validns-0.7/000755 001751 000024 00000000000 12133225423 013277 5ustar00tobezstaff000000 000000 validns-0.7/t/000755 001751 000024 00000000000 12131607265 013550 5ustar00tobezstaff000000 000000 validns-0.7/carp.c000644 001751 000024 00000004270 12033066611 014374 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include #include #include "common.h" #include "carp.h" static void v(int is_croak, int is_x, int exit_code, const char *fmt, va_list ap); void croak(int exit_code, const char *fmt, ...) { va_list ap; va_start(ap, fmt); v(1, errno, exit_code, fmt, ap); va_end(ap); } void croakx(int exit_code, const char *fmt, ...) { va_list ap; va_start(ap, fmt); v(1, -1, exit_code, fmt, ap); va_end(ap); } void * bitch(const char *fmt, ...) { va_list ap; va_start(ap, fmt); if (!G.opt.no_output) { fprintf(stderr, "%s:%d: ", file_info->name, file_info->line); if (fmt != NULL) { vfprintf(stderr, fmt, ap); } fprintf(stderr, "\n"); } va_end(ap); G.exit_code = 1; G.stats.error_count++; file_info->paren_mode = 0; if (G.opt.die_on_first_error) exit(1); return NULL; } void * moan(char *file_name, int line, const char *fmt, ...) { va_list ap; va_start(ap, fmt); if (!G.opt.no_output) { fprintf(stderr, "%s:%d: ", file_name, line); if (fmt != NULL) { vfprintf(stderr, fmt, ap); } fprintf(stderr, "\n"); } va_end(ap); G.exit_code = 1; G.stats.error_count++; if (G.opt.die_on_first_error) exit(1); return NULL; } void v(int is_croak, int use_errno, int exit_code, const char *fmt, va_list ap) { fprintf(stderr, "%s: ", thisprogname()); if (fmt != NULL) { vfprintf(stderr, fmt, ap); if (use_errno >= 0) fprintf(stderr, ": "); } if (use_errno >= 0) fprintf(stderr, "%s\n", strerror(use_errno)); else fprintf(stderr, "\n"); if (is_croak) exit(exit_code); } #if defined(__linux__) static char proggy[MAXPATHLEN]; #endif const char *thisprogname(void) { #if defined(__FreeBSD__) return getprogname(); #elif defined(__APPLE__) return getprogname(); #elif defined(__sun__) return getexecname(); #elif defined(__linux__) if (readlink("/proc/self/exe", proggy, MAXPATHLEN) != -1) return proggy; return ""; #else #error "unsupported OS" #endif } validns-0.7/carp.h000644 001751 000024 00000000707 12001246514 014377 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #ifndef _CARP_H #define _CARP_H 1 const char *thisprogname(void); void croak(int exit_code, const char *fmt, ...); void croakx(int exit_code, const char *fmt, ...); void *bitch(const char *fmt, ...); void *moan(char *file_name, int line, const char *fmt, ...); #endif validns-0.7/main.c000644 001751 000024 00000031116 12131601021 014357 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011-2013 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include "common.h" #include "carp.h" #include "mempool.h" #include "textparse.h" #include "rr.h" struct globals G; struct file_info *file_info = NULL; int read_zone_file(void); static char *process_directive(char *s) { char *d = s+1; if (*(s+1) == 'O' && strncmp(s, "$ORIGIN", 7) == 0) { char *o; s += 7; if (!isspace(*s)) { if (isalnum(*s)) goto unrecognized_directive; return bitch("bad $ORIGIN format"); } s = skip_white_space(s); o = extract_name(&s, "$ORIGIN value", 0); if (!o) { return NULL; } if (*s) { return bitch("garbage after valid $ORIGIN directive"); } G.opt.current_origin = o; if (G.opt.verbose) { fprintf(stderr, "-> %s:%d: ", file_info->name, file_info->line); fprintf(stderr, "origin