Accueil Explorer Aide
Connexion
zorun
/
kea
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: efc43a67d2
Branches Tags
kea
/
tests
/
lettuce
/
features
/
nsec3_auth.feature

nsec3_auth.feature 29 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452 
  1. Feature: NSEC3 Authoritative service
    2. 

  2.     This feature tests NSEC3 as defined in RFC5155, using the example
    3. 

  3.     zone from appendix A and testing the example responses from appendix B.
    4. 

  4.     Additional tests can be added as well.
    5. 

  5. 

  6.     # Response section data is taken directly from RFC5155
    7. 

  7.     # It has been modified slightly; it has been 'flattened' (i.e. converted
    8. 

  8.     # to 1-line RRs with TTL and class data), and whitespace has been added
    9. 

  9.     # in the places where dig adds them too.
    10. 

  10.     # Any other changes from the specific example data are added as inline
    11. 

  11.     # comments.
    12. 

  12. 

  13.     Scenario: B.1. Name Error
    14. 

  14.         Given I have bind10 running with configuration nsec3/nsec3_auth.config
    15. 

  15.         And wait for bind10 stderr message BIND10_STARTED_CC
    16. 

  16.         And wait for bind10 stderr message CMDCTL_STARTED
    17. 

  17.         And wait for bind10 stderr message AUTH_SERVER_STARTED
    18. 

  18. 

  19.         bind10 module Auth should be running
    20. 

  20.         And bind10 module Resolver should not be running
    21. 

  21. 	And bind10 module Xfrout should not be running
    22. 

  22. 	And bind10 module Zonemgr should not be running
    23. 

  23. 	And bind10 module Xfrin should not be running
    24. 

  24. 	And bind10 module Stats should not be running
    25. 

  25. 

  26.         A dnssec query for a.c.x.w.example. should have rcode NXDOMAIN
    27. 

  27.         The last query response should have flags qr aa rd
    28. 

  28.         The last query response should have edns_flags do
    29. 

  29.         The last query response should have ancount 0
    30. 

  30.         The last query response should have nscount 8
    31. 

  31.         The last query response should have adcount 1
    32. 

  32.         The authority section of the last query response should be
    33. 

  33.         """
    34. 

  34.         example.	3600	IN	SOA	ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
    35. 

  35.         example.	3600	IN	RRSIG	SOA 7 1 3600 20150420235959 20051021000000 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8iq4ZLlYWfUUbbAS41pG+6 8z81q1xhkYAcEyHdVI2LmKusbZsT0Q==
    36. 

  36.         0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.	3600	IN	NSEC3	1 1 12 aabbccdd  2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA MX RRSIG DNSKEY NSEC3PARAM 
    37. 

  37.         0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKLIBHYH6blRxK9rC0bMJPw Q4mLIuw85H2EY762BOCXJZMnpuwhpA==
    38. 

  38.         b4um86eghhds6nea196smvmlo4ors995.example.	3600	IN	NSEC3	1 1 12 aabbccdd  gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG 
    39. 

  39.         b4um86eghhds6nea196smvmlo4ors995.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh5u4m/CUiwtblEVOaAKKZ d7S959OeiX43aLX3pOv0TSTyiTxIZg==
    40. 

  40.         35mthgpgcu1qg68fab165klnsnk3dpvl.example.	3600	IN	NSEC3	1 1 12 aabbccdd  b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG 
    41. 

  41.         35mthgpgcu1qg68fab165klnsnk3dpvl.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQAynzo8EUWH+z6hEIBlUT PGj15eZll6VhQqgZXtAIR3chwgW+SA==
    42. 

  42.         """
    43. 

  43. 

  44.     Scenario: B.2. No Data Error
    45. 

  45.         Given I have bind10 running with configuration nsec3/nsec3_auth.config
    46. 

  46.         And wait for bind10 stderr message BIND10_STARTED_CC
    47. 

  47.         And wait for bind10 stderr message CMDCTL_STARTED
    48. 

  48.         And wait for bind10 stderr message AUTH_SERVER_STARTED
    49. 

  49. 

  50.         bind10 module Auth should be running
    51. 

  51.         And bind10 module Resolver should not be running
    52. 

  52. 	And bind10 module Xfrout should not be running
    53. 

  53. 	And bind10 module Zonemgr should not be running
    54. 

  54. 	And bind10 module Xfrin should not be running
    55. 

  55. 	And bind10 module Stats should not be running
    56. 

  56. 

  57.         A dnssec query for ns1.example. type MX should have rcode NOERROR
    58. 

  58.         The last query response should have flags qr aa rd
    59. 

  59.         The last query response should have edns_flags do
    60. 

  60.         The last query response should have ancount 0
    61. 

  61.         The last query response should have nscount 4
    62. 

  62.         The last query response should have adcount 1
    63. 

  63.         The authority section of the last query response should be
    64. 

  64.         """
    65. 

