From: Karel Slany Date: Wed, 16 Sep 2015 16:42:12 +0000 (+0200) Subject: tests: added NSEC3 name error response checks X-Git-Tag: v1.0.0-beta1~53^2~72 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=16835fcd4a83cf62e2bffe1affd67496f016c3ed;p=thirdparty%2Fknot-resolver.git tests: added NSEC3 name error response checks --- diff --git a/tests/testdata/nsec3_name_error_response.rpl b/tests/testdata/nsec3_name_error_response.rpl new file mode 100644 index 000000000..cebbc0137 --- /dev/null +++ b/tests/testdata/nsec3_name_error_response.rpl @@ -0,0 +1,211 @@ +; config options +server: + trust-anchor: ". 3600 IN DS 17272 13 4 B87AD8C76DC2244E7AA57285057BF533F2E248CC8D7E1A071D8A3837A711A5EA705C4707E6E8911DA653BE1AE019927B" + val-override-date: "1442323400" + +stub-zone: + name: "." + stub-addr: 127.0.0.1 # ns. +CONFIG_END + +SCENARIO_BEGIN Test validation of NSEC3 name error responses. + +; ns. +RANGE_BEGIN 0 100 + ADDRESS 127.0.0.1 + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. 3600 IN NS ns. +. 3600 IN RRSIG NS 13 0 3600 20151014142315 20150914142315 17272 . aEIYUS4S8Hd7vAVYvHwFyV97lKx4xt2PgAUbM4A7JUXHkTJDHUQEDVQh LWGxK6e+AUeuq4qlDo4vSz3IedmOBQ== +SECTION ADDITIONAL +ns. 3600 IN A 127.0.0.1 +ns. 3600 IN RRSIG A 13 1 3600 20151014142315 20150914142315 17272 . 27h0pFJyb5t/2cZsFjynp0TRIdUlQwPYcAwCer2UbXTiBBaD8n15hfh8 PFU0if8X0ikqHusz6rCNTx/aBraYdQ== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +. IN DNSKEY +SECTION ANSWER +. 3600 IN DNSKEY 256 3 13 qKlBZ0TvdY8C8+7bTcdnQdrLZxEwvxEwlGmIOTd/ccL5Jiei1whNktoE /Qzo1lJ0cXfVssy4EVMaqEdzIa+pkA== +. 3600 IN RRSIG DNSKEY 13 0 3600 20151014142315 20150914142315 17272 . FaY+kslqSPIRZsk65z8SrROt7kfx+RGUEBGbVgLQxKruJxc9+MMrl4e4 +RefYIlwpecj4jXwb75RTbT0g7OGGg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +aaa.nsec3.example. IN MX +SECTION AUTHORITY +example. 3600 IN NS ns.example. +example. 3600 IN DS 11225 13 4 B4BDAB0B3751300BFB9D0D240649279B4BA0E67A308E1B0BFE2931D9 47F7FD71A2BD807D84CDE24286D955A35752484F +example. 3600 IN RRSIG DS 13 1 3600 20151014143533 20150914143533 17272 . b0+fXKmsBBXkzf+Myr5eRsXWDvY75oMlr4Yi5j+3iF7cOviVGKz3Dw8u bfKW+OmyHiuTeL71gez/84P+vHEvHA== +SECTION ADDITIONAL +ns.example. 3600 IN A 127.0.0.2 +ENTRY_END + +RANGE_END + +; ns.example. +RANGE_BEGIN 0 100 + ADDRESS 127.0.0.2 + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example. IN NS +SECTION ANSWER +example. 3600 IN NS ns.example. +example. 3600 IN RRSIG NS 13 1 3600 20151014143225 20150914143225 11225 example. C6KOyVJzeRh/3KL9BxSVOVZN0RIyBhlBmmmnVEFT5qPUrn3m5FjcIBtI hi7cAl2FeY1rqstztvKAY6UOBE0kGQ== +SECTION ADDITIONAL +ns.example. 