diff options
Diffstat (limited to 'contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl')
-rw-r--r-- | contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl | 218 |
1 files changed, 0 insertions, 218 deletions
diff --git a/contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl b/contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl deleted file mode 100644 index f7aad071e3b9..000000000000 --- a/contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl +++ /dev/null @@ -1,218 +0,0 @@ -; config options -server: - target-fetch-policy: "0 0 0 0 0" - trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" - trust-anchor-signaling: no - val-override-date: 20201020135527 - -auth-zone: - name: "example.com." - ## zonefile (or none). - ## zonefile: "example.com.zone" - ## master by IP address or hostname - ## can list multiple masters, each on one line. - ## master: - ## url for http fetch - ## url: - ## queries from downstream clients get authoritative answers. - ## for-downstream: yes - for-downstream: no - ## queries are used to fetch authoritative answers from this zone, - ## instead of unbound itself sending queries there. - ## for-upstream: yes - for-upstream: yes - ## on failures with for-upstream, fallback to sending queries to - ## the authority servers - ## fallback-enabled: no - zonemd-check: yes - - ## this line generates zonefile: \n"/tmp/xxx.example.com"\n - zonefile: -TEMPFILE_NAME example.com - ## this is the inline file /tmp/xxx.example.com - ## the tempfiles are deleted when the testrun is over. -TEMPFILE_CONTENTS example.com -example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 -example.com. IN NS ns.example.com. -; correct ZONEMD -;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 -; wrong ZONEMD -example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA -www.example.com. IN A 127.0.0.1 -ns.example.com. IN A 127.0.0.1 -bar.example.com. IN A 1.2.3.4 -ding.example.com. IN A 1.2.3.4 -foo.example.com. IN A 1.2.3.4 -TEMPFILE_END - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test authority zone with ZONEMD fail that is securely insecure -; the trust anchor finds an online delegation with an insecure DS referral. -; the ZONEMD is wrong, eg. the hash does not match the zone data. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qname qtype -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -example.com. IN DS -SECTION AUTHORITY -com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400 -com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM= -example.com. IN NSEC foo.com. NS RRSIG -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. IN NSEC foo.com. NS RRSIG -example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -com. IN DNSKEY -SECTION ANSWER -com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} -com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= -SECTION ADDITIONAL -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.44 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN A -SECTION ANSWER -ns.example.net. IN A 1.2.3.44 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -www.example.net. IN A 1.2.3.44 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.net. -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 20 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA SERVFAIL -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END |