)); } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestInvalid.java b/src/test/java/org/xbill/DNS/dnssec/TestInvalid.java index b363770de..3d0e23dcb 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestInvalid.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestInvalid.java @@ -11,7 +11,6 @@ import org.junit.jupiter.api.Test; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.CsvSource; -import org.junit.jupiter.params.provider.ValueSource; import org.xbill.DNS.ARecord; import org.xbill.DNS.DClass; import org.xbill.DNS.DNSSEC.Algorithm; @@ -32,15 +31,19 @@ class TestInvalid extends TestBase { "bogussig.nsec3,dnskey.invalid,DNSSEC_BOGUS", "sigexpired.dnssec,dnskey.expired,SIGNATURE_EXPIRED", "sigexpired.nsec3,dnskey.expired,SIGNATURE_EXPIRED", - "unknownalgorithm.dnssec,failed.ds.noalg,UNSUPPORTED_DNSKEY_ALGORITHM", - "unknownalgorithm.nsec3,failed.ds.noalg,UNSUPPORTED_DNSKEY_ALGORITHM", + // unknownalgorithm would make you think this should return UNSUPPORTED_DNSKEY_ALGORITHM or + // UNSUPPORTED_DS_DIGEST_TYPE, but the zone has DS/DNSKEYs for alg=5, then a RRSig with alg=200. + // This results in a key not found, regardless of whether the alg is supported or not + "unknownalgorithm.dnssec,dnskey.no_key:dnssec.tjeb.nl.,DNSKEY_MISSING", + "unknownalgorithm.nsec3,dnskey.no_key:nsec3.tjeb.nl.,DNSKEY_MISSING", }) @AlwaysOffline void testInvalid(String param, String dnssecReason, String edeMnemonic) throws IOException { Message response = resolver.send(createMessage(param + ".tjeb.nl./A")); assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); - assertEquals("validate.bogus.badkey:" + param + ".tjeb.nl.:" + dnssecReason, getReason(response)); + assertEquals( + "validate.bogus.badkey:" + param + ".tjeb.nl.:" + dnssecReason, getReason(response)); assertEquals(ExtendedErrorCodeOption.code(edeMnemonic), getEdeReason(response)); } @@ -63,6 +66,7 @@ void testSignedBelowUnsignedBelowSignedNsec3() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertFalse(isEmptyAnswer(response)); assertEquals("insecure.ds.nsec3", getReason(response)); + assertEquals(-1, getEdeReason(response)); } @Test @@ -81,6 +85,7 @@ void testUnsignedThatMustBeSigned() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("validate.bogus.missingsig", getReason(response)); + assertEquals(ExtendedErrorCodeOption.RRSIGS_MISSING, getEdeReason(response)); } @Test @@ -114,6 +119,7 @@ void testModifiedSignature() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertTrue(getReason(response).startsWith("failed.answer.positive:{ www.ingotronic.ch.")); + assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); } @Test @@ -129,6 +135,7 @@ void testReturnServfailIfIntermediateQueryFails() throws IOException { // rfc4035#section-5.5 assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("validate.bogus.badkey:ch.:failed.ds.nonsec:ch.", getReason(response)); + assertEquals(ExtendedErrorCodeOption.RRSIGS_MISSING, getEdeReason(response)); } @Test @@ -145,5 +152,6 @@ void testReturnOriginalRcodeIfPrimaryQueryFails() throws IOException { // rfc4035#section-5.5 assertEquals(Rcode.REFUSED, response.getRcode()); assertEquals("failed.nodata", getReason(response)); + assertEquals(ExtendedErrorCodeOption.NSEC_MISSING, getEdeReason(response)); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestKeyCacheUsage.java b/src/test/java/org/xbill/DNS/dnssec/TestKeyCacheUsage.java index 2f05743ed..16a9d3338 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestKeyCacheUsage.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestKeyCacheUsage.java @@ -19,6 +19,7 @@ void testUnsigned() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals(localhost, firstA(response)); assertEquals("insecure.ds.nsec", getReason(response)); + assertEquals(-1, getEdeReason(response)); // send the query a second time to ensure the cache doesn't create a wrong behavior response = resolver.send(createMessage("www.unsigned.ingotronic.ch./A")); @@ -26,5 +27,6 @@ void testUnsigned() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals(localhost, firstA(response)); assertEquals("insecure.ds.nsec", getReason(response)); + assertEquals(-1, getEdeReason(response)); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNoData.java b/src/test/java/org/xbill/DNS/dnssec/TestNoData.java index c1b8f7944..2529d373a 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestNoData.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestNoData.java @@ -7,6 +7,7 @@ import java.io.IOException; import org.junit.jupiter.api.Test; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.Flags; import org.xbill.DNS.Message; import org.xbill.DNS.Rcode; @@ -23,6 +24,7 @@ void testFakedNoDataNsec3WithoutNsecs() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertTrue(getReason(response).startsWith("failed.nodata")); + assertEquals(ExtendedErrorCodeOption.NSEC_MISSING, getEdeReason(response)); } @Test @@ -35,5 +37,6 @@ void testFakedNoDataNsec3WithNsecs() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertTrue(getReason(response).startsWith("failed.nodata")); + assertEquals(ExtendedErrorCodeOption.NSEC_MISSING, getEdeReason(response)); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNonExistence.java b/src/test/java/org/xbill/DNS/dnssec/TestNonExistence.java index ac5034312..a6b441327 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestNonExistence.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestNonExistence.java @@ -10,6 +10,7 @@ import org.junit.jupiter.api.Test; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.ValueSource; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.Flags; import org.xbill.DNS.Message; import org.xbill.DNS.Rcode; @@ -30,6 +31,7 @@ void testNonExisting(String param) throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertNull(getReason(response)); + assertEquals(-1, getEdeReason(response)); } @Test @@ -43,6 +45,7 @@ void testDoubleLabelABelowSignedNsec3MissingNsec3() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nxdomain.nsec3_bogus", getReason(response)); + assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); } @Test @@ -53,6 +56,7 @@ void testDoubleLabelABelowSignedBeforeZoneNsec3() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertNull(getReason(response)); + assertEquals(-1, getEdeReason(response)); } @ParameterizedTest(name = "testSignedNodata_{index}") @@ -71,6 +75,7 @@ void testSignedNodata(String param) throws IOException { assertTrue(response.getSectionRRsets(Section.ANSWER).isEmpty()); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); + assertEquals(-1, getEdeReason(response)); } @Test @@ -85,6 +90,7 @@ void testNxDomainWithInvalidNsecSignature() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertTrue(getReason(response).startsWith("failed.nxdomain.authority")); + assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); } @Test @@ -99,6 +105,7 @@ void testNoDataWithInvalidNsecSignature() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertTrue(getReason(response).startsWith("failed.authority.nodata")); + assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); } @Test @@ -106,5 +113,6 @@ void testNoDataOnENT() throws IOException { Message response = resolver.send(createMessage("b.ingotronic.ch./A")); assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NOERROR, response.getRcode()); + assertEquals(-1, getEdeReason(response)); } } From 705bd9d7130771b354be0e577b75579391c5f3b9 Mon Sep 17 00:00:00 2001 From: Ingo Bauersachs Date: Sat, 25 Dec 2021 20:31:05 +0100 Subject: [PATCH 08/12] Add doc to EDE constants from RFC8914 --- .../xbill/DNS/ExtendedErrorCodeOption.java | 113 ++++++++++++++++++ 1 file changed, 113 insertions(+) diff --git a/src/main/java/org/xbill/DNS/ExtendedErrorCodeOption.java b/src/main/java/org/xbill/DNS/ExtendedErrorCodeOption.java index c8648aecb..d511465bf 100644 --- a/src/main/java/org/xbill/DNS/ExtendedErrorCodeOption.java +++ b/src/main/java/org/xbill/DNS/ExtendedErrorCodeOption.java @@ -11,30 +11,143 @@ * @since 3.4 */ public class ExtendedErrorCodeOption extends EDNSOption { + + /** The error in question falls into a category that does not match known extended error codes. */ public static final int OTHER = 0; + + /** + * The resolver attempted to perform DNSSEC validation, but a {@link DNSKEYRecord} {@link RRset} + * contained only unsupported DNSSEC algorithms. + */ public static final int UNSUPPORTED_DNSKEY_ALGORITHM = 1; + + /** + * The resolver attempted to perform DNSSEC validation, but a {@link DSRecord} {@link RRset} + * contained only unsupported Digest Types. + */ public static final int UNSUPPORTED_DS_DIGEST_TYPE = 2; + + /** + * The resolver was unable to resolve the answer within its time limits and decided to answer with + * previously cached data instead of answering with an error. + */ public static final int STALE_ANSWER = 3; + + /** + * For policy reasons (legal obligation or malware filtering, for instance), an answer was forged. + */ public static final int FORGED_ANSWER = 4; + + /** + * The resolver attempted to perform DNSSEC validation, but validation ended in the Indeterminate + * state [RFC4035]. + */ public static final int DNSSEC_INDETERMINATE = 5; + + /** + * The resolver attempted to perform DNSSEC validation, but validation ended in the Bogus state. + */ public static final int DNSSEC_BOGUS = 6; + + /** + * The resolver attempted to perform DNSSEC validation, but no signatures are presently valid and + * some (often all) are expired. + */ public static final int SIGNATURE_EXPIRED = 7; + + /** + * The resolver attempted to perform DNSSEC validation, but no signatures are presently valid and + * at least some are not yet valid. + */ public static final int SIGNATURE_NOT_YET_VALID = 8; + + /** + * A {@link DSRecord} existed at a parent, but no supported matching {@link DNSKEYRecord} could be + * found for the child. + */ public static final int DNSKEY_MISSING = 9; + + /** + * The resolver attempted to perform DNSSEC validation, but no {@link RRSIGRecord}s could be found + * for at least one {@link RRset} where {@link RRSIGRecord}s were expected. + */ public static final int RRSIGS_MISSING = 10; + + /** + * The resolver attempted to perform DNSSEC validation, but no Zone Key Bit was set in a DNSKEY. + */ public static final int NO_ZONE_KEY_BIT_SET = 11; + + /** + * The resolver attempted to perform DNSSEC validation, but the requested data was missing and a + * covering {@link NSECRecord} or {@link NSEC3Record} was not provided + */ public static final int NSEC_MISSING = 12; + + /** The resolver is returning the {@link Rcode#SERVFAIL} from its cache. */ public static final int CACHED_ERROR = 13; + + /** + * The server is unable to answer the query, as it was not fully functional when the query was + * received. + */ public static final int NOT_READY = 14; + + /** + * The server is unable to respond to the request because the domain is on a blocklist due to an + * internal security policy imposed by the operator of the server resolving or forwarding the + * query. + */ public static final int BLOCKED = 15; + + /** + * The server is unable to respond to the request because the domain is on a blocklist due to an + * external requirement imposed by an entity other than the operator of the server resolving or + * forwarding the query. + */ public static final int CENSORED = 16; + + /** + * The server is unable to respond to the request because the domain is on a blocklist as + * requested by the client. + */ public static final int FILTERED = 17; + + /** + * An authoritative server or recursive resolver that receives a query from an "unauthorized" + * client can annotate its {@link Rcode#REFUSED} message with this code. + */ public static final int PROHIBITED = 18; + + /** + * The resolver was unable to resolve an answer within its configured time limits and decided to + * answer with a previously cached {@link Rcode#NXDOMAIN} answer instead of answering with an + * error. + */ public static final int STALE_NXDOMAIN_ANSWER = 19; + + /** + * Response to a query with the Recursion Desired (RD) bit clear, or when the server is not + * configured for recursion (and the query is for a domain for which it is not authoritative). + */ public static final int NOT_AUTHORITATIVE = 20; + + /** The requested operation or query is not supported. */ public static final int NOT_SUPPORTED = 21; + + /** + * The resolver could not reach any of the authoritative name servers (or they potentially refused + * to reply). + */ public static final int NO_REACHABLE_AUTHORITY = 22; + + /** An unrecoverable error occurred while communicating with another server. */ public static final int NETWORK_ERROR = 23; + + /** + * The authoritative server cannot answer with data for a zone it is otherwise configured to + * support. + */ public static final int INVALID_DATA = 24; @Getter private int errorCode; From bd7021b3730fc6017ce826b7b48b3283b206aa38 Mon Sep 17 00:00:00 2001 From: Ingo Bauersachs Date: Sat, 25 Dec 2021 20:31:25 +0100 Subject: [PATCH 09/12] Add missing separator --- src/main/java/org/xbill/DNS/Mnemonic.