From 3352f687cd8f5de6e6cdf6f7a1c3ea21e947859c Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Thu, 15 Apr 2010 11:29:43 +0000 Subject: [PATCH] GOST algorithm number 12. git-svn-id: file:///svn/unbound/trunk@2079 be551aaa-1e26-0410-a405-d3ace91eadb9 --- doc/Changelog | 5 +++++ testdata/Kexample.com.+011+58910.ds | 1 - testdata/Kexample.com.+011+58910.key | 1 - testdata/Kexample.com.+011+58910.private | 3 --- testdata/Kexample.com.+012+60385.ds | 1 + testdata/Kexample.com.+012+60385.key | 1 + testdata/Kexample.com.+012+60385.private | 3 +++ testdata/test_sigs.gost | 10 ++++----- testdata/val_ds_gost.rpl | 25 ++++++++++++---------- testdata/val_ds_gost_downgrade.rpl | 27 ++++++++++++------------ 10 files changed, 43 insertions(+), 34 deletions(-) delete mode 100644 testdata/Kexample.com.+011+58910.ds delete mode 100644 testdata/Kexample.com.+011+58910.key delete mode 100644 testdata/Kexample.com.+011+58910.private create mode 100644 testdata/Kexample.com.+012+60385.ds create mode 100644 testdata/Kexample.com.+012+60385.key create mode 100644 testdata/Kexample.com.+012+60385.private diff --git a/doc/Changelog b/doc/Changelog index b0e5ce54b..d32886b02 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,8 @@ +15 April 2010: Wouter + - ECC-GOST algorithm number 12 that is assigned by IANA. New test + example key and signatures for GOST. GOST requires openssl-1.0.0. + GOST is still disabled by default. + 9 April 2010: Wouter - Fix bug#305: pkt_dname_tolower could read beyond end of buffer or get into an endless loop, if 0x20 was enabled, and buffers are small diff --git a/testdata/Kexample.com.+011+58910.ds b/testdata/Kexample.com.+011+58910.ds deleted file mode 100644 index 3d4ee2c92..000000000 --- a/testdata/Kexample.com.+011+58910.ds +++ /dev/null @@ -1 +0,0 @@ -example.com. 3600 IN DS 58910 11 3 687978f784ddf4ffecd42788be42057d75bcf952134bf887d334e635b18dfdeb ; xipal-novuz-lecut-totyz-zurut-gonum-mazyg-dacal-tytur-suveh-dagig-revym-lugef-genef-hysam-tazav-ryxex diff --git a/testdata/Kexample.com.+011+58910.key b/testdata/Kexample.com.+011+58910.key deleted file mode 100644 index 788df0f2c..000000000 --- a/testdata/Kexample.com.+011+58910.key +++ /dev/null @@ -1 +0,0 @@ -example.com. 3600 IN DNSKEY 256 3 11 UQgaBVNAin7hJySuuU1V9z6+iDMMYGNNtCgNJLMCzBNxFHRdhQff/y1vZExYNfSztK3RUOiy/uTqIa265Fr6PQ== ;{id = 58910 (zsk), size = 512b} diff --git a/testdata/Kexample.com.+011+58910.private b/testdata/Kexample.com.+011+58910.private deleted file mode 100644 index b988ea1bf..000000000 --- a/testdata/Kexample.com.+011+58910.private +++ /dev/null @@ -1,3 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 11 (ECC-GOST) -GostAsn1: MEYCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIwIhAOAlrm29bz9Kh0FaXhdP9IfjypQoKcm/xiMYR8GWkJm9 diff --git a/testdata/Kexample.com.+012+60385.ds b/testdata/Kexample.com.