3600 IN A 127.0.0.2 +ns.example. 3600 IN RRSIG A 13 2 3600 20151014143225 20150914143225 11225 example. fM/mwUOtyIbKTxgxaekZf5A8kV3qYIFADtvhcQi0TUh09nfkHQtUqhew zVBXCEtjKMnYFvNhWF6PyiirtOeM8w== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example. IN DNSKEY +SECTION ANSWER +example. 3600 IN DNSKEY 256 3 13 d9Qb4Tj90Y2cvdWcZfu45clfoLKqGbJn2vQKqZv07nc4FMf2oRkrNXtP fixVTLfbbWAFtbbFf3mhCNUsetRUVQ== +example. 3600 IN RRSIG DNSKEY 13 1 3600 20151015124839 20150915124839 11225 example. 4DemFjvys9Gfq+gG1i8IB6GPBUw9lIv3F082JwW7O8tqNIn45n2z14gg ieeJTRhU9xXOVIfj6amITZWbjvGyFA== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +aaa.nsec3.example. IN MX +SECTION AUTHORITY +nsec3.example. 3600 IN NS ns.nsec3.example. +nsec3.example. 3600 IN DS 29913 13 4 9CCAE2E2369F5CE2725B0CCED256E746D4CB8CDA8A1A936C852A3810 1680F6F0D311476C891A5107DEA71165F72DAD01 +nsec3.example. 3600 IN RRSIG DS 13 2 3600 20151015124611 20150915124611 11225 example. Ur24uOPBVJV8dXlVzsEYq50QDzsKgzwdQ197/JR1Pjpo6hm+Q5qqGN5v TP57rCIDvqNY0L7ZnYjFDa1HlUie1A== +SECTION ADDITIONAL +ns.nsec3.example. 3600 IN A 127.0.0.3 +ENTRY_END + +RANGE_END + +; ns.nsec3.example. +RANGE_BEGIN 0 100 + ADDRESS 127.0.0.3 + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +nsec3.example. IN NS +SECTION ANSWER +nsec3.example. 3600 IN NS ns.nsec3.example. +nsec3.example. 3600 IN RRSIG NS 13 2 3600 20151015124917 20150915124917 29913 nsec3.example. 5CtvbOiUnPE4yVM9tRDWAjHT0X1X5M8tTez1ZkGVd+c9iwwX+PJV+tWW Q40UIqMVEDW1BG39uzGi82XINdvt4Q== +SECTION ADDITIONAL +ns.nsec3.example. 3600 IN A 127.0.0.3 +ns.nsec3.example. 3600 IN RRSIG A 13 3 3600 20151015124917 20150915124917 29913 nsec3.example. CYnl5b4taGLcGp2cZhlB93zbf4CfAEQPVBJVKQXIHlGCshMdakBKCJ5a o9wB+HfnA6VW0/2YgKxdv3j45qVWwQ== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +nsec3.example. IN DNSKEY +SECTION ANSWER +nsec3.example. 3600 IN DNSKEY 256 3 13 p2ZjJQmvVGYMkFIzttVodmLNuxBqSbIjk/U9vsiWjWkYhgAHbCVDyH2I rKx3aqidW7Wnuaj//zDrXGxKu99WPQ== +nsec3.example. 3600 IN RRSIG DNSKEY 13 2 3600 20151015124917 20150915124917 29913 nsec3.example. M+WnKqDgEcgKxWi6n6hEKm61/OOqeZXVUOj+v8v9pRA/Kp0XVWL5G+hc tbQgGaUv7OFV5doYEI5XwuMazHzumg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +aaa.nsec3.example. IN MX +SECTION AUTHORITY +nsec3.example. 3600 IN SOA ns.nsec3.example. root.nsec3.example. 2 60 60 120 3600 +t6komava61p95c35og3u595fmadcdba3.nsec3.example. 3600 IN NSEC3 1 0 10 ED699434FF4B1D16 7VGF2JRLB1LROS7VFCD14UQCTLH2SELH A NS SOA MX AAAA RRSIG DNSKEY NSEC3PARAM +nsec3.example. 