  65.         example.	3600	IN	SOA	ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
    66. 

  66.         example.	3600	IN	RRSIG	SOA 7 1 3600 20150420235959 20051021000000 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8iq4ZLlYWfUUbbAS41pG+6 8z81q1xhkYAcEyHdVI2LmKusbZsT0Q==
    67. 

  67.         2t7b4g4vsa5smi47k61mv5bv1a22bojr.example.	3600	IN	NSEC3	1 1 12 aabbccdd  2vptu5timamqttgl4luu9kg21e0aor3s A RRSIG 
    68. 

  68.         2t7b4g4vsa5smi47k61mv5bv1a22bojr.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. OmBvJ1Vgg1hCKMXHFiNeIYHK9XVW0iLDLwJN4TFoNxZuP03gAXEI634Y wOc4YBNITrj413iqNI6mRk/r1dOSUw==
    69. 

  69.         """
    70. 

  70. 

  71.     Scenario: B2.1. No Data Error, Empty Non-Terminal
    72. 

  72.         Given I have bind10 running with configuration nsec3/nsec3_auth.config
    73. 

  73.         And wait for bind10 stderr message BIND10_STARTED_CC
    74. 

  74.         And wait for bind10 stderr message CMDCTL_STARTED
    75. 

  75.         And wait for bind10 stderr message AUTH_SERVER_STARTED
    76. 

  76. 

  77.         bind10 module Auth should be running
    78. 

  78.         And bind10 module Resolver should not be running
    79. 

  79. 	And bind10 module Xfrout should not be running
    80. 

  80. 	And bind10 module Zonemgr should not be running
    81. 

  81. 	And bind10 module Xfrin should not be running
    82. 

  82. 	And bind10 module Stats should not be running
    83. 

  83. 

  84.         A dnssec query for y.w.example. should have rcode NOERROR
    85. 

  85.         The last query response should have flags qr aa rd
    86. 

  86.         The last query response should have edns_flags do
    87. 

  87.         The last query response should have ancount 0
    88. 

  88.         The last query response should have nscount 4
    89. 

  89.         The last query response should have adcount 1
    90. 

  90.         The authority section of the last query response should be
    91. 

  91.         """
    92. 

  92.         example.	3600	IN	SOA	ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
    93. 

  93.         example.	3600	IN	RRSIG	SOA 7 1 3600 20150420235959 20051021000000 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8iq4ZLlYWfUUbbAS41pG+6 8z81q1xhkYAcEyHdVI2LmKusbZsT0Q==
    94. 

  94.         ji6neoaepv8b5o6k4ev33abha8ht9fgc.example.	3600	IN	NSEC3	1 1 12 aabbccdd  k8udemvp1j2f7eg6jebps17vp3n8i58h
    95. 

  95.         ji6neoaepv8b5o6k4ev33abha8ht9fgc.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. gPkFp1s2QDQ6wQzcg1uSebZ61W33rUBDcTj72F3kQ490fEdp7k1BUIfb cZtPbX3YCpE+sIt0MpzVSKfTwx4uYA==
    96. 

  96.         """
    97. 

  97. 

  98.     Scenario: B.3. Referral to an Opt-Out Unsigned Zone
    99. 

  99.         Given I have bind10 running with configuration nsec3/nsec3_auth.config
    100. 

  100.         And wait for bind10 stderr message BIND10_STARTED_CC
    101. 

  101.         And wait for bind10 stderr message CMDCTL_STARTED
    102. 

  102.         And wait for bind10 stderr message AUTH_SERVER_STARTED
    103. 

  103. 

  104.         bind10 module Auth should be running
    105. 

  105.         And bind10 module Resolver should not be running
    106. 

  106. 	And bind10 module Xfrout should not be running
    107. 

  107. 	And bind10 module Zonemgr should not be running
    108. 

  108. 	And bind10 module Xfrin should not be running
    109. 

  109. 	And bind10 module Stats should not be running
    110. 

  110. 

  111.         A dnssec query for mc.c.example. type MX should have rcode NOERROR
    112. 

  112.         The last query response should have flags qr rd
    113. 

  113.         The last query response should have edns_flags do
    114. 

  114.         The last query response should have ancount 0
    115. 

  115.         The last query response should have nscount 6
    116. 

  116.         The last query response should have adcount 3
    117. 

  117.         The authority section of the last query response should be
    118. 

  118.         """
    119. 

  119.         c.example.	3600	IN	NS	ns1.c.example.
    120. 

  120.         c.example.	3600	IN	NS	ns2.c.example.
    121. 

  121.         35mthgpgcu1qg68fab165klnsnk3dpvl.example.	3600	IN	NSEC3	1 1 12 aabbccdd  b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG 
    122. 