+012+60385.ds new file mode 100644 index 000000000..335e8f200 --- /dev/null +++ b/testdata/Kexample.com.+012+60385.ds @@ -0,0 +1 @@ +example.com. 3600 IN DS 60385 12 3 c93b6fd6893d42ae60acd15088c2aeea0e0f013e535961855f17299507f70e0d ; xudef-ririt-kidaf-tebyp-vemep-segih-bydes-dyriv-pofab-zibaf-vigyh-numom-halac-lypin-hycaz-lofub-taxex diff --git a/testdata/Kexample.com.+012+60385.key b/testdata/Kexample.com.+012+60385.key new file mode 100644 index 000000000..022315c2b --- /dev/null +++ b/testdata/Kexample.com.+012+60385.key @@ -0,0 +1 @@ +example.com. 3600 IN DNSKEY 256 3 12 9SZY+xB3wKtrLoRHzkBs9L3fjcvazjnk5HF3gMaD1PVp4pthrwgHIm0TUaLrd3YCa2VCl5wj+MzbhZi8NEJ/Cg== ;{id = 60385 (zsk), size = 512b} diff --git a/testdata/Kexample.com.+012+60385.private b/testdata/Kexample.com.+012+60385.private new file mode 100644 index 000000000..f1c629148 --- /dev/null +++ b/testdata/Kexample.com.+012+60385.private @@ -0,0 +1,3 @@ +Private-key-format: v1.2 +Algorithm: 12 (ECC-GOST) +GostAsn1: MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgIge0NaZG76WD9K6vNRD1yDuVPtKlEtFQbHIjoB106B6Hc= diff --git a/testdata/test_sigs.gost b/testdata/test_sigs.gost index 8de53070b..ebc85aabb 100644 --- a/testdata/test_sigs.gost +++ b/testdata/test_sigs.gost @@ -3,13 +3,13 @@ ; first entry is a DNSKEY answer, with the DNSKEY rrset used for verification. ; later entries are verified with it. -; Test GOST signatures using algo number 11. +; Test GOST signatures using algo number 12. ENTRY_BEGIN SECTION QUESTION nlnetlabs.nl. IN DNSKEY SECTION ANSWER -nlnetlabs.nl. 3600 IN DNSKEY 256 3 11 UQgaBVNAin7hJySuuU1V9z6+iDMMYGNNtCgNJLMCzBNxFHRdhQff/y1vZExYNfSztK3RUOiy/uTqIa265Fr6PQ== ;{id = 58910 (zsk), size = 512b} +nlnetlabs.nl. 3600 IN DNSKEY 256 3 12 9SZY+xB3wKtrLoRHzkBs9L3fjcvazjnk5HF3gMaD1PVp4pthrwgHIm0TUaLrd3YCa2VCl5wj+MzbhZi8NEJ/Cg== ;{id = 60385 (zsk), size = 512b} ENTRY_END ; entry to test @@ -18,7 +18,7 @@ SECTION QUESTION open.nlnetlabs.nl. IN A SECTION ANSWER open.nlnetlabs.nl. 600 IN A 213.154.224.1 -open.nlnetlabs.nl. 600 IN RRSIG A 11 3 600 20090903100515 20090806100515 58910 nlnetlabs.nl. w/FZQYEhu3Quf0kiru1S+CVBXE7VAJuBOWJ4z/ukIZC10tIRVJ4qkxJdfh60BDnBZnU8askArXsKmgZGLEftxQ== ;{id = 58910} +open.nlnetlabs.nl. 600 IN RRSIG A 12 3 600 20090903100515 20090806100515 60385 nlnetlabs.nl. XVxDmt7/gRk13Yv+U+RPuEZ86iCGSVPmTcpMZYJs14Yn6Y/On8X+vgLV6IzxQTxAwGb+D35/dUfT55p6pFo8YQ== ;{id = 60385} ENTRY_END ENTRY_BEGIN @@ -27,7 +27,7 @@ open.nlnetlabs.nl. IN AAAA SECTION ANSWER open.nlnetlabs.nl. 600 IN AAAA 2001:7b8:206:1::1 open.nlnetlabs.nl. 600 IN AAAA 2001:7b8:206:1::53 -open.nlnetlabs.nl. 600 IN RRSIG AAAA 11 3 600 20090903100515 20090806100515 58910 nlnetlabs.nl. c4rWveXX+ZX1LcGBEd3AUCMA9TgAh/eGFFDFIDeeBOZxeC83nx0jZWrQC1PMoVMjCt7VKH2ChIQq2fwbPeeXrQ== ;{id = 58910} +open.nlnetlabs.nl. 600 IN RRSIG AAAA 12 3 600 20090903100515 20090806100515 60385 