3600 IN RRSIG SOA 13 2 3600 20151015124917 20150915124917 29913 nsec3.example. mJ+v4DsslLKlxMOAOEx552+Q4hzU/Q/RlyzBrw5uZ6ypOP9FmsIgtGnC cyHLOIpCS+RSSRzZKo2b5ok7y2m8Nw== +t6komava61p95c35og3u595fmadcdba3.nsec3.example. 3600 IN RRSIG NSEC3 13 3 3600 20151015124917 20150915124917 29913 nsec3.example. 8qLXCvLG80qeMd2HXluT/3CT4TsiW8RrBMrJPYUQbmlld82gZc4mg/0q Lnxr6eA2c5Dyl7FDbVoVbsAsfe0zJw== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +missing3.nsec3.example. IN MX +SECTION AUTHORITY +nsec3.example. 3600 IN SOA ns.nsec3.example. root.nsec3.example. 2 60 60 120 3600 +t6komava61p95c35og3u595fmadcdba3.nsec3.example. 3600 IN NSEC3 1 0 10 ED699434FF4B1D16 7VGF2JRLB1LROS7VFCD14UQCTLH2SELH A NS SOA MX AAAA RRSIG DNSKEY NSEC3PARAM +ivmjat46u4s0qgn5ouqtsut9mtut0230.nsec3.example. 3600 IN NSEC3 1 0 10 ED699434FF4B1D16 Q1VKA08M8TAP08SMQN0BU8HAI8BU51NB +nsec3.example. 3600 IN RRSIG SOA 13 2 3600 20151015124917 20150915124917 29913 nsec3.example. mJ+v4DsslLKlxMOAOEx552+Q4hzU/Q/RlyzBrw5uZ6ypOP9FmsIgtGnC cyHLOIpCS+RSSRzZKo2b5ok7y2m8Nw== +t6komava61p95c35og3u595fmadcdba3.nsec3.example. 3600 IN RRSIG NSEC3 13 3 3600 20151015124917 20150915124917 29913 nsec3.example. 8qLXCvLG80qeMd2HXluT/3CT4TsiW8RrBMrJPYUQbmlld82gZc4mg/0q Lnxr6eA2c5Dyl7FDbVoVbsAsfe0zJw== +ivmjat46u4s0qgn5ouqtsut9mtut0230.nsec3.example. 3600 IN RRSIG NSEC3 13 3 3600 20151015124917 20150915124917 29913 nsec3.example. YAAp004WrK5E/tgiq93/5UUx4Ze8mHibu3is2jogALKFsRbJPvYcbUoR AQu9KNK/ym2Mjk9VShNSSQPjtqrdVQ== +ENTRY_END + +RANGE_END + +;STEP 0 TIME_PASSES ELAPSE 1000 + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +aaa.nsec3.example. IN MX +ENTRY_END + +; recursion happens here. +STEP 2 CHECK_ANSWER +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR RD RA AD NXDOMAIN +SECTION QUESTION +aaa.nsec3.example. IN MX +SECTION AUTHORITY +nsec3.example. 3600 IN SOA ns.nsec3.example. root.nsec3.example. 2 60 60 120 3600 +t6komava61p95c35og3u595fmadcdba3.nsec3.example. 3600 IN NSEC3 1 0 10 ED699434FF4B1D16 7VGF2JRLB1LROS7VFCD14UQCTLH2SELH A NS SOA MX AAAA RRSIG DNSKEY NSEC3PARAM +nsec3.example. 3600 IN RRSIG SOA 13 2 3600 20151015124917 20150915124917 29913 nsec3.example. mJ+v4DsslLKlxMOAOEx552+Q4hzU/Q/RlyzBrw5uZ6ypOP9FmsIgtGnC cyHLOIpCS+RSSRzZKo2b5ok7y2m8Nw== +t6komava61p95c35og3u595fmadcdba3.nsec3.example. 3600 IN RRSIG NSEC3 13 3 3600 20151015124917 20150915124917 29913 nsec3.example. 8qLXCvLG80qeMd2HXluT/3CT4TsiW8RrBMrJPYUQbmlld82gZc4mg/0q Lnxr6eA2c5Dyl7FDbVoVbsAsfe0zJw== +ENTRY_END + +STEP 3 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +missing3.nsec3.example. IN MX +ENTRY_END + +STEP 4 CHECK_ANSWER +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR RD RA AD NXDOMAIN +SECTION QUESTION +missing3.nsec3.example. IN MX +SECTION AUTHORITY +missing3.nsec3.example. IN MX +SECTION AUTHORITY +nsec3.example. 