aboutsummaryrefslogtreecommitdiff
path: root/contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl')
-rw-r--r--contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl218
1 files changed, 0 insertions, 218 deletions
diff --git a/contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl b/contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl
deleted file mode 100644
index f7aad071e3b9..000000000000
--- a/contrib/unbound/testdata/auth_zonemd_insecure_fail.rpl
+++ /dev/null
@@ -1,218 +0,0 @@
-; config options
-server:
- target-fetch-policy: "0 0 0 0 0"
- trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c"
- trust-anchor-signaling: no
- val-override-date: 20201020135527
-
-auth-zone:
- name: "example.com."
- ## zonefile (or none).
- ## zonefile: "example.com.zone"
- ## master by IP address or hostname
- ## can list multiple masters, each on one line.
- ## master:
- ## url for http fetch
- ## url:
- ## queries from downstream clients get authoritative answers.
- ## for-downstream: yes
- for-downstream: no
- ## queries are used to fetch authoritative answers from this zone,
- ## instead of unbound itself sending queries there.
- ## for-upstream: yes
- for-upstream: yes
- ## on failures with for-upstream, fallback to sending queries to
- ## the authority servers
- ## fallback-enabled: no
- zonemd-check: yes
-
- ## this line generates zonefile: \n"/tmp/xxx.example.com"\n
- zonefile:
-TEMPFILE_NAME example.com
- ## this is the inline file /tmp/xxx.example.com
- ## the tempfiles are deleted when the testrun is over.
-TEMPFILE_CONTENTS example.com
-example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600
-example.com. IN NS ns.example.com.
-; correct ZONEMD
-;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22
-; wrong ZONEMD
-example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA
-www.example.com. IN A 127.0.0.1
-ns.example.com. IN A 127.0.0.1
-bar.example.com. IN A 1.2.3.4
-ding.example.com. IN A 1.2.3.4
-foo.example.com. IN A 1.2.3.4
-TEMPFILE_END
-
-stub-zone:
- name: "."
- stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
-CONFIG_END
-
-SCENARIO_BEGIN Test authority zone with ZONEMD fail that is securely insecure
-; the trust anchor finds an online delegation with an insecure DS referral.
-; the ZONEMD is wrong, eg. the hash does not match the zone data.
-
-; K.ROOT-SERVERS.NET.
-RANGE_BEGIN 0 100
- ADDRESS 193.0.14.129
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-. IN NS
-SECTION ANSWER
-. IN NS K.ROOT-SERVERS.NET.
-SECTION ADDITIONAL
-K.ROOT-SERVERS.NET. IN A 193.0.14.129
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-com. IN NS
-SECTION AUTHORITY
-com. IN NS a.gtld-servers.net.
-SECTION ADDITIONAL
-a.gtld-servers.net. IN A 192.5.6.30
-ENTRY_END
-RANGE_END
-
-; a.gtld-servers.net.
-RANGE_BEGIN 0 100
- ADDRESS 192.5.6.30
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-com. IN NS
-SECTION ANSWER
-com. IN NS a.gtld-servers.net.
-SECTION ADDITIONAL
-a.gtld-servers.net. IN A 192.5.6.30
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qname qtype
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-example.com. IN DS
-SECTION AUTHORITY
-com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400
-com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM=
-example.com. IN NSEC foo.com. NS RRSIG
-example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8=
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode subdomain
-ADJUST copy_id copy_query
-REPLY QR NOERROR
-SECTION QUESTION
-example.com. IN NS
-SECTION AUTHORITY
-example.com. IN NS ns.example.com.
-example.com. IN NSEC foo.com. NS RRSIG
-example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8=
-SECTION ADDITIONAL
-ns.example.com. IN A 1.2.3.44
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR AA NOERROR
-SECTION QUESTION
-com. IN DNSKEY
-SECTION ANSWER
-com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b}
-com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo=
-SECTION ADDITIONAL
-ENTRY_END
-
-RANGE_END
-
-; ns.example.net.
-RANGE_BEGIN 0 100
- ADDRESS 1.2.3.44
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-example.net. IN NS
-SECTION ANSWER
-example.net. IN NS ns.example.net.
-SECTION ADDITIONAL
-ns.example.net. IN A 1.2.3.44
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-ns.example.net. IN A
-SECTION ANSWER
-ns.example.net. IN A 1.2.3.44
-SECTION AUTHORITY
-example.net. IN NS ns.example.net.
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-ns.example.net. IN AAAA
-SECTION AUTHORITY
-example.net. IN NS ns.example.net.
-SECTION ADDITIONAL
-www.example.net. IN A 1.2.3.44
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-example.com. IN NS
-SECTION ANSWER
-example.com. IN NS ns.example.net.
-ENTRY_END
-
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-www.example.com. IN A 10.20.30.40
-ENTRY_END
-RANGE_END
-
-STEP 1 QUERY
-ENTRY_BEGIN
-REPLY RD
-SECTION QUESTION
-www.example.com. IN A
-ENTRY_END
-
-; recursion happens here.
-STEP 20 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA SERVFAIL
-SECTION QUESTION
-www.example.com. IN A
-SECTION ANSWER
-ENTRY_END
-
-SCENARIO_END