nlnetlabs.nl. +tdW+Uhkl2dBsD3zjGFGg1UtkBgfEhM6aXzERl0gWElgoJ4pCpXTV7VhZQ4yjibpMYjcXsBhQLcN7AuG20Ps9Q== ;{id = 60385} ENTRY_END ENTRY_BEGIN @@ -35,6 +35,6 @@ SECTION QUESTION open.nlnetlabs.nl. IN NSEC SECTION ANSWER open.nlnetlabs.nl. 3600 IN NSEC nlnetlabs.nl. A AAAA RRSIG NSEC -open.nlnetlabs.nl. 3600 IN RRSIG NSEC 11 3 3600 20090903100515 20090806100515 58910 nlnetlabs.nl. g83jorGebhLfnujx7nh2Vhs2rNSqLSVQURohpNLhaIehqwfaKomYkZGUDXy/KwcGEAkNVQHogL7KudkB8lcFrg== ;{id = 58910} +open.nlnetlabs.nl. 3600 IN RRSIG NSEC 12 3 3600 20090903100515 20090806100515 60385 nlnetlabs.nl. vOzQQh9ITdgD74ohIE37L8mAZcgDt7V+HrrPjCdalsFYw9dvGwuEvc0MfSDmzrFQ7OhL0elwI/A1AfK57M7emQ== ;{id = 60385} ENTRY_END diff --git a/testdata/val_ds_gost.rpl b/testdata/val_ds_gost.rpl index fe38cd672..11601e1f2 100644 --- a/testdata/val_ds_gost.rpl +++ b/testdata/val_ds_gost.rpl @@ -115,11 +115,13 @@ SECTION AUTHORITY sub.example.com. IN NS ns.sub.example.com. ; GOST DS for sub.example.com. -sub.example.com. 3600 IN DS 58910 11 3 e88148d88f5f08cca67e695543aaefd4c5c3469262e95dc3870821beaf7d0a65 ; xupam-cedyt-mifuh-zudes-sanyl-vepah-hybip-piryt-gycys-fecun-demuv-nilis-fecyb-mamar-voril-tydak-huxux -sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. AHsiikBOFKEuYMRTCcrn0rW0gA7JhcSDfeYo004bzjCFBlNnt0n+Z74= ;{id = 2854} +sub.example.com. 3600 IN DS 60385 12 3 2be04f63b3d069fd65f81a3b810b661a00d39be3ff00d1c7481a150b93b0d027 ; xepov-bofek-fuset-bipiz-tunoz-mukyf-rybyb-ranic-pobet-fakov-fozob-bagus-ludac-pyheb-rygor-bygyd-lyxyx ; SHA DS for sub.example.com. -; sub.example.com. 3600 IN DS 58910 11 1 5c5afc6c1b9c39568111145bc2e85f5913d6c919 ; xilah-puzok-sykan-suvyh-koboc-cehih-rybov-myluh-nagyt-kidic-nyxex +;sub.example.com. 3600 IN DS 60385 12 1 0a66f7923318bb1e208bfd975ffa2e30cfcdf962 ; xedik-katin-dasec-myvic-vumum-rizan-luluz-paraf-befas-tovek-dyxax +;sub.example.com. 3600 IN DS 60385 12 2 cd3290b84b457d02ca29846a005a5eba61640256ced8deca0ef8345d2cd34a58 ; xufef-dugir-modog-hyzyb-dadod-nicuk-pubyh-polor-pomuk-gobuh-kufet-mulus-pofyz-metoh-tarit-fudih-moxex + +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ADwjiGkzrz8RPRJ6LAB37cNEQxTXSaR6Stu/GwGvcQ7KVGH/Qw76ktI= ;{id = 2854} SECTION ADDITIONAL ns.sub.example.com. IN A 1.2.3.6 @@ -138,10 +140,10 @@ SECTION QUESTION sub.example.com. IN NS SECTION ANSWER sub.example.com. IN NS ns.sub.example.com. -sub.example.com. 3600 IN RRSIG NS 11 3 3600 20070926134150 20070829134150 58910 sub.example.com. 3+H3UPhpHtSDlTCf7pRAYEX1Zodi0BcvkNL6mahA364ReIxLjSGcJEaNZ4moTRk/V9OTK3K39P78Q9TUeYtrSA== ;{id = 58910} +sub.example.com. 3600 IN RRSIG NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. LAgerMKnwGgapo7tDs2jV8kjA+RminByvkR6qHineRDv4SYbRdDlCtYcFR4CoYo9aigLPej1WBmaZjFV+/7AVA== ;{id = 60385} SECTION ADDITIONAL ns.sub.example.com. IN A 1.2.3.6 -ns.sub.example.com. 3600 IN RRSIG A 11 4 3600 20070926134150 20070829134150 58910 sub.example.com. 0+byC/6fXGq5j06m2zJfUHiyhSpZTM8AQlE6ygr1jAiuPkl9GURvLH7XkWjS1n+K0+KuS2xTnwWlqBWuhlpRQQ== ;{id = 58910} +ns.