  122.         35mthgpgcu1qg68fab165klnsnk3dpvl.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQAynzo8EUWH+z6hEIBlUT PGj15eZll6VhQqgZXtAIR3chwgW+SA==
    123. 

  123.         0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.	3600	IN	NSEC3	1 1 12 aabbccdd  2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA MX RRSIG DNSKEY NSEC3PARAM 
    124. 

  124.         0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKLIBHYH6blRxK9rC0bMJPw Q4mLIuw85H2EY762BOCXJZMnpuwhpA==
    125. 

  125.         """
    126. 

  126.         The additional section of the last query response should be
    127. 

  127.         """
    128. 

  128.         ns1.c.example. 3600 IN A       192.0.2.7
    129. 

  129.         ns2.c.example. 3600 IN A       192.0.2.8
    130. 

  130.         """
    131. 

  131. 

  132.     Scenario: B.4. Wildcard Expansion
    133. 

  133.         Given I have bind10 running with configuration nsec3/nsec3_auth.config
    134. 

  134.         And wait for bind10 stderr message BIND10_STARTED_CC
    135. 

  135.         And wait for bind10 stderr message CMDCTL_STARTED
    136. 

  136.         And wait for bind10 stderr message AUTH_SERVER_STARTED
    137. 

  137. 

  138.         bind10 module Auth should be running
    139. 

  139.         And bind10 module Resolver should not be running
    140. 

  140. 	And bind10 module Xfrout should not be running
    141. 

  141. 	And bind10 module Zonemgr should not be running
    142. 

  142. 	And bind10 module Xfrin should not be running
    143. 

  143. 	And bind10 module Stats should not be running
    144. 

  144. 

  145.         A dnssec query for a.z.w.example. type MX should have rcode NOERROR
    146. 

  146.         The last query response should have flags qr aa rd
    147. 

  147.         The last query response should have edns_flags do
    148. 

  148.         The last query response should have ancount 2
    149. 

  149.         The last query response should have nscount 5
    150. 

  150.         The last query response should have adcount 9
    151. 

  151.         The answer section of the last query response should be
    152. 

  152.         """
    153. 

  153.         a.z.w.example.	3600	IN	MX	1 ai.example.
    154. 

  154.         a.z.w.example.	3600	IN	RRSIG	MX 7 2 3600 20150420235959 20051021000000 40430 example. CikebjQwGQPwijVcxgcZcSJKtfynugtlBiKb9FcBTrmOoyQ4InoWVudh CWsh/URX3lc4WRUMivEBP6+4KS3ldA==
    155. 

  155.         """
    156. 

  156.         The authority section of the last query response should be
    157. 

  157.         """
    158. 

  158.         example.	3600	IN	NS	ns1.example.
    159. 

  159.         example.	3600	IN	NS	ns2.example.
    160. 

  160.         example.	3600	IN	RRSIG	NS 7 1 3600 20150420235959 20051021000000 40430 example. PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJqOtdEVgg+MA+ai4fWDEh u3qHJyLcQ9tbD2vvCnMXjtz6SyObxA==
    161. 

  161.         q04jkcevqvmu85r014c7dkba38o0ji5r.example.	3600	IN	NSEC3	1 1 12 aabbccdd  r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG 
    162. 

  162.         q04jkcevqvmu85r014c7dkba38o0ji5r.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3ZxlMKimoPAyqletMlEWw LfFia7sdpSzn+ZlNNlkxWcLsIlMmUg==
    163. 

  163.         """
    164. 

  164.         # This is slightly different from the example in RFC5155; there are
    165. 

  165.         # more RRs in the additional section.
    166. 

  166.         The additional section of the last query response should be
    167. 

  167.         """
    168. 

  168.         ai.example.		3600	IN	A	192.0.2.9
    169. 

  169.         ai.example.		3600	IN	AAAA	2001:db8::f00:baa9
    170. 

  170.         ns1.example.		3600	IN	A	192.0.2.1
    171. 

  171.         ns2.example.		3600	IN	A	192.0.2.2
    172. 

  172.         ai.example.		3600	IN	RRSIG	A 7 2 3600 20150420235959 20051021000000 40430 example. hVe+wKYMlObTRPhX0NL67GxeZfdxqr/QeR6FtfdAj5+FgYxyzPEjIzvK Wy00hWIl6wD3Vws+rznEn8sQ64UdqA==
    173. 

  173.         ai.example.		3600	IN	RRSIG	AAAA 7 2 3600 20150420235959 20051021000000 40430 example. LcdxKaCB5bGZwPDg+3JJ4O02zoMBrjxqlf6WuaHQZZfTUpb9Nf2nxFGe 2XRPfR5tpJT6GdRGcHueLuXkMjBArQ==
    174. 

