File: val_cnametoinsecure.rpl

package info (click to toggle)
unbound 1.6.0-2~bpo8+1
  • links: PTS, VCS
  • area: main
  • in suites: jessie-backports
  • size: 20,444 kB
  • sloc: ansic: 79,862; sh: 5,040; yacc: 1,900; makefile: 1,315; python: 1,302; perl: 141
file content (137 lines) | stat: -rw-r--r-- 5,276 bytes parent folder | download | duplicates (5)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
; config options
server:
	trust-anchor: "example.com.	3600	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
	trust-anchor: "example.org.	3600	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}"
	val-override-date: "20091011000000"

forward-zone:
	name: "."
	forward-addr: 192.0.2.1
CONFIG_END

SCENARIO_BEGIN Test validator with CNAME to insecure NSEC or NSEC3.

RANGE_BEGIN 0 100
	ADDRESS 192.0.2.1

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
example.com.     3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
example.com.	3600	IN	RRSIG	DNSKEY 5 2 3600 20091012000000 20091010000000 30899 example.com. BeCk6+D0ysmO1+X0CjvXH55AO78C7Vxrq58C3YgO0wt2eTG/deZCiWI3bz+3OC64cICbJr5fvCfqUuJDABU/fw== ;{id = 30899}
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN AAAA
SECTION ANSWER
www.example.com.	3600	IN	CNAME	unsafe.example.com.
www.example.com.	3600	IN	RRSIG	CNAME 5 3 3600 20091012000000 20091010000000 30899 example.com. FJN0bZitZfxNQNTD1V2vcDBQ9cb4y4YGa35Ilr+VnrBiisAB9ZyrO8umvdtwzV1VPIlfFDQTJrKh5aZparLHPw== ;{id = 30899}
SECTION AUTHORITY
; really an insecure delegation, but co-hosted on the server.
unsafe.example.com.	3600	IN	NSEC	v.example.com. NS RRSIG NSEC 
unsafe.example.com.	3600	IN	RRSIG	NSEC 5 3 3600 20091012000000 20091010000000 30899 example.com. Le9EsRd2MxkOGRCvGtQkXRDAob5ZJOFQlZbDvcWAh5OXVpmcwZmCHctxw/Zyi4LkNYoYCSCc8PiVRrJM3IsGrQ== ;{id = 30899}
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
unsafe.example.com. IN AAAA
SECTION ANSWER
; empty response
ENTRY_END


ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.org. IN DNSKEY
SECTION ANSWER
example.org.     3600    IN      DNSKEY  256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
example.org.	3600	IN	RRSIG	DNSKEY 5 2 3600 20091012000000 20091010000000 30899 example.org. rd9aoXbeaE0zyT96Z0sjN3Mz5Nz/wuRsIH1lwcjwUFmAAT7F+SjwVWeo8nGaTBd8JDSUdiL+VwotEE0I22RrnA== ;{id = 30899}
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.org. IN AAAA
SECTION ANSWER
www.example.org.	3600	IN	CNAME	unsafe.example.org.
www.example.org.	3600	IN	RRSIG	CNAME 5 3 3600 20091012000000 20091010000000 30899 example.org. ZgRbMnunAqa1K46GINIihekkI73/1PkGFSAJRn7bSTxBpLM+qiHJDU1+QgS2SjaSKHqNqbXy/eeG3qX9r9y87g== ;{id = 30899}
SECTION AUTHORITY
; really an insecure delegation, but co-hosted on the server.
; h(unsafe.example.org.) = ltchu0548v0cof8f25u2pj4mjf4shcms.
ltchu0548v0cof8f25u2pj4mjf4shcms.example.org. IN NSEC3 1 0 1 - ltchu0548v0cof8f25u2pj4mjf4shcmt NS
ltchu0548v0cof8f25u2pj4mjf4shcms.example.org.	3600	IN	RRSIG	NSEC3 5 3 3600 20091012000000 20091010000000 30899 example.org. yxuYgfkg8QTdB5yBMN9Up9GyKu7xjKDScqq95/tsy3lx22tLsdLD9Fojdrq7eB+K7Tr72AejmVJs44v6TmWkZw== ;{id = 30899}
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
unsafe.example.org. IN AAAA
SECTION ANSWER
; empty response
ENTRY_END

RANGE_END

; NSEC
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.example.com. IN AAAA
ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA DO NOERROR
SECTION QUESTION
www.example.com. IN AAAA
SECTION ANSWER
www.example.com.        3600    IN      CNAME   unsafe.example.com.
www.example.com.        3600    IN      RRSIG   CNAME 5 3 3600 20091012000000 20091010000000 30899 example.com. FJN0bZitZfxNQNTD1V2vcDBQ9cb4y4YGa35Ilr+VnrBiisAB9ZyrO8umvdtwzV1VPIlfFDQTJrKh5aZparLHPw== ;{id = 30899}
SECTION AUTHORITY
unsafe.example.com.     3600    IN      NSEC    v.example.com. NS RRSIG NSEC 
unsafe.example.com.     3600    IN      RRSIG   NSEC 5 3 3600 20091012000000 20091010000000 30899 example.com. Le9EsRd2MxkOGRCvGtQkXRDAob5ZJOFQlZbDvcWAh5OXVpmcwZmCHctxw/Zyi4LkNYoYCSCc8PiVRrJM3IsGrQ== ;{id = 30899}
ENTRY_END

; NSEC3
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.example.org. IN AAAA
ENTRY_END
; recursion happens here.
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA DO NOERROR
SECTION QUESTION
www.example.org. IN AAAA
SECTION ANSWER
www.example.org.        3600    IN      CNAME   unsafe.example.org.
www.example.org.        3600    IN      RRSIG   CNAME 5 3 3600 20091012000000 20091010000000 30899 example.org. ZgRbMnunAqa1K46GINIihekkI73/1PkGFSAJRn7bSTxBpLM+qiHJDU1+QgS2SjaSKHqNqbXy/eeG3qX9r9y87g== ;{id = 30899}
SECTION AUTHORITY
ltchu0548v0cof8f25u2pj4mjf4shcms.example.org.   3600    IN      NSEC3   1 0 1 -  ltchu0548v0cof8f25u2pj4mjf4shcmt NS 
ltchu0548v0cof8f25u2pj4mjf4shcms.example.org.   3600    IN      RRSIG   NSEC3 5 3 3600 20091012000000 20091010000000 30899 example.org. yxuYgfkg8QTdB5yBMN9Up9GyKu7xjKDScqq95/tsy3lx22tLsdLD9Fojdrq7eB+K7Tr72AejmVJs44v6TmWkZw== ;{id = 30899}
ENTRY_END

SCENARIO_END