zonemaster/test-zone-data/DNSSEC-TP/dnssec07/dnssec07.cfg

# | 127.15.7.0/24   | DNSSEC07 scenarios                                     |
# | 127.15.7.21     | ns1.dnssec07.xa                                        |
# | 127.15.7.22     | ns2.dnssec07.xa                                        |
# | 127.15.7.27     | ns1 of root                                            |
# | 127.15.7.28     | ns2 of root                                            |
# | 127.15.7.31     | ns1 of parent in some scenarios                        |
# | 127.15.7.32     | ns2 of parent in some scenarios                        |
# | 127.15.7.41     | ns1 of child zone                                      |
# | 127.15.7.42     | ns2 of child zone                                      |
# | 127.15.7.53     | resolver with test case local hint                     |


## root
.:53 {
    bind 127.15.7.27               # ns1
    bind fda1:b2:c3:0:127:15:7:27  # ns1
    bind 127.15.7.28               # ns2
    bind fda1:b2:c3:0:127:15:7:28  # ns2
    log
    file DNSSEC-TP/dnssec07/root-zone.zone .
}

# Resolver using test case local root
. {
    bind 127.15.7.53
    unbound {
       option root-hints DNSSEC-TP/dnssec07/hintfile.zone
    }
    log
}

dnssec07.xa:53 { # 
    bind 127.15.7.21               # ns1
    bind fda1:b2:c3:0:127:15:7:21  # ns1
    bind 127.15.7.22               # ns2
    bind fda1:b2:c3:0:127:15:7:22  # ns2
    log
    file DNSSEC-TP/dnssec07/dnssec07.xa.zone dnssec07.xa
}


# SIGNED-AND-DS-1
signed-and-ds-1.dnssec07.xa:53 {
     bind 127.15.7.41               # ns1
     bind fda1:b2:c3:0:127:15:7:41  # ns1
     bind 127.15.7.42               # ns2
     bind fda1:b2:c3:0:127:15:7:42  # ns2
     log
     file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone signed-and-ds-1.dnssec07.xa
     template IN DNSKEY signed-and-ds-1.dnssec07.xa. {
        answer "signed-and-ds-1.dnssec07.xa.  3210  IN  DNSKEY  256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
        answer "signed-and-ds-1.dnssec07.xa.  3210  IN  DNSKEY  257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
        answer "signed-and-ds-1.dnssec07.xa.  3210  IN  RRSIG  DNSKEY 13 2 3600 20351103070323 20250929053323 51298 signed-and-ds-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
     }
}

# SIGNED-NO-DS-1
signed-no-ds-1.dnssec07.xa:53 {
     bind 127.15.7.41               # ns1
     bind fda1:b2:c3:0:127:15:7:41  # ns1
     bind 127.15.7.42               # ns2
     bind fda1:b2:c3:0:127:15:7:42  # ns2
     log
     file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone signed-no-ds-1.dnssec07.xa
     template IN DNSKEY signed-no-ds-1.dnssec07.xa. {
        answer "signed-no-ds-1.dnssec07.xa.  3210  IN  DNSKEY  256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
        answer "signed-no-ds-1.dnssec07.xa.  3210  IN  DNSKEY  257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
        answer "signed-no-ds-1.dnssec07.xa.  3210  IN  RRSIG  DNSKEY 13 2 3600 20351103070323 20250929053323 51298 signed-no-ds-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
     }
}

# INCONSIST-SIGNED-AND-DS-1
inconsist-signed-and-ds-1.dnssec07.xa:53 {
     bind 127.15.7.41               # ns1
     bind fda1:b2:c3:0:127:15:7:41  # ns1
     log
     file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone inconsist-signed-and-ds-1.dnssec07.xa
     template IN DNSKEY inconsist-signed-and-ds-1.dnssec07.xa. {
        answer "inconsist-signed-and-ds-1.dnssec07.xa.  3210  IN  DNSKEY  256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
        answer "inconsist-signed-and-ds-1.dnssec07.xa.  3210  IN  DNSKEY  257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
        answer "inconsist-signed-and-ds-1.dnssec07.xa.  3210  IN  RRSIG  DNSKEY 13 2 3600 20351103070323 20250929053323 51298 inconsist-signed-and-ds-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
     }
}
inconsist-signed-and-ds-1.dnssec07.xa:53 {
     bind 127.15.7.42               # ns2
     bind fda1:b2:c3:0:127:15:7:42  # ns2
     log
     file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone inconsist-signed-and-ds-1.dnssec07.xa
}