  174.         ns1.example.		3600	IN	RRSIG	A 7 2 3600 20150420235959 20051021000000 40430 example. bu6kx73n6XEunoVGuRfAgY7EF/AJqHy7hj0jkiqJjB0dOrx3wuz9SaBe GfqWIdn/uta3SavN4FRvZR9SCFHF5Q==
    175. 

  175.         ns2.example.		3600	IN	RRSIG	A 7 2 3600 20150420235959 20051021000000 40430 example. ktQ3TqE0CfRfki0Rb/Ip5BM0VnxelbuejCC4zpLbFKA/7eD7UNAwxMgx JPtbdST+syjYSJaj4IHfeX6n8vfoGA==
    176. 

  176.         """
    177. 

  177. 

  178.     Scenario: B.5. Wildcard No Data Error
    179. 

  179.         Given I have bind10 running with configuration nsec3/nsec3_auth.config
    180. 

  180.         And wait for bind10 stderr message BIND10_STARTED_CC
    181. 

  181.         And wait for bind10 stderr message CMDCTL_STARTED
    182. 

  182.         And wait for bind10 stderr message AUTH_SERVER_STARTED
    183. 

  183. 

  184.         bind10 module Auth should be running
    185. 

  185.         And bind10 module Resolver should not be running
    186. 

  186. 	And bind10 module Xfrout should not be running
    187. 

  187. 	And bind10 module Zonemgr should not be running
    188. 

  188. 	And bind10 module Xfrin should not be running
    189. 

  189. 	And bind10 module Stats should not be running
    190. 

  190. 

  191.         A dnssec query for a.z.w.example. type AAAA should have rcode NOERROR
    192. 

  192.         The last query response should have flags qr aa rd
    193. 

  193.         The last query response should have edns_flags do
    194. 

  194.         The last query response should have ancount 0
    195. 

  195.         The last query response should have nscount 8
    196. 

  196.         The last query response should have adcount 1
    197. 

  197.         The authority section of the last query response should be
    198. 

  198.         """
    199. 

  199.         example.	3600	IN	SOA	ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
    200. 

  200.         example.	3600	IN	RRSIG	SOA 7 1 3600 20150420235959 20051021000000 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8iq4ZLlYWfUUbbAS41pG+6 8z81q1xhkYAcEyHdVI2LmKusbZsT0Q==
    201. 

  201.         k8udemvp1j2f7eg6jebps17vp3n8i58h.example.	3600	IN	NSEC3	1 1 12 aabbccdd  kohar7mbb8dc2ce8a9qvl8hon4k53uhi
    202. 

  202.         k8udemvp1j2f7eg6jebps17vp3n8i58h.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBKS6qCcftVtfH4yVzsEZqu J27NHR7ruxJWDNMtOtx7w9WfcIg62A==
    203. 

  203.         q04jkcevqvmu85r014c7dkba38o0ji5r.example.	3600	IN	NSEC3	1 1 12 aabbccdd  r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG 
    204. 

  204.         q04jkcevqvmu85r014c7dkba38o0ji5r.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3ZxlMKimoPAyqletMlEWw LfFia7sdpSzn+ZlNNlkxWcLsIlMmUg==
    205. 

  205.         r53bq7cc2uvmubfu5ocmm6pers9tk9en.example.	3600	IN	NSEC3	1 1 12 aabbccdd  t644ebqk9bibcna874givr6joj62mlhv MX RRSIG 
    206. 

  206.         r53bq7cc2uvmubfu5ocmm6pers9tk9en.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/CZFKulIGXXLj8B/fsDJar XVDA9bnUoRhEbKp+HF1FWKW7RIJdtQ==
    207. 

  207.         """
    208. 

  208. 

  209.     Scenario: B.6. DS Child Zone No Data Error
    210. 

  210.         Given I have bind10 running with configuration nsec3/nsec3_auth.config
    211. 

  211.         And wait for bind10 stderr message BIND10_STARTED_CC
    212. 

  212.         And wait for bind10 stderr message CMDCTL_STARTED
    213. 

  213.         And wait for bind10 stderr message AUTH_SERVER_STARTED
    214. 

  214. 

  215.         bind10 module Auth should be running
    216. 

  216.         And bind10 module Resolver should not be running
    217. 

  217. 	And bind10 module Xfrout should not be running
    218. 

  218. 	And bind10 module Zonemgr should not be running
    219. 

  219. 	And bind10 module Xfrin should not be running
    220. 

  220. 	And bind10 module Stats should not be running
    221. 

  221. 

  222.         A dnssec query for example. type DS should have rcode NOERROR
    223. 

  223.         The last query response should have flags qr aa rd
    224. 

  224.         The last query response should have edns_flags do
    225. 

  225.         The last query response should have ancount 0
    226. 

  226.         The last query response should have nscount 4
    227. 

  227.         The last query response should have adcount 1
    228. 

  228.         The authority section of the last query response should be
    229. 

  229.         """
    230. 

