From 04fa474ac359aa364fe21e34fa68c75a647d2fc6 Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 29 Mar 2011 10:38:59 +0000
Subject: [PATCH] fix test

git-svn-id: file:///svn/unbound/trunk@2408 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 doc/example.conf.in        |  3 +--
 testdata/stop_nxdomain.rpl | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/doc/example.conf.in b/doc/example.conf.in
index 661e2e043..3bd541cbf 100644
--- a/doc/example.conf.in
+++ b/doc/example.conf.in
@@ -257,8 +257,7 @@ server:
 	# Default on, which insists on dnssec data for trust-anchored zones.
 	# harden-dnssec-stripped: yes
 
-	# Harden against queries that fall under known nxdomain names.
-	# Default off because very old software can be incompatible.
+	# Harden against queries that fall under dnssec-signed nxdomain names.
 	# harden-below-nxdomain: no
 
         # Harden the referral path by performing additional queries for
diff --git a/testdata/stop_nxdomain.rpl b/testdata/stop_nxdomain.rpl
index 76c90c1c9..9c57ec71b 100644
--- a/testdata/stop_nxdomain.rpl
+++ b/testdata/stop_nxdomain.rpl
@@ -2,6 +2,8 @@
 server:
 	target-fetch-policy: "0 0 0 0 0"
 	harden-below-nxdomain: yes
+	trust-anchor: ". IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3"
+	val-override-date: "20070916134226"
 
 stub-zone:
 	name: "."
@@ -25,6 +27,17 @@ SECTION ADDITIONAL
 K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
 ENTRY_END
 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN DNSKEY
+SECTION ANSWER
+.	3600	IN	DNSKEY	257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30900 (ksk), size = 512b}
+.	3600	IN	RRSIG	DNSKEY 5 0 3600 20070926134150 20070829134150 30900 . BlVcSh8xSgm7ne+XVCJwNHQKjk5kTJgG4Fa3sOSfp3YUjb2YclmVWyIw7XEHl0/C6CN5gdy18idnM6vT6Hy42A== ;{id = 30900}
+ENTRY_END
+
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
@@ -33,6 +46,11 @@ SECTION QUESTION
 example.local. IN A
 SECTION AUTHORITY
 .	86400	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2010111601 1800 900 604800 86400
+.	86400	IN	RRSIG	SOA 5 0 86400 20070926134150 20070829134150 30900 . bOYbFZZp7vWWC2oxV+kph+YXjoQj2f6QJktlgmzRI7oReFX9jy/LibTPQi/sW0SGHpLaj3G5p4IfIlBibne4DA== ;{id = 30900}
+.	86400	IN	NSEC	ac. NS SOA RRSIG NSEC DNSKEY 
+.	86400	IN	RRSIG	NSEC 5 0 86400 20070926134150 20070829134150 30900 . U+/m5+FmczzkosEx1aTP7MK/F3PpcKWct8CzM1jhjwNe2RlnW7qFe0IH8SLzD/elvxDTQMpJSMlKOhUUdapB8g== ;{id = 30900}
+lk.	86400	IN	NSEC	lr. NS DS RRSIG NSEC 
+lk.	86400	IN	RRSIG	NSEC 5 1 86400 20070926134150 20070829134150 30900 . j6Pw5Eu9vGHDJcckTSWa8YD1b7FV7c/Z8aVkLfJCH+iPcaa40/LSp784+t2PnAAXL8fgriNL6jF/ve1rti3ANQ== ;{id = 30900}
 ENTRY_END
 RANGE_END
 
-- 
2.47.2