# INCONSIST-SIGNED-NO-DS-1
inconsist-signed-no-ds-1.dnssec07.xa:53 {
     bind 127.15.7.41               # ns1
     bind fda1:b2:c3:0:127:15:7:41  # ns1
     log
     file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone inconsist-signed-no-ds-1.dnssec07.xa
     template IN DNSKEY inconsist-signed-no-ds-1.dnssec07.xa. {
        answer "inconsist-signed-no-ds-1.dnssec07.xa.  3210  IN  DNSKEY  256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
        answer "inconsist-signed-no-ds-1.dnssec07.xa.  3210  IN  DNSKEY  257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
        answer "inconsist-signed-no-ds-1.dnssec07.xa.  3210  IN  RRSIG  DNSKEY 13 2 3600 20351103070323 20250929053323 51298 inconsist-signed-no-ds-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
     }
}
inconsist-signed-no-ds-1.dnssec07.xa:53 {
     bind 127.15.7.42               # ns2
     bind fda1:b2:c3:0:127:15:7:42  # ns2
     log
     file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone inconsist-signed-no-ds-1.dnssec07.xa
}

# ### SIGNED-AND-INCONSIST-DS-1
signed-and-inconsist-ds-1.dnssec07.xa:53 { # parent (ns1)
     bind 127.15.7.31               # ns1
     bind fda1:b2:c3:0:127:15:7:31  # ns1
     log
     file DNSSEC-TP/dnssec07/signed-and-inconsist-ds-1.dnssec07.xa_ns1.zone signed-and-inconsist-ds-1.dnssec07.xa
}
signed-and-inconsist-ds-1.dnssec07.xa:53 { # parent (ns1)
     bind 127.15.7.32               # ns2
     bind fda1:b2:c3:0:127:15:7:32  # ns2
     log
     file DNSSEC-TP/dnssec07/signed-and-inconsist-ds-1.dnssec07.xa_ns2.zone signed-and-inconsist-ds-1.dnssec07.xa
}
child.signed-and-inconsist-ds-1.dnssec07.xa:53 { # child
     bind 127.15.7.41               # ns1
     bind fda1:b2:c3:0:127:15:7:41  # ns1
     bind 127.15.7.42               # ns2
     bind fda1:b2:c3:0:127:15:7:42  # ns2
     log
     file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone child.signed-and-inconsist-ds-1.dnssec07.xa
     template IN DNSKEY child.signed-and-inconsist-ds-1.dnssec07.xa. {
        answer "child.signed-and-inconsist-ds-1.dnssec07.xa.  3210  IN  DNSKEY  256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
        answer "child.signed-and-inconsist-ds-1.dnssec07.xa.  3210  IN  DNSKEY  257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
        answer "child.signed-and-inconsist-ds-1.dnssec07.xa.  3210  IN  RRSIG  DNSKEY 13 2 3600 20351103070323 20250929053323 51298 child.signed-and-inconsist-ds-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
     }
}

# UNSIGNED-AND-DS-1
unsigned-and-ds-1.dnssec07.xa:53 {
     bind 127.15.7.41               # ns1
     bind fda1:b2:c3:0:127:15:7:41  # ns1
     bind 127.15.7.42               # ns2
     bind fda1:b2:c3:0:127:15:7:42  # ns2
     log
     file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone unsigned-and-ds-1.dnssec07.xa
}

# UNSIGNED-NO-DS-1
unsigned-no-ds-1.dnssec07.xa:53 {
     bind 127.15.7.41               # ns1
     bind fda1:b2:c3:0:127:15:7:41  # ns1
     bind 127.15.7.42               # ns2
     bind fda1:b2:c3:0:127:15:7:42  # ns2
     log
     file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone unsigned-no-ds-1.dnssec07.xa
}