  230.         example.	3600	IN	SOA	ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
    231. 

  231.         example.	3600	IN	RRSIG	SOA 7 1 3600 20150420235959 20051021000000 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8iq4ZLlYWfUUbbAS41pG+6 8z81q1xhkYAcEyHdVI2LmKusbZsT0Q==
    232. 

  232.         0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.	3600	IN	NSEC3	1 1 12 aabbccdd  2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA MX RRSIG DNSKEY NSEC3PARAM 
    233. 

  233.         0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKLIBHYH6blRxK9rC0bMJPw Q4mLIuw85H2EY762BOCXJZMnpuwhpA==
    234. 

  234.         """
    235. 

  235. 

  236.     #
    237. 

  237.     # Below are additional tests, not explicitely stated in RFC5155
    238. 

  238.     #
    239. 

  239. 

  240.     Scenario: 7.2.2 other; Name Error where one NSEC3 covers multiple parts of proof (closest encloser)
    241. 

  241.         Given I have bind10 running with configuration nsec3/nsec3_auth.config
    242. 

  242.         And wait for bind10 stderr message BIND10_STARTED_CC
    243. 

  243.         And wait for bind10 stderr message CMDCTL_STARTED
    244. 

  244.         And wait for bind10 stderr message AUTH_SERVER_STARTED
    245. 

  245. 

  246.         bind10 module Auth should be running
    247. 

  247.         And bind10 module Resolver should not be running
    248. 

  248. 	And bind10 module Xfrout should not be running
    249. 

  249. 	And bind10 module Zonemgr should not be running
    250. 

  250. 	And bind10 module Xfrin should not be running
    251. 

  251. 	And bind10 module Stats should not be running
    252. 

  252. 

  253.         A dnssec query for b.x.w.example. should have rcode NXDOMAIN
    254. 

  254.         The last query response should have flags qr aa rd
    255. 

  255.         The last query response should have edns_flags do
    256. 

  256.         The last query response should have ancount 0
    257. 

  257.         The last query response should have nscount 6
    258. 

  258.         The last query response should have adcount 1
    259. 

  259.         The authority section of the last query response should be
    260. 

  260.         """
    261. 

  261.         example.	3600	IN	SOA	ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
    262. 

  262.         example.	3600	IN	RRSIG	SOA 7 1 3600 20150420235959 20051021000000 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8iq4ZLlYWfUUbbAS41pG+6 8z81q1xhkYAcEyHdVI2LmKusbZsT0Q==
    263. 

  263.         b4um86eghhds6nea196smvmlo4ors995.example.	3600	IN	NSEC3	1 1 12 aabbccdd  gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG 
    264. 

  264.         b4um86eghhds6nea196smvmlo4ors995.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh5u4m/CUiwtblEVOaAKKZ d7S959OeiX43aLX3pOv0TSTyiTxIZg==
    265. 

  265.         35mthgpgcu1qg68fab165klnsnk3dpvl.example.	3600	IN	NSEC3	1 1 12 aabbccdd  b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG 
    266. 

  266.         35mthgpgcu1qg68fab165klnsnk3dpvl.example.	3600	IN	RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQAynzo8EUWH+z6hEIBlUT PGj15eZll6VhQqgZXtAIR3chwgW+SA==
    267. 

  267.         """
    268. 

  268. 

  269.     Scenario: 7.2.2 other; Name Error where one NSEC3 covers multiple parts of proof (wildcard)
    270. 

  270.         Given I have bind10 running with configuration nsec3/nsec3_auth.config
    271. 

  271.         And wait for bind10 stderr message BIND10_STARTED_CC
    272. 

  272.         And wait for bind10 stderr message CMDCTL_STARTED
    273. 

  273.         And wait for bind10 stderr message AUTH_SERVER_STARTED
    274. 

  274. 

  275.         bind10 module Auth should be running
    276. 

  276.         And bind10 module Resolver should not be running
    277. 

  277. 	And bind10 module Xfrout should not be running
    278. 

  278. 	And bind10 module Zonemgr should not be running
    279. 

  279. 	And bind10 module Xfrin should not be running
    280. 

  280. 	And bind10 module Stats should not be running
    281. 

  281. 

  282.         A dnssec query for a.w.example. should have rcode NOERROR
    283. 

  283.         The last query response should have flags qr aa rd
    284. 

  284.         The last query response should have edns_flags do
    285. 

  285.         The last query response should have ancount 0
    286. 

  286.         The last query response should have nscount 6
    287. 

  287.         The last query response should have adcount 1
    288. 

  288.         The authority section of the last query response should be
    289. 

  289.         """
    290. 

  290.         example.		3600	IN	SOA	ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
    291. 