is now %s\n", o); } } else if (*(s+1) == 'T' && strncmp(s, "$TTL", 4) == 0) { s += 4; if (!isspace(*s)) { if (isalnum(*s)) goto unrecognized_directive; return bitch("bad $TTL format"); } s = skip_white_space(s); G.default_ttl = extract_timevalue(&s, "$TTL value"); if (G.default_ttl < 0) { return NULL; } if (*s) { return bitch("garbage after valid $TTL directive"); } if (G.opt.verbose) { fprintf(stderr, "-> %s:%d: ", file_info->name, file_info->line); fprintf(stderr, "default ttl is now %ld\n", G.default_ttl); } } else if (*(s+1) == 'I' && strncmp(s, "$INCLUDE", 8) == 0) { s += 8; if (!isspace(*s)) { if (isalnum(*s)) goto unrecognized_directive; return bitch("bad $INCLUDE format"); } s = skip_white_space(s); return bitch("XXX include support is not implemented"); } else { unrecognized_directive: s = d-1; while (isalnum(*d)) d++; *d = '\0'; return bitch("unrecognized directive: %s", s); } return s; } int read_zone_file(void) { char *s; char *name = NULL, *class, *rdtype; long ttl = -1; while (file_info) { while (fgets(file_info->buf, 2048, file_info->file)) { freeall_temp(); file_info->line++; file_info->paren_mode = 0; rdtype = NULL; if (empty_line_or_comment(file_info->buf)) continue; s = file_info->buf; if (!isspace(*s)) { /* , $INCLUDE, $ORIGIN */ if (*s == '$') { process_directive(s); continue; } else { /* */ name = extract_name(&s, "record name", 0); if (!name) continue; } } else { s = skip_white_space(s); } if (!s) continue; if (!name) { bitch("cannot assume previous name for it is not known"); continue; } if (G.default_ttl >= 0) ttl = G.default_ttl; if (isdigit(*s)) { ttl = extract_timevalue(&s, "TTL"); if (ttl < 0) continue; class = extract_label(&s, "class or type", "temporary"); if (!class) continue; if (*class == 'i' && *(class+1) == 'n' && *(class+2) == 0) { } else if (*class == 'c' && *(class+1) == 's' && *(class+2) == 0) { bitch("CSNET class is not supported"); continue; } else if (*class == 'c' && *(class+1) == 'h' && *(class+2) == 0) { bitch("CHAOS class is not supported"); continue; } else if (*class == 'h' && *(class+1) == 's' && *(class+2) == 0) { bitch("HESIOD class is not supported"); continue; } else { rdtype = class; } } else { class = extract_label(&s, "class or type", "temporary"); if (!class) continue; if (*class == 'i' && *(class+1) == 'n' && *(class+2) == 0) { if (isdigit(*s)) { ttl = extract_timevalue(&s, "TTL"); if (ttl < 0) continue; } } else if (*class == 'c' && *(class+1) == 's' && *(class+2) == 0) { bitch("CSNET class is not supported"); continue; } else if (*class == 'c' && *(class+1) == 'h' && *(class+2) == 0) { bitch("CHAOS class is not supported"); continue; } else if (*class == 'h' && *(class+1) == 's' && *(class+2) == 0) { bitch("HESIOD class is not supported"); continue; } else { rdtype = class; } } if (!rdtype) { rdtype = extract_label(&s, "type", "temporary"); } if (!rdtype) { continue; } if (ttl < 0) { ttl = G.default_ttl; } if (ttl < 0) { bitch("ttl not specified and default is not known"); continue; } { int is_generic; int type = str2rdtype(rdtype, &is_generic); if (type <= 0) continue; if (is_generic) rr_parse_any(name, ttl, type, s); else if (type > T_MAX) rr_parse_any(name, ttl, type, s); else if (rr_methods[type].rr_parse) rr_methods[type].rr_parse(name, ttl, type, s); else rr_parse_any(name, ttl, type, s); } } if (ferror(file_info->file)) croak(1, "read