# NON-AUTH-RESPONSE-DNSKEY-1
non-auth-response-dnskey-1.dnssec07.xa:53 {
     view pass {
        expr type() in ['DNSKEY']
        }
     bind 127.15.7.41               # ns1
     bind fda1:b2:c3:0:127:15:7:41  # ns1
     log
     template IN DNSKEY non-auth-response-dnskey-1.dnssec07.xa. {
        answer "non-auth-response-dnskey-1.dnssec07.xa.  3210  IN  DNSKEY  256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
        answer "non-auth-response-dnskey-1.dnssec07.xa.  3210  IN  DNSKEY  257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
        answer "non-auth-response-dnskey-1.dnssec07.xa.  3210  IN  RRSIG  DNSKEY 13 2 3600 20351103070323 20250929053323 51298 non-auth-response-dnskey-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
     }
     header {
         response clear aa
     }
}
non-auth-response-dnskey-1.dnssec07.xa:53 {
     bind 127.15.7.41               # ns1
     bind fda1:b2:c3:0:127:15:7:41  # ns1
     log
     file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone non-auth-response-dnskey-1.dnssec07.xa
}
non-auth-response-dnskey-1.dnssec07.xa:53 {
     bind 127.15.7.42               # ns2
     bind fda1:b2:c3:0:127:15:7:42  # ns2
     log
     file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone non-auth-response-dnskey-1.dnssec07.xa
     template IN DNSKEY non-auth-response-dnskey-1.dnssec07.xa. {
        answer "non-auth-response-dnskey-1.dnssec07.xa.  3210  IN  DNSKEY  256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
        answer "non-auth-response-dnskey-1.dnssec07.xa.  3210  IN  DNSKEY  257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
        answer "non-auth-response-dnskey-1.dnssec07.xa.  3210  IN  RRSIG  DNSKEY 13 2 3600 20351103070323 20250929053323 51298 non-auth-response-dnskey-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
     }
}

# NO-RESPONSE-DNSKEY-1
no-response-dnskey-1.dnssec07.xa:53 {
     bind 127.15.7.41               # ns1
     bind fda1:b2:c3:0:127:15:7:41  # ns1
     log
     file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone no-response-dnskey-1.dnssec07.xa
     acl no-response-dnskey-1.dnssec07.xa {
        drop type DNSKEY
     }
}
no-response-dnskey-1.dnssec07.xa:53 {
     bind 127.15.7.42               # ns2
     bind fda1:b2:c3:0:127:15:7:42  # ns2
     log
     file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone no-response-dnskey-1.dnssec07.xa
     template IN DNSKEY no-response-dnskey-1.dnssec07.xa. {
        answer "no-response-dnskey-1.dnssec07.xa.  3210  IN  DNSKEY  256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
        answer "no-response-dnskey-1.dnssec07.xa.  3210  IN  DNSKEY  257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
        answer "no-response-dnskey-1.dnssec07.xa.  3210  IN  RRSIG  DNSKEY 13 2 3600 20351103070323 20250929053323 51298 no-response-dnskey-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
     }
}

# ### UNEXP-RCODE-RESP-DNSKEY-1
unexp-rcode-resp-dnskey-1.dnssec07.xa:53 {
     bind 127.15.7.41               # ns1
     bind fda1:b2:c3:0:127:15:7:41  # ns1
     log
     file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone unexp-rcode-resp-dnskey-1.dnssec07.xa
     template IN DNSKEY unexp-rcode-resp-dnskey-1.dnssec07.xa. {
         rcode "REFUSED"
     }
}
unexp-rcode-resp-dnskey-1.dnssec07.xa:53 {
     bind 127.15.7.42               # ns2
     bind fda1:b2:c3:0:127:15:7:42  # ns2
     log
     file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone unexp-rcode-resp-dnskey-1.dnssec07.xa
     template IN DNSKEY unexp-rcode-resp-dnskey-1.dnssec07.xa. {
        answer "unexp-rcode-resp-dnskey-1.dnssec07.xa.  3210  IN  DNSKEY  256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="
        answer "unexp-rcode-resp-dnskey-1.dnssec07.xa.  3210  IN  DNSKEY  257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="
        answer "unexp-rcode-resp-dnskey-1.dnssec07.xa.  3210  IN  RRSIG  DNSKEY 13 2 3600 20351103070323 20250929053323 51298 unexp-rcode-resp-dnskey-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="
     }
}
feat: add full Zonemaster stack with Docker and Spanish UI - Clone all 5 Zonemaster component repos (LDNS, Engine, CLI, Backend, GUI) - Dockerfile.backend: 8-stage multi-stage build LDNS→Engine→CLI→Backend - Dockerfile.gui: Astro static build served via nginx - docker-compose.yml: backend (internal) + frontend (port 5353) - nginx.conf: root redirects to /es/, /api/ proxied to backend - zonemaster-gui/config.ts: defaultLanguage set to 'es' (Spanish) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-21 08:19:24 +02:00			`# \| 127.15.7.0/24 \| DNSSEC07 scenarios \|`
			`# \| 127.15.7.21 \| ns1.dnssec07.xa \|`
			`# \| 127.15.7.22 \| ns2.dnssec07.xa \|`
			`# \| 127.15.7.27 \| ns1 of root \|`
			`# \| 127.15.7.28 \| ns2 of root \|`
			`# \| 127.15.7.31 \| ns1 of parent in some scenarios \|`
			`# \| 127.15.7.32 \| ns2 of parent in some scenarios \|`
			`# \| 127.15.7.41 \| ns1 of child zone \|`
			`# \| 127.15.7.42 \| ns2 of child zone \|`
			`# \| 127.15.7.53 \| resolver with test case local hint \|`


