mirror of
https://github.com/isc-projects/bind9.git
synced 2026-02-28 20:41:18 -05:00
Prime the cache with a negative cache DS entry then make a query for name beneath that entry. This will cause the DS entry to be retieved as part of the validation process. Each RRset in the ncache entry will be validated and the trust level for each will be updated.
171 lines
3.5 KiB
Text
171 lines
3.5 KiB
Text
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
;
|
|
; SPDX-License-Identifier: MPL-2.0
|
|
;
|
|
; This Source Code Form is subject to the terms of the Mozilla Public
|
|
; License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
; file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
;
|
|
; See the COPYRIGHT file distributed with this work for additional
|
|
; information regarding copyright ownership.
|
|
|
|
$TTL 300 ; 5 minutes
|
|
@ IN SOA mname1. . (
|
|
2000042407 ; serial
|
|
20 ; refresh (20 seconds)
|
|
20 ; retry (20 seconds)
|
|
1814400 ; expire (3 weeks)
|
|
3600 ; minimum (1 hour)
|
|
)
|
|
NS ns2
|
|
NS ns3
|
|
ns2 A 10.53.0.2
|
|
ns3 A 10.53.0.3
|
|
|
|
a A 10.0.0.1
|
|
b A 10.0.0.2
|
|
d A 10.0.0.4
|
|
|
|
; Used for testing ANY queries
|
|
foo TXT "testing"
|
|
foo A 10.0.1.0
|
|
|
|
bad-cname CNAME a
|
|
bad-dname DNAME @
|
|
|
|
; Used for testing CNAME queries
|
|
cname1 CNAME cname1-target
|
|
cname1-target TXT "testing cname"
|
|
|
|
cname2 CNAME cname2-target
|
|
cname2-target TXT "testing cname"
|
|
|
|
; Used for testing DNAME queries
|
|
dname1 DNAME dname1-target
|
|
foo.dname1-target TXT "testing dname"
|
|
|
|
dname2 DNAME dname2-target
|
|
foo.dname2-target TXT "testing dname"
|
|
|
|
; A secure subdomain
|
|
secure NS ns3.secure
|
|
ns3.secure A 10.53.0.3
|
|
|
|
; An insecure subdomain
|
|
insecure NS ns.insecure
|
|
ns.insecure A 10.53.0.3
|
|
|
|
; A second insecure subdomain
|
|
insecure2 NS ns.insecure2
|
|
ns.insecure2 A 10.53.0.3
|
|
|
|
; A secure subdomain we're going to inject bogus data into
|
|
bogus NS ns.bogus
|
|
ns.bogus A 10.53.0.3
|
|
|
|
; A subdomain with a corrupt DS
|
|
badds NS ns.badds
|
|
ns.badds A 10.53.0.3
|
|
|
|
; A dynamic secure subdomain
|
|
dynamic NS dynamic
|
|
dynamic A 10.53.0.3
|
|
|
|
; A insecure subdomain
|
|
mustbesecure NS ns.mustbesecure
|
|
ns.mustbesecure A 10.53.0.3
|
|
|
|
; A subdomain with expired signatures
|
|
expired NS ns.expired
|
|
ns.expired A 10.53.0.3
|
|
|
|
; A rfc2535 signed zone w/ CNAME
|
|
rfc2535 NS ns.rfc2535
|
|
ns.rfc2535 A 10.53.0.3
|
|
|
|
z A 10.0.0.26
|
|
|
|
keyless NS ns.keyless
|
|
ns.keyless A 10.53.0.3
|
|
|
|
nsec3 NS ns.nsec3
|
|
ns.nsec3 A 10.53.0.3
|
|
|
|
optout NS ns.optout
|
|
ns.optout A 10.53.0.3
|
|
|
|
nsec3-unknown NS ns.nsec3-unknown
|
|
ns.nsec3-unknown A 10.53.0.3
|
|
|
|
optout-unknown NS ns.optout-unknown
|
|
ns.optout-unknown A 10.53.0.3
|
|
|
|
dnskey-unknown NS ns.dnskey-unknown
|
|
ns.dnskey-unknown A 10.53.0.3
|
|
|
|
dnskey-unsupported NS ns.dnskey-unsupported
|
|
ns.dnskey-unsupported A 10.53.0.3
|
|
|
|
dnskey-nsec3-unknown NS ns.dnskey-nsec3-unknown
|
|
ns.dnskey-nsec3-unknown A 10.53.0.3
|
|
|
|
multiple NS ns.multiple
|
|
ns.multiple A 10.53.0.3
|
|
|
|
*.wild A 10.0.0.27
|
|
|
|
rsasha256 NS ns.rsasha256
|
|
ns.rsasha256 A 10.53.0.3
|
|
|
|
rsasha512 NS ns.rsasha512
|
|
ns.rsasha512 A 10.53.0.3
|
|
|
|
kskonly NS ns.kskonly
|
|
ns.kskonly A 10.53.0.3
|
|
|
|
update-nsec3 NS ns.update-nsec3
|
|
ns.update-nsec3 A 10.53.0.3
|
|
|
|
auto-nsec NS ns.auto-nsec
|
|
ns.auto-nsec A 10.53.0.3
|
|
|
|
auto-nsec3 NS ns.auto-nsec3
|
|
ns.auto-nsec3 A 10.53.0.3
|
|
|
|
|
|
below-cname CNAME some.where.else.
|
|
|
|
insecure.below-cname NS ns.insecure.below-cname
|
|
ns.insecure.below-cname A 10.53.0.3
|
|
|
|
secure.below-cname NS ns.secure.below-cname
|
|
ns.secure.below-cname A 10.53.0.3
|
|
|
|
ttlpatch NS ns.ttlpatch
|
|
ns.ttlpatch A 10.53.0.3
|
|
|
|
split-dnssec NS ns.split-dnssec
|
|
ns.split-dnssec A 10.53.0.3
|
|
|
|
split-smart NS ns.split-smart
|
|
ns.split-smart A 10.53.0.3
|
|
|
|
upper NS ns.upper
|
|
ns.upper A 10.53.0.3
|
|
|
|
LOWER NS NS.LOWER
|
|
NS.LOWER A 10.53.0.3
|
|
|
|
expiring NS ns.expiring
|
|
ns.expiring A 10.53.0.3
|
|
|
|
future NS ns.future
|
|
ns.future A 10.53.0.3
|
|
|
|
managed-future NS ns.managed-future
|
|
ns.managed-future A 10.53.0.3
|
|
|
|
revkey NS ns.revkey
|
|
ns.revkey A 10.53.0.3
|
|
|
|
dname-at-apex-nsec3 NS ns3
|