|
@@ -0,0 +1,121 @@
|
|
|
+;;
|
|
|
+;; This is a complete (but crafted and somewhat broken) zone file used
|
|
|
+;; in query tests.
|
|
|
+;;
|
|
|
+
|
|
|
+example.com. 3600 IN SOA . . 0 0 0 0 0
|
|
|
+example.com. 3600 IN NS glue.delegation.example.com.
|
|
|
+example.com. 3600 IN NS noglue.example.com.
|
|
|
+example.com. 3600 IN NS example.net.
|
|
|
+example.com. 3600 IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3 636B
|
|
|
+glue.delegation.example.com. 3600 IN A 192.0.2.153
|
|
|
+glue.delegation.example.com. 3600 IN AAAA 2001:db8::53
|
|
|
+noglue.example.com. 3600 IN A 192.0.2.53
|
|
|
+delegation.example.com. 3600 IN NS glue.delegation.example.com.
|
|
|
+delegation.example.com. 3600 IN NS noglue.example.com.
|
|
|
+delegation.example.com. 3600 IN NS cname.example.com.
|
|
|
+delegation.example.com. 3600 IN NS example.org.
|
|
|
+;; Borrowed from the RFC4035
|
|
|
+delegation.example.com. 3600 IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3 636B
|
|
|
+mx.example.com. 3600 IN MX 10 www.example.com.
|
|
|
+mx.example.com. 3600 IN MX 20 mailer.example.org.
|
|
|
+mx.example.com. 3600 IN MX 30 mx.delegation.example.com.
|
|
|
+www.example.com. 3600 IN A 192.0.2.80
|
|
|
+cname.example.com. 3600 IN CNAME www.example.com.
|
|
|
+cnamenxdom.example.com. 3600 IN CNAME nxdomain.example.com.
|
|
|
+;; CNAME Leading out of zone
|
|
|
+cnameout.example.com. 3600 IN CNAME www.example.org.
|
|
|
+;; The DNAME to do tests against
|
|
|
+dname.example.com. 3600 IN DNAME somethinglong.dnametarget.example.com.
|
|
|
+;; Some data at the dname node (allowed by RFC 2672)
|
|
|
+dname.example.com. 3600 IN A 192.0.2.5
|
|
|
+;; The rest of data won't be referenced from the test cases.
|
|
|
+cnamemailer.example.com. 3600 IN CNAME www.example.com.
|
|
|
+cnamemx.example.com. 3600 IN MX 10 cnamemailer.example.com.
|
|
|
+mx.delegation.example.com. 3600 IN A 192.0.2.100
|
|
|
+;; Wildcards
|
|
|
+*.wild.example.com. 3600 IN A 192.0.2.7
|
|
|
+*.wild.example.com. 3600 IN NSEC www.example.com. A NSEC RRSIG
|
|
|
+*.cnamewild.example.com. 3600 IN CNAME www.example.org.
|
|
|
+*.cnamewild.example.com. 3600 IN NSEC delegation.example.com. CNAME NSEC RRSIG
|
|
|
+;; Wildcard_nxrrset
|
|
|
+*.uwild.example.com. 3600 IN A 192.0.2.9
|
|
|
+*.uwild.example.com. 3600 IN NSEC www.uwild.example.com. A NSEC RRSIG
|
|
|
+www.uwild.example.com. 3600 IN A 192.0.2.11
|
|
|
+www.uwild.example.com. 3600 IN NSEC *.wild.example.com. A NSEC RRSIG
|
|
|
+;; Wildcard empty
|
|
|
+b.*.t.example.com. 3600 IN A 192.0.2.13
|
|
|
+b.*.t.example.com. 3600 IN NSEC *.uwild.example.com. A NSEC RRSIG
|
|
|
+t.example.com. 3600 IN A 192.0.2.15
|
|
|
+t.example.com. 3600 IN NSEC b.*.t.example.com. A NSEC RRSIG
|
|
|
+;; Used in NXDOMAIN proof test. We are going to test some unusual case where
|
|
|
+;; the best possible wildcard is below the "next domain" of the NSEC RR that
|
|
|
+;; proves the NXDOMAIN, i.e.,
|
|
|
+;; mx.example.com. (exist)
|
|
|
+;; (.no.example.com. (qname, NXDOMAIN)
|
|
|
+;; ).no.example.com. (exist)
|
|
|
+;; *.no.example.com. (best possible wildcard, not exist)
|
|
|
+).no.example.com. 3600 IN AAAA 2001:db8::53
|
|
|
+;; NSEC records.