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/xbill/DNS/Mnemonic.java b/src/main/java/org/xbill/DNS/Mnemonic.java index 8294ffd9a..2f3e1150b 100644 --- a/src/main/java/org/xbill/DNS/Mnemonic.java +++ b/src/main/java/org/xbill/DNS/Mnemonic.java @@ -63,7 +63,7 @@ public void setNumericAllowed(boolean numeric) { /** Checks that a numeric value is within the range [0..max] */ public void check(int val) { if (val < 0 || val > max) { - throw new IllegalArgumentException(description + " " + val + "is out of range"); + throw new IllegalArgumentException(description + " " + val + " is out of range"); } } From 0302a875575b4abb8882e9e7ecfdfaec89434eb8 Mon Sep 17 00:00:00 2001 From: Ingo Bauersachs Date: Sat, 25 Dec 2021 22:26:08 +0100 Subject: [PATCH 10/12] EDE validation --- .../org/xbill/DNS/dnssec/DnsSecVerifier.java | 21 ++++-- .../java/org/xbill/DNS/dnssec/KeyEntry.java | 4 +- .../org/xbill/DNS/dnssec/NSEC3ValUtils.java | 65 ++++++++++++------- .../java/org/xbill/DNS/dnssec/ValUtils.java | 63 +++++++++++++----- .../xbill/DNS/dnssec/ValidatingResolver.java | 29 ++++++--- src/main/resources/messages.properties | 16 ++++- .../DNS/dnssec/TestAlgorithmSupport.java | 6 +- .../java/org/xbill/DNS/dnssec/TestBase.java | 7 ++ .../DNS/dnssec/TestBogusReasonMessage.java | 2 +- .../java/org/xbill/DNS/dnssec/TestCNames.java | 32 ++++----- .../java/org/xbill/DNS/dnssec/TestDNames.java | 22 +++---- .../org/xbill/DNS/dnssec/TestInvalid.java | 18 ++--- .../xbill/DNS/dnssec/TestKeyCacheUsage.java | 4 +- .../org/xbill/DNS/dnssec/TestNSEC3NoData.java | 36 +++++----- .../java/org/xbill/DNS/dnssec/TestNoData.java | 4 +- .../xbill/DNS/dnssec/TestNonExistence.java | 14 ++-- .../dnssec/TestNormallyUnreachableCode.java | 2 + .../xbill/DNS/dnssec/TestNsec3ValUtils.java | 8 +++ .../DNS/dnssec/TestPartiallyInvalid.java | 3 + .../org/xbill/DNS/dnssec/TestPositive.java | 5 ++ .../org/xbill/DNS/dnssec/TestPriming.java | 21 +++++- .../java/org/xbill/DNS/dnssec/TestRRsig.java | 7 +- .../DNS/dnssec/TestTrustAnchorLoading.java | 11 +++- .../org/xbill/DNS/dnssec/TestUnsigned.java | 4 ++ .../org/xbill/DNS/dnssec/TestValUtils.java | 15 +++++ .../org/xbill/DNS/dnssec/TestWildcard.java | 11 ++++ .../testRRsigNodata | 1 - .../testRRsigServfail | 1 - 28 files changed, 299 insertions(+), 133 deletions(-) delete mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestRRsig/testRRsigNodata delete mode 100644 src/test/resources/recordings/org_xbill_DNS_dnssec_TestRRsig/testRRsigServfail diff --git a/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java b/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java index ed6bad871..080e7a36e 100644 --- a/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java +++ b/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java @@ -164,13 +164,17 @@ public JustifiedSecStatus verify(SRRset rrset, RRset keyRrset, Instant date) { * @param date The date against which to verify the rrset. * @return SecurityStatus.SECURE if the rrset verified, BOGUS otherwise. */ - public SecurityStatus verify(RRset rrset, DNSKEYRecord dnskey, Instant date) { + public JustifiedSecStatus verify(RRset rrset, DNSKEYRecord dnskey, Instant date) { List sigs = rrset.sigs(); if (sigs.isEmpty()) { log.info("RRset failed to verify due to lack of signatures"); - return SecurityStatus.BOGUS; + return new JustifiedSecStatus( + SecurityStatus.BOGUS, + ExtendedErrorCodeOption.RRSIGS_MISSING, + R.get("dnskey.no_sigs", rrset.getName())); } + DNSSECException lastException = null; for (RRSIGRecord sigrec : sigs) { // Skip RRSIGs that do not match our given key's footprint. if (sigrec.getFootprint() != dnskey.getFootprint()) { @@ -179,13 +183,22 @@ public SecurityStatus verify(RRset rrset, DNSKEYRecord dnskey, Instant date) { try { DNSSEC.verify(rrset, sigrec, dnskey, date); - return SecurityStatus.SECURE; + return new JustifiedSecStatus(SecurityStatus.SECURE, -1, null); } catch (DNSSECException e) { log.error("Failed to validate RRset", e); + lastException = e; } } log.info("RRset failed to verify: all signatures were BOGUS"); - return SecurityStatus.BOGUS; + int edeReason = ExtendedErrorCodeOption.DNSSEC_BOGUS; + String reason = "dnskey.invalid"; + if (lastException instanceof SignatureExpiredException) { + edeReason = ExtendedErrorCodeOption.SIGNATURE_EXPIRED; + } else if (lastException instanceof SignatureNotYetValidException) { + edeReason = ExtendedErrorCodeOption.SIGNATURE_NOT_YET_VALID; + } + + return new JustifiedSecStatus(SecurityStatus.BOGUS, edeReason, reason); } } diff --git a/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java b/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java index a7a71d8a7..689c60d37 100644 --- a/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java +++ b/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java @@ -19,9 +19,9 @@ @Slf4j @EqualsAndHashCode( callSuper = true, - of = {"badReason", "isEmpty"}) + of = {"edeReason", "badReason", "isEmpty"}) final class KeyEntry extends SRRset { - private int edeReason; + private int edeReason = -1; private String badReason; private boolean isEmpty; diff --git a/src/main/java/org/xbill/DNS/dnssec/NSEC3ValUtils.java b/src/main/java/org/xbill/DNS/dnssec/NSEC3ValUtils.java index 81719f45f..826fd5f8d 100644 --- a/src/main/java/org/xbill/DNS/dnssec/NSEC3ValUtils.java +++ b/src/main/java/org/xbill/DNS/dnssec/NSEC3ValUtils.java @@ -3,6 +3,9 @@ // Copyright (c) 2013-2021 Ingo Bauersachs package org.xbill.DNS.dnssec; +import static org.xbill.DNS.ExtendedErrorCodeOption.DNSSEC_BOGUS; +import static org.xbill.DNS.ExtendedErrorCodeOption.NSEC_MISSING; + import java.security.NoSuchAlgorithmException; import java.security.interfaces.DSAPublicKey; import java.security.interfaces.ECPublicKey; @@ -17,6 +20,7 @@ import org.xbill.DNS.DNSKEYRecord; import org.xbill.DNS.DNSSEC.Algorithm; import org.xbill.DNS.DNSSEC.DNSSECException; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.NSEC3Record; import org.xbill.DNS.NSEC3Record.Flags; import org.xbill.DNS.Name; @@ -492,9 +496,10 @@ public SecurityStatus proveNameError(List nsec3s, Name qname, Name zonen * @return {@link SecurityStatus#SECURE} if the NSEC3s prove the proposition, {@link * SecurityStatus#INSECURE} if qname is under opt-out, {@link SecurityStatus#BOGUS} otherwise. */ - public SecurityStatus proveNodata(List nsec3s, Name qname, int qtype, Name zonename) { + public JustifiedSecStatus proveNodata(List nsec3s, Name qname, int qtype, Name zonename) { if (nsec3s == null || nsec3s.isEmpty()) { - return SecurityStatus.BOGUS; + return new JustifiedSecStatus( + SecurityStatus.BOGUS, ExtendedErrorCodeOption.NSEC_MISSING, R.get("failed.nsec3.none")); } NSEC3Record nsec3 = this.findMatchingNSEC3(qname, zonename, nsec3s); @@ -502,28 +507,32 @@ public SecurityStatus proveNodata(List nsec3s, Name qname, int qtype, Na if (nsec3 != null) { if (nsec3.hasType(qtype)) { log.debug("proveNodata: Matching NSEC3 proved that type existed!"); - return SecurityStatus.BOGUS; + return new JustifiedSecStatus( + SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.type_exists")); } if (nsec3.hasType(Type.CNAME)) { log.debug("proveNodata: Matching NSEC3 proved that a CNAME existed!"); - return SecurityStatus.BOGUS; + return new JustifiedSecStatus( + SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.cname_exists")); } if (qtype == Type.DS && nsec3.hasType(Type.SOA) && !Name.root.equals(qname)) { log.debug("proveNodata: apex NSEC3 abused for no DS proof, bogus"); - return SecurityStatus.BOGUS; + return new JustifiedSecStatus( + SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.apex_abuse")); } else if (qtype != Type.DS && nsec3.hasType(Type.NS) && !nsec3.hasType(Type.SOA)) { if (!nsec3.hasType(Type.DS)) { log.debug("proveNodata: matching NSEC3 is insecure delegation"); - return SecurityStatus.INSECURE; + return new JustifiedSecStatus(SecurityStatus.INSECURE, -1, null); } log.debug("proveNodata: matching NSEC3 is a delegation, bogus"); - return SecurityStatus.BOGUS; + return new JustifiedSecStatus( + SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.delegation")); } - return SecurityStatus.SECURE; + return new JustifiedSecStatus(SecurityStatus.SECURE, -1, null); } // For cases 3 - 5, we need the proven closest encloser, and it can't @@ -534,11 +543,12 @@ public SecurityStatus proveNodata(List nsec3s, Name qname, int qtype, Na // At this point, not finding a match or a proven closest encloser is a // problem. if (ce.status == SecurityStatus.BOGUS) { - log.debug("proveNodata: did not match qname, nor found a proven closest encloser."); - return SecurityStatus.BOGUS; + log.debug("proveNodata: did not match qname, nor found a proven closest encloser"); + return new JustifiedSecStatus( + SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.qname_ce")); } else if (ce.status == SecurityStatus.INSECURE && qtype != Type.DS) { - log.debug("proveNodata: closest nsec3 is insecure delegation."); - return SecurityStatus.INSECURE; + log.debug("proveNodata: closest nsec3 is insecure delegation"); + return new JustifiedSecStatus(SecurityStatus.INSECURE, -1, null); } // Case 3: REMOVED @@ -549,26 +559,30 @@ public SecurityStatus proveNodata(List nsec3s, Name qname, int qtype, Na if (nsec3 != null) { if (nsec3.hasType(qtype)) { log.debug("proveNodata: matching wildcard had qtype!"); - return SecurityStatus.BOGUS; + return new JustifiedSecStatus( + SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.type_exists_wc")); } else if (nsec3.hasType(Type.CNAME)) { log.debug("nsec3 nodata proof: matching wildcard had a CNAME, bogus"); - return SecurityStatus.BOGUS; + return new JustifiedSecStatus( + SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.cname_exists_wc")); } if (qtype == Type.DS && qname.labels() != 1 && nsec3.hasType(Type.SOA)) { log.debug("nsec3 nodata proof: matching wildcard for no DS proof has a SOA, bogus"); - return SecurityStatus.BOGUS; + return new JustifiedSecStatus( + SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.wc_soa")); } else if (qtype != Type.DS && nsec3.hasType(Type.NS) && !nsec3.hasType(Type.SOA)) { log.debug("nsec3 nodata proof: matching wilcard is a delegation, bogus"); - return SecurityStatus.BOGUS; + return new JustifiedSecStatus( + SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.delegation_wc")); } if (ce.ncNsec3 != null && (ce.ncNsec3.getFlags() & Flags.OPT_OUT) == Flags.OPT_OUT) { log.debug("nsec3 nodata proof: matching wildcard is in optout range, insecure"); - return SecurityStatus.INSECURE; + return new JustifiedSecStatus(SecurityStatus.INSECURE, -1, null); } - return