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. qYVQEwiVNWwRRoDJxK3c3LaXtfvOm/YzOEzXbN2MxPHZXHaa2nCzWLsILNstot/wTAbrk4wNcT16gKxF5JguNw== ;{id = 60385} ENTRY_END ; response to DNSKEY priming query @@ -152,15 +154,16 @@ REPLY QR NOERROR SECTION QUESTION sub.example.com. IN DNSKEY SECTION ANSWER -sub.example.com. 3600 IN DNSKEY 256 3 11 UQgaBVNAin7hJySuuU1V9z6+iDMMYGNNtCgNJLMCzBNxFHRdhQff/y1vZExYNfSztK3RUOiy/uTqIa265Fr6PQ== ;{id = 58910 (zsk), size = 512b} -sub.example.com. 3600 IN RRSIG DNSKEY 11 3 3600 20070926134150 20070829134150 58910 sub.example.com. bHt9jld0nHQqV0sVqaYMos+FjgIhOyqlMFHPgu1G47qJan20wKCrMEFn4ZJLZP1VTllopqvszZe4E5MXeEhlGw== ;{id = 58910} +sub.example.com. 3600 IN DNSKEY 256 3 12 9SZY+xB3wKtrLoRHzkBs9L3fjcvazjnk5HF3gMaD1PVp4pthrwgHIm0TUaLrd3YCa2VCl5wj+MzbhZi8NEJ/Cg== ;{id = 60385 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. zyZCppfMjlMS9xs3pJfbWkdA6EgV5MqI11AdVRV8pBsyI7diYLWm8RAHlhEI5MT59A6IT6Di9YjOCvWJjzZ9tA== ;{id = 60385} SECTION AUTHORITY sub.example.com. IN NS ns.sub.example.com. -sub.example.com. 3600 IN RRSIG NS 11 3 3600 20070926134150 20070829134150 58910 sub.example.com. 3+H3UPhpHtSDlTCf7pRAYEX1Zodi0BcvkNL6mahA364ReIxLjSGcJEaNZ4moTRk/V9OTK3K39P78Q9TUeYtrSA== ;{id = 58910} +sub.example.com. 3600 IN RRSIG NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 3y6qmOn5GIytQQtXmdhkyL0+8Um7uNzOA0m0CkWFtzN81T98jHdGcCGNC3CIGMyhKaWKqPlOoSwIfm55fa4qRA== ;{id = 60385} SECTION ADDITIONAL ns.sub.example.com. IN A 1.2.3.6 -ns.sub.example.com. 3600 IN RRSIG A 11 4 3600 20070926134150 20070829134150 58910 sub.example.com. 0+byC/6fXGq5j06m2zJfUHiyhSpZTM8AQlE6ygr1jAiuPkl9GURvLH7XkWjS1n+K0+KuS2xTnwWlqBWuhlpRQQ== ;{id = 58910} +ns.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. VS97UxG9Kn7DIYFCnBDJQ3n7sQ+aYF42/cU6s8jF1Y4nHSorKPFa0KHn0WVmaW33hA+Vs4BWTvJ1/JOpbiJskA== ;{id = 60385} + ENTRY_END ; response to query of interest @@ -172,7 +175,7 @@ SECTION QUESTION www.sub.example.com. IN A SECTION ANSWER www.sub.example.com. IN A 11.11.11.11 -www.sub.example.com. 3600 IN RRSIG A 11 4 3600 20070926134150 20070829134150 58910 sub.example.com. O+jJMnuACx9Ugw1xemUJ0wyFovR3pax+YLTtF6TVGaGOcne70aMyk+PkHntxSAHIgmEhOJtWpdBpVghKrMUgxw== ;{id = 58910} +www.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385} SECTION AUTHORITY SECTION ADDITIONAL @@ -195,7 +198,7 @@ SECTION QUESTION www.sub.example.com. IN A SECTION ANSWER www.sub.example.com. 3600 IN A 11.11.11.11 -www.sub.example.com. 3600 IN RRSIG A 11 4 3600 20070926134150 20070829134150 58910 sub.example.com. O+jJMnuACx9Ugw1xemUJ0wyFovR3pax+YLTtF6TVGaGOcne70aMyk+PkHntxSAHIgmEhOJtWpdBpVghKrMUgxw== ;{id = 58910} +www.