			`## root`
			`.:53 {`
			`bind 127.15.7.27 # ns1`
			`bind fda1:b2:c3:0:127:15:7:27 # ns1`
			`bind 127.15.7.28 # ns2`
			`bind fda1:b2:c3:0:127:15:7:28 # ns2`
			`log`
			`file DNSSEC-TP/dnssec07/root-zone.zone .`
			`}`

			`# Resolver using test case local root`
			`. {`
			`bind 127.15.7.53`
			`unbound {`
			`option root-hints DNSSEC-TP/dnssec07/hintfile.zone`
			`}`
			`log`
			`}`

			`dnssec07.xa:53 { #`
			`bind 127.15.7.21 # ns1`
			`bind fda1:b2:c3:0:127:15:7:21 # ns1`
			`bind 127.15.7.22 # ns2`
			`bind fda1:b2:c3:0:127:15:7:22 # ns2`
			`log`
			`file DNSSEC-TP/dnssec07/dnssec07.xa.zone dnssec07.xa`
			`}`


			`# SIGNED-AND-DS-1`
			`signed-and-ds-1.dnssec07.xa:53 {`
			`bind 127.15.7.41 # ns1`
			`bind fda1:b2:c3:0:127:15:7:41 # ns1`
			`bind 127.15.7.42 # ns2`
			`bind fda1:b2:c3:0:127:15:7:42 # ns2`
			`log`
			`file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone signed-and-ds-1.dnssec07.xa`
			`template IN DNSKEY signed-and-ds-1.dnssec07.xa. {`
			`answer "signed-and-ds-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="`
			`answer "signed-and-ds-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="`
			`answer "signed-and-ds-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 signed-and-ds-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="`
			`}`
			`}`

			`# SIGNED-NO-DS-1`
			`signed-no-ds-1.dnssec07.xa:53 {`
			`bind 127.15.7.41 # ns1`
			`bind fda1:b2:c3:0:127:15:7:41 # ns1`
			`bind 127.15.7.42 # ns2`
			`bind fda1:b2:c3:0:127:15:7:42 # ns2`
			`log`
			`file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone signed-no-ds-1.dnssec07.xa`
			`template IN DNSKEY signed-no-ds-1.dnssec07.xa. {`
			`answer "signed-no-ds-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="`
			`answer "signed-no-ds-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="`
			`answer "signed-no-ds-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 signed-no-ds-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="`
			`}`
			`}`

			`# INCONSIST-SIGNED-AND-DS-1`
			`inconsist-signed-and-ds-1.dnssec07.xa:53 {`
			`bind 127.15.7.41 # ns1`
			`bind fda1:b2:c3:0:127:15:7:41 # ns1`
			`log`
			`file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone inconsist-signed-and-ds-1.dnssec07.xa`
			`template IN DNSKEY inconsist-signed-and-ds-1.dnssec07.xa. {`
			`answer "inconsist-signed-and-ds-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="`
			`answer "inconsist-signed-and-ds-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="`
			`answer "inconsist-signed-and-ds-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 inconsist-signed-and-ds-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="`
			`}`
			`}`
			`inconsist-signed-and-ds-1.dnssec07.xa:53 {`
			`bind 127.15.7.42 # ns2`
			`bind fda1:b2:c3:0:127:15:7:42 # ns2`
			`log`
			`file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone inconsist-signed-and-ds-1.dnssec07.xa`
			`}`