error for %s", file_info->name); file_info = file_info->next; } return 0; } void open_zone_file(char *fname) { FILE *f; struct file_info *new_file_info; if (strcmp(fname, "-") == 0) { f = stdin; fname = "stdin"; } else { f = fopen(fname, "r"); } if (!f) croak(1, "open %s", fname); new_file_info = malloc(sizeof(*new_file_info) + strlen(fname) + 1); if (!new_file_info) croak(1, "malloc(file_info), %s", fname); new_file_info->next = file_info; new_file_info->file = f; new_file_info->line = 0; strcpy(new_file_info->name, fname); file_info = new_file_info; } void usage(char *err) { fprintf(stderr, "Usage:\n"); fprintf(stderr, " %s -h\n", thisprogname()); fprintf(stderr, " %s [options] zone-file\n", thisprogname()); fprintf(stderr, "Usage parameters:\n"); fprintf(stderr, "\t-h\t\tproduce usage text and quit\n"); fprintf(stderr, "\t-f\t\tquit on first validation error\n"); fprintf(stderr, "\t-p name\tperform policy check \n"); fprintf(stderr, "\t\t\tsingle-ns\n"); fprintf(stderr, "\t\t\tcname-other-data\n"); fprintf(stderr, "\t\t\tdname\n"); fprintf(stderr, "\t\t\tnsec3param-not-apex\n"); fprintf(stderr, "\t\t\tmx-alias\n"); fprintf(stderr, "\t\t\tns-alias\n"); fprintf(stderr, "\t\t\trp-txt-exists\n"); fprintf(stderr, "\t\t\tall\n"); fprintf(stderr, "\t-n N\t\tuse N worker threads\n"); fprintf(stderr, "\t-q\t\tquiet - do not produce any output\n"); fprintf(stderr, "\t-s\t\tprint validation summary/stats\n"); fprintf(stderr, "\t-v\t\tbe extra verbose\n"); fprintf(stderr, "\t-I path\tuse this path for $INCLUDE files\n"); fprintf(stderr, "\t-z origin\tuse this origin as initial $ORIGIN\n"); fprintf(stderr, "\t-t epoch-time\tuse this time instead of \"now\"\n"); exit(1); } struct rr_methods rr_methods[T_MAX+1]; static void initialize_globals(void) { int i; setenv("TZ", "GMT0", 1); tzset(); memset(&G, 0, sizeof(G)); memset(&G.opt, 0, sizeof(G.opt)); memset(&G.stats, 0, sizeof(G.stats)); G.default_ttl = -1; /* XXX orly? */ G.opt.current_time = time(NULL); for (i = 0; i <= T_MAX; i++) { rr_methods[i] = unknown_methods; } rr_methods[T_AAAA] = aaaa_methods; rr_methods[T_A] = a_methods; rr_methods[T_AFSDB] = afsdb_methods; rr_methods[T_CERT] = cert_methods; rr_methods[T_CNAME] = cname_methods; rr_methods[T_DHCID] = dhcid_methods; rr_methods[T_DLV] = dlv_methods; rr_methods[T_DNAME] = dname_methods; rr_methods[T_DNSKEY] = dnskey_methods; rr_methods[T_DS] = ds_methods; rr_methods[T_HINFO] = hinfo_methods; rr_methods[T_IPSECKEY] = ipseckey_methods; rr_methods[T_ISDN] = isdn_methods; rr_methods[T_KX] = kx_methods; rr_methods[T_L32] = l32_methods; rr_methods[T_L64] = l64_methods; rr_methods[T_LOC] = loc_methods; rr_methods[T_LP] = lp_methods; rr_methods[T_MB] = mb_methods; rr_methods[T_MG] = mg_methods; rr_methods[T_MINFO] = minfo_methods; rr_methods[T_MR] = mr_methods; rr_methods[T_MX] = mx_methods; rr_methods[T_NAPTR] = naptr_methods; rr_methods[T_NID] = nid_methods; rr_methods[T_NSAP] = nsap_methods; rr_methods[T_NSEC3PARAM] = nsec3param_methods; rr_methods[T_NSEC3] = nsec3_methods; rr_methods[T_NSEC] = nsec_methods; rr_methods[T_NS] = ns_methods; rr_methods[T_PTR] = ptr_methods; rr_methods[T_PX] = px_methods; rr_methods[T_RP] = rp_methods; rr_methods[T_RT] = rt_methods; rr_methods[T_RRSIG] = rrsig_methods; rr_methods[T_SOA] = soa_methods; rr_methods[T_SPF] = spf_methods; rr_methods[T_SRV] = srv_methods; rr_methods[T_SSHFP] = sshfp_methods; rr_methods[T_TLSA] = tlsa_methods; rr_methods[T_TXT] = txt_methods; rr_methods[T_X25] = x25_methods; } int