3600 IN SOA ns.nsec3.example. root.nsec3.example. 2 60 60 120 3600 +t6komava61p95c35og3u595fmadcdba3.nsec3.example. 3600 IN NSEC3 1 0 10 ED699434FF4B1D16 7VGF2JRLB1LROS7VFCD14UQCTLH2SELH A NS SOA MX AAAA RRSIG DNSKEY NSEC3PARAM +ivmjat46u4s0qgn5ouqtsut9mtut0230.nsec3.example. 3600 IN NSEC3 1 0 10 ED699434FF4B1D16 Q1VKA08M8TAP08SMQN0BU8HAI8BU51NB +nsec3.example. 3600 IN RRSIG SOA 13 2 3600 20151015124917 20150915124917 29913 nsec3.example. mJ+v4DsslLKlxMOAOEx552+Q4hzU/Q/RlyzBrw5uZ6ypOP9FmsIgtGnC cyHLOIpCS+RSSRzZKo2b5ok7y2m8Nw== +t6komava61p95c35og3u595fmadcdba3.nsec3.example. 3600 IN RRSIG NSEC3 13 3 3600 20151015124917 20150915124917 29913 nsec3.example. 8qLXCvLG80qeMd2HXluT/3CT4TsiW8RrBMrJPYUQbmlld82gZc4mg/0q Lnxr6eA2c5Dyl7FDbVoVbsAsfe0zJw== +ivmjat46u4s0qgn5ouqtsut9mtut0230.nsec3.example. 3600 IN RRSIG NSEC3 13 3 3600 20151015124917 20150915124917 29913 nsec3.example. YAAp004WrK5E/tgiq93/5UUx4Ze8mHibu3is2jogALKFsRbJPvYcbUoR AQu9KNK/ym2Mjk9VShNSSQPjtqrdVQ== +ENTRY_END + +SCENARIO_END diff --git a/tests/testdata/nsec3_name_error_response_missing_nsec3_001.rpl b/tests/testdata/nsec3_name_error_response_missing_nsec3_001.rpl new file mode 100644 index 000000000..c8d6e546b --- /dev/null +++ b/tests/testdata/nsec3_name_error_response_missing_nsec3_001.rpl @@ -0,0 +1,168 @@ +; config options +server: + trust-anchor: ". 3600 IN DS 17272 13 4 B87AD8C76DC2244E7AA57285057BF533F2E248CC8D7E1A071D8A3837A711A5EA705C4707E6E8911DA653BE1AE019927B" + val-override-date: "1442323400" + +stub-zone: + name: "." + stub-addr: 127.0.0.1 # ns. +CONFIG_END + +SCENARIO_BEGIN Test validation of NSEC3 name error responses. + +; ns. +RANGE_BEGIN 0 100 + ADDRESS 127.0.0.1 + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. 3600 IN NS ns. +. 3600 IN RRSIG NS 13 0 3600 20151014142315 20150914142315 17272 . aEIYUS4S8Hd7vAVYvHwFyV97lKx4xt2PgAUbM4A7JUXHkTJDHUQEDVQh LWGxK6e+AUeuq4qlDo4vSz3IedmOBQ== +SECTION ADDITIONAL +ns. 3600 IN A 127.0.0.1 +ns. 3600 IN RRSIG A 13 1 3600 20151014142315 20150914142315 17272 . 27h0pFJyb5t/2cZsFjynp0TRIdUlQwPYcAwCer2UbXTiBBaD8n15hfh8 PFU0if8X0ikqHusz6rCNTx/aBraYdQ== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +. IN DNSKEY +SECTION ANSWER +. 3600 IN DNSKEY 256 3 13 qKlBZ0TvdY8C8+7bTcdnQdrLZxEwvxEwlGmIOTd/ccL5Jiei1whNktoE /Qzo1lJ0cXfVssy4EVMaqEdzIa+pkA== +. 3600 IN RRSIG DNSKEY 13 0 3600 20151014142315 20150914142315 17272 . FaY+kslqSPIRZsk65z8SrROt7kfx+RGUEBGbVgLQxKruJxc9+MMrl4e4 +RefYIlwpecj4jXwb75RTbT0g7OGGg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +missing3.nsec3.example. IN MX +SECTION AUTHORITY +example. 