  291.         example.		3600	IN	RRSIG	SOA 7 1 3600 20150420235959 20051021000000 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8iq4ZLlYWfUUbbAS41pG+6 8z81q1xhkYAcEyHdVI2LmKusbZsT0Q==
    292. 

  292.         k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN NSEC3	1 1 12 AABBCCDD KOHAR7MBB8DC2CE8A9QVL8HON4K53UHI
    293. 

  293.         k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBKS6qCcftVtfH4yVzsEZqu J27NHR7ruxJWDNMtOtx7w9WfcIg62A==
    294. 

  294.         r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN NSEC3	1 1 12 AABBCCDD T644EBQK9BIBCNA874GIVR6JOJ62MLHV MX RRSIG
    295. 

  295.         r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/CZFKulIGXXLj8B/fsDJar XVDA9bnUoRhEbKp+HF1FWKW7RIJdtQ==
    296. 

  296.         """
    297. 

  297. 

  298.     Scenario: Wildcard other: Wildcard name itself
    299. 

  299.         Given I have bind10 running with configuration nsec3/nsec3_auth.config
    300. 

  300.         And wait for bind10 stderr message BIND10_STARTED_CC
    301. 

  301.         And wait for bind10 stderr message CMDCTL_STARTED
    302. 

  302.         And wait for bind10 stderr message AUTH_SERVER_STARTED
    303. 

  303. 

  304.         bind10 module Auth should be running
    305. 

  305.         And bind10 module Resolver should not be running
    306. 

  306. 	And bind10 module Xfrout should not be running
    307. 

  307. 	And bind10 module Zonemgr should not be running
    308. 

  308. 	And bind10 module Xfrin should not be running
    309. 

  309. 	And bind10 module Stats should not be running
    310. 

  310. 

  311.         A dnssec query for *.w.example. type MX should have rcode NOERROR
    312. 

  312.         The last query response should have flags qr aa rd
    313. 

  313.         The last query response should have edns_flags do
    314. 

  314.         The last query response should have ancount 2
    315. 

  315.         The last query response should have nscount 3
    316. 

  316.         The last query response should have adcount 9
    317. 

  317.         The answer section of the last query response should be
    318. 

  318.         """
    319. 

  319.         *.w.example.		3600	IN	MX	1 ai.example.
    320. 

  320.         *.w.example.		3600	IN	RRSIG	MX 7 2 3600 20150420235959 20051021000000 40430 example. CikebjQwGQPwijVcxgcZcSJKtfynugtlBiKb9FcBTrmOoyQ4InoWVudh CWsh/URX3lc4WRUMivEBP6+4KS3ldA==
    321. 

  321.         """
    322. 

  322.         The authority section of the last query response should be
    323. 

  323.         """
    324. 

  324.         example.		3600	IN	NS	ns1.example.
    325. 

  325.         example.		3600	IN	NS	ns2.example.
    326. 

  326.         example.		3600	IN	RRSIG	NS 7 1 3600 20150420235959 20051021000000 40430 example. PVOgtMK1HHeSTau+HwDWC8Ts+6C8qtqd4pQJqOtdEVgg+MA+ai4fWDEh u3qHJyLcQ9tbD2vvCnMXjtz6SyObxA==
    327. 

  327.         """
    328. 

  328.         The additional section of the last query response should be
    329. 

  329.         """
    330. 

  330.         ai.example.		3600	IN	A	192.0.2.9
    331. 

  331.         ai.example.		3600	IN	AAAA	2001:db8::f00:baa9
    332. 

  332.         ns1.example.		3600	IN	A	192.0.2.1
    333. 

  333.         ns2.example.		3600	IN	A	192.0.2.2
    334. 

  334.         ai.example.		3600	IN	RRSIG	A 7 2 3600 20150420235959 20051021000000 40430 example. hVe+wKYMlObTRPhX0NL67GxeZfdxqr/QeR6FtfdAj5+FgYxyzPEjIzvK Wy00hWIl6wD3Vws+rznEn8sQ64UdqA==
    335. 

  335.         ai.example.		3600	IN	RRSIG	AAAA 7 2 3600 20150420235959 20051021000000 40430 example. LcdxKaCB5bGZwPDg+3JJ4O02zoMBrjxqlf6WuaHQZZfTUpb9Nf2nxFGe 2XRPfR5tpJT6GdRGcHueLuXkMjBArQ==
    336. 

  336.         ns1.example.		3600	IN	RRSIG	A 7 2 3600 20150420235959 20051021000000 40430 example. bu6kx73n6XEunoVGuRfAgY7EF/AJqHy7hj0jkiqJjB0dOrx3wuz9SaBe GfqWIdn/uta3SavN4FRvZR9SCFHF5Q==
    337. 

  337.         ns2.example.		3600	IN	RRSIG	A 7 2 3600 20150420235959 20051021000000 40430 example. ktQ3TqE0CfRfki0Rb/Ip5BM0VnxelbuejCC4zpLbFKA/7eD7UNAwxMgx JPtbdST+syjYSJaj4IHfeX6n8vfoGA==
    338. 