SecurityStatus.SECURE; + return new JustifiedSecStatus(SecurityStatus.SECURE, -1, null); } // Case 5. @@ -577,24 +591,27 @@ public SecurityStatus proveNodata(List nsec3s, Name qname, int qtype, Na // insecure delegation under an optout here */ if (ce.ncNsec3 == null) { log.debug("nsec3 nodata proof: no next closer nsec3"); - return SecurityStatus.BOGUS; + return new JustifiedSecStatus( + SecurityStatus.BOGUS, NSEC_MISSING, R.get("failed.nsec3.no_next")); } // We need to make sure that the covering NSEC3 is opt-out. if ((ce.ncNsec3.getFlags() & Flags.OPT_OUT) == 0) { if (qtype != Type.DS) { log.debug( - "proveNodata: covering NSEC3 was not opt-out in an opt-out DS NOERROR/NODATA case."); + "proveNodata: covering NSEC3 was not opt-out in an opt-out DS NOERROR/NODATA case"); + return new JustifiedSecStatus( + SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.not_optout")); } else { log.debug( - "proveNodata: could not find matching NSEC3, nor matching wildcard, and qtype is not DS -- no more options."); + "proveNodata: could not find matching NSEC3, nor matching wildcard, and qtype is not DS -- no more options"); + return new JustifiedSecStatus( + SecurityStatus.BOGUS, NSEC_MISSING, R.get("failed.nsec3.not_found")); } - - return SecurityStatus.BOGUS; } // RFC5155 section 9.2: if nc has optout then no AD flag set - return SecurityStatus.INSECURE; + return new JustifiedSecStatus(SecurityStatus.INSECURE, -1, null); } /** diff --git a/src/main/java/org/xbill/DNS/dnssec/ValUtils.java b/src/main/java/org/xbill/DNS/dnssec/ValUtils.java index 17c589288..d217d43c9 100644 --- a/src/main/java/org/xbill/DNS/dnssec/ValUtils.java +++ b/src/main/java/org/xbill/DNS/dnssec/ValUtils.java @@ -14,6 +14,7 @@ import org.xbill.DNS.DNSSEC.Algorithm; import org.xbill.DNS.DSRecord; import org.xbill.DNS.ExtendedErrorCodeOption; +import org.xbill.DNS.Flags; import org.xbill.DNS.Message; import org.xbill.DNS.NSECRecord; import org.xbill.DNS.Name; @@ -132,7 +133,9 @@ public static ResponseClassification classifyResponse(Message request, SMessage } // check for referral: nonRD query and it looks like a nodata - if (m.getCount(Section.ANSWER) == 0 && m.getRcode() != Rcode.NOERROR) { + if (!request.getHeader().getFlag(Flags.RD) + && m.getCount(Section.ANSWER) == 0 + && m.getRcode() != Rcode.NOERROR) { // SOA record in auth indicates it is NODATA instead. // All validation requiring NODATA messages have SOA in // authority section. @@ -173,7 +176,7 @@ public static ResponseClassification classifyResponse(Message request, SMessage } // Next is NODATA - if (m.getCount(Section.ANSWER) == 0) { + if (m.getRcode() == Rcode.NOERROR && m.getCount(Section.ANSWER) == 0) { return ResponseClassification.NODATA; } @@ -209,7 +212,7 @@ public static ResponseClassification classifyResponse(Message request, SMessage } } - log.warn("Failed to classify response message:\n" + m); + log.warn("Failed to classify response message:\n{}", m); return ResponseClassification.UNKNOWN; } @@ -249,6 +252,7 @@ public KeyEntry verifyNewDNSKEYs( } int favoriteDigestID = this.favoriteDSDigestID(dsRrset); + KeyEntry ke = null; for (Record dsr : dsRrset.rrs()) { DSRecord ds = (DSRecord) dsr; if (this.digestHardenDowngrade && ds.getDigestID() != favoriteDigestID) { @@ -264,8 +268,8 @@ public KeyEntry verifyNewDNSKEYs( continue; } - KeyEntry ke = getKeyEntry(dnskeyRrset, date, ds, dnskey); - if (ke != null) { + ke = getKeyEntry(dnskeyRrset, date, ds, dnskey); + if (ke.isGood()) { return ke; } @@ -274,9 +278,11 @@ public KeyEntry verifyNewDNSKEYs( } // If any were understandable, then it is bad. - KeyEntry badKey = KeyEntry.newBadKeyEntry(dsRrset.getName(), dsRrset.getDClass(), badKeyTTL); - badKey.setBadReason(ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("dnskey.no_ds_match")); - return badKey; + if (ke == null) { + ke = KeyEntry.newBadKeyEntry(dsRrset.getName(), dsRrset.getDClass(), badKeyTTL); + ke.setBadReason(ExtendedErrorCodeOption.DNSKEY_MISSING, R.get("dnskey.no_ds_match")); + } + return ke; } private KeyEntry getKeyEntry(SRRset dnskeyRrset, Instant date, DSRecord ds, DNSKEYRecord dnskey) { @@ -287,25 +293,38 @@ private KeyEntry getKeyEntry(SRRset dnskeyRrset, Instant date, DSRecord ds, DNSK byte[] dsHash = ds.getDigest(); // see if there is a length mismatch (unlikely) + KeyEntry ke; if (keyHash.length != dsHash.length) { - return null; + ke = KeyEntry.newBadKeyEntry(ds.getName(), ds.getDClass(), ds.getTTL()); + ke.setBadReason(ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("dnskey.invalid")); + return ke; } for (int k = 0; k < keyHash.length; k++) { if (keyHash[k] != dsHash[k]) { - return null; + ke = KeyEntry.newBadKeyEntry(ds.getName(), ds.getDClass(), ds.getTTL()); + ke.setBadReason(ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("dnskey.invalid")); + return ke; } } // Otherwise, we have a match! Make sure that the DNSKEY // verifies *with this key*. - SecurityStatus res = this.verifier.verify(dnskeyRrset, dnskey, date); - if (res == SecurityStatus.SECURE) { - log.trace("DS matched DNSKEY."); - dnskeyRrset.setSecurityStatus(SecurityStatus.SECURE); - return KeyEntry.newKeyEntry(dnskeyRrset); + JustifiedSecStatus res = this.verifier.verify(dnskeyRrset, dnskey, date); + switch (res.status) { + case SECURE: + dnskeyRrset.setSecurityStatus(SecurityStatus.SECURE); + ke = KeyEntry.newKeyEntry(dnskeyRrset); + break; + case BOGUS: + ke = KeyEntry.newBadKeyEntry(ds.getName(), ds.getDClass(), ds.getTTL()); + ke.setBadReason(res.edeReason, res.reason); + break; + default: + throw new IllegalStateException("Unexpected security status"); } - return null; + + return ke; } /** @@ -598,6 +617,7 @@ public static NsecProvesNodataResponse nsecProvesNodata( if (strictSubdomain(qname, ce)) { if (nsec.hasType(Type.CNAME)) { // should have gotten the wildcard CNAME + log.debug("NSEC proofed wildcard CNAME"); result.result = false; return result; } @@ -606,11 +626,13 @@ public static NsecProvesNodataResponse nsecProvesNodata( // wrong parentside (wildcard) NSEC used, and it really // should not exist anyway: // http://tools.ietf.org/html/rfc4592#section-4.2 + log.debug("Wrong parent (wildcard) NSEC used"); result.result = false; return result; } if (nsec.hasType(qtype)) { + log.debug("NSEC proofed that {} exists", Type.string(qtype)); result.result = false; return result; } @@ -629,12 +651,14 @@ public static NsecProvesNodataResponse nsecProvesNodata( // If the qtype exists, then we should have gotten it. if (nsec.hasType(qtype)) { + log.debug("NSEC proofed that {} exists", Type.string(qtype)); result.result = false; return result; } // if the name is a CNAME node, then we should have gotten the CNAME if (nsec.hasType(Type.CNAME)) { + log.debug("NSEC proofed CNAME"); result.result = false; return result; } @@ -645,10 +669,12 @@ public static NsecProvesNodataResponse nsecProvesNodata( // The reverse of this check is used when qtype is DS, since that // must use the NSEC from above the zone cut. if (qtype != Type.DS && nsec.hasType(Type.NS) && !nsec.hasType(Type.SOA)) { + log.debug("NSEC proofed missing referral"); result.result = false; return result; } if (qtype == Type.DS && nsec.hasType(Type.SOA) && !Name.root.equals(qname)) { + log.debug("NSEC from wrong zone"); result.result = false; return result; } @@ -680,7 +706,10 @@ public JustifiedSecStatus nsecProvesNodataDsReply( // The NSEC must verify, first of all. JustifiedSecStatus res = this.verifySRRset(nsecRrset, keyRrset, date); if (res.status != SecurityStatus.SECURE) { - return new JustifiedSecStatus(SecurityStatus.BOGUS, res.edeReason, R.get("failed.ds.nsec")); + return new JustifiedSecStatus( + SecurityStatus.BOGUS, + ExtendedErrorCodeOption.DNSSEC_BOGUS, + R.get("failed.ds.nsec", res.reason)); } NSECRecord nsec = (NSECRecord) nsecRrset.first(); diff --git a/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java b/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java index 8dd04e32e..57678e156 100644 --- a/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java +++ b/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java @@ -21,6 +21,7 @@ import java.util.concurrent.CompletableFuture; import java.util.concurrent.CompletionStage; import java.util.concurrent.atomic.AtomicInteger; +import java.util.stream.Collectors; import lombok.Getter; import lombok.Setter; import lombok.extern.slf4j.Slf4j; @@ -28,6 +29,7 @@ import org.xbill.DNS.DClass; import org.xbill.DNS.DNAMERecord; import org.xbill.DNS.EDNSOption; +import org.xbill.DNS.EDNSOption.Code; import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.ExtendedFlags; import org.xbill.DNS.Flags; @@ -572,6 +574,7 @@ private CompletionStage validateNodataResponse(Message request, SMessage r // The RRSIG signer field for the NSEC3 RRs. Name nsec3Signer = null; + int edeReason = ExtendedErrorCodeOption.NSEC_MISSING; for (SRRset set : response.getSectionRRsets(Section.AUTHORITY)) { // If we encounter an NSEC record, try to use it to prove NODATA. // This needs to handle the empty non-terminal (ENT) NODATA case. @@ -580,6 +583,8 @@ private CompletionStage validateNodataResponse(Message request, SMessage r ndp = ValUtils.nsecProvesNodata(set, nsec, qname, qtype); if (ndp.result) { hasValidNSEC = true; + } else { + edeReason = ExtendedErrorCodeOption.DNSSEC_BOGUS; } if (ValUtils.nsecProvesNameError(set, nsec, qname)) { @@ -596,10 +601,11 @@ private CompletionStage validateNodataResponse(Message request, SMessage r // check to see if we have a wildcard NODATA proof. - // The wildcard NODATA is 1 NSEC proving that qname does not exists (and + // The wildcard NODATA is 1 NSEC proving that qname does not exist (and // also proving what the closest encloser is), and 1 NSEC showing the // matching wildcard, which must be *.closest_encloser. if (ndp.wc != null && (ce == null || (!ce.equals(ndp.wc) && !qname.equals(ce)))) { + edeReason = ExtendedErrorCodeOption.DNSSEC_BOGUS; hasValidNSEC = false; } @@ -613,19 +619,20 @@ private CompletionStage validateNodataResponse(Message request, SMessage r return null; } - SecurityStatus status = + JustifiedSecStatus res = this.n3valUtils.proveNodata(nsec3s, qname, qtype, nsec3Signer); - if (status == SecurityStatus.INSECURE) { + edeReason = res.edeReason; + if (res.status == SecurityStatus.INSECURE) { response.setStatus(SecurityStatus.INSECURE, -1); return null; } - hasValidNSEC = status == SecurityStatus.SECURE; + hasValidNSEC = res.status == SecurityStatus.SECURE; } if (!hasValidNSEC) { - response.setBogus(R.get("failed.nodata"), ExtendedErrorCodeOption.NSEC_MISSING); - log.trace("Failed NODATA for " + qname); + response.setBogus(R.get("failed.nodata"), edeReason); + log.trace("Failed NODATA for {}", qname); return null; } @@ -1096,7 +1103,7 @@ private KeyEntry dsReponseToKeForNodata(SMessage response, Message request, SRRs // Apparently no available NSEC/NSEC3 proved NODATA, so this is // BOGUS. - bogusKE.setBadReason(ExtendedErrorCodeOption.NSEC_MISSING, R.get("failed.ds.unknown")); + bogusKE.setBadReason(ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("failed.ds.unknown")); return bogusKE; } @@ -1390,8 +1397,12 @@ private void applyEdeToOpt(SMessage validated, Message m) { OPTRecord old = m.getOPT(); OPTRecord newOpt; List options = new ArrayList<>(); + options.add(new ExtendedErrorCodeOption(validated.getEdeReason(), validated.getBogusReason())); if (old != null) { - options.addAll(old.getOptions()); + options.addAll( + old.getOptions().stream() + .filter(o -> o.getCode() != Code.EDNS_EXTENDED_ERROR) + .collect(Collectors.toList())); newOpt = new OPTRecord( old.getPayloadSize(), @@ -1401,8 +1412,6 @@ private void applyEdeToOpt(SMessage validated, Message m) { options); m.removeRecord(m.getOPT(), Section.ADDITIONAL); } else { - options.add( - new