bind9/bin/tests/system/dnssec/ns2/example.db.in

; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; SPDX-License-Identifier: MPL-2.0
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0.  If a copy of the MPL was not distributed with this
; file, you can obtain one at https://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.

$TTL 300	; 5 minutes
@			IN SOA	mname1. . (
				2000042407 ; serial
				20         ; refresh (20 seconds)
				20         ; retry (20 seconds)
				1814400    ; expire (3 weeks)
				3600       ; minimum (1 hour)
				)
			NS	ns2
			NS	ns3
ns2			A	10.53.0.2
ns3			A	10.53.0.3

a			A	10.0.0.1
b			A	10.0.0.2
d			A	10.0.0.4

; Used for testing ANY queries
foo			TXT	"testing"
foo			A	10.0.1.0

bad-cname		CNAME   a
bad-dname		DNAME   @

; Used for testing CNAME queries
cname1			CNAME	cname1-target
cname1-target		TXT	"testing cname"

cname2			CNAME	cname2-target
cname2-target		TXT	"testing cname"

; Used for testing DNAME queries
dname1			DNAME	dname1-target
foo.dname1-target	TXT	"testing dname"

dname2			DNAME	dname2-target
foo.dname2-target	TXT	"testing dname"

; A secure subdomain
secure			NS	ns3.secure
ns3.secure		A	10.53.0.3

; An insecure subdomain
insecure		NS	ns.insecure
ns.insecure		A	10.53.0.3

; A second insecure subdomain
insecure2		NS	ns.insecure2
ns.insecure2		A	10.53.0.3

; A secure subdomain we're going to inject bogus data into
bogus			NS	ns.bogus
ns.bogus		A	10.53.0.3

; A subdomain with a corrupt DS
badds			NS	ns.badds
ns.badds		A	10.53.0.3

; A subdomain with a corrupt DS, but locally trusted by the forwarder
localkey		NS	ns.localkey
ns.localkey		A	10.53.0.3

; A dynamic secure subdomain
dynamic			NS	dynamic
dynamic			A	10.53.0.3

; A subdomain with expired signatures
expired			NS	ns.expired
ns.expired		A	10.53.0.3

; A rfc2535 signed zone w/ CNAME
rfc2535			NS	ns.rfc2535
ns.rfc2535		A	10.53.0.3

z			A	10.0.0.26

keyless			NS	ns.keyless
ns.keyless		A	10.53.0.3

nsec3			NS	ns.nsec3
ns.nsec3		A	10.53.0.3

optout			NS	ns.optout
ns.optout		A	10.53.0.3

nsec3-unknown		NS	ns.nsec3-unknown
ns.nsec3-unknown	A	10.53.0.3

optout-unknown		NS	ns.optout-unknown
ns.optout-unknown	A	10.53.0.3

dnskey-unknown		NS	ns.dnskey-unknown
ns.dnskey-unknown	A	10.53.0.3

dnskey-unsupported	NS	ns.dnskey-unsupported
ns.dnskey-unsupported	A	10.53.0.3

ds-unsupported	NS	ns.ds-unsupported
ns.ds-unsupported	A	10.53.0.3

digest-alg-unsupported    NS 	ns.digest-alg-unsupported
ns.digest-alg-unsupported A	10.53.0.3

dnskey-nsec3-unknown	NS	ns.dnskey-nsec3-unknown
ns.dnskey-nsec3-unknown	A	10.53.0.3

multiple		NS	ns.multiple
ns.multiple		A	10.53.0.3

*.wild			A	10.0.0.27

rsasha256		NS	ns.rsasha256
ns.rsasha256		A	10.53.0.3

rsasha512		NS	ns.rsasha512
ns.rsasha512		A	10.53.0.3

kskonly			NS	ns.kskonly
ns.kskonly		A	10.53.0.3

update-nsec3		NS	ns.update-nsec3
ns.update-nsec3		A	10.53.0.3

auto-nsec		NS	ns.auto-nsec
ns.auto-nsec		A	10.53.0.3

auto-nsec3		NS	ns.auto-nsec3
ns.auto-nsec3		A	10.53.0.3


below-cname		CNAME	some.where.else.

insecure.below-cname	NS	ns.insecure.below-cname
ns.insecure.below-cname	A	10.53.0.3

secure.below-cname	NS	ns.secure.below-cname
ns.secure.below-cname	A	10.53.0.3

ttlpatch		NS	ns.ttlpatch
ns.ttlpatch		A	10.53.0.3

split-dnssec		NS	ns.split-dnssec
ns.split-dnssec		A	10.53.0.3

split-smart		NS	ns.split-smart
ns.split-smart		A	10.53.0.3

upper			NS	ns.upper
ns.upper		A	10.53.0.3

LOWER			NS	NS.LOWER
NS.LOWER		A	10.53.0.3

expiring                 NS      ns.expiring
ns.expiring              A       10.53.0.3

future			NS	ns.future
ns.future		A	10.53.0.3

managed-future		NS	ns.managed-future
ns.managed-future	A	10.53.0.3

revkey			NS	ns.revkey
ns.revkey		A	10.53.0.3

rsasha1			NS	ns.rsasha1
ns.rsasha1		A	10.53.0.3

rsasha1-1024		NS	ns.rsasha1-1024
ns.rsasha1-1024		A	10.53.0.3

dname-at-apex-nsec3	NS	ns3