--- /dev/null
+; config options
+; The island of trust is at example.com
+server:
+ trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
+ val-override-date: "20070916134226"
+ target-fetch-policy: "0 0 0 0 0"
+ qname-minimisation: "no"
+ fake-sha1: yes
+ trust-anchor-signaling: no
+ rrset-roundrobin: no
+ harden-unknown-additional: yes
+
+stub-zone:
+ name: "."
+ stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test validator with response to qtype ANY
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+ ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET. IN A 193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION AUTHORITY
+com. IN NS a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net. IN A 192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+ ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com. IN NS a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net. IN A 192.5.6.30
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION AUTHORITY
+example.com. IN NS ns.example.com.
+SECTION ADDITIONAL
+ns.example.com. IN A 1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+ ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN NS
+SECTION ANSWER
+example.com. IN NS ns.example.com.
+example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com. IN A 1.2.3.4
+ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to DNSKEY priming query
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
+SECTION AUTHORITY
+example.com. IN NS ns.example.com.
+example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
+SECTION ADDITIONAL
+ns.example.com. IN A 1.2.3.4
+ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
+ENTRY_END
+
+; response to query of interest
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION ANSWER
+example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854}
+example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854}
+example.com. 600 IN NAPTR 20 0 "s" "SIP+D2U" "" _sip._udp.example.com.
+example.com. 600 IN RRSIG NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854}
+example.com. 86400 IN AAAA 2001:7b8:206:1::1
+example.com. 86400 IN RRSIG AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854}
+example.com. 86400 IN TXT "Stichting NLnet Labs"
+example.com. 86400 IN RRSIG TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854}
+example.com. 86400 IN MX 100 v.net.example.
+example.com. 86400 IN MX 50 open.example.com.
+example.com. 86400 IN RRSIG MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854}
+example.com. 86400 IN NS v.net.example.
+example.com. 86400 IN NS open.example.com.
+example.com. 86400 IN NS ns7.domain-registry.example.
+example.com. 86400 IN RRSIG NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854}
+example.com. 86400 IN A 213.154.224.1
+example.com. 86400 IN RRSIG A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854}
+example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY
+example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854}
+
+example.com. 3600 IN TYPE4001 \# 1 01
+example.com. 3600 IN RRSIG TYPE4001 3 2 3600 20070926134150 20070829134150 2854 example.com. ACwNOwI1/wEdnsnotQgFNLjmjcJonpU432TLsHbRo1atuUHhOA1cdeI=