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385} SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END diff --git a/testdata/val_ds_gost_downgrade.rpl b/testdata/val_ds_gost_downgrade.rpl index 0d38098ab..b3f238097 100644 --- a/testdata/val_ds_gost_downgrade.rpl +++ b/testdata/val_ds_gost_downgrade.rpl @@ -124,18 +124,19 @@ sub.example.com. IN NS ns.sub.example.com. ; downgrade: false GOST, correct SHA -sub.example.com. 3600 IN DS 58910 11 3 e77148d88f5f08cca67e695543aaefd4c5c3469262e95dc3870821beaf7d0a65 + +sub.example.com. 3600 IN DS 60385 12 3 2be04f63b3d069fd65f81a3b810b661a00d39be3ff00d1c7481a150b93b0d028 ; correct GOST DS for sub.example.com. -; sub.example.com. 3600 IN DS 58910 11 3 e88148d88f5f08cca67e695543aaefd4c5c3469262e95dc3870821beaf7d0a65 ; xupam-cedyt-mifuh-zudes-sanyl-vepah-hybip-piryt-gycys-fecun-demuv-nilis-fecyb-mamar-voril-tydak-huxux +; sub.example.com. 3600 IN DS 60385 12 3 2be04f63b3d069fd65f81a3b810b661a00d39be3ff00d1c7481a150b93b0d027 ; xepov-bofek-fuset-bipiz-tunoz-mukyf-rybyb-ranic-pobet-fakov-fozob-bagus-ludac-pyheb-rygor-bygyd-lyxyx ; SHA1 DS for sub.example.com. -sub.example.com. 3600 IN DS 58910 11 1 5c5afc6c1b9c39568111145bc2e85f5913d6c919 ; xilah-puzok-sykan-suvyh-koboc-cehih-rybov-myluh-nagyt-kidic-nyxex +sub.example.com. 3600 IN DS 60385 12 1 0a66f7923318bb1e208bfd975ffa2e30cfcdf962 ; xedik-katin-dasec-myvic-vumum-rizan-luluz-paraf-befas-tovek-dyxax ; SHA256 DS for sub.example.com. -sub.example.com. 3600 IN DS 58910 11 2 abe9f057a63c8e1779099af54c3392ca5e643ce383dfd79a8391df5ff11324e8 ; xopov-nusyh-lunuf-sufec-livyb-nykoz-hefaf-fogos-palek-gozyv-fubat-zehyn-pebun-culoh-zisec-fonav-mexyx +sub.example.com. 3600 IN DS 60385 12 2 cd3290b84b457d02ca29846a005a5eba61640256ced8deca0ef8345d2cd34a58 ; xufef-dugir-modog-hyzyb-dadod-nicuk-pubyh-polor-pomuk-gobuh-kufet-mulus-pofyz-metoh-tarit-fudih-moxex ; signs SHA1, SHA2 and GOST DSes -sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. AIbA2kEfT78Xfag9ndYBLFJw43zcKbuumiekUfb+pTWl7x1IArCFhNA= ;{id = 2854} +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926135752 20070829135752 2854 example.com. ADB1PPtGoPKRrhNtRtkqeqpgnZdbPOdJMgjdZVxPfgGCoMTu3JFQVbo= ;{id = 2854} SECTION ADDITIONAL ns.sub.example.com. IN A 1.2.3.6 @@ -154,11 +155,11 @@ SECTION QUESTION sub.example.com. IN NS SECTION ANSWER sub.example.com. IN NS ns.sub.example.com. -sub.example.com. 3600 IN RRSIG NS 11 3 3600 20070926134150 20070829134150 58910 sub.example.com. S3ByzAnmpzVhSm+Qay+F7BRKPcoWfc/K0AV5Eg5vwwNqlpYwWNVvTRiE6YDiyJ7yOMsiff1E6FCuEDedLoa0/g== ;{id = 58910} +sub.example.com. 3600 IN RRSIG NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 6mNrX32/DC2RU1A+yWCccn5H6wnsbNYTlf8e/LyF1fsuNfw6tH12sKGBCtk1mp4HpDIgH02HDHplJskSFOvzTw== ;{id = 60385} SECTION ADDITIONAL ns.sub.example.com. IN A 1.2.3.6 -ns.sub.example.com. 3600 IN RRSIG A 11 4 3600 20070926134150 20070829134150 58910 sub.example.com. H8+jqzbxcRWw1DBDB0azOaO6TRx9lE2JqiF4syuKvhApkSNmkNxB6hSLSp3qjL3zFbNSrlwo3nUBgeDh9mZTDA== ;{id = 58910} +ns.