3600 IN NS ns.example. +example. 3600 IN DS 11225 13 4 B4BDAB0B3751300BFB9D0D240649279B4BA0E67A308E1B0BFE2931D9 47F7FD71A2BD807D84CDE24286D955A35752484F +example. 3600 IN RRSIG DS 13 1 3600 20151014143533 20150914143533 17272 . b0+fXKmsBBXkzf+Myr5eRsXWDvY75oMlr4Yi5j+3iF7cOviVGKz3Dw8u bfKW+OmyHiuTeL71gez/84P+vHEvHA== +SECTION ADDITIONAL +ns.example. 3600 IN A 127.0.0.2 +ENTRY_END + +RANGE_END + +; ns.example. +RANGE_BEGIN 0 100 + ADDRESS 127.0.0.2 + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example. IN NS +SECTION ANSWER +example. 3600 IN NS ns.example. +example. 3600 IN RRSIG NS 13 1 3600 20151014143225 20150914143225 11225 example. C6KOyVJzeRh/3KL9BxSVOVZN0RIyBhlBmmmnVEFT5qPUrn3m5FjcIBtI hi7cAl2FeY1rqstztvKAY6UOBE0kGQ== +SECTION ADDITIONAL +ns.example. 3600 IN A 127.0.0.2 +ns.example. 3600 IN RRSIG A 13 2 3600 20151014143225 20150914143225 11225 example. fM/mwUOtyIbKTxgxaekZf5A8kV3qYIFADtvhcQi0TUh09nfkHQtUqhew zVBXCEtjKMnYFvNhWF6PyiirtOeM8w== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example. IN DNSKEY +SECTION ANSWER +example. 3600 IN DNSKEY 256 3 13 d9Qb4Tj90Y2cvdWcZfu45clfoLKqGbJn2vQKqZv07nc4FMf2oRkrNXtP fixVTLfbbWAFtbbFf3mhCNUsetRUVQ== +example. 3600 IN RRSIG DNSKEY 13 1 3600 20151015124839 20150915124839 11225 example. 4DemFjvys9Gfq+gG1i8IB6GPBUw9lIv3F082JwW7O8tqNIn45n2z14gg ieeJTRhU9xXOVIfj6amITZWbjvGyFA== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +missing3.nsec3.example. IN MX +SECTION AUTHORITY +nsec3.example. 3600 IN NS ns.nsec3.example. +nsec3.example. 3600 IN DS 29913 13 4 9CCAE2E2369F5CE2725B0CCED256E746D4CB8CDA8A1A936C852A3810 1680F6F0D311476C891A5107DEA71165F72DAD01 +nsec3.example. 3600 IN RRSIG DS 13 2 3600 20151015124611 20150915124611 11225 example. Ur24uOPBVJV8dXlVzsEYq50QDzsKgzwdQ197/JR1Pjpo6hm+Q5qqGN5v TP57rCIDvqNY0L7ZnYjFDa1HlUie1A== +SECTION ADDITIONAL +ns.nsec3.example. 3600 IN A 127.0.0.3 +ENTRY_END + +RANGE_END + +; ns.nsec3.example. +RANGE_BEGIN 0 100 + ADDRESS 127.0.0.3 + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +nsec3.example. IN NS +SECTION ANSWER +nsec3.example. 3600 IN NS ns.nsec3.example. +nsec3.example. 3600 IN RRSIG NS 13 2 3600 20151015124917 20150915124917 29913 nsec3.example. 5CtvbOiUnPE4yVM9tRDWAjHT0X1X5M8tTez1ZkGVd+c9iwwX+PJV+tWW Q40UIqMVEDW1BG39uzGi82XINdvt4Q== +SECTION ADDITIONAL +ns.nsec3.example. 3600 IN A 127.0.0.3 +ns.nsec3.example. 