+
+example.com. 3600 IN TYPE4002 \# 1 01
+example.com. 3600 IN RRSIG TYPE4002 3 2 3600 20070926134150 20070829134150 2854 example.com. AGSTEFePJzOtkGGJDJ2vvqV1ja0deBPWu6+DLV66VbWncuNjhGlgn4s=
+
+example.com. 3600 IN TYPE4003 \# 1 01
+example.com. 3600 IN RRSIG TYPE4003 3 2 3600 20070926134150 20070829134150 2854 example.com. AByS2v3czunuc/ISzNWxDfk1LDbXQvxdbdBf1kruF03Q+yumKsC5BMU=
+
+example.com. 3600 IN TYPE4004 \# 1 01
+example.com. 3600 IN RRSIG TYPE4004 3 2 3600 20070926134150 20070829134150 2854 example.com. AG8JfqFxAJDRsANgZvIhk6C4/d7oF5rXsNZN5pEFwRHL8oNN/xEkUpM=
+
+example.com. 3600 IN TYPE4005 \# 1 01
+example.com. 3600 IN RRSIG TYPE4005 3 2 3600 20070926134150 20070829134150 2854 example.com. AFv/ylW2n88mhr65bo4kWNp45w0mp4qcKxMfEZAuZt8d/DB0KZDn538=
+
+example.com. 3600 IN TYPE4006 \# 1 01
+example.com. 3600 IN RRSIG TYPE4006 3 2 3600 20070926134150 20070829134150 2854 example.com. AIrw3YdUF3Ri9KbDd89xtnpf7KeKkXy6VzOxguaFbS30jZcEc+8p+TM=
+
+example.com. 3600 IN TYPE4007 \# 1 01
+example.com. 3600 IN RRSIG TYPE4007 3 2 3600 20070926134150 20070829134150 2854 example.com. ABcI5dVAx0Ro+rl9+++Eh5/RG/Tbn0O4F8Mn+iwgaJwvZ9biGIaFPb8=
+
+example.com. 3600 IN TYPE4008 \# 1 01
+example.com. 3600 IN RRSIG TYPE4008 3 2 3600 20070926134150 20070829134150 2854 example.com. ADFnpyINGZa3komnJQft55pkXVr6HIwbn+CjJDEKT/t3va0UW78RJV0=
+
+example.com. 3600 IN TYPE4009 \# 1 01
+example.com. 3600 IN RRSIG TYPE4009 3 2 3600 20070926134150 20070829134150 2854 example.com. AA160AjWpMkX1YF0aXvL/PeRRA3vZsDtMvotP1NEm687q9nx46wW7To=
+
+example.com. 3600 IN TYPE4010 \# 1 01
+example.com. 3600 IN RRSIG TYPE4010 3 2 3600 20070926134150 20070829134150 2854 example.com. AKgBFj85Uo2wNKfAmAKAuYuPv97dce/nRestfAyI/8xSV+ItducejWo=
+
+example.com. 3600 IN TYPE4011 \# 1 01
+example.com. 3600 IN RRSIG TYPE4011 3 2 3600 20070926134150 20070829134150 2854 example.com. AH6j4Lu9LzXaBMVFJv9LreuN2Ll0NZyLFDSlNyHMrYfSLmeIn3cjDaU=
+
+example.com. 3600 IN TYPE4012 \# 1 01
+example.com. 3600 IN RRSIG TYPE4012 3 2 3600 20070926134150 20070829134150 2854 example.com. AAjv9pQ3LjqN0wF1qFeMGXAuCt1URjPfjleedRYVzuRNXoQ5lXfpzyQ=
+
+example.com. 3600 IN TYPE4013 \# 1 01
+example.com. 3600 IN RRSIG TYPE4013 3 2 3600 20070926134150 20070829134150 2854 example.com. AH+2xPq9wrY9vSffsyNoIL3Apx78r5dssiS3TAP08BPVnjjDcNq4Bes=
+
+example.com. 3600 IN TYPE4014 \# 1 01
+example.com. 3600 IN RRSIG TYPE4014 3 2 3600 20070926134150 20070829134150 2854 example.com. ADKIK2RFjMOaqJ+M/tjOTavLKFNfmaRUVVSxqEThZz1U8CmMbIXhGJA=
+
+example.com. 3600 IN TYPE4015 \# 1 01
+example.com. 3600 IN RRSIG TYPE4015 3 2 3600 20070926134150 20070829134150 2854 example.com. AFu7ugUzI62yezWpaKQG6N2Yo+b/sMA9Rs1fLO40uiQ6zlky1O3MycA=
+
+example.com. 3600 IN TYPE4016 \# 1 01
+example.com. 3600 IN RRSIG TYPE4016 3 2 3600 20070926134150 20070829134150 2854 example.com. ADTGoPxpupJxeWtz4ZhqORhENIfQsvqWkDuwYfjYhWzBAInC5imcTdg=
+
+example.com. 3600 IN TYPE4017 \# 1 01
+example.com. 3600 IN RRSIG TYPE4017 3 2 3600 20070926134150 20070829134150 2854 example.com. ACboMr6p4SPV1qWM0jB2xGatOB55TvGhxsPWgM/GZnLhFl48mlUcV4s=
+
+example.com. 3600 IN TYPE4018 \# 1 01
