unbound/testdata/val_nsec3_b3_optout.rpl

; config options
server:
        trust-anchor: "example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )"
	val-override-date: "20120420235959"
	target-fetch-policy: "0 0 0 0 0"
	qname-minimisation: "no"
	fake-sha1: yes
	trust-anchor-signaling: no
	minimal-responses: no

stub-zone:
	name: "."
	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
CONFIG_END

SCENARIO_BEGIN Test validator NSEC3 B.3 referral to optout unsigned zone.

; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
	ADDRESS 193.0.14.129 
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS	K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
ENTRY_END

ENTRY_BEGIN
MATCH opcode
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
. IN A
SECTION AUTHORITY
example.	IN NS	ns1.example.
; leave out to make unbound take ns1
;example.	IN NS	ns2.example.
SECTION ADDITIONAL
ns1.example.	IN A 192.0.2.1
; leave out to make unbound take ns1
;ns2.example.	IN A 192.0.2.2
ENTRY_END
RANGE_END

; ns1.example.
RANGE_BEGIN 0 100
	ADDRESS 192.0.2.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id copy_query
REPLY QR REFUSED
SECTION QUESTION
example. IN NS
SECTION ANSWER
ENTRY_END

; response to DNSKEY priming query

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example. IN DNSKEY
SECTION ANSWER
example. DNSKEY  256 3 7 AwEAAaetidLzsKWUt4swWR8yu0wPHPiUi8LU ( sAD0QPWU+wzt89epO6tHzkMBVDkC7qphQO2h TY4hHn9npWFRw5BYubE= )
example. DNSKEY  257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )
example. RRSIG   DNSKEY 7 1 3600 20150420235959 ( 20051021000000 12708 example.  AuU4juU9RaxescSmStrQks3Gh9FblGBlVU31 uzMZ/U/FpsUb8aC6QZS+sTsJXnLnz7flGOsm MGQZf3bH+QsCtg== )
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA DO NOERROR
SECTION QUESTION
mc.c.example.       IN MX
SECTION AUTHORITY
c.example.	NS      ns1.c.example.
c.example. 	NS      ns2.c.example.

;; NSEC3 RR that covers the "next closer" name (c.example)
;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )

;; NSEC3 RR that matches the closest encloser (example)
;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )

SECTION ADDITIONAL
ns1.c.example. A       192.0.2.7
ns2.c.example. A       192.0.2.8

ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA DO NOERROR
SECTION QUESTION
c.example.       IN DS
SECTION AUTHORITY
;; NSEC3 RR that covers the "next closer" name (c.example)
;; H(c.example) = 4g6p9u5gvfshp30pqecj98b3maqbn1ck
35mthgpgcu1qg68fab165klnsnk3dpvl.example. NSEC3 1 1 12 aabbccdd ( b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG )
35mthgpgcu1qg68fab165klnsnk3dpvl.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQ Aynzo8EUWH+z6hEIBlUTPGj15eZll6VhQqgZ XtAIR3chwgW+SA== )

;; NSEC3 RR that matches the closest encloser (example)
;; H(example) = 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. NSEC3 1 1 12 aabbccdd ( 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3PARAM RRSIG )
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. RRSIG   NSEC3 7 2 3600 20150420235959 20051021000000 ( 40430 example.  OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKL IBHYH6blRxK9rC0bMJPwQ4mLIuw85H2EY762 BOCXJZMnpuwhpA== )
ENTRY_END

RANGE_END

; ns1.c.example.
RANGE_BEGIN 0 100
	ADDRESS 192.0.2.7
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
c.example.       IN NS
SECTION ANSWER
c.example.	NS      ns1.c.example.
c.example. 	NS      ns2.c.example.
SECTION ADDITIONAL
ns1.c.example. A       192.0.2.7
ns2.c.example. A       192.0.2.8
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
mc.c.example.       IN MX
SECTION ANSWER
mc.c.example.       IN MX 50 mx.c.example.
SECTION AUTHORITY
c.example.	NS      ns1.c.example.
c.example. 	NS      ns2.c.example.
SECTION ADDITIONAL
ns1.c.example. A       192.0.2.7
ns2.c.example. A       192.0.2.8
ENTRY_END
RANGE_END

; ns2.c.example.
RANGE_BEGIN 0 100
	ADDRESS 192.0.2.8
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
c.example.       IN NS
SECTION ANSWER
c.example.	NS      ns1.c.example.
c.example. 	NS      ns2.c.example.
SECTION ADDITIONAL
ns1.c.example. A       192.0.2.7
ns2.c.example. A       192.0.2.8
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
mc.c.example.       IN MX
SECTION ANSWER
mc.c.example.       IN MX 50 mx.c.example.
SECTION AUTHORITY
c.example.	NS      ns1.c.example.
c.example. 	NS      ns2.c.example.
SECTION ADDITIONAL
ns1.c.example. A       192.0.2.7
ns2.c.example. A       192.0.2.8
ENTRY_END
RANGE_END


STEP 1 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
mc.c.example.       IN MX
ENTRY_END

; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA DO NOERROR
SECTION QUESTION
mc.c.example.       IN MX
SECTION ANSWER
mc.c.example.       IN MX 50 mx.c.example.
SECTION AUTHORITY
c.example.	NS      ns1.c.example.
c.example. 	NS      ns2.c.example.
SECTION ADDITIONAL
ns1.c.example. A       192.0.2.7
ns2.c.example. A       192.0.2.8
ENTRY_END

SCENARIO_END