  338.         """
    339. 

  339. 

  340.     Scenario: Wildcard other: Wildcard name itself nodata
    341. 

  341.         Given I have bind10 running with configuration nsec3/nsec3_auth.config
    342. 

  342.         And wait for bind10 stderr message BIND10_STARTED_CC
    343. 

  343.         And wait for bind10 stderr message CMDCTL_STARTED
    344. 

  344.         And wait for bind10 stderr message AUTH_SERVER_STARTED
    345. 

  345. 

  346.         bind10 module Auth should be running
    347. 

  347.         And bind10 module Resolver should not be running
    348. 

  348. 	And bind10 module Xfrout should not be running
    349. 

  349. 	And bind10 module Zonemgr should not be running
    350. 

  350. 	And bind10 module Xfrin should not be running
    351. 

  351. 	And bind10 module Stats should not be running
    352. 

  352. 

  353.         A dnssec query for *.w.example. type A should have rcode NOERROR
    354. 

  354.         The last query response should have flags qr aa rd
    355. 

  355.         The last query response should have edns_flags do
    356. 

  356.         The last query response should have ancount 0
    357. 

  357.         The last query response should have nscount 4
    358. 

  358.         The last query response should have adcount 1
    359. 

  359.         The authority section of the last query response should be
    360. 

  360.         """
    361. 

  361.         example.		3600	IN	SOA	ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
    362. 

  362.         example.		3600	IN	RRSIG	SOA 7 1 3600 20150420235959 20051021000000 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8iq4ZLlYWfUUbbAS41pG+6 8z81q1xhkYAcEyHdVI2LmKusbZsT0Q==
    363. 

  363.         r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN NSEC3	1 1 12 AABBCCDD T644EBQK9BIBCNA874GIVR6JOJ62MLHV MX RRSIG
    364. 

  364.         r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/CZFKulIGXXLj8B/fsDJar XVDA9bnUoRhEbKp+HF1FWKW7RIJdtQ==
    365. 

  365.         """
    366. 

  366. 

  367.     Scenario: Direct query for NSEC3 record
    368. 

  368.         Given I have bind10 running with configuration nsec3/nsec3_auth.config
    369. 

  369.         And wait for bind10 stderr message BIND10_STARTED_CC
    370. 

  370.         And wait for bind10 stderr message CMDCTL_STARTED
    371. 

  371.         And wait for bind10 stderr message AUTH_SERVER_STARTED
    372. 

  372. 

  373.         bind10 module Auth should be running
    374. 

  374.         And bind10 module Resolver should not be running
    375. 

  375. 	And bind10 module Xfrout should not be running
    376. 

  376. 	And bind10 module Zonemgr should not be running
    377. 

  377. 	And bind10 module Xfrin should not be running
    378. 

  378. 	And bind10 module Stats should not be running
    379. 

  379. 

  380.         A dnssec query for 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. type NSEC3 should have rcode NXDOMAIN
    381. 

  381.         The last query response should have flags qr aa rd
    382. 

  382.         The last query response should have edns_flags do
    383. 

  383.         The last query response should have ancount 0
    384. 

  384.         The last query response should have nscount 8
    385. 

  385.         The last query response should have adcount 1
    386. 

  386.         The authority section of the last query response should be
    387. 

  387.         """
    388. 

  388.         example.		3600	IN	SOA	ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
    389. 

  389.         example.		3600	IN	RRSIG	SOA 7 1 3600 20150420235959 20051021000000 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8iq4ZLlYWfUUbbAS41pG+6 8z81q1xhkYAcEyHdVI2LmKusbZsT0Q==
    390. 

  390.         0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN NSEC3	1 1 12 AABBCCDD 2T7B4G4VSA5SMI47K61MV5BV1A22BOJR NS SOA MX RRSIG DNSKEY NSEC3PARAM
    391. 

  391.         0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKLIBHYH6blRxK9rC0bMJPw Q4mLIuw85H2EY762BOCXJZMnpuwhpA==
    392. 

  392.         q04jkcevqvmu85r014c7dkba38o0ji5r.example. 3600 IN NSEC3	1 1 12 AABBCCDD R53BQ7CC2UVMUBFU5OCMM6PERS9TK9EN A RRSIG
    393. 

  393.         q04jkcevqvmu85r014c7dkba38o0ji5r.example. 3600 IN RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. hV5I89b+4FHJDATp09g4bbN0R1F845CaXpL3ZxlMKimoPAyqletMlEWw LfFia7sdpSzn+ZlNNlkxWcLsIlMmUg==
    394. 

  394.         gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN NSEC3	1 1 12 AABBCCDD JI6NEOAEPV8B5O6K4EV33ABHA8HT9FGC A HINFO AAAA RRSIG
    395. 