+example.com. 3600 IN RRSIG TYPE4018 3 2 3600 20070926134150 20070829134150 2854 example.com. AKt3978Rr4cHFt8ybI/yQX4k166vfExEvjhhIt0oB/+xMwTqx1hbUKM=
+
+example.com. 3600 IN TYPE4019 \# 1 01
+example.com. 3600 IN RRSIG TYPE4019 3 2 3600 20070926134150 20070829134150 2854 example.com. AIwfMRhehYbil+xZXBeP6HTHzUBHkVbAgh+2uyEkWzzrjlnNy03BuNM=
+
+example.com. 3600 IN TYPE4020 \# 1 01
+example.com. 3600 IN RRSIG TYPE4020 3 2 3600 20070926134150 20070829134150 2854 example.com. ACPwXUUcLJcmTbxF5JMHjo2DjQfBWKQSCOtcAZe9rMe/MJ6dHEwlumc=
+
+example.com. 3600 IN TYPE4021 \# 1 01
+example.com. 3600 IN RRSIG TYPE4021 3 2 3600 20070926134150 20070829134150 2854 example.com. ADAGCUWISYj/NdMZAfEy6kG7AHXRMR5FB1cV9lke2JJb2G/r8mtJagw=
+
+example.com. 3600 IN TYPE4022 \# 1 01
+example.com. 3600 IN RRSIG TYPE4022 3 2 3600 20070926134150 20070829134150 2854 example.com. AHadIaUoEkAiFv/QW3ecrmt0D2/jC5JFdvDWKKvUt5xKqjXhWYEmt98=
+
+example.com. 3600 IN TYPE4023 \# 1 01
+example.com. 3600 IN RRSIG TYPE4023 3 2 3600 20070926134150 20070829134150 2854 example.com. ABZe4wLu0p9wwoB5Ks4yPiqiuVuIGiYXmukpfk9dm0wgluLVMAxqgCY=
+
+example.com. 3600 IN TYPE4024 \# 1 01
+example.com. 3600 IN RRSIG TYPE4024 3 2 3600 20070926134150 20070829134150 2854 example.com. AIQFmNXXbv99UrY8mDBv+noyxVHAqha2ueUUjn4v71t2FFVoh1AqzHY=
+
+example.com. 3600 IN TYPE4025 \# 1 01
+example.com. 3600 IN RRSIG TYPE4025 3 2 3600 20070926134150 20070829134150 2854 example.com. ACyDyHNctQoASoF4SNLgeRxc/kY2kLkK8e+8pEkE4yaiUGewO5jGAn4=
+
+example.com. 3600 IN TYPE4026 \# 1 01
+example.com. 3600 IN RRSIG TYPE4026 3 2 3600 20070926134150 20070829134150 2854 example.com. AGlB5LBNgxjcniTsPBZCOHO92LMtrw3RtnITlb6YAfyFljiyFXjzAr4=
+
+example.com. 3600 IN TYPE4027 \# 1 01
+example.com. 3600 IN RRSIG TYPE4027 3 2 3600 20070926134150 20070829134150 2854 example.com. AFP+FhrZw6hmuyiPd5LKirvfO/P/S1Ps1sy6FZGhFXQvFgMP3h8/AC0=
+
+example.com. 3600 IN TYPE4028 \# 1 01
+example.com. 3600 IN RRSIG TYPE4028 3 2 3600 20070926134150 20070829134150 2854 example.com. AJpyyjJY7TdAuD30QPiuBYgXCQECFlSdgrgBDpuOPwtFrxJfOfgJGN4=
+
+example.com. 3600 IN TYPE4029 \# 1 01
+example.com. 3600 IN RRSIG TYPE4029 3 2 3600 20070926134150 20070829134150 2854 example.com. AGaczd1oGZ/awOeOh20PDfL5HrH9kMC60dVIdVELP/PNZ5j9Y3O0FZY=
+
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ns7.domain-registry.example. 80173 IN A 62.4.86.230
+open.example.com. 600 IN A 213.154.224.1
+open.example.com. 600 IN AAAA 2001:7b8:206:1::53
+open.example.com. 600 IN AAAA 2001:7b8:206:1::1
+v.net.example. 28800 IN A 213.154.224.17
+v.net.example. 28800 IN AAAA 2001:7b8:206:1:200:39ff:fe59:b187
+johnny.example.com. 600 IN A 213.154.224.44
+open.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854}
+open.example.com. 600 IN RRSIG AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854}
+johnny.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MCwCFAh0/zSpCd/9eMNz7AyfnuGQFD1ZAhQEpNFNw4XByNEcbi/vsVeii9kp7g== ;{id = 2854}
+_sip._udp.example.com. 600 IN RRSIG SRV 3 4 600 20070926134150 20070829134150 2854 example.com. MCwCFFSRVgOcq1ihVuO6MhCuzWs6SxpVAhRPHHCKy0JxymVkYeFOxTkbVSWMMw== ;{id = 2854}
+_sip._udp.example.com. 600 IN SRV 0 0 5060 johnny.example.com.