3600 IN RRSIG A 13 3 3600 20151015124917 20150915124917 29913 nsec3.example. CYnl5b4taGLcGp2cZhlB93zbf4CfAEQPVBJVKQXIHlGCshMdakBKCJ5a o9wB+HfnA6VW0/2YgKxdv3j45qVWwQ== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +nsec3.example. IN DNSKEY +SECTION ANSWER +nsec3.example. 3600 IN DNSKEY 256 3 13 p2ZjJQmvVGYMkFIzttVodmLNuxBqSbIjk/U9vsiWjWkYhgAHbCVDyH2I rKx3aqidW7Wnuaj//zDrXGxKu99WPQ== +nsec3.example. 3600 IN RRSIG DNSKEY 13 2 3600 20151015124917 20150915124917 29913 nsec3.example. M+WnKqDgEcgKxWi6n6hEKm61/OOqeZXVUOj+v8v9pRA/Kp0XVWL5G+hc tbQgGaUv7OFV5doYEI5XwuMazHzumg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +missing3.nsec3.example. IN MX +SECTION AUTHORITY +nsec3.example. 3600 IN SOA ns.nsec3.example. root.nsec3.example. 2 60 60 120 3600 +ivmjat46u4s0qgn5ouqtsut9mtut0230.nsec3.example. 3600 IN NSEC3 1 0 10 ED699434FF4B1D16 Q1VKA08M8TAP08SMQN0BU8HAI8BU51NB +nsec3.example. 3600 IN RRSIG SOA 13 2 3600 20151015124917 20150915124917 29913 nsec3.example. mJ+v4DsslLKlxMOAOEx552+Q4hzU/Q/RlyzBrw5uZ6ypOP9FmsIgtGnC cyHLOIpCS+RSSRzZKo2b5ok7y2m8Nw== +ivmjat46u4s0qgn5ouqtsut9mtut0230.nsec3.example. 3600 IN RRSIG NSEC3 13 3 3600 20151015124917 20150915124917 29913 nsec3.example. YAAp004WrK5E/tgiq93/5UUx4Ze8mHibu3is2jogALKFsRbJPvYcbUoR AQu9KNK/ym2Mjk9VShNSSQPjtqrdVQ== +ENTRY_END + +RANGE_END + +;STEP 0 TIME_PASSES ELAPSE 1000 + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +missing3.nsec3.example. IN MX +ENTRY_END + +STEP 2 CHECK_ANSWER +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR RD RA AD SERVFAIL +SECTION QUESTION +missing3.nsec3.example. IN MX +SECTION AUTHORITY +missing3.nsec3.example. IN MX +SECTION AUTHORITY +ENTRY_END + +SCENARIO_END diff --git a/tests/testdata/nsec3_name_error_response_missing_nsec3_002.rpl b/tests/testdata/nsec3_name_error_response_missing_nsec3_002.rpl new file mode 100644 index 000000000..bd8888969 --- /dev/null +++ b/tests/testdata/nsec3_name_error_response_missing_nsec3_002.rpl @@ -0,0 +1,168 @@ +; config options +server: + trust-anchor: ". 3600 IN DS 17272 13 4 B87AD8C76DC2244E7AA57285057BF533F2E248CC8D7E1A071D8A3837A711A5EA705C4707E6E8911DA653BE1AE019927B" + val-override-date: "1442323400" + +stub-zone: + name: "." + stub-addr: 127.0.0.1 # ns. +CONFIG_END + +SCENARIO_BEGIN Test validation of NSEC3 name error responses. + +; ns. +RANGE_BEGIN 0 100 + ADDRESS 127.0.0.1 + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. 3600 IN NS ns. +. 3600 IN RRSIG NS 13 0 3600 20151014142315 20150914142315 17272 . aEIYUS4S8Hd7vAVYvHwFyV97lKx4xt2PgAUbM4A7JUXHkTJDHUQEDVQh LWGxK6e+AUeuq4qlDo4vSz3IedmOBQ== +SECTION ADDITIONAL +ns. 3600 IN A 127.0.0.1 +ns. 3600 IN RRSIG A 13 1 3600 20151014142315 20150914142315 17272 . 