main(int argc, char **argv) { int o; struct timeval start, stop; initialize_globals(); while ((o = getopt(argc, argv, "fhqsvI:z:t:p:n:")) != -1) { switch(o) { case 'h': usage(NULL); break; case 'f': G.opt.die_on_first_error = 1; break; case 'q': G.opt.no_output = 1; break; case 's': G.opt.summary = 1; break; case 'v': G.opt.verbose = 1; break; case 'p': if (strcmp(optarg, "all") == 0) { int i; for (i = 0; i < N_POLICY_CHECKS; i++) { G.opt.policy_checks[i] = 1; } } else if (strcmp(optarg, "single-ns") == 0) { G.opt.policy_checks[POLICY_SINGLE_NS] = 1; } else if (strcmp(optarg, "cname-other-data") == 0) { G.opt.policy_checks[POLICY_CNAME_OTHER_DATA] = 1; } else if (strcmp(optarg, "dname") == 0) { G.opt.policy_checks[POLICY_DNAME] = 1; } else if (strcmp(optarg, "dnskey") == 0) { G.opt.policy_checks[POLICY_DNSKEY] = 1; } else if (strcmp(optarg, "nsec3param-not-apex") == 0) { G.opt.policy_checks[POLICY_NSEC3PARAM_NOT_APEX] = 1; } else if (strcmp(optarg, "mx-alias") == 0) { G.opt.policy_checks[POLICY_MX_ALIAS] = 1; } else if (strcmp(optarg, "ns-alias") == 0) { G.opt.policy_checks[POLICY_NS_ALIAS] = 1; } else if (strcmp(optarg, "rp-txt-exists") == 0) { G.opt.policy_checks[POLICY_RP_TXT_EXISTS] = 1; } else if (strcmp(optarg, "tlsa-host") == 0) { G.opt.policy_checks[POLICY_TLSA_HOST] = 1; } else { usage("unknown policy name"); } break; case 'I': G.opt.include_path = optarg; break; case 'z': if (strlen(optarg) && *(optarg+strlen(optarg)-1) == '.') { G.opt.current_origin = optarg; } else if (strlen(optarg)) { G.opt.current_origin = getmem(strlen(optarg)+2); strcpy(mystpcpy(G.opt.current_origin, optarg), "."); } else { usage("origin must not be empty"); } break; case 'n': G.opt.n_threads = strtol(optarg, NULL, 10); if (G.opt.n_threads > 256) usage("non-sensical number of threads requested"); if (G.opt.verbose) fprintf(stderr, "using %d worker threads\n", G.opt.n_threads); break; case 't': G.opt.current_time = strtol(optarg, NULL, 10); if (G.opt.verbose) fprintf(stderr, "using time %d instead of \"now\"\n", G.opt.current_time); break; default: usage(NULL); } } argc -= optind; argv += optind; if (argc != 1) usage(NULL); gettimeofday(&start, NULL); open_zone_file(argv[0]); read_zone_file(); validate_zone(); verify_all_keys(); if (G.nsec3_present) { if (first_nsec3) nsec3_validate(&first_nsec3->rr); perform_remaining_nsec3checks(); } gettimeofday(&stop, NULL); if (G.opt.summary) { printf("records found: %d\n", G.stats.rr_count); printf("skipped dups: %d\n", G.stats.skipped_dup_rr_count); printf("record sets found: %d\n", G.stats.rrset_count); printf("unique names found: %d\n", G.stats.names_count); printf("delegations found: %d\n", G.stats.delegations); printf(" nsec3 records: %d\n", G.stats.nsec3_count); /* "not authoritative names" - non-empty terminals without any authoritative records */ /* delegation points count as authoritative, which might or might not be correct */ printf("not authoritative names, not counting delegation points:\n" " %d\n", G.stats.not_authoritative); printf("validation errors: %d\n", G.stats.error_count); printf("signatures verified: %d\n", G.stats.signatures_verified); printf("time taken: %.3fs\n", stop.tv_sec - start.tv_sec + (stop.tv_usec - start.tv_usec)/1000000.); } return G.exit_code; } validns-0.7/.gitignore000644 