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+lot.example.com. IN ANY
+SECTION ANSWER
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+MATCH TCP
+REPLY RD DO
+SECTION QUESTION
+example.com. IN ANY
+ENTRY_END
+
+; Allow validation resuming for the RRSIGs
+STEP 2 TIME_PASSES ELAPSE 0.05
+STEP 3 TIME_PASSES ELAPSE 0.10
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+example.com. IN ANY
+SECTION ANSWER
+example.com. 86400 IN SOA open.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000
+example.com. 86400 IN RRSIG SOA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCSs8KJepwaIp5vu++/0hk04lkXvgIUdphJSAE/MYob30WcRei9/nL49tE= ;{id = 2854}
+example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
+example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFHq7BNVAeLW+Uw/rkjVS08lrMDk/AhR+bvChHfiE4jLb6uoyE54/irCuqA== ;{id = 2854}
+example.com. 600 IN NAPTR 20 0 "s" "SIP+D2U" "" _sip._udp.example.com.
+example.com. 600 IN RRSIG NAPTR 3 2 600 20070926134150 20070829134150 2854 example.com. MC0CFE8qs66bzuOyKmTIacamrmqabMRzAhUAn0MujX1LB0UpTHuLMgdgMgJJlq4= ;{id = 2854}
+example.com. 86400 IN AAAA 2001:7b8:206:1::1
+example.com. 86400 IN RRSIG AAAA 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFEqS4WHyqhUkv7t42TsBZJk/Q9paAhUAtTZ8GaXGpot0PmsM0oGzQU+2iw4= ;{id = 2854}
+example.com. 86400 IN TXT "Stichting NLnet Labs"
+example.com. 86400 IN RRSIG TXT 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH3otn2u8zXczBS8L0VKpyAYZGSkAhQLGaQclkzMAzlB5j73opFjdkh8TA== ;{id = 2854}
+example.com. 86400 IN MX 100 v.net.example.
+example.com. 86400 IN MX 50 open.example.com.
+example.com. 86400 IN RRSIG MX 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFEKh3jeqh69zcOqWWv3GNKlMECPyAhR9HJkcPLqlyVWUccWDFJfGGcQfdg== ;{id = 2854}
+example.com. 86400 IN NS v.net.example.
+example.com. 86400 IN NS open.example.com.
+example.com. 86400 IN NS ns7.domain-registry.example.
+example.com. 86400 IN RRSIG NS 3 2 86400 20070926134150 20070829134150 2854 example.com. MC0CFQCaRn30X4neKW7KYoTa2kcsoOLgfgIURvKEyDczLypWlx99KpxzMxRYhEc= ;{id = 2854}
+example.com. 86400 IN A 213.154.224.1
+example.com. 86400 IN RRSIG A 3 2 86400 20070926134150 20070829134150 2854 example.com. MCwCFH8kSLxmRTwzlGDxvF1e4y/gM+5dAhQkzyQ2a6Gf+CMaHzVScaUvTt9HhQ== ;{id = 2854}
+example.com. 18000 IN NSEC _sip._udp.example.com. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY
+example.com. 18000 IN RRSIG NSEC 3 2 18000 20070926134150 20070829134150 2854 example.com. MCwCFBzOGtpgq4uJ2jeuLPYl2HowIRzDAhQVXNz1haQ1mI7z9lt5gcvWW+lFhA== ;{id = 2854}
+
+example.com. 3600 IN TYPE4001 \# 1 01
+example.com. 3600 IN RRSIG TYPE4001 3 2 3600 20070926134150 20070829134150 2854 example.com. ACwNOwI1/wEdnsnotQgFNLjmjcJonpU432TLsHbRo1atuUHhOA1cdeI=
+
+example.com. 3600 IN TYPE4002 \# 1 01