27h0pFJyb5t/2cZsFjynp0TRIdUlQwPYcAwCer2UbXTiBBaD8n15hfh8 PFU0if8X0ikqHusz6rCNTx/aBraYdQ== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +. IN DNSKEY +SECTION ANSWER +. 3600 IN DNSKEY 256 3 13 qKlBZ0TvdY8C8+7bTcdnQdrLZxEwvxEwlGmIOTd/ccL5Jiei1whNktoE /Qzo1lJ0cXfVssy4EVMaqEdzIa+pkA== +. 3600 IN RRSIG DNSKEY 13 0 3600 20151014142315 20150914142315 17272 . FaY+kslqSPIRZsk65z8SrROt7kfx+RGUEBGbVgLQxKruJxc9+MMrl4e4 +RefYIlwpecj4jXwb75RTbT0g7OGGg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +missing3.nsec3.example. IN MX +SECTION AUTHORITY +example. 3600 IN NS ns.example. +example. 3600 IN DS 11225 13 4 B4BDAB0B3751300BFB9D0D240649279B4BA0E67A308E1B0BFE2931D9 47F7FD71A2BD807D84CDE24286D955A35752484F +example. 3600 IN RRSIG DS 13 1 3600 20151014143533 20150914143533 17272 . b0+fXKmsBBXkzf+Myr5eRsXWDvY75oMlr4Yi5j+3iF7cOviVGKz3Dw8u bfKW+OmyHiuTeL71gez/84P+vHEvHA== +SECTION ADDITIONAL +ns.example. 3600 IN A 127.0.0.2 +ENTRY_END + +RANGE_END + +; ns.example. +RANGE_BEGIN 0 100 + ADDRESS 127.0.0.2 + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example. IN NS +SECTION ANSWER +example. 3600 IN NS ns.example. +example. 3600 IN RRSIG NS 13 1 3600 20151014143225 20150914143225 11225 example. C6KOyVJzeRh/3KL9BxSVOVZN0RIyBhlBmmmnVEFT5qPUrn3m5FjcIBtI hi7cAl2FeY1rqstztvKAY6UOBE0kGQ== +SECTION ADDITIONAL +ns.example. 3600 IN A 127.0.0.2 +ns.example. 3600 IN RRSIG A 13 2 3600 20151014143225 20150914143225 11225 example. fM/mwUOtyIbKTxgxaekZf5A8kV3qYIFADtvhcQi0TUh09nfkHQtUqhew zVBXCEtjKMnYFvNhWF6PyiirtOeM8w== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example. IN DNSKEY +SECTION ANSWER +example. 3600 IN DNSKEY 256 3 13 d9Qb4Tj90Y2cvdWcZfu45clfoLKqGbJn2vQKqZv07nc4FMf2oRkrNXtP fixVTLfbbWAFtbbFf3mhCNUsetRUVQ== +example. 3600 IN RRSIG DNSKEY 13 1 3600 20151015124839 20150915124839 11225 example. 4DemFjvys9Gfq+gG1i8IB6GPBUw9lIv3F082JwW7O8tqNIn45n2z14gg ieeJTRhU9xXOVIfj6amITZWbjvGyFA== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +missing3.nsec3.example. IN MX +SECTION AUTHORITY +nsec3.example. 3600 IN NS ns.nsec3.example. +nsec3.example. 3600 IN DS 29913 13 4 9CCAE2E2369F5CE2725B0CCED256E746D4CB8CDA8A1A936C852A3810 1680F6F0D311476C891A5107DEA71165F72DAD01 +nsec3.example. 3600 IN RRSIG DS 13 2 3600 20151015124611 20150915124611 11225 example. Ur24uOPBVJV8dXlVzsEYq50QDzsKgzwdQ197/JR1Pjpo6hm+Q5qqGN5v TP57rCIDvqNY0L7ZnYjFDa1HlUie1A== +SECTION ADDITIONAL +ns.nsec3.example. 3600 IN A 127.0.0.3 +ENTRY_END + +RANGE_END + +; ns.nsec3.example. +RANGE_BEGIN 0 100 + ADDRESS 127.0.0.3 + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +nsec3.example. IN NS +SECTION ANSWER +nsec3.example. 