001751 000024 00000000105 11547570265 015302 0ustar00tobezstaff000000 000000 validns base64-test base32hex-test *.o *.core experiment* *.swp core validns-0.7/txt.c000644 001751 000024 00000003320 12001246533 014257 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" /* XXX Does not accept multiple character-strings */ static struct rr *txt_parse(char *name, long ttl, int type, char *s) { struct rr_txt *rr; struct binary_data txt[20]; int i; i = 0; while (*s) { if (i >= 20) return bitch("program limit: too many text segments"); txt[i] = extract_text(&s, "text segment"); if (txt[i].length < 0) return NULL; if (txt[i].length > 255) return bitch("TXT segment too long"); i++; } if (i == 0) return bitch("empty text record"); rr = getmem(sizeof(*rr) + sizeof(struct binary_data) * (i-1)); rr->count = i; for (i = 0; i < rr->count; i++) { rr->txt[i] = txt[i]; } return store_record(type, name, ttl, rr); } static char* txt_human(struct rr *rrv) { RRCAST(txt); char ss[1024]; int i; char *s = ss; int l; for (i = 0; i < rr->count; i++) { /* XXX would be nice to escape " with \ in strings */ l = snprintf(s, 1024-(s-ss), "\"%s\" ", rr->txt[i].data); s += l; } return quickstrdup_temp(ss); } static struct binary_data txt_wirerdata(struct rr *rrv) { RRCAST(txt); struct binary_data r, t; int i; r = bad_binary_data(); t.length = 0; t.data = NULL; for (i = 0; i < rr->count; i++) { r = compose_binary_data("db", 1, t, rr->txt[i]); t = r; } return r; } struct rr_methods txt_methods = { txt_parse, txt_human, txt_wirerdata, NULL, NULL }; validns-0.7/cname.c000644 001751 000024 00000003324 12015701616 014532 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *cname_parse(char *name, long ttl, int type, char *s) { struct rr_cname *rr = getmem(sizeof(*rr)); rr->cname = extract_name(&s, "cname", 0); if (!rr->cname) return NULL; if (*s) { return bitch("garbage after valid CNAME data"); } return store_record(type, name, ttl, rr); } static char* cname_human(struct rr *rrv) { RRCAST(cname); return rr->cname; } static struct binary_data cname_wirerdata(struct rr *rrv) { RRCAST(cname); return name2wire_name(rr->cname); } static void* cname_validate_set(struct rr_set *rr_set) { struct rr *rr; struct rr_set *another_set; struct named_rr *named_rr; int count; if (G.opt.policy_checks[POLICY_CNAME_OTHER_DATA]) { if (rr_set->count > 1) { rr = rr_set->tail; return moan(rr->file_name, rr->line, "CNAME and other data"); } named_rr = rr_set->named_rr; count = get_rr_set_count(named_rr); if (count > 1) { another_set = find_rr_set_in_named_rr(named_rr, T_RRSIG); if (another_set) count -= another_set->count; another_set = find_rr_set_in_named_rr(named_rr, T_NSEC); if (another_set) count -= another_set->count; if (count > 1) { rr = rr_set->tail; return moan(rr->file_name, rr->line, "CNAME and other data"); } } } return NULL; } struct rr_methods cname_methods = { cname_parse, cname_human, cname_wirerdata, cname_validate_set, NULL }; validns-0.7/README000644 001751 000024 00000001117 12133224617 014163 0ustar00tobezstaff000000 000000 validns version 0.7 validns - DNS and DNSSEC zone file validator. For installation instructions, see installation.mdwn. For usage, see usage.mdwn. For miscellaneous notes, see notes.mdwn. For technical notes, see technical-notes.mdwn. The most recent version can always be found at https://github.com/tobez/validns/ The tarballs of