			`# INCONSIST-SIGNED-NO-DS-1`
			`inconsist-signed-no-ds-1.dnssec07.xa:53 {`
			`bind 127.15.7.41 # ns1`
			`bind fda1:b2:c3:0:127:15:7:41 # ns1`
			`log`
			`file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone inconsist-signed-no-ds-1.dnssec07.xa`
			`template IN DNSKEY inconsist-signed-no-ds-1.dnssec07.xa. {`
			`answer "inconsist-signed-no-ds-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="`
			`answer "inconsist-signed-no-ds-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="`
			`answer "inconsist-signed-no-ds-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 inconsist-signed-no-ds-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="`
			`}`
			`}`
			`inconsist-signed-no-ds-1.dnssec07.xa:53 {`
			`bind 127.15.7.42 # ns2`
			`bind fda1:b2:c3:0:127:15:7:42 # ns2`
			`log`
			`file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone inconsist-signed-no-ds-1.dnssec07.xa`
			`}`

			`# ### SIGNED-AND-INCONSIST-DS-1`
			`signed-and-inconsist-ds-1.dnssec07.xa:53 { # parent (ns1)`
			`bind 127.15.7.31 # ns1`
			`bind fda1:b2:c3:0:127:15:7:31 # ns1`
			`log`
			`file DNSSEC-TP/dnssec07/signed-and-inconsist-ds-1.dnssec07.xa_ns1.zone signed-and-inconsist-ds-1.dnssec07.xa`
			`}`
			`signed-and-inconsist-ds-1.dnssec07.xa:53 { # parent (ns1)`
			`bind 127.15.7.32 # ns2`
			`bind fda1:b2:c3:0:127:15:7:32 # ns2`
			`log`
			`file DNSSEC-TP/dnssec07/signed-and-inconsist-ds-1.dnssec07.xa_ns2.zone signed-and-inconsist-ds-1.dnssec07.xa`
			`}`
			`child.signed-and-inconsist-ds-1.dnssec07.xa:53 { # child`
			`bind 127.15.7.41 # ns1`
			`bind fda1:b2:c3:0:127:15:7:41 # ns1`
			`bind 127.15.7.42 # ns2`
			`bind fda1:b2:c3:0:127:15:7:42 # ns2`
			`log`
			`file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone child.signed-and-inconsist-ds-1.dnssec07.xa`
			`template IN DNSKEY child.signed-and-inconsist-ds-1.dnssec07.xa. {`
			`answer "child.signed-and-inconsist-ds-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="`
			`answer "child.signed-and-inconsist-ds-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="`
			`answer "child.signed-and-inconsist-ds-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 child.signed-and-inconsist-ds-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="`
			`}`
			`}`

			`# UNSIGNED-AND-DS-1`
			`unsigned-and-ds-1.dnssec07.xa:53 {`
			`bind 127.15.7.41 # ns1`
			`bind fda1:b2:c3:0:127:15:7:41 # ns1`
			`bind 127.15.7.42 # ns2`
			`bind fda1:b2:c3:0:127:15:7:42 # ns2`
			`log`
			`file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone unsigned-and-ds-1.dnssec07.xa`
			`}`

			`# UNSIGNED-NO-DS-1`
			`unsigned-no-ds-1.dnssec07.xa:53 {`
			`bind 127.15.7.41 # ns1`
			`bind fda1:b2:c3:0:127:15:7:41 # ns1`
			`bind 127.15.7.42 # ns2`
			`bind fda1:b2:c3:0:127:15:7:42 # ns2`
			`log`
			`file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone unsigned-no-ds-1.dnssec07.xa`
			`}`