+example.com. 3600 IN RRSIG TYPE4002 3 2 3600 20070926134150 20070829134150 2854 example.com. AGSTEFePJzOtkGGJDJ2vvqV1ja0deBPWu6+DLV66VbWncuNjhGlgn4s=
+
+example.com. 3600 IN TYPE4003 \# 1 01
+example.com. 3600 IN RRSIG TYPE4003 3 2 3600 20070926134150 20070829134150 2854 example.com. AByS2v3czunuc/ISzNWxDfk1LDbXQvxdbdBf1kruF03Q+yumKsC5BMU=
+
+example.com. 3600 IN TYPE4004 \# 1 01
+example.com. 3600 IN RRSIG TYPE4004 3 2 3600 20070926134150 20070829134150 2854 example.com. AG8JfqFxAJDRsANgZvIhk6C4/d7oF5rXsNZN5pEFwRHL8oNN/xEkUpM=
+
+example.com. 3600 IN TYPE4005 \# 1 01
+example.com. 3600 IN RRSIG TYPE4005 3 2 3600 20070926134150 20070829134150 2854 example.com. AFv/ylW2n88mhr65bo4kWNp45w0mp4qcKxMfEZAuZt8d/DB0KZDn538=
+
+example.com. 3600 IN TYPE4006 \# 1 01
+example.com. 3600 IN RRSIG TYPE4006 3 2 3600 20070926134150 20070829134150 2854 example.com. AIrw3YdUF3Ri9KbDd89xtnpf7KeKkXy6VzOxguaFbS30jZcEc+8p+TM=
+
+example.com. 3600 IN TYPE4007 \# 1 01
+example.com. 3600 IN RRSIG TYPE4007 3 2 3600 20070926134150 20070829134150 2854 example.com. ABcI5dVAx0Ro+rl9+++Eh5/RG/Tbn0O4F8Mn+iwgaJwvZ9biGIaFPb8=
+
+example.com. 3600 IN TYPE4008 \# 1 01
+example.com. 3600 IN RRSIG TYPE4008 3 2 3600 20070926134150 20070829134150 2854 example.com. ADFnpyINGZa3komnJQft55pkXVr6HIwbn+CjJDEKT/t3va0UW78RJV0=
+
+example.com. 3600 IN TYPE4009 \# 1 01
+example.com. 3600 IN RRSIG TYPE4009 3 2 3600 20070926134150 20070829134150 2854 example.com. AA160AjWpMkX1YF0aXvL/PeRRA3vZsDtMvotP1NEm687q9nx46wW7To=
+
+example.com. 3600 IN TYPE4010 \# 1 01
+example.com. 3600 IN RRSIG TYPE4010 3 2 3600 20070926134150 20070829134150 2854 example.com. AKgBFj85Uo2wNKfAmAKAuYuPv97dce/nRestfAyI/8xSV+ItducejWo=
+
+example.com. 3600 IN TYPE4011 \# 1 01
+example.com. 3600 IN RRSIG TYPE4011 3 2 3600 20070926134150 20070829134150 2854 example.com. AH6j4Lu9LzXaBMVFJv9LreuN2Ll0NZyLFDSlNyHMrYfSLmeIn3cjDaU=
+
+example.com. 3600 IN TYPE4012 \# 1 01
+example.com. 3600 IN RRSIG TYPE4012 3 2 3600 20070926134150 20070829134150 2854 example.com. AAjv9pQ3LjqN0wF1qFeMGXAuCt1URjPfjleedRYVzuRNXoQ5lXfpzyQ=
+
+example.com. 3600 IN TYPE4013 \# 1 01
+example.com. 3600 IN RRSIG TYPE4013 3 2 3600 20070926134150 20070829134150 2854 example.com. AH+2xPq9wrY9vSffsyNoIL3Apx78r5dssiS3TAP08BPVnjjDcNq4Bes=
+
+example.com. 3600 IN TYPE4014 \# 1 01
+example.com. 3600 IN RRSIG TYPE4014 3 2 3600 20070926134150 20070829134150 2854 example.com. ADKIK2RFjMOaqJ+M/tjOTavLKFNfmaRUVVSxqEThZz1U8CmMbIXhGJA=
+
+example.com. 3600 IN TYPE4015 \# 1 01
+example.com. 3600 IN RRSIG TYPE4015 3 2 3600 20070926134150 20070829134150 2854 example.com. AFu7ugUzI62yezWpaKQG6N2Yo+b/sMA9Rs1fLO40uiQ6zlky1O3MycA=
+
+SECTION AUTHORITY
+SECTION ADDITIONAL
+open.example.com. 600 IN A 213.154.224.1
+open.example.com. 600 IN AAAA 2001:7b8:206:1::53
+open.example.com. 600 IN AAAA 2001:7b8:206:1::1