|
|
|
+example.com. 3600 IN NSEC cname.example.com. NS SOA NSEC RRSIG
|
|
|
+mx.example.com. 3600 IN NSEC ).no.example.com. MX NSEC RRSIG
|
|
|
+).no.example.com. 3600 IN NSEC nz.no.example.com. AAAA NSEC RRSIG
|
|
|
+;; We'll also test the case where a single NSEC proves both NXDOMAIN and the
|
|
|
+;; non existence of wildcard. The following records will be used for that
|
|
|
+;; test.
|
|
|
+;; ).no.example.com. (exist, whose NSEC proves everything)
|
|
|
+;; *.no.example.com. (best possible wildcard, not exist)
|
|
|
+;; nx.no.example.com. (NXDOMAIN)
|
|
|
+;; nz.no.example.com. (exist)
|
|
|
+nz.no.example.com. 3600 IN AAAA 2001:db8::5300
|
|
|
+nz.no.example.com. 3600 IN NSEC noglue.example.com. AAAA NSEC RRSIG
|
|
|
+noglue.example.com. 3600 IN NSEC nonsec.example.com. A
|
|
|
+
|
|
|
+;; NSEC for the normal NXRRSET case
|
|
|
+www.example.com. 3600 IN NSEC example.com. A NSEC RRSIG
|
|
|
+
|
|
|
+;; Authoritative data without NSEC
|
|
|
+nonsec.example.com. 3600 IN A 192.0.2.0
|
|
|
+
|
|
|
+;; NSEC3 RRs. You may also need to add mapping to MockZoneFinder::hash_map_.
|
|
|
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.com. 3600 IN NSEC3 1 1 12 aabbccdd 2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA NSEC3PARAM RRSIG
|
|
|
+0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.com. 3600 IN RRSIG NSEC3 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
|
|
|
+q04jkcevqvmu85r014c7dkba38o0ji5r.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
|
|
|
+q04jkcevqvmu85r014c7dkba38o0ji5r.example.com. 3600 IN RRSIG NSEC3 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
|
|
|
+
|
|
|
+;; NSEC3 for wild.example.com (used in wildcard tests, will be added on
|
|
|
+;; demand not to confuse other tests)
|
|
|
+ji6neoaepv8b5o6k4ev33abha8ht9fgc.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en
|
|
|
+
|
|
|
+;; NSEC3 for cnamewild.example.com (used in wildcard tests, will be added on
|
|
|
+;; demand not to confuse other tests)
|
|
|
+k8udemvp1j2f7eg6jebps17vp3n8i58h.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en
|
|
|
+
|
|
|
+;; NSEC3 for *.uwild.example.com (will be added on demand not to confuse
|
|
|
+;; other tests)
|
|
|
+b4um86eghhds6nea196smvmlo4ors995.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
|
|
|
+;; NSEC3 for uwild.example.com. (will be added on demand)
|
|
|
+t644ebqk9bibcna874givr6joj62mlhv.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
|
|
|
+
|
|
|
+;; (Secure) delegation data; Delegation with DS record
|
|
|
+signed-delegation.example.com. 3600 IN NS ns.example.net.
|
|
|
+signed-delegation.example.com. 3600 IN DS 12345 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
|
|
|
+
|
|
|
+;; (Secure) delegation data; Delegation without DS record (and both NSEC
|
|
|
+;; and NSEC3 denying its existence)
|
|
|
+unsigned-delegation.example.com. 3600 IN NS ns.example.net.
|
|
|
+unsigned-delegation.example.com. 3600 IN NSEC unsigned-delegation-optout.example.com. NS RRSIG NSEC
|
|
|
+;; This one will be added on demand
|
|
|
+q81r598950igr1eqvc60aedlq66425b5.example.com. 3600 IN NSEC3 1 1 12 aabbccdd 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom NS RRSIG
|
|
|
+
|
|
|
+;; Delegation without DS record, and no direct matching NSEC3 record
|
|
|
+unsigned-delegation-optout.example.com. 3600 IN NS ns.example.net.
|
|
|
+unsigned-delegation-optout.example.com. 3600 IN NSEC *.uwild.example.com. NS RRSIG NSEC
|
|
|
+
|
|
|
+;; (Secure) delegation data; Delegation where the DS lookup will raise an
|
|
|
+;; exception.
|
|
|
+bad-delegation.example.com. 3600 IN NS ns.example.net.
|
|
|
+
|
|
|
+;; Delegation from an unsigned parent. There's no DS, and there's no NSEC
|
|
|
+;; or NSEC3 that proves it.
|
|
|
+nosec-delegation.example.com. 3600 IN NS ns.nosec.example.net.
|