			`# NON-AUTH-RESPONSE-DNSKEY-1`
			`non-auth-response-dnskey-1.dnssec07.xa:53 {`
			`view pass {`
			`expr type() in ['DNSKEY']`
			`}`
			`bind 127.15.7.41 # ns1`
			`bind fda1:b2:c3:0:127:15:7:41 # ns1`
			`log`
			`template IN DNSKEY non-auth-response-dnskey-1.dnssec07.xa. {`
			`answer "non-auth-response-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="`
			`answer "non-auth-response-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="`
			`answer "non-auth-response-dnskey-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 non-auth-response-dnskey-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="`
			`}`
			`header {`
			`response clear aa`
			`}`
			`}`
			`non-auth-response-dnskey-1.dnssec07.xa:53 {`
			`bind 127.15.7.41 # ns1`
			`bind fda1:b2:c3:0:127:15:7:41 # ns1`
			`log`
			`file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone non-auth-response-dnskey-1.dnssec07.xa`
			`}`
			`non-auth-response-dnskey-1.dnssec07.xa:53 {`
			`bind 127.15.7.42 # ns2`
			`bind fda1:b2:c3:0:127:15:7:42 # ns2`
			`log`
			`file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone non-auth-response-dnskey-1.dnssec07.xa`
			`template IN DNSKEY non-auth-response-dnskey-1.dnssec07.xa. {`
			`answer "non-auth-response-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="`
			`answer "non-auth-response-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="`
			`answer "non-auth-response-dnskey-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 non-auth-response-dnskey-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="`
			`}`
			`}`

			`# NO-RESPONSE-DNSKEY-1`
			`no-response-dnskey-1.dnssec07.xa:53 {`
			`bind 127.15.7.41 # ns1`
			`bind fda1:b2:c3:0:127:15:7:41 # ns1`
			`log`
			`file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone no-response-dnskey-1.dnssec07.xa`
			`acl no-response-dnskey-1.dnssec07.xa {`
			`drop type DNSKEY`
			`}`
			`}`
			`no-response-dnskey-1.dnssec07.xa:53 {`
			`bind 127.15.7.42 # ns2`
			`bind fda1:b2:c3:0:127:15:7:42 # ns2`
			`log`
			`file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone no-response-dnskey-1.dnssec07.xa`
			`template IN DNSKEY no-response-dnskey-1.dnssec07.xa. {`
			`answer "no-response-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="`
			`answer "no-response-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="`
			`answer "no-response-dnskey-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 no-response-dnskey-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="`
			`}`
			`}`

			`# ### UNEXP-RCODE-RESP-DNSKEY-1`
			`unexp-rcode-resp-dnskey-1.dnssec07.xa:53 {`
			`bind 127.15.7.41 # ns1`
			`bind fda1:b2:c3:0:127:15:7:41 # ns1`
			`log`
			`file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone unexp-rcode-resp-dnskey-1.dnssec07.xa`
			`template IN DNSKEY unexp-rcode-resp-dnskey-1.dnssec07.xa. {`
			`rcode "REFUSED"`
			`}`
			`}`
			`unexp-rcode-resp-dnskey-1.dnssec07.xa:53 {`
			`bind 127.15.7.42 # ns2`
			`bind fda1:b2:c3:0:127:15:7:42 # ns2`
			`log`
			`file DNSSEC-TP/dnssec07/CHILD.dnssec07.xa.zone unexp-rcode-resp-dnskey-1.dnssec07.xa`
			`template IN DNSKEY unexp-rcode-resp-dnskey-1.dnssec07.xa. {`
			`answer "unexp-rcode-resp-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 256 3 13 XboDHQ6clhzmXdJarL5rAlENpwc/L+C5kX3OhwRAPGSOGseBgn7cgt5fbdrREm6nGa6ZWoDfBQR1m4HDosM1Ug=="`
			`answer "unexp-rcode-resp-dnskey-1.dnssec07.xa. 3210 IN DNSKEY 257 3 13 6/8fEc37k5iabGoWgsl7rmreQth8ADr9sYFGd0pxmgxN19MBR629YAH5ntzSus7SjJx6PAVqGzHHpCPVyDLQHQ=="`
			`answer "unexp-rcode-resp-dnskey-1.dnssec07.xa. 3210 IN RRSIG DNSKEY 13 2 3600 20351103070323 20250929053323 51298 unexp-rcode-resp-dnskey-1.dnssec07.xa. PjvG59Cz29mhpMEwzuXJSqKk/kuEvoMxKIPPgVGwj4cezpiu94xNC4O7CzWltqH/mLMR5AAqXpMbVgXe9gAngA=="`
			`}`
			`}`