3600 IN NS ns.nsec3.example. +nsec3.example. 3600 IN RRSIG NS 13 2 3600 20151015124917 20150915124917 29913 nsec3.example. 5CtvbOiUnPE4yVM9tRDWAjHT0X1X5M8tTez1ZkGVd+c9iwwX+PJV+tWW Q40UIqMVEDW1BG39uzGi82XINdvt4Q== +SECTION ADDITIONAL +ns.nsec3.example. 3600 IN A 127.0.0.3 +ns.nsec3.example. 3600 IN RRSIG A 13 3 3600 20151015124917 20150915124917 29913 nsec3.example. CYnl5b4taGLcGp2cZhlB93zbf4CfAEQPVBJVKQXIHlGCshMdakBKCJ5a o9wB+HfnA6VW0/2YgKxdv3j45qVWwQ== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +nsec3.example. IN DNSKEY +SECTION ANSWER +nsec3.example. 3600 IN DNSKEY 256 3 13 p2ZjJQmvVGYMkFIzttVodmLNuxBqSbIjk/U9vsiWjWkYhgAHbCVDyH2I rKx3aqidW7Wnuaj//zDrXGxKu99WPQ== +nsec3.example. 3600 IN RRSIG DNSKEY 13 2 3600 20151015124917 20150915124917 29913 nsec3.example. M+WnKqDgEcgKxWi6n6hEKm61/OOqeZXVUOj+v8v9pRA/Kp0XVWL5G+hc tbQgGaUv7OFV5doYEI5XwuMazHzumg== +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +missing3.nsec3.example. IN MX +SECTION AUTHORITY +nsec3.example. 3600 IN SOA ns.nsec3.example. root.nsec3.example. 2 60 60 120 3600 +t6komava61p95c35og3u595fmadcdba3.nsec3.example. 3600 IN NSEC3 1 0 10 ED699434FF4B1D16 7VGF2JRLB1LROS7VFCD14UQCTLH2SELH A NS SOA MX AAAA RRSIG DNSKEY NSEC3PARAM +nsec3.example. 3600 IN RRSIG SOA 13 2 3600 20151015124917 20150915124917 29913 nsec3.example. mJ+v4DsslLKlxMOAOEx552+Q4hzU/Q/RlyzBrw5uZ6ypOP9FmsIgtGnC cyHLOIpCS+RSSRzZKo2b5ok7y2m8Nw== +t6komava61p95c35og3u595fmadcdba3.nsec3.example. 3600 IN RRSIG NSEC3 13 3 3600 20151015124917 20150915124917 29913 nsec3.example. 8qLXCvLG80qeMd2HXluT/3CT4TsiW8RrBMrJPYUQbmlld82gZc4mg/0q Lnxr6eA2c5Dyl7FDbVoVbsAsfe0zJw== +ENTRY_END + +RANGE_END + +;STEP 0 TIME_PASSES ELAPSE 1000 + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +missing3.nsec3.example. IN MX +ENTRY_END + +STEP 2 CHECK_ANSWER +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR RD RA AD SERVFAIL +SECTION QUESTION +missing3.nsec3.example. IN MX +SECTION AUTHORITY +missing3.nsec3.example. IN MX +SECTION AUTHORITY +ENTRY_END + +SCENARIO_END diff --git a/tests/testdata/nsec_name_error_response_mising_nsec_001.rpl b/tests/testdata/nsec_name_error_response_missing_nsec_001.rpl similarity index 100% rename from tests/testdata/nsec_name_error_response_mising_nsec_001.rpl rename to tests/testdata/nsec_name_error_response_missing_nsec_001.rpl diff --git a/tests/testdata/nsec_name_error_response_mising_nsec_002.rpl b/tests/testdata/nsec_name_error_response_missing_nsec_002.rpl similarity index 100% rename from tests/testdata/nsec_name_error_response_mising_nsec_002.rpl rename to tests/testdata/nsec_name_error_response_missing_nsec_002.rpl