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. kJEyinL7BkpiPW2HxmFHRLAi68EdrLXToJiK83a5cedDe5ABL7c/k+nFHd3WjATUtVoueY3pSnCDVCJaFmd+/A== ;{id = 60385} ENTRY_END ; response to DNSKEY priming query @@ -169,14 +170,14 @@ REPLY QR NOERROR SECTION QUESTION sub.example.com. IN DNSKEY SECTION ANSWER -sub.example.com. 3600 IN DNSKEY 256 3 11 UQgaBVNAin7hJySuuU1V9z6+iDMMYGNNtCgNJLMCzBNxFHRdhQff/y1vZExYNfSztK3RUOiy/uTqIa265Fr6PQ== ;{id = 58910 (zsk), size = 512b} -sub.example.com. 3600 IN RRSIG DNSKEY 11 3 3600 20070926134150 20070829134150 58910 sub.example.com. sksp5fNuXuYwSDarL18vtJfKu5zB7tSpGCZ0nkCqe6d8B0hd7ITZOi5hwm3u3raDBzpUmOZoS/HEVwx0MIGgdg== ;{id = 58910} +sub.example.com. 3600 IN DNSKEY 256 3 12 9SZY+xB3wKtrLoRHzkBs9L3fjcvazjnk5HF3gMaD1PVp4pthrwgHIm0TUaLrd3YCa2VCl5wj+MzbhZi8NEJ/Cg== ;{id = 60385 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. zyZCppfMjlMS9xs3pJfbWkdA6EgV5MqI11AdVRV8pBsyI7diYLWm8RAHlhEI5MT59A6IT6Di9YjOCvWJjzZ9tA== ;{id = 60385} SECTION AUTHORITY sub.example.com. IN NS ns.sub.example.com. -sub.example.com. 3600 IN RRSIG NS 11 3 3600 20070926134150 20070829134150 58910 sub.example.com. S3ByzAnmpzVhSm+Qay+F7BRKPcoWfc/K0AV5Eg5vwwNqlpYwWNVvTRiE6YDiyJ7yOMsiff1E6FCuEDedLoa0/g== ;{id = 58910} +sub.example.com. 3600 IN RRSIG NS 12 3 3600 20070926134150 20070829134150 60385 sub.example.com. 6mNrX32/DC2RU1A+yWCccn5H6wnsbNYTlf8e/LyF1fsuNfw6tH12sKGBCtk1mp4HpDIgH02HDHplJskSFOvzTw== ;{id = 60385} SECTION ADDITIONAL ns.sub.example.com. IN A 1.2.3.6 -ns.sub.example.com. 3600 IN RRSIG A 11 4 3600 20070926134150 20070829134150 58910 sub.example.com. H8+jqzbxcRWw1DBDB0azOaO6TRx9lE2JqiF4syuKvhApkSNmkNxB6hSLSp3qjL3zFbNSrlwo3nUBgeDh9mZTDA== ;{id = 58910} +ns.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. kJEyinL7BkpiPW2HxmFHRLAi68EdrLXToJiK83a5cedDe5ABL7c/k+nFHd3WjATUtVoueY3pSnCDVCJaFmd+/A== ;{id = 60385} ENTRY_END ; response to query of interest @@ -188,7 +189,7 @@ SECTION QUESTION www.sub.example.com. IN A SECTION ANSWER www.sub.example.com. IN A 11.11.11.11 -www.sub.example.com. 3600 IN RRSIG A 11 4 3600 20070926134150 20070829134150 58910 sub.example.com. Aov4/MYSAUGtAA+28i00gLPL+6F18v/rgH+tYRO5XIkMAgyS5sGhUGZ9k2EOCXSNxm6QQCm6+h70zt70gLrbNw== ;{id = 58910} +www.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385} SECTION AUTHORITY SECTION ADDITIONAL @@ -221,7 +222,7 @@ SECTION QUESTION www.sub.example.com. IN A SECTION ANSWER ;www.sub.example.com. 3600 IN A 11.11.11.11 -;www.sub.example.com. 3600 IN RRSIG A 11 4 3600 20070926134150 20070829134150 58910 sub.example.com. Aov4/MYSAUGtAA+28i00gLPL+6F18v/rgH+tYRO5XIkMAgyS5sGhUGZ9k2EOCXSNxm6QQCm6+h70zt70gLrbNw== ;{id = 58910} +;www.sub.example.com. 3600 IN RRSIG A 12 4 3600 20070926134150 20070829134150 60385 sub.example.com. KVDpNBH83UM8l1e9yAdXA1fV+wFJSJF4NtOnDLTtbpfyVbndNW3tvPc2YfLBxTEZeUCns2QrqcmIMdZ086frOQ== ;{id = 60385} SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END