ExtendedErrorCodeOption(validated.getEdeReason(), validated.getBogusReason())); newOpt = new OPTRecord(SimpleResolver.DEFAULT_EDNS_PAYLOADSIZE, 0, 0, 0, options); } m.addRecord(newOpt, Section.ADDITIONAL); diff --git a/src/main/resources/messages.properties b/src/main/resources/messages.properties index 89cd7ac01..102a821a8 100644 --- a/src/main/resources/messages.properties +++ b/src/main/resources/messages.properties @@ -11,6 +11,19 @@ failed.positive.wildcardgeneration=Could not generate NSEC wildcard, resulting n failed.positive.wildcard_too_broad=Positive response was wildcard expansion and did not prove original data did not exist or wasn't generated by the correct wildcard. failed.nxdomain.cname_nxdomain=CNAME_NAMEERROR response has failed ANSWER rrset: {0} failed.nxdomain.authority=NameError response has failed AUTHORITY rrset: {0} +failed.nsec3.none=No NSEC3 records +failed.nsec3.not_found=No matching NSEC3 records found +failed.nsec3.type_exists=NSEC3 proofed type exists +failed.nsec3.type_exists_wc=NSEC3 wildcard proofed type exists +failed.nsec3.cname_exists=NSEC3 proofed a CNAME exists +failed.nsec3.cname_exists_wc=NSEC3 wildcard proofed a CNAME exists +failed.nsec3.wc_soa=NSEC3 wildcard proofed a CNAME exists +failed.nsec3.apex_abuse=NSEC3 from apex abused +failed.nsec3.delegation=NSEC3 is a delegation +failed.nsec3.delegation_wc=NSEC3 wildcard is a delegation +failed.nsec3.no_next=No next closer NSEC3 +failed.nsec3.not_optout=NSEC3 was not opt-out +failed.nsec3.qname_ce=NSEC3 did not match query name and closest encloser not found failed.nsec3_ignored=All NSEC3s were validated but ignored due to unknown algorithms or invalid iteration counts. failed.nxdomain.nsec3_bogus=NSEC3 failed to proof the name error. failed.nxdomain.nsec3_insecure=NSEC3 proofed that the target domain is under opt-out, response is insecure. @@ -19,6 +32,7 @@ failed.nxdomain.haswildcard=NameError response has failed to prove that the cove dnskey.no_rrset=Missing DNSKEY RRset in response to DNSKEY query for {0}. dnskey.no_ds_match=Did not match a DS to a DNSKEY. dnskey.no_key=No key for signature {0} +dnskey.no_sigs=No signatures for key {0} dnskey.key_offtree=Key {0} for signature {1} is off tree dnskey.no_match=Key does not match signature dnskey.expired=Key exired @@ -27,7 +41,7 @@ dnskey.invalid=Key does not verify signature failed.ds=DS rrset in DS response did not verify. failed.ds.cname=CNAME in DS response was not secure. ds.secure=CNAME validated, proof that DS does not exist. -failed.ds.nsec=NSEC RRset for the referral did not verify. +failed.ds.nsec=NSEC RRset for the referral did not verify, {0}. failed.ds.nsec.hasdata=NSEC RRset for the referral did not prove no DS. failed.ds.nonsec=No signed NSEC/NSEC3 records for query to {0}/DS. failed.ds.nodelegation=NSEC RRset for the referral proved not a delegation point diff --git a/src/test/java/org/xbill/DNS/dnssec/TestAlgorithmSupport.java b/src/test/java/org/xbill/DNS/dnssec/TestAlgorithmSupport.java index ed50b0a5f..3c4e00ff1 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestAlgorithmSupport.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestAlgorithmSupport.java @@ -33,7 +33,7 @@ void testAlgIsUnknown(String param) throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals("insecure.ds.noalgorithms:" + param + ".ingotronic.ch.", getReason(response)); - assertEquals(ExtendedErrorCodeOption.UNSUPPORTED_DNSKEY_ALGORITHM, getEdeReason(response)); + assertEde(ExtendedErrorCodeOption.UNSUPPORTED_DNSKEY_ALGORITHM, response); } @ParameterizedTest(name = "testEd_{arguments}") @@ -46,7 +46,7 @@ void testEd(String param) throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } finally { Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME); } @@ -58,7 +58,7 @@ void testDigestIdIsUnknown() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals("failed.ds.nodigest:unknown-alg.ingotronic.ch.", getReason(response)); - assertEquals(ExtendedErrorCodeOption.UNSUPPORTED_DS_DIGEST_TYPE, getEdeReason(response)); + assertEde(ExtendedErrorCodeOption.UNSUPPORTED_DS_DIGEST_TYPE, response); } @AlwaysOffline diff --git a/src/test/java/org/xbill/DNS/dnssec/TestBase.java b/src/test/java/org/xbill/DNS/dnssec/TestBase.java index 6892e0608..818fcb94e 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestBase.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestBase.java @@ -261,6 +261,13 @@ protected int getEdeReason(Message m) { return edeReason; } + protected void assertEde(int expected, Message m) { + int edeReason = getEdeReason(m); + String expectedText = expected == -1 ? null : ExtendedErrorCodeOption.text(expected); + String actualText = edeReason == -1 ? null : ExtendedErrorCodeOption.text(edeReason); + assertEquals(expectedText, actualText, "EDE does not match"); + } + protected String getEdeText(Message m) { return Optional.ofNullable(m.getOPT()) .flatMap( diff --git a/src/test/java/org/xbill/DNS/dnssec/TestBogusReasonMessage.java b/src/test/java/org/xbill/DNS/dnssec/TestBogusReasonMessage.java index e9bd5f237..40f995c9f 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestBogusReasonMessage.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestBogusReasonMessage.java @@ -23,6 +23,6 @@ void testLongBogusReasonIsSplitCorrectly() throws IOException { assertEquals( "failed.nxdomain.authority:{ isc.org. 2962 IN NSEC [01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.01234567890123456789012345678901234567890123456789.isc.org. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY SPF] sigs: [NSEC 5 2 3600 20160706234032 20160606234032 13953 isc.org. fnOJeQG2vOwrERAPIqAenLOosbIBT7UvmxOV8Az2ExOhlGxP2CEqZEc5NPVbidq4oZC2kHyG7x31D6LBJXeXgOuanv+uqPNe9UIiUhdj+Egf8FEWIOKp8nxgjQGiGSNbQenWjeWoR91sReFEU+Pn7NPlEI072MzEESOT8oVucx8=] }", getReason(response)); - assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestCNames.java b/src/test/java/org/xbill/DNS/dnssec/TestCNames.java index 87ec433ef..4476adc50 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestCNames.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestCNames.java @@ -24,7 +24,7 @@ void testCNameToUnsignedA() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals(3, response.getSection(Section.ANSWER).size()); assertEquals("insecure.ds.nsec3", getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -34,7 +34,7 @@ void testCNameToUnsignedMX() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals(2, response.getSection(Section.ANSWER).size()); assertEquals("insecure.ds.nsec3", getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -44,7 +44,7 @@ void testCNameToSignedA() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals(4, response.getSection(Section.ANSWER).size()); assertNull(getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -54,7 +54,7 @@ void testCNameToSignedMX() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals(2, response.getSection(Section.ANSWER).size()); assertNull(getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -65,7 +65,7 @@ void testCNameToSignedAExternal() throws IOException { assertEquals(4, response.getSection(Section.ANSWER).size()); assertEquals(5, response.getSection(Section.AUTHORITY).size()); assertNull(getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -75,7 +75,7 @@ void testCNameToInvalidSigned() throws IOException { assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals( "validate.bogus.badkey:dnssec-failed.org.:dnskey.no_ds_match", getReason(response)); - assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); + assertEde(ExtendedErrorCodeOption.DNSKEY_MISSING, response); } @Test @@ -84,7 +84,7 @@ void testCNameToUnsignedNsec3() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals("insecure.ds.nsec3", getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -93,7 +93,7 @@ void testCNameToSignedNsec3() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -103,7 +103,7 @@ void testCNameToInvalidSignedNsec3() throws IOException { assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals( "validate.bogus.badkey:dnssec-failed.org.:dnskey.no_ds_match", getReason(response)); - assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); + assertEde(ExtendedErrorCodeOption.DNSKEY_MISSING, response); } @ParameterizedTest(name = "testCNameToVoid_{index}") @@ -114,7 +114,7 @@ void testCNameToVoid(String subdomain, int acount) throws IOException { assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertEquals(acount, response.getSection(Section.ANSWER).size()); assertNull(getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -123,7 +123,7 @@ void testCNameToUnsignedVoid() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertEquals("insecure.ds.nsec", getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -132,7 +132,7 @@ void testCNameToExternalUnsignedVoid() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertEquals("insecure.ds.nsec3", getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -141,7 +141,7 @@ void testCNameToSubSigned() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -151,7 +151,7 @@ void testCNameToVoidExternalInvalidTld() throws IOException { assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertEquals(2, response.getSection(Section.ANSWER).size()); assertNull(getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -160,7 +160,7 @@ void testCNameToVoidExternalValidTld() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertNull(getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -169,6 +169,6 @@ void testCNameToVoidNsec3() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertNull(getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestDNames.java b/src/test/java/org/xbill/DNS/dnssec/TestDNames.java index ad05d33ad..727bc516f 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestDNames.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestDNames.java @@ -31,7 +31,7 @@ void testDNameToExistingIsValid() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals(5, response.getSection(Section.ANSWER).size()); assertNull(getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -41,7 +41,7 @@ void testDNameToNoDataIsValid() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals(3, response.getSection(Section.ANSWER).size()); assertNull(getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -50,7 +50,7 @@ void testDNameToNxDomainIsValid() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertNull(getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -65,7 +65,7 @@ void testDNameDirectQueryIsValid() throws IOException { assertEquals(Name.fromString("ingotronic.ch."), r.getTarget()); } } - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -79,7 +79,7 @@ void testDNameWithFakedCnameIsInvalid() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.synthesize.nomatch:www.isc.org.:www.ingotronic.ch.", getReason(response)); - assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -98,7 +98,7 @@ void testDNameWithNoCnameIsValid() throws IOException { Record[] results = l.run(); assertNotNull(results); assertTrue(results.length >= 1); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -112,7 +112,7 @@ void testDNameWithMultipleCnamesIsInvalid() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.synthesize.multiple", getReason(response)); - assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -130,7 +130,7 @@ void testDNameWithTooLongCnameIsInvalid() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.synthesize.toolong", getReason(response)); - assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -163,7 +163,7 @@ void testDNameInNsecIsUnderstood_Rfc6672_5_3_4_1() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nxdomain.exists:www.alias.ingotronic.ch.", getReason(response)); - assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -172,7 +172,7 @@ void testDNameToExternal() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -181,6 +181,6 @@ void testDNameChain() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestInvalid.java b/src/test/java/org/xbill/DNS/dnssec/TestInvalid.java index 3d0e23dcb..d453152c9 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestInvalid.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestInvalid.java @@ -44,7 +44,7 @@ void testInvalid(String param, String dnssecReason, String edeMnemonic) throws I assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals( "validate.bogus.badkey:" + param + ".tjeb.nl.:" + dnssecReason, getReason(response)); - assertEquals(ExtendedErrorCodeOption.code(edeMnemonic), getEdeReason(response)); + assertEde(ExtendedErrorCodeOption.code(edeMnemonic), response); } @Test @@ -55,7 +55,7 @@ void testSignedBelowUnsignedBelowSigned() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertFalse(isEmptyAnswer(response)); assertEquals("insecure.ds.nsec", getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -66,7 +66,7 @@ void testSignedBelowUnsignedBelowSignedNsec3() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertFalse(isEmptyAnswer(response)); assertEquals("insecure.ds.nsec3", getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -85,7 +85,7 @@ void testUnsignedThatMustBeSigned() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("validate.bogus.missingsig", getReason(response)); - assertEquals(ExtendedErrorCodeOption.RRSIGS_MISSING, getEdeReason(response)); + assertEde(ExtendedErrorCodeOption.RRSIGS_MISSING, response); } @Test @@ -119,7 +119,7 @@ void testModifiedSignature() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertTrue(getReason(response).startsWith("failed.answer.positive:{ www.ingotronic.ch.")); - assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -134,8 +134,8 @@ void testReturnServfailIfIntermediateQueryFails() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); // rfc4035#section-5.5 assertEquals(Rcode.SERVFAIL, response.getRcode()); - assertEquals("validate.bogus.badkey:ch.:failed.ds.nonsec:ch.", getReason(response)); - assertEquals(ExtendedErrorCodeOption.RRSIGS_MISSING, getEdeReason(response)); + assertEquals("validate.bogus.badkey:ch.:failed.ds.notype:UNKNOWN", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -151,7 +151,7 @@ void testReturnOriginalRcodeIfPrimaryQueryFails() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); // rfc4035#section-5.5 assertEquals(Rcode.REFUSED, response.getRcode()); - assertEquals("failed.nodata", getReason(response)); - assertEquals(ExtendedErrorCodeOption.NSEC_MISSING, getEdeReason(response)); + assertEquals("validate.response.unknown:UNKNOWN", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestKeyCacheUsage.java b/src/test/java/org/xbill/DNS/dnssec/TestKeyCacheUsage.java index 16a9d3338..e619a9a1f 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestKeyCacheUsage.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestKeyCacheUsage.java @@ -19,7 +19,7 @@ void testUnsigned() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals(localhost, firstA(response)); assertEquals("insecure.ds.nsec", getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); // send the query a second time to ensure the cache doesn't create a wrong behavior response = resolver.send(createMessage("www.unsigned.ingotronic.ch./A")); @@ -27,6 +27,6 @@ void testUnsigned() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals(localhost, firstA(response)); assertEquals("insecure.ds.nsec", getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNSEC3NoData.java b/src/test/java/org/xbill/DNS/dnssec/TestNSEC3NoData.java index 74b016546..1553434c9 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestNSEC3NoData.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestNSEC3NoData.java @@ -9,7 +9,8 @@ import java.io.IOException; import org.junit.jupiter.api.Test; import org.junit.jupiter.params.ParameterizedTest; -import org.junit.jupiter.params.provider.ValueSource; +import org.junit.jupiter.params.provider.CsvSource; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.Flags; import org.xbill.DNS.Message; import org.xbill.DNS.RRset; @@ -17,25 +18,25 @@ class TestNSEC3NoData extends TestBase { @ParameterizedTest(name = "testNodataNsec3_{index}") - @ValueSource( - strings = { - "www.nsec3.ingotronic.ch./MX", - // get NSEC3 hashed whose name is sub.nsec3.ingotronic.ch. from the nsec3.ingotronic.ch. - // then return NODATA for the following query, "proofed" by the NSEC3 from the parent - "sub.nsec3.ingotronic.ch./A", - // get NSEC3 hashed whose name is sub.nsec3.ingotronic.ch. from the sub.nsec3.ingotronic.ch. - // then return NODATA for the following query, "proofed" by the NSEC3 from the child - "sub.nsec3.ingotronic.ch./DS", - // rfc5155#section-7.2.4 - // response does not contain next closer NSEC3, thus bogus - "a.unsigned.nsec3.ingotronic.ch./DS", - }) + @CsvSource({ + "www.nsec3.ingotronic.ch./MX,DNSSEC_BOGUS", + // get NSEC3 hashed whose name is sub.nsec3.ingotronic.ch. from the nsec3.ingotronic.ch. + // then return NODATA for the following query, "proofed" by the NSEC3 from the parent + "sub.nsec3.ingotronic.ch./A,DNSSEC_BOGUS", + // get NSEC3 hashed whose name is sub.nsec3.ingotronic.ch. from the sub.nsec3.ingotronic.ch. + // then return NODATA for the following query, "proofed" by the NSEC3 from the child + "sub.nsec3.ingotronic.ch./DS,DNSSEC_BOGUS", + // rfc5155#section-7.2.4 + // response does not contain next closer NSEC3, thus bogus + "a.unsigned.nsec3.ingotronic.ch./DS,NSEC_MISSING", + }) @AlwaysOffline - void testNodataNsec3(String query) throws IOException { + void testNodataNsec3(String query, String ede) throws IOException { Message response = resolver.send(createMessage(query)); assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertTrue(getReason(response).startsWith("failed.nodata")); + assertEde(ExtendedErrorCodeOption.code(ede), response); } @Test @@ -48,6 +49,7 @@ void testNodataApexNsec3ProofInsecureDelegation() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); + assertEde(-1, response); } @Test @@ -59,6 +61,7 @@ void testNodataApexNsec3WithSOAValid() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); + assertEde(-1, response); } @Test @@ -77,6 +80,7 @@ void testNoDSProofCanExistForRoot() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); + assertEde(-1, response); } @Test @@ -95,6 +99,7 @@ void testNodataNsec3ForDSMustNotHaveSOA() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); + assertEde(-1, response); } @Test @@ -104,5 +109,6 @@ void testNsec3ClosestEncloserIsInsecureDelegation() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); + assertEde(-1, response); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNoData.java b/src/test/java/org/xbill/DNS/dnssec/TestNoData.java index 2529d373a..e0a430473 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestNoData.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestNoData.java @@ -24,7 +24,7 @@ void testFakedNoDataNsec3WithoutNsecs() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertTrue(getReason(response).startsWith("failed.nodata")); - assertEquals(ExtendedErrorCodeOption.NSEC_MISSING, getEdeReason(response)); + assertEde(ExtendedErrorCodeOption.NSEC_MISSING, response); } @Test @@ -37,6 +37,6 @@ void testFakedNoDataNsec3WithNsecs() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertTrue(getReason(response).startsWith("failed.nodata")); - assertEquals(ExtendedErrorCodeOption.NSEC_MISSING, getEdeReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNonExistence.java b/src/test/java/org/xbill/DNS/dnssec/TestNonExistence.java index a6b441327..c6e005d2b 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestNonExistence.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestNonExistence.java @@ -31,7 +31,7 @@ void testNonExisting(String param) throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertNull(getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -45,7 +45,7 @@ void testDoubleLabelABelowSignedNsec3MissingNsec3() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nxdomain.nsec3_bogus", getReason(response)); - assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -56,7 +56,7 @@ void testDoubleLabelABelowSignedBeforeZoneNsec3() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertNull(getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @ParameterizedTest(name = "testSignedNodata_{index}") @@ -75,7 +75,7 @@ void testSignedNodata(String param) throws IOException { assertTrue(response.getSectionRRsets(Section.ANSWER).isEmpty()); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } @Test @@ -90,7 +90,7 @@ void testNxDomainWithInvalidNsecSignature() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertTrue(getReason(response).startsWith("failed.nxdomain.authority")); - assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -105,7 +105,7 @@ void testNoDataWithInvalidNsecSignature() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertTrue(getReason(response).startsWith("failed.authority.nodata")); - assertEquals(ExtendedErrorCodeOption.DNSSEC_BOGUS, getEdeReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -113,6 +113,6 @@ void testNoDataOnENT() throws IOException { Message response = resolver.send(createMessage("b.ingotronic.ch./A")); assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NOERROR, response.getRcode()); - assertEquals(-1, getEdeReason(response)); + assertEde(-1, response); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNormallyUnreachableCode.java b/src/test/java/org/xbill/DNS/dnssec/TestNormallyUnreachableCode.java index eb16fee96..a9f9af8c1 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestNormallyUnreachableCode.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestNormallyUnreachableCode.java @@ -10,6 +10,7 @@ import org.junit.jupiter.api.Test; import org.xbill.DNS.ARecord; import org.xbill.DNS.DClass; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.Message; import org.xbill.DNS.Name; import org.xbill.DNS.OPTRecord; @@ -40,6 +41,7 @@ void testVerifyWithoutSignaturesIsBogus() { RRset keys = new RRset(); JustifiedSecStatus res = verifier.verify(set, keys, Instant.now()); assertEquals(SecurityStatus.BOGUS, res.status); + assertEquals(ExtendedErrorCodeOption.RRSIGS_MISSING, res.edeReason); } @Test diff --git a/src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtils.java b/src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtils.java index 319d7c4b5..63f8622a4 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtils.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestNsec3ValUtils.java @@ -12,6 +12,7 @@ import java.util.Properties; import org.junit.jupiter.api.Assumptions; import org.junit.jupiter.api.Test; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.Flags; import org.xbill.DNS.Message; import org.xbill.DNS.RRSIGRecord; @@ -41,6 +42,7 @@ void testInvalidIterationCountMarksInsecure() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals("failed.nsec3_ignored", getReason(response)); + assertEde(-1, response); } @Test @@ -58,6 +60,7 @@ void testNsec3WithoutClosestEncloser() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nxdomain.nsec3_bogus", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -71,6 +74,7 @@ void testNsec3NodataChangedToNxdomainIsBogus() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nxdomain.nsec3_bogus", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -101,6 +105,7 @@ void testNsec3ClosestEncloserIsDelegation() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nxdomain.nsec3_bogus", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -110,6 +115,7 @@ void testNsec3ClosestEncloserIsInsecureDelegation() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertEquals("failed.nxdomain.nsec3_insecure", getReason(response)); + assertEde(-1, response); } @Test @@ -120,6 +126,7 @@ void testNsecEcdsa256() throws IOException { Message response = resolver.send(createMessage("www.wc.nsec3-ecdsa256.ingotronic.ch./A")); assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NOERROR, response.getRcode()); + assertEde(-1, response); } @Test @@ -130,5 +137,6 @@ void testNsecEcdsa384() throws IOException { Message response = resolver.send(createMessage("www.wc.nsec3-ecdsa384.ingotronic.ch./A")); assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NOERROR, response.getRcode()); + assertEde(-1, response); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestPartiallyInvalid.java b/src/test/java/org/xbill/DNS/dnssec/TestPartiallyInvalid.java index c47f021ed..47e1c11c3 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestPartiallyInvalid.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestPartiallyInvalid.java @@ -19,6 +19,7 @@ void testValidExising() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals(localhost, firstA(response)); assertNull(getReason(response)); + assertEde(-1, response); } @Test @@ -28,6 +29,7 @@ void testValidExisingNoType() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertTrue(isEmptyAnswer(response)); assertNull(getReason(response)); + assertEde(-1, response); } @Test @@ -36,5 +38,6 @@ void testValidNonExising() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NXDOMAIN, response.getRcode()); assertNull(getReason(response)); + assertEde(-1, response); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestPositive.java b/src/test/java/org/xbill/DNS/dnssec/TestPositive.java index aaee634e8..93c653d74 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestPositive.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestPositive.java @@ -8,6 +8,7 @@ import java.io.IOException; import org.junit.jupiter.api.Test; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.Flags; import org.xbill.DNS.Message; import org.xbill.DNS.Rcode; @@ -22,6 +23,7 @@ void testValidExising() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals(localhost, firstA(response)); assertNull(getReason(response)); + assertEde(-1, response); } @Test @@ -30,6 +32,7 @@ void testValidNonExising() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); + assertEde(-1, response); } @Test @@ -47,6 +50,7 @@ void testValidAnswerToDifferentQueryTypeIsBogus() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("validate.response.unknown:UNKNOWN", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -63,5 +67,6 @@ void testCDonQueryDoesntDoAnything() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); + assertEde(-1, response); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestPriming.java b/src/test/java/org/xbill/DNS/dnssec/TestPriming.java index 7f423083f..0e0d5f753 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestPriming.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestPriming.java @@ -13,6 +13,7 @@ import org.junit.jupiter.api.Test; import org.xbill.DNS.DClass; import org.xbill.DNS.DNSKEYRecord; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.Flags; import org.xbill.DNS.Message; import org.xbill.DNS.Name; @@ -33,6 +34,7 @@ void testDnskeyPrimeResponseWithEmptyAnswerIsBad() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("validate.bogus.badkey:.:dnskey.no_rrset:.", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSKEY_MISSING, response); } @Test @@ -46,6 +48,7 @@ void testRootDnskeyPrimeResponseWithNxDomainIsBad() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("validate.bogus.badkey:.:dnskey.no_rrset:.", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSKEY_MISSING, response); } @Test @@ -61,7 +64,8 @@ void testDnskeyPrimeResponseWithInvalidSignatureIsBad() Message response = resolver.send(createMessage("www.ingotronic.ch./A")); assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); - assertEquals("validate.bogus.badkey:.:dnskey.no_ds_match", getReason(response)); + assertEquals("validate.bogus.badkey:.:dnskey.invalid", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -72,6 +76,7 @@ void testDnskeyPrimeResponseWithMismatchedFootprintIsBad() throws Exception { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("validate.bogus.badkey:.:dnskey.no_ds_match", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSKEY_MISSING, response); } finally { Type.register(Type.DNSKEY, Type.string(Type.DNSKEY), () -> spy(DNSKEYRecord.class)); } @@ -96,6 +101,7 @@ void testDnskeyPrimeResponseWithMismatchedAlgorithmIsBad() throws Exception { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("validate.bogus.badkey:.:dnskey.no_ds_match", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSKEY_MISSING, response); } finally { Type.register(Type.DNSKEY, Type.string(Type.DNSKEY), () -> spy(DNSKEYRecord.class)); } @@ -144,7 +150,8 @@ void testDnskeyPrimeResponseWithWeirdHashIsBad() throws Exception { Message response = resolver.send(createMessage("www.ingotronic.ch./A")); assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); - assertEquals("validate.bogus.badkey:.:dnskey.no_ds_match", getReason(response)); + assertEquals("validate.bogus.badkey:.:dnskey.invalid", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } finally { Security.removeProvider(p.getName()); } @@ -161,6 +168,7 @@ void testDsPrimeResponseWithEmptyAnswerIsBad() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("validate.bogus.badkey:ch.:failed.ds.nonsec:ch.", getReason(response)); + assertEde(ExtendedErrorCodeOption.RRSIGS_MISSING, response); } @Test @@ -175,6 +183,7 @@ void testDsPrimeResponseWithNxDomainForTld() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("validate.bogus.badkey:ch.:failed.ds.nonsec:ch.", getReason(response)); + assertEde(ExtendedErrorCodeOption.RRSIGS_MISSING, response); } @Test @@ -196,10 +205,14 @@ void testDsNoDataWhenNsecIsFromChildApex() throws IOException { m.addRecord(delegationNsecSig, Section.AUTHORITY); add("sub.ingotronic.ch./DS", m); + R.setUseNeutralMessages(false); Message response = resolver.send(createMessage("sub.ingotronic.ch./A")); assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); - assertEquals("validate.bogus.badkey:sub.ingotronic.ch.:failed.ds.nsec", getReason(response)); + assertEquals( + "validate.bogus.badkey:sub.ingotronic.ch.:failed.ds.nsec:dnskey.no_key:sub.ingotronic.ch.", + getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -214,6 +227,7 @@ void testDsNoDataWhenNsecOnEntIsBad() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("validate.bogus:failed.ds.nsec.ent", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -240,5 +254,6 @@ void testDsNoDataWhenOnInsecureDelegationWithWrongNsec() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("validate.bogus:failed.ds.unknown", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestRRsig.java b/src/test/java/org/xbill/DNS/dnssec/TestRRsig.java index 3556f02d9..ebaea0144 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestRRsig.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestRRsig.java @@ -6,12 +6,14 @@ import java.io.IOException; import org.junit.jupiter.api.Test; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.Flags; import org.xbill.DNS.Message; import org.xbill.DNS.Rcode; class TestRRsig extends TestBase { @Test + @AlwaysOffline void testRRsigNodata() throws IOException { Message message = createMessage("www.ingotronic.ch./RRSIG"); add("www.ingotronic.ch./RRSIG", message); @@ -20,9 +22,11 @@ void testRRsigNodata() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nodata", getReason(response)); + assertEde(ExtendedErrorCodeOption.NSEC_MISSING, response); } @Test + @AlwaysOffline void testRRsigServfail() throws IOException { Message message = createMessage("www.ingotronic.ch./RRSIG"); message.getHeader().setRcode(Rcode.SERVFAIL); @@ -31,6 +35,7 @@ void testRRsigServfail() throws IOException { Message response = resolver.send(createMessage("www.ingotronic.ch./RRSIG")); assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); - assertEquals("failed.nodata", getReason(response)); + assertEquals("validate.response.unknown:UNKNOWN", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestTrustAnchorLoading.java b/src/test/java/org/xbill/DNS/dnssec/TestTrustAnchorLoading.java index cd51bb897..60d2f7a2a 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestTrustAnchorLoading.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestTrustAnchorLoading.java @@ -15,6 +15,7 @@ import java.util.Properties; import org.junit.jupiter.api.Test; import org.xbill.DNS.DClass; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.Flags; import org.xbill.DNS.Message; import org.xbill.DNS.Name; @@ -26,7 +27,7 @@ class TestTrustAnchorLoading extends TestBase { @Test - void testLoadRootTrustAnchors() throws IOException { + void testLoadRootTrustAnchors() { assertNotNull(resolver.getTrustAnchors().find(Name.root, DClass.IN)); assertNull(resolver.getTrustAnchors().find(Name.root, DClass.CH)); } @@ -49,7 +50,7 @@ void testInitializingWithEmptyConfigDoesNotFail() throws IOException { } @Test - void testInitializingWithNonExistingFileThrows() throws IOException { + void testInitializingWithNonExistingFileThrows() { resolver.getTrustAnchors().clear(); Properties config = new Properties(); config.put("dnsjava.dnssec.trust_anchor_file", "xyz"); @@ -80,6 +81,7 @@ void testLoadRootTrustAnchorWithDNSKEY() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); + assertEde(-1, response); } @Test @@ -92,6 +94,7 @@ void testLoadRootTrustAnchorWithInvalidDNSKEY() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("validate.bogus.badkey:.:dnskey.no_ds_match", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSKEY_MISSING, response); } @Test @@ -103,7 +106,8 @@ void testLoadRootTrustAnchorWithInvalidDS() throws IOException { Message response = resolver.send(createMessage("www.ingotronic.ch./A")); assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); - assertEquals("validate.bogus.badkey:.:dnskey.no_ds_match", getReason(response)); + assertEquals("validate.bogus.badkey:.:dnskey.invalid", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -131,5 +135,6 @@ void testInsecureWithEmptyTrustAnchor() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals("validate.insecure", getReason(response)); + assertEde(-1, response); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestUnsigned.java b/src/test/java/org/xbill/DNS/dnssec/TestUnsigned.java index 47894b7ab..ffdbc50c2 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestUnsigned.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestUnsigned.java @@ -18,6 +18,7 @@ void testUnsignedBelowSignedZoneBind() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals(localhost, firstA(response)); assertEquals("insecure.ds.nsec", getReason(response)); + assertEde(-1, response); } @Test @@ -26,6 +27,7 @@ void testUnsignedBelowSignedTldNsec3NoOptOut() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals("insecure.ds.nsec3", getReason(response)); + assertEde(-1, response); } @Test @@ -34,6 +36,7 @@ void testUnsignedBelowSignedTldNsec3OptOut() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals("insecure.ds.nsec3", getReason(response)); + assertEde(-1, response); } @Test @@ -43,5 +46,6 @@ void testUnsignedBelowUnsignedZone() throws IOException { assertEquals(Rcode.NOERROR, response.getRcode()); assertEquals(localhost, firstA(response)); assertEquals("insecure.ds.nsec", getReason(response)); + assertEde(-1, response); } } diff --git a/src/test/java/org/xbill/DNS/dnssec/TestValUtils.java b/src/test/java/org/xbill/DNS/dnssec/TestValUtils.java index f6ce875cf..36be35840 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestValUtils.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestValUtils.java @@ -9,6 +9,7 @@ import java.io.IOException; import org.junit.jupiter.api.Test; import org.xbill.DNS.DClass; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.Flags; import org.xbill.DNS.Message; import org.xbill.DNS.NSECRecord; @@ -52,6 +53,7 @@ void testNoDataWhenResultIsFromDelegationPoint() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nodata", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -77,6 +79,7 @@ void testNameErrorWhenResultIsFromDelegationPoint() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nxdomain.exists:s.sub.ingotronic.ch.", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -110,6 +113,7 @@ void testNameErrorWhenNsecIsLastAndQnameBefore() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nxdomain.exists:y.ingotronic.ch.", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -135,6 +139,7 @@ void testNameErrorWhenNsecIsLastAndQnameDifferentDomain() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nxdomain.exists:zingotronic.ch.", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -160,6 +165,7 @@ void testNameErrorWhenNsecIsLastAndQnameIsZoneApex() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nxdomain.exists:ingotronic.ch.", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -172,6 +178,7 @@ void testNoDataWhenDSResultIsFromChild() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nodata", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -180,6 +187,7 @@ void testNoDataOfDSForRoot() throws IOException { assertTrue(response.getHeader().getFlag(Flags.AD), "AD flag must be set"); assertEquals(Rcode.NOERROR, response.getRcode()); assertNull(getReason(response)); + assertEde(-1, response); } @Test @@ -233,6 +241,7 @@ void testNoDataOnEntWithWrongNsec() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nodata", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -258,6 +267,7 @@ void testNoDataWhenNsecProvesExistence() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nodata", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -283,6 +293,7 @@ void testNoDataWhenNsecHasCname() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nodata", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -308,6 +319,7 @@ void testNoDataWhenWcNsecProvesType() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nodata", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -333,6 +345,7 @@ void testNoDataWhenWcNsecProvesCname() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nodata", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -358,6 +371,7 @@ void testNoDataWhenWcNsecIsForDifferentName() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nodata", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -384,6 +398,7 @@ void testDsNoDataWhenNsecProvesDs() throws IOException { assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals( "validate.bogus.badkey:sub.ingotronic.ch.:failed.ds.nsec.hasdata", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test diff --git a/src/test/java/org/xbill/DNS/dnssec/TestWildcard.java b/src/test/java/org/xbill/DNS/dnssec/TestWildcard.java index fa42b4d22..3f8d4e138 100644 --- a/src/test/java/org/xbill/DNS/dnssec/TestWildcard.java +++ b/src/test/java/org/xbill/DNS/dnssec/TestWildcard.java @@ -10,6 +10,7 @@ import org.junit.jupiter.api.Test; import org.xbill.DNS.ARecord; import org.xbill.DNS.DClass; +import org.xbill.DNS.ExtendedErrorCodeOption; import org.xbill.DNS.Flags; import org.xbill.DNS.Message; import org.xbill.DNS.Name; @@ -34,6 +35,7 @@ void testNameNotExpandedFromWildcardWhenNonWildcardExists() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.SERVFAIL, response.getHeader().getRcode()); assertEquals("failed.positive.wildcard_too_broad", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -52,6 +54,7 @@ void testNameNotExpandedFromWildcardWhenNonWildcardExistsNsec3() throws IOExcept assertFalse(response.getHeader().getFlag(Flags.AD)); assertEquals(Rcode.SERVFAIL, response.getHeader().getRcode()); assertEquals("failed.positive.wildcard_too_broad", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @AlwaysOffline @@ -62,6 +65,7 @@ void testLabelCountInSignaturesNotAllSame() throws IOException { assertEquals(Rcode.SERVFAIL, response.getHeader().getRcode()); assertEquals( "failed.wildcard.label_count_mismatch:b.d.nsec3.ingotronic.ch.", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -76,6 +80,7 @@ void testSynthesisUsesCorrectWildcard() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.positive.wildcard_too_broad", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -90,6 +95,7 @@ void testPositiveWithInvalidNsecSignature() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertTrue(getReason(response).startsWith("failed.authority.positive")); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -103,6 +109,7 @@ void testNodataWilcardWithoutCe() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nodata", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -117,6 +124,7 @@ void testSynthesisUsesCorrectWildcardNodata() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nodata", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -132,6 +140,7 @@ void testSynthesisUsesCorrectWildcardNodataNsec3() throws IOException { assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); assertEquals("failed.nodata", getReason(response)); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } @Test @@ -148,6 +157,7 @@ void testDsNodataFromWildcardNsecChild() throws IOException { Message response = resolver.send(createMessage("www.x.c.ingotronic.ch./A")); assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEde(ExtendedErrorCodeOption.RRSIGS_MISSING, response); } @Test @@ -164,5 +174,6 @@ void testDsNodataFromWildcardNsecCovered() throws IOException { Message response = resolver.send(createMessage("www.x.ce.ingotronic.ch./A")); assertFalse(response.getHeader().getFlag(Flags.AD), "AD flag must not be set"); assertEquals(Rcode.SERVFAIL, response.getRcode()); + assertEde(ExtendedErrorCodeOption.DNSSEC_BOGUS, response); } } diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestRRsig/testRRsigNodata b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestRRsig/testRRsigNodata deleted file mode 100644 index 0694d83ca..000000000 --- a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestRRsig/testRRsigNodata +++ /dev/null @@ -1 +0,0 @@ -#Date: 2015-01-06T22:35:12+01:00 diff --git a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestRRsig/testRRsigServfail b/src/test/resources/recordings/org_xbill_DNS_dnssec_TestRRsig/testRRsigServfail deleted file mode 100644 index 0694d83ca..000000000 --- a/src/test/resources/recordings/org_xbill_DNS_dnssec_TestRRsig/testRRsigServfail +++ /dev/null @@ -1 +0,0 @@ -#Date: 2015-01-06T22:35:12+01:00 From 46f9509c82af2e4a194c2f4b4cb4d3a421655020 Mon Sep 17 00:00:00 2001 From: Ingo Bauersachs Date: Sat, 25 Dec 2021 23:05:17 +0100 Subject: [PATCH 11/12] Workaround for siom79/japicmp#281 --- pom.xml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pom.xml b/pom.xml index f1ea855bd..c38233ac4 100644 --- a/pom.xml +++ b/pom.xml @@ -231,6 +231,13 @@ true true + + + METHOD_ABSTRACT_ADDED_IN_IMPLEMENTED_INTERFACE + PATCH + true + true + From b37ba4521c6c300740417b9c8e646fbfbaab97fa Mon Sep 17 00:00:00 2001 From: Ingo Bauersachs Date: Sat, 25 Dec 2021 23:37:05 +0100 Subject: [PATCH 12/12] Cleanup log statements --- .../org/xbill/DNS/dnssec/DnsSecVerifier.java | 6 +- .../java/org/xbill/DNS/dnssec/KeyEntry.java | 2 +- .../org/xbill/DNS/dnssec/NSEC3ValUtils.java | 60 +++++++++---------- .../java/org/xbill/DNS/dnssec/SMessage.java | 4 +- .../java/org/xbill/DNS/dnssec/ValUtils.java | 13 ++-- .../xbill/DNS/dnssec/ValidatingResolver.java | 35 +++++------ 6 files changed, 55 insertions(+), 65 deletions(-) diff --git a/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java b/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java index 080e7a36e..23895af10 100644 --- a/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java +++ b/src/main/java/org/xbill/DNS/dnssec/DnsSecVerifier.java @@ -41,7 +41,7 @@ final class DnsSecVerifier { private List findKey(RRset dnskeyRrset, RRSIGRecord signature) { if (!signature.getSigner().equals(dnskeyRrset.getName())) { log.trace( - "could not find appropriate key because incorrect keyset was supplied. Wanted: {}, got: {}", + "Could not find appropriate key because incorrect keyset was supplied. Wanted: {}, got: {}", signature.getSigner(), dnskeyRrset.getName()); return Collections.emptyList(); @@ -74,7 +74,7 @@ private List findKey(RRset dnskeyRrset, RRSIGRecord signature) { private JustifiedSecStatus verifySignature( SRRset rrset, RRSIGRecord sigrec, RRset keyRrset, Instant date) { if (!rrset.getName().subdomain(keyRrset.getName())) { - log.debug("signer name is off-tree"); + log.debug("Signer name is off-tree"); return new JustifiedSecStatus( SecurityStatus.BOGUS, ExtendedErrorCodeOption.DNSSEC_BOGUS, @@ -83,7 +83,7 @@ private JustifiedSecStatus verifySignature( List keys = this.findKey(keyRrset, sigrec); if (keys.isEmpty()) { - log.trace("could not find appropriate key"); + log.trace("Could not find appropriate key"); return new JustifiedSecStatus( SecurityStatus.BOGUS, ExtendedErrorCodeOption.DNSKEY_MISSING, diff --git a/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java b/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java index 689c60d37..914e5f659 100644 --- a/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java +++ b/src/main/java/org/xbill/DNS/dnssec/KeyEntry.java @@ -125,7 +125,7 @@ JustifiedSecStatus validateKeyFor(Name signerName) { // signerName being null is the indicator that this response was // unsigned if (signerName == null) { - log.debug("no signerName"); + log.debug("No signerName"); // Unsigned responses must be underneath a "null" key entry. if (this.isNull()) { String reason = this.badReason; diff --git a/src/main/java/org/xbill/DNS/dnssec/NSEC3ValUtils.java b/src/main/java/org/xbill/DNS/dnssec/NSEC3ValUtils.java index 826fd5f8d..19b01f74f 100644 --- a/src/main/java/org/xbill/DNS/dnssec/NSEC3ValUtils.java +++ b/src/main/java/org/xbill/DNS/dnssec/NSEC3ValUtils.java @@ -171,7 +171,7 @@ private NSEC3Record findMatchingNSEC3(Name name, Name zonename, List nse return nsec3; } } catch (NoSuchAlgorithmException | TextParseException e) { - log.debug("Unrecognized NSEC3 in set:" + set, e); + log.debug("Unrecognized NSEC3 in set: {}", set, e); } } @@ -228,7 +228,7 @@ private NSEC3Record findCoveringNSEC3(Name name, Name zonename, List nse return nsec3; } } catch (NoSuchAlgorithmException e) { - log.debug("Unrecognized NSEC3 in set:" + set, e); + log.debug("Unrecognized NSEC3 in set: {}", set, e); } } @@ -273,14 +273,14 @@ private CEResponse findClosestEncloser(Name name, Name zonename, List ns private CEResponse proveClosestEncloser(Name qname, Name zonename, List nsec3s) { CEResponse candidate = this.findClosestEncloser(qname, zonename, nsec3s); if (candidate == null) { - log.debug("proveClosestEncloser: could not find a candidate for the closest encloser."); + log.debug("Could not find a candidate for the closest encloser"); candidate = new CEResponse(Name.empty, null); candidate.status = SecurityStatus.BOGUS; return candidate; } if (candidate.closestEncloser.equals(qname)) { - log.debug("proveClosestEncloser: proved that qname existed!"); + log.debug("Proved that qname existed!"); candidate.status = SecurityStatus.BOGUS; return candidate; } @@ -294,13 +294,13 @@ private CEResponse proveClosestEncloser(Name qname, Name zonename, List return candidate; } - log.debug("proveClosestEncloser: closest encloser was a delegation!"); + log.debug("Closest encloser was a delegation!"); candidate.status = SecurityStatus.BOGUS; return candidate; } if (candidate.ceNsec3.hasType(Type.DNAME)) { - log.debug("proveClosestEncloser: closest encloser was a DNAME!"); + log.debug("Closest encloser was a DNAME!"); candidate.status = SecurityStatus.BOGUS; return