zonemaster.es/zonemaster/test-zone-data/DNSSEC-TP/dnssec01/dnssec01.cfg

# | 127.15.1.0/24   | DNSSEC01 scenarios                                     |
# | 127.15.1.21     | ns1.dnssec01.xa                                        |
# | 127.15.1.22     | ns2.dnssec01.xa                                        |
# | 127.15.1.31     | scenario specific parent (if any)                      |
# | 127.15.1.32     | scenario specific parent (if any)                      |
# | 127.15.1.41     | ns1 for scenario child                                 |
# | 127.15.1.42     | ns2 for chenario child                                 |

## root
.:53 {
    bind 127.15.1.27               # ns1
    bind fda1:b2:c3:0:127:15:1:27  # ns1
    bind 127.15.1.28               # ns2
    bind fda1:b2:c3:0:127:15:1:28  # ns2
    log
    file DNSSEC-TP/dnssec01/root-zone.zone .
}

# Resolver using test case local root
. {
    bind 127.15.1.53
    unbound {
       option root-hints DNSSEC-TP/dnssec01/hintfile.zone
    }
    log
}

dnssec01.xa:53 { # 
    bind 127.15.1.21               # ns1
    bind fda1:b2:c3:0:127:15:1:21  # ns1
    bind 127.15.1.22               # ns2
    bind fda1:b2:c3:0:127:15:1:22  # ns2
    log
    file DNSSEC-TP/dnssec01/dnssec01.xa.zone dnssec01.xa
}


# ALGO-DEPRECATED-1
algo-deprecated-1.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-deprecated-1.dnssec01.xa
}


# ALGO-DEPRECATED-3
algo-deprecated-3.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-deprecated-3.dnssec01.xa
}


# ALGO-RESERVED-128
algo-reserved-128.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-reserved-128.dnssec01.xa
}


# ALGO-RESERVED-188
algo-reserved-188.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-reserved-188.dnssec01.xa
}


# ALGO-RESERVED-252
algo-reserved-252.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-reserved-252.dnssec01.xa
}


# ALGO-UNASSIGNED-7
algo-unassigned-7.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-unassigned-7.dnssec01.xa
}


# ALGO-UNASSIGNED-67
algo-unassigned-67.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-unassigned-67.dnssec01.xa
}


# ALGO-UNASSIGNED-127
algo-unassigned-127.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-unassigned-127.dnssec01.xa
}


# ALGO-PRIVATE-253
algo-private-253.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-private-253.dnssec01.xa
}


# ALGO-PRIVATE-254
algo-private-254.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-private-254.dnssec01.xa
}


# ALGO-NOT-DS-0
algo-not-ds-0.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-not-ds-0.dnssec01.xa
}


# ALGO-OK-2
algo-ok-2.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-ok-2.dnssec01.xa
}


# ALGO-OK-4
algo-ok-4.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-ok-4.dnssec01.xa
}


# ALGO-OK-5
algo-ok-5.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-ok-5.dnssec01.xa
}


# ALGO-OK-6
algo-ok-6.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone algo-ok-6.dnssec01.xa
}


## MIXED-ALGO-1
mixed-algo-1.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone mixed-algo-1.dnssec01.xa
}


## SHARED-IP-1
shared-ip-1.dnssec01.xa:53 { #
    bind 127.15.1.31               # ns1a and ns1b
    bind fda1:b2:c3:0:127:15:1:31  # ns1a and ns1b
    log
    file DNSSEC-TP/dnssec01/shared-ip-1.dnssec01.xa.zone shared-ip-1.dnssec01.xa
}
child.shared-ip-1.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone child.shared-ip-1.dnssec01.xa
}