+open.example.com. 600 IN RRSIG A 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCh8bja923UJmg1+sYXMK8WIE4dpgIUQe9sZa0GOcUYSgb2rXoogF8af+Y= ;{id = 2854}
+open.example.com. 600 IN RRSIG AAAA 3 3 600 20070926134150 20070829134150 2854 example.com. MC0CFQCRGJgIS6kEVG7aJfovuG/q3cgOWwIUYEIFCnfRQlMIYWF7BKMQoMbdkE0= ;{id = 2854}
+ENTRY_END
+
+SCENARIO_END
#define MAX_VALIDATE_AT_ONCE 8
/** Max number of validation suspends allowed, error out otherwise. */
#define MAX_VALIDATION_SUSPENDS 16
+/** Max answer RRsets for qtype ANY that are validated. The lists is
+ * shortened to fit this limit. */
+#define MAX_RRSETS_ANY_VALIDATED 24
/* forward decl for cache response and normal super inform calls of a DS */
static void process_ds_response(struct module_qstate* qstate,
slack += 2;
else if(qstate->env->mesh->all.count >= qstate->env->mesh->max_reply_states/4)
slack += 1;
- if(vq->suspend_count > 3)
- slack += 3;
- else if(vq->suspend_count > 0)
- slack += vq->suspend_count;
+ /* One step of back-off after the first suspend so a single bad
+ * message still yields, but does not grow exponentially on its own. */
+ if(vq->suspend_count > 0)
+ slack += 1;
if(slack != 0 && slack <= 12 /* No numeric overflow. */) {
usec = usec << slack;
}
val_reply_remove_auth(chase_reply, found);
}
+/**
+ * Cap the number of answer RRsets for validation of type ANY.
+ * This limits the number of RRSIG validations performed.
+ * It is allowed to return a subset of available RRsets when processing
+ * ANY query.
+ * @param chase_reply: the chased reply, shorten if if too long.
+ * @param orig_reply: original reply, remove the records here as well,
+ * so it can be marked as DNSSEC valid.
+ * @param skip: the number of rrsets skipped in the answer section due to
+ * CNAME chain that is followed.
+ * @param max_rrsets: the number allowed.
+ */
+static void
+shorten_answer_any(struct reply_info* chase_reply,
+ struct reply_info* orig_reply, size_t skip, size_t max_rrsets)
+{
+ if(chase_reply->an_numrrsets > max_rrsets) {
+ size_t to_rem = chase_reply->an_numrrsets - max_rrsets;
+ val_reply_remove_answers(chase_reply, max_rrsets, to_rem);
+ val_reply_remove_answers(orig_reply, skip+max_rrsets, to_rem);
+ }
+}
+
/**
* Given a "positive" response -- a response that contains an answer to the
* question, and no CNAME chain, validate this response.
&vq->qchase, vq->orig_msg->rep, vq->rrset_skip);
if(subtype != VAL_CLASS_REFERRAL)
remove_spurious_authority(vq->chase_reply, vq->orig_msg->rep);
+ if(subtype == VAL_CLASS_ANY)
+ shorten_answer_any(vq->chase_reply, vq->orig_msg->rep,
+ vq->rrset_skip, MAX_RRSETS_ANY_VALIDATED);
/* check signatures in the message;
* answer and authority must be valid, additional is only checked. */
projects / thirdparty / unbound.git / commitdiff