candidate; } @@ -450,7 +450,7 @@ public SecurityStatus proveNameError(List nsec3s, Name qname, Name zonen CEResponse ce = this.proveClosestEncloser(qname, zonename, nsec3s); if (ce.status != SecurityStatus.SECURE) { - log.debug("proveNameError: failed to prove a closest encloser."); + log.debug("Failed to prove a closest encloser"); return ce.status; } @@ -460,12 +460,12 @@ public SecurityStatus proveNameError(List nsec3s, Name qname, Name zonen Name wc = this.ceWildcard(ce.closestEncloser); NSEC3Record nsec3 = this.findCoveringNSEC3(wc, zonename, nsec3s); if (nsec3 == null) { - log.debug("proveNameError: could not prove that the applicable wildcard did not exist."); + log.debug("Could not prove that the applicable wildcard did not exist"); return SecurityStatus.BOGUS; } if ((ce.ncNsec3.getFlags() & Flags.OPT_OUT) == Flags.OPT_OUT) { - log.debug("nsec3 nameerror proof: nc has optout"); + log.debug("NSEC3 nameerror proof: nc has optout"); return SecurityStatus.INSECURE; } @@ -506,28 +506,28 @@ public JustifiedSecStatus proveNodata(List nsec3s, Name qname, int qtype // Cases 1 & 2. if (nsec3 != null) { if (nsec3.hasType(qtype)) { - log.debug("proveNodata: Matching NSEC3 proved that type existed!"); + log.debug("Matching NSEC3 proved that type existed!"); return new JustifiedSecStatus( SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.type_exists")); } if (nsec3.hasType(Type.CNAME)) { - log.debug("proveNodata: Matching NSEC3 proved that a CNAME existed!"); + log.debug("Matching NSEC3 proved that a CNAME existed!"); return new JustifiedSecStatus( SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.cname_exists")); } if (qtype == Type.DS && nsec3.hasType(Type.SOA) && !Name.root.equals(qname)) { - log.debug("proveNodata: apex NSEC3 abused for no DS proof, bogus"); + log.debug("Apex NSEC3 abused for no DS proof, bogus"); return new JustifiedSecStatus( SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.apex_abuse")); } else if (qtype != Type.DS && nsec3.hasType(Type.NS) && !nsec3.hasType(Type.SOA)) { if (!nsec3.hasType(Type.DS)) { - log.debug("proveNodata: matching NSEC3 is insecure delegation"); + log.debug("Matching NSEC3 is insecure delegation"); return new JustifiedSecStatus(SecurityStatus.INSECURE, -1, null); } - log.debug("proveNodata: matching NSEC3 is a delegation, bogus"); + log.debug("Matching NSEC3 is a delegation, bogus"); return new JustifiedSecStatus( SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.delegation")); } @@ -543,11 +543,11 @@ public JustifiedSecStatus proveNodata(List nsec3s, Name qname, int qtype // At this point, not finding a match or a proven closest encloser is a // problem. if (ce.status == SecurityStatus.BOGUS) { - log.debug("proveNodata: did not match qname, nor found a proven closest encloser"); + log.debug("Did not match qname, nor found a proven closest encloser"); return new JustifiedSecStatus( SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.qname_ce")); } else if (ce.status == SecurityStatus.INSECURE && qtype != Type.DS) { - log.debug("proveNodata: closest nsec3 is insecure delegation"); + log.debug("Closest NSEC3 is insecure delegation"); return new JustifiedSecStatus(SecurityStatus.INSECURE, -1, null); } @@ -558,27 +558,27 @@ public JustifiedSecStatus proveNodata(List nsec3s, Name qname, int qtype nsec3 = this.findMatchingNSEC3(wc, zonename, nsec3s); if (nsec3 != null) { if (nsec3.hasType(qtype)) { - log.debug("proveNodata: matching wildcard had qtype!"); + log.debug("Matching wildcard has qtype {}", Type.string(qtype)); return new JustifiedSecStatus( SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.type_exists_wc")); } else if (nsec3.hasType(Type.CNAME)) { - log.debug("nsec3 nodata proof: matching wildcard had a CNAME, bogus"); + log.debug("Matching wildcard has a CNAME, bogus"); return new JustifiedSecStatus( SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.cname_exists_wc")); } if (qtype == Type.DS && qname.labels() != 1 && nsec3.hasType(Type.SOA)) { - log.debug("nsec3 nodata proof: matching wildcard for no DS proof has a SOA, bogus"); + log.debug("Matching wildcard for no DS proof has a SOA, bogus"); return new JustifiedSecStatus( SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.wc_soa")); } else if (qtype != Type.DS && nsec3.hasType(Type.NS) && !nsec3.hasType(Type.SOA)) { - log.debug("nsec3 nodata proof: matching wilcard is a delegation, bogus"); + log.debug("Matching wildcard is a delegation, bogus"); return new JustifiedSecStatus( SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.delegation_wc")); } if (ce.ncNsec3 != null && (ce.ncNsec3.getFlags() & Flags.OPT_OUT) == Flags.OPT_OUT) { - log.debug("nsec3 nodata proof: matching wildcard is in optout range, insecure"); + log.debug("Matching wildcard is in opt-out range, insecure"); return new JustifiedSecStatus(SecurityStatus.INSECURE, -1, null); } @@ -590,7 +590,7 @@ public JustifiedSecStatus proveNodata(List nsec3s, Name qname, int qtype // can see the ordinary unsigned data from a zone beneath an // insecure delegation under an optout here */ if (ce.ncNsec3 == null) { - log.debug("nsec3 nodata proof: no next closer nsec3"); + log.debug("No next closer NSEC3"); return new JustifiedSecStatus( SecurityStatus.BOGUS, NSEC_MISSING, R.get("failed.nsec3.no_next")); } @@ -598,13 +598,12 @@ public JustifiedSecStatus proveNodata(List nsec3s, Name qname, int qtype // We need to make sure that the covering NSEC3 is opt-out. if ((ce.ncNsec3.getFlags() & Flags.OPT_OUT) == 0) { if (qtype != Type.DS) { - log.debug( - "proveNodata: covering NSEC3 was not opt-out in an opt-out DS NOERROR/NODATA case"); + log.debug("Covering NSEC3 was not opt-out in an opt-out DS NOERROR/NODATA case"); return new JustifiedSecStatus( SecurityStatus.BOGUS, DNSSEC_BOGUS, R.get("failed.nsec3.not_optout")); } else { log.debug( - "proveNodata: could not find matching NSEC3, nor matching wildcard, and qtype is not DS -- no more options"); + "Could not find matching NSEC3, nor matching wildcard, and qtype is not DS -- no more options"); return new JustifiedSecStatus( SecurityStatus.BOGUS, NSEC_MISSING, R.get("failed.nsec3.not_found")); } @@ -640,13 +639,10 @@ public SecurityStatus proveWildcard( if (candidate.ncNsec3 == null) { log.debug( - "proveWildcard: did not find a covering NSEC3 that covered the next closer name to " - + qname - + " from " - + candidate.closestEncloser - + " (derived from wildcard " - + wildcard - + ")"); + "did not find a covering NSEC3 that covered the next closer name to {} from {} (derived from wildcard {})", + qname, + candidate.closestEncloser, + wildcard); return SecurityStatus.BOGUS; } diff --git a/src/main/java/org/xbill/DNS/dnssec/SMessage.java b/src/main/java/org/xbill/DNS/dnssec/SMessage.java index b0344821d..fb6f9b2cd 100644 --- a/src/main/java/org/xbill/DNS/dnssec/SMessage.java +++ b/src/main/java/org/xbill/DNS/dnssec/SMessage.java @@ -197,7 +197,9 @@ public void setStatus(SecurityStatus status, int edeReason, String reason) { this.securityStatus = status; this.edeReason = edeReason; this.bogusReason = reason; - log.debug(this.bogusReason); + if (reason != null) { + log.debug("Setting bad reason for message to {}", reason); + } } /** diff --git a/src/main/java/org/xbill/DNS/dnssec/ValUtils.java b/src/main/java/org/xbill/DNS/dnssec/ValUtils.java index d217d43c9..3e0ff13ad 100644 --- a/src/main/java/org/xbill/DNS/dnssec/ValUtils.java +++ b/src/main/java/org/xbill/DNS/dnssec/ValUtils.java @@ -373,15 +373,12 @@ && isAlgorithmSupported(ds.getAlgorithm())) { * @return The status (BOGUS or SECURE). */ public JustifiedSecStatus verifySRRset(SRRset rrset, SRRset keyRrset, Instant date) { - String rrsetName = - rrset.getName() - + "/" - + Type.string(rrset.getType()) - + "/" - + DClass.string(rrset.getDClass()); - if (rrset.getSecurityStatus() == SecurityStatus.SECURE) { - log.trace("verifySRRset: rrset <{}> previously found to be SECURE", rrsetName); + log.trace( + "RRset <{}/{}/{}> previously found to be SECURE", + rrset.getName(), + Type.string(rrset.getType()), + DClass.string(rrset.getDClass())); return new JustifiedSecStatus(SecurityStatus.SECURE, -1, null); } diff --git a/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java b/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java index 57678e156..91a4203b1 100644 --- a/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java +++ b/src/main/java/org/xbill/DNS/dnssec/ValidatingResolver.java @@ -154,7 +154,7 @@ public void init(Properties config) throws IOException { // Load trust anchors String s = config.getProperty("dnsjava.dnssec.trust_anchor_file"); if (s != null) { - log.debug("reading trust anchor file file: " + s); + log.debug("Reading trust anchor file: {}", s); this.loadTrustAnchors(new FileInputStream(s)); } } @@ -611,7 +611,7 @@ private CompletionStage validateNodataResponse(Message request, SMessage r this.n3valUtils.stripUnknownAlgNSEC3s(nsec3s); if (!hasValidNSEC && !nsec3s.isEmpty()) { - log.debug("Validating nodata: using NSEC3 records"); + log.debug("Using NSEC3 records"); // try to prove NODATA with our NSEC3 record(s) if (this.n3valUtils.allNSEC3sIgnoreable(nsec3s, this.keyCache)) { @@ -636,7 +636,7 @@ private CompletionStage validateNodataResponse(Message request, SMessage r return null; } - log.trace("successfully validated NODATA response"); + log.trace("Successfully validated NODATA response"); response.setStatus(SecurityStatus.SECURE, -1); return null; }); @@ -798,7 +798,7 @@ private CompletionStage validateNameErrorResponse(Message request, SMessag } // Otherwise, we consider the message secure. - log.trace("successfully validated NAME ERROR response."); + log.trace("Successfully validated NAME ERROR response"); response.setStatus(SecurityStatus.SECURE, -1); return completedFuture(null); }) @@ -834,13 +834,10 @@ private CompletionStage validateNameErrorResponseRecursive( private CompletionStage sendRequest(Message request) { Record q = request.getQuestion(); log.trace( - "sending request: <" - + q.getName() - + "/" - + Type.string(q.getType()) - + "/" - + DClass.string(q.getDClass()) - + ">"); + "Sending request: <{}/{}/{}>", + q.getName(), + Type.string(q.getType()), + DClass.string(q.getDClass())); // Send the request along by using a local copy of the request Message localRequest = request.clone(); @@ -925,12 +922,10 @@ private CompletionStage processFindKey(FindKeyState state) { Name nextKeyName = new Name(targetKeyName, l); log.trace( - "findKey: targetKeyName = " - + targetKeyName - + ", currentKeyName = " - + currentKeyName - + ", nextKeyName = " - + nextKeyName); + "Key search: targetKeyName = {}, currentKeyName = {}, nextKeyName = {}", + targetKeyName, + currentKeyName, + nextKeyName); // The next step is either to query for the next DS, or to query for the // next DNSKEY. @@ -987,7 +982,7 @@ private KeyEntry dsResponseToKE(SMessage response, Message request, SRRset keyRr } // Otherwise, we return the positive response. - log.trace("DS rrset was good."); + log.trace("DS RRset was good"); return KeyEntry.newKeyEntry(dsRrset); case CNAME: @@ -1069,7 +1064,7 @@ private KeyEntry dsReponseToKeForNodata(SMessage response, Message request, SRRs // We could just fail here as there is an invalid rrset, but // skipping doesn't matter because we might not need it or // the proof will fail anyway. - log.debug("skipping bad nsec3"); + log.debug("Skipping bad NSEC3"); continue; } @@ -1090,7 +1085,7 @@ private KeyEntry dsReponseToKeForNodata(SMessage response, Message request, SRRs nullKey.setBadReason(-1, R.get("insecure.ds.nsec3")); return nullKey; case INDETERMINATE: - log.debug("nsec3s for the referral proved no delegation."); + log.debug("NSEC3s for the referral proved no delegation"); return null; case BOGUS: bogusKE.setBadReason(ExtendedErrorCodeOption.DNSSEC_BOGUS, R.get("failed.ds.nsec3"));