## SHARED-IP-2
shared-ip-2.dnssec01.xa:53 { #
    bind 127.15.1.31               # ns1/dns1
    bind fda1:b2:c3:0:127:15:1:31  # ns1/dns1
    bind 127.15.1.32               # ns2/dns2
    bind fda1:b2:c3:0:127:15:1:32  # ns2/dns2
    log
    file DNSSEC-TP/dnssec01/shared-ip-2.dnssec01.xa.zone shared-ip-2.dnssec01.xa
}
child.shared-ip-2.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone child.shared-ip-2.dnssec01.xa
}


# NO-RESPONSE-1
no-response-1.dnssec01.xa:53 { #
    bind 127.15.1.31               # ns1
    bind fda1:b2:c3:0:127:15:1:31  # ns1
    bind 127.15.1.32               # ns2
    bind fda1:b2:c3:0:127:15:1:32  # ns2
    log
    file DNSSEC-TP/dnssec01/no-response-1.dnssec01.xa.zone no-response-1.dnssec01.xa
    acl child.no-response-1.dnssec01.xa { #
        drop type DS
    }
}
child.no-response-1.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone child.no-response-1.dnssec01.xa
}


# NO-VALID-RESPONSE-1
no-valid-response-1.dnssec01.xa:53 { #
    bind 127.15.1.31               # ns1
    bind fda1:b2:c3:0:127:15:1:31  # ns1
    log
    file DNSSEC-TP/dnssec01/no-valid-response-1.dnssec01.xa.zone no-valid-response-1.dnssec01.xa
    template IN DS child.no-valid-response-1.dnssec01.xa. {
       rcode SERVFAIL
    }
}
no-valid-response-1.dnssec01.xa:53 { #
    bind 127.15.1.32               # ns2
    bind fda1:b2:c3:0:127:15:1:32  # ns2
    log
    file DNSSEC-TP/dnssec01/no-valid-response-1.dnssec01.xa.zone no-valid-response-1.dnssec01.xa
    template IN DS child.no-valid-response-1.dnssec01.xa. {
       rcode REFUSED
    }
}
child.no-valid-response-1.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone child.no-valid-response-1.dnssec01.xa
}


# PARENT-SERVER-NO-DS-1
parent-server-no-ds-1.dnssec01.xa:53 { #
    bind 127.15.1.31               # ns1
    bind fda1:b2:c3:0:127:15:1:31  # ns1
    log
    file DNSSEC-TP/dnssec01/parent-server-no-ds-1.dnssec01.xa_ns1.zone parent-server-no-ds-1.dnssec01.xa
}
parent-server-no-ds-1.dnssec01.xa:53 { #
    bind 127.15.1.32               # ns2
    bind fda1:b2:c3:0:127:15:1:32  # ns2
    log
    file DNSSEC-TP/dnssec01/parent-server-no-ds-1.dnssec01.xa_ns2.zone parent-server-no-ds-1.dnssec01.xa
}
child.parent-server-no-ds-1.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone child.parent-server-no-ds-1.dnssec01.xa
}


# PARENT-ZONE-NO-DS-1
parent-zone-no-ds-1.dnssec01.xa:53 { #
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone parent-zone-no-ds-1.dnssec01.xa
}


# UNDEL-NO-UNDEL-DS-1
undel-no-undel-ds-1.dnssec01.xa:53 { # Not delegated
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone undel-no-undel-ds-1.dnssec01.xa
}


# UNDEL-WITH-UNDEL-DS-1
undel-with-undel-ds-1.dnssec01.xa:53 { # Not delegated, DS to be provided
    bind 127.15.1.41               # ns1
    bind fda1:b2:c3:0:127:15:1:41  # ns1
    bind 127.15.1.42               # ns2
    bind fda1:b2:c3:0:127:15:1:42  # ns2
    log
    file DNSSEC-TP/dnssec01/CHILD.dnssec01.xa.zone undel-with-undel-ds-1.dnssec01.xa
}


# ROOT-NO-UNDEL-DS-1
#
# Reuse the existing root zone defined above. No special configuration is required.


# ROOT-WITH-UNDEL-DS-1
#
# Reuse the existing root zone defined above. No special configuration is required.
# DS to be provided.