# | 127.15.1.0/24 | DNSSEC01 scenarios | # | 127.15.1.21 | ns1.dnssec01.xa | # | 127.15.1.22 | ns2.dnssec01.xa | # | 127.15.1.31 | scenario specific parent (if any) | # | 127.15.1.32 | scenario specific parent (if any) | # | 127.15.1.41 | ns1 for scenario child | # | 127.15.1.42 | ns2 for chenario child | ## root .:53 { bind 127.15.1.27 # ns1 bind fda1:b2:c3:0:127:15:1:27 # ns1 bind 127.15.1.28 # ns2 bind fda1:b2:c3:0:127:15:1:28 # ns2 log file DNSSEC-TP/dnssec01/root-zone.zone . } # Resolver using test case local root . { bind 127.15.1.53 unbound { option root-hints DNSSEC-TP/dnssec01/hintfile.zone } log } dnssec01.xa:53 { # bind 127.15.1.21 # ns1 bind fda1:b2:c3:0:127:15:1:21 # ns1 bind 127.15.1.22 # ns2 bind fda1:b2:c3:0:127:15:1:22 # ns2 log file DNSSEC-TP/dnssec01/dnssec01.xa.zone dnssec01.xa } # ALGO-DEPRECATED-1 algo-deprecated-1.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-deprecated-1.dnssec01.xa } # ALGO-DEPRECATED-3 algo-deprecated-3.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-deprecated-3.dnssec01.xa } # ALGO-RESERVED-128 algo-reserved-128.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-reserved-128.dnssec01.xa } # ALGO-RESERVED-188 algo-reserved-188.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-reserved-188.dnssec01.xa } # ALGO-RESERVED-252 algo-reserved-252.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-reserved-252.dnssec01.xa } # ALGO-UNASSIGNED-7 algo-unassigned-7.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-unassigned-7.dnssec01.xa } # ALGO-UNASSIGNED-67 algo-unassigned-67.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-unassigned-67.dnssec01.xa } # ALGO-UNASSIGNED-127 algo-unassigned-127.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-unassigned-127.dnssec01.xa } # ALGO-PRIVATE-253 algo-private-253.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-private-253.dnssec01.xa } # ALGO-PRIVATE-254 algo-private-254.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-private-254.dnssec01.xa } # ALGO-NOT-DS-0 algo-not-ds-0.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-not-ds-0.dnssec01.xa } # ALGO-OK-2 algo-ok-2.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-ok-2.dnssec01.xa } # ALGO-OK-4 algo-ok-4.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-ok-4.dnssec01.xa } # ALGO-OK-5 algo-ok-5.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-ok-5.dnssec01.xa } # ALGO-OK-6 algo-ok-6.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-ok-6.dnssec01.xa } ## MIXED-ALGO-1 mixed-algo-1.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone mixed-algo-1.dnssec01.xa } ## SHARED-IP-1 shared-ip-1.dnssec01.xa:53 { # bind 127.15.1.31 # ns1a and ns1b bind fda1:b2:c3:0:127:15:1:31 # ns1a and ns1b log file DNSSEC-TP/dnssec01/shared-ip-1.dnssec01.xa.zone shared-ip-1.dnssec01.xa } child.shared-ip-1.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone child.shared-ip-1.dnssec01.xa } ## SHARED-IP-2 shared-ip-2.dnssec01.xa:53 { # bind 127.15.1.31 # ns1/dns1 bind fda1:b2:c3:0:127:15:1:31 # ns1/dns1 bind 127.15.1.32 # ns2/dns2 bind fda1:b2:c3:0:127:15:1:32 # ns2/dns2 log file DNSSEC-TP/dnssec01/shared-ip-2.dnssec01.xa.zone shared-ip-2.dnssec01.xa } child.shared-ip-2.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone child.shared-ip-2.dnssec01.xa } # NO-RESPONSE-1 no-response-1.dnssec01.xa:53 { # bind 127.15.1.31 # ns1 bind fda1:b2:c3:0:127:15:1:31 # ns1 bind 127.15.1.32 # ns2 bind fda1:b2:c3:0:127:15:1:32 # ns2 log file DNSSEC-TP/dnssec01/no-response-1.dnssec01.xa.zone no-response-1.dnssec01.xa acl child.no-response-1.dnssec01.xa { # drop type DS } } child.no-response-1.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone child.no-response-1.dnssec01.xa } # NO-VALID-RESPONSE-1 no-valid-response-1.dnssec01.xa:53 { # bind 127.15.1.31 # ns1 bind fda1:b2:c3:0:127:15:1:31 # ns1 log file DNSSEC-TP/dnssec01/no-valid-response-1.dnssec01.xa.zone no-valid-response-1.dnssec01.xa template IN DS child.no-valid-response-1.dnssec01.xa. { rcode SERVFAIL } } no-valid-response-1.dnssec01.xa:53 { # bind 127.15.1.32 # ns2 bind fda1:b2:c3:0:127:15:1:32 # ns2 log file DNSSEC-TP/dnssec01/no-valid-response-1.dnssec01.xa.zone no-valid-response-1.dnssec01.xa template IN DS child.no-valid-response-1.dnssec01.xa. { rcode REFUSED } } child.no-valid-response-1.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone child.no-valid-response-1.dnssec01.xa } # PARENT-SERVER-NO-DS-1 parent-server-no-ds-1.dnssec01.xa:53 { # bind 127.15.1.31 # ns1 bind fda1:b2:c3:0:127:15:1:31 # ns1 log file DNSSEC-TP/dnssec01/parent-server-no-ds-1.dnssec01.xa_ns1.zone parent-server-no-ds-1.dnssec01.xa } parent-server-no-ds-1.dnssec01.xa:53 { # bind 127.15.1.32 # ns2 bind fda1:b2:c3:0:127:15:1:32 # ns2 log file DNSSEC-TP/dnssec01/parent-server-no-ds-1.dnssec01.xa_ns2.zone parent-server-no-ds-1.dnssec01.xa } child.parent-server-no-ds-1.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone child.parent-server-no-ds-1.dnssec01.xa } # PARENT-ZONE-NO-DS-1 parent-zone-no-ds-1.dnssec01.xa:53 { # bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone parent-zone-no-ds-1.dnssec01.xa } # UNDEL-NO-UNDEL-DS-1 undel-no-undel-ds-1.dnssec01.xa:53 { # Not delegated bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone undel-no-undel-ds-1.dnssec01.xa } # UNDEL-WITH-UNDEL-DS-1 undel-with-undel-ds-1.dnssec01.xa:53 { # Not delegated, DS to be provided bind 127.15.1.41 # ns1 bind fda1:b2:c3:0:127:15:1:41 # ns1 bind 127.15.1.42 # ns2 bind fda1:b2:c3:0:127:15:1:42 # ns2 log file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone undel-with-undel-ds-1.dnssec01.xa } # ROOT-NO-UNDEL-DS-1 # # Reuse the existing root zone defined above. No special configuration is required. # ROOT-WITH-UNDEL-DS-1 # # Reuse the existing root zone defined above. No special configuration is required. # DS to be provided.