  395.         gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. IVnezTJ9iqblFF97vPSmfXZ5Zozngx3KX3byLTZC4QBH2dFWhf6scrGF ZB980AfCxoD9qbbKDy+rdGIeRSVNyw==
    396. 

  396.         """
    397. 

  397. 

  398.     Scenario: No data, type DS, in-zone
    399. 

  399.         Given I have bind10 running with configuration nsec3/nsec3_auth.config
    400. 

  400.         And wait for bind10 stderr message BIND10_STARTED_CC
    401. 

  401.         And wait for bind10 stderr message CMDCTL_STARTED
    402. 

  402.         And wait for bind10 stderr message AUTH_SERVER_STARTED
    403. 

  403. 

  404.         bind10 module Auth should be running
    405. 

  405.         And bind10 module Resolver should not be running
    406. 

  406. 	And bind10 module Xfrout should not be running
    407. 

  407. 	And bind10 module Zonemgr should not be running
    408. 

  408. 	And bind10 module Xfrin should not be running
    409. 

  409. 	And bind10 module Stats should not be running
    410. 

  410. 

  411.         A dnssec query for ai.example. type DS should have rcode NOERROR
    412. 

  412.         The last query response should have flags qr aa rd
    413. 

  413.         The last query response should have edns_flags do
    414. 

  414.         The last query response should have ancount 0
    415. 

  415.         The last query response should have nscount 4
    416. 

  416.         The last query response should have adcount 1
    417. 

  417.         The authority section of the last query response should be
    418. 

  418.         """
    419. 

  419.         example.		3600	IN	SOA	ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
    420. 

  420.         example.		3600	IN	RRSIG	SOA 7 1 3600 20150420235959 20051021000000 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8iq4ZLlYWfUUbbAS41pG+6 8z81q1xhkYAcEyHdVI2LmKusbZsT0Q==
    421. 

  421.         gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN NSEC3	1 1 12 AABBCCDD JI6NEOAEPV8B5O6K4EV33ABHA8HT9FGC A HINFO AAAA RRSIG
    422. 

  422.         gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. IVnezTJ9iqblFF97vPSmfXZ5Zozngx3KX3byLTZC4QBH2dFWhf6scrGF ZB980AfCxoD9qbbKDy+rdGIeRSVNyw==
    423. 

  423.         """
    424. 

  424. 

  425.     Scenario: No data, type DS, optout delegation
    426. 

  426.         Given I have bind10 running with configuration nsec3/nsec3_auth.config
    427. 

  427.         And wait for bind10 stderr message BIND10_STARTED_CC
    428. 

  428.         And wait for bind10 stderr message CMDCTL_STARTED
    429. 

  429.         And wait for bind10 stderr message AUTH_SERVER_STARTED
    430. 

  430. 

  431.         bind10 module Auth should be running
    432. 

  432.         And bind10 module Resolver should not be running
    433. 

  433. 	And bind10 module Xfrout should not be running
    434. 

  434. 	And bind10 module Zonemgr should not be running
    435. 

  435. 	And bind10 module Xfrin should not be running
    436. 

  436. 	And bind10 module Stats should not be running
    437. 

  437. 

  438.         A dnssec query for c.example. type DS should have rcode NOERROR
    439. 

  439.         The last query response should have flags qr aa rd
    440. 

  440.         The last query response should have edns_flags do
    441. 

  441.         The last query response should have ancount 0
    442. 

  442.         The last query response should have nscount 6
    443. 

  443.         The last query response should have adcount 1
    444. 

  444.         The authority section of the last query response should be
    445. 

  445.         """
    446. 

  446.         example.		3600	IN	SOA	ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
    447. 

  447.         example.		3600	IN	RRSIG	SOA 7 1 3600 20150420235959 20051021000000 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8iq4ZLlYWfUUbbAS41pG+6 8z81q1xhkYAcEyHdVI2LmKusbZsT0Q==
    448. 

  448.         0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN NSEC3	1 1 12 AABBCCDD 2T7B4G4VSA5SMI47K61MV5BV1A22BOJR NS SOA MX RRSIG DNSKEY NSEC3PARAM
    449. 

  449.         0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. OSgWSm26B+cS+dDL8b5QrWr/dEWhtCsKlwKLIBHYH6blRxK9rC0bMJPw Q4mLIuw85H2EY762BOCXJZMnpuwhpA==
    450. 

  450.         35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN NSEC3	1 1 12 AABBCCDD B4UM86EGHHDS6NEA196SMVMLO4ORS995 NS DS RRSIG
    451. 

  451.         35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN RRSIG	NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQAynzo8EUWH+z6hEIBlUT PGj15eZll6VhQqgZXtAIR3chwgW+SA==
    452. 

  452.         """
    453.