releases can be found at http://www.validns.net/download/ Support: - web: http://www.validns.net/ - email: mailing list validns-users@validns.net (for users and developers alike) author: tobez@tobez.org - IRC: join #validns on EFNet validns-0.7/a.c000644 001751 000024 00000002112 12001246537 013662 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *a_parse(char *name, long ttl, int type, char *s) { struct rr_a *rr = getmem(sizeof(*rr)); if (extract_ipv4(&s, "IPv4 address", &rr->address) <= 0) return NULL; if (*s) { return bitch("garbage after valid A data"); } return store_record(type, name, ttl, rr); } static char* a_human(struct rr *rrv) { RRCAST(a); char s[1024]; if (inet_ntop(AF_INET, &rr->address, s, 1024)) return quickstrdup_temp(s); return "????"; } static struct binary_data a_wirerdata(struct rr *rrv) { RRCAST(a); struct binary_data r; r.length = sizeof(rr->address); r.data = (void *)&rr->address; return r; } struct rr_methods a_methods = { a_parse, a_human, a_wirerdata, NULL, NULL }; validns-0.7/mempool.h000644 001751 000024 00000000642 12001246543 015122 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #ifndef _MEMPOOL_H #define _MEMPOOL_H 1 void mem_requirements_hint(size_t size); void *getmem(size_t size); char *quickstrdup(char *s); int freeall_temp(void); void *getmem_temp(size_t size); char *quickstrdup_temp(char *s); #endif validns-0.7/base64.c000644 001751 000024 00000012615 12001246555 014537 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "base64.h" /* * Very straightforward, ugly, unoptimized, * not much in the way of error handling. * But it works. */ int decode_base64(void *dest, char *src, size_t dstsize) { size_t processed = 0; int full_bytes = 0; unsigned char *dst = dest; while (*src) { int v; if (*src >= 'A' && *src <= 'Z') v = *src - 'A'; else if (*src >= 'a' && *src <= 'z') v = 26 + *src - 'a'; else if (*src >= '0' && *src <= '9') v = 52 + *src - '0'; else if (*src == '+') v = 62; else if (*src == '/') v = 63; else if (isspace(*src) || *src == '=') { src++; continue; } else { /* any junk chars means input is corrupted */ errno = EINVAL; return -1; } src++; if (processed % 4 == 0) { if (dstsize <= 0) { errno = EINVAL; return -1; } dst[0] &= 0x03; dst[0] |= (v << 2) & 0xFC; processed++; } else if (processed % 4 == 1) { if (dstsize < 1) { errno = EINVAL; return -1; } dst[0] &= 0xFC; dst[0] |= (v >> 4) & 0x03; if (dstsize >= 2) { dst[1] &= 0x0F; dst[1] |= (v << 4) & 0xF0; } processed++; full_bytes++; } else if (processed % 4 == 2) { if (dstsize < 2) { errno = EINVAL; return -1; } dst[1] &= 0xF0; dst[1] |= (v >> 2) & 0x0F; if (dstsize >= 3) { dst[2] &= 0x3F; dst[2] |= (v << 6) & 0xC0; } processed++; full_bytes++; } else { if (dstsize <= 2) { errno = EINVAL; return -1; } dst[2] &= 0xC0; dst[2] |= v & 0x3F; processed++; dst += 3; dstsize -= 3; full_bytes++; } } return full_bytes; } #ifdef TEST_PROGRAM static int ok_string_test(int testnum, char *src, char *expect) { unsigned char dstbuf[512]; int r, r0, i; int expect_sz = strlen(expect); if (expect_sz >= 512) { printf("test %d: NOT OK: internal *test* error, buffer too small for proper testing, FIXME\n", testnum); return 1; } memset(dstbuf, 0xAA, 512); r = decode_base64(dstbuf, src, expect_sz); if (r != expect_sz) { printf("test %d: NOT OK: expect size %d, got %d\n", testnum, expect_sz, r); return 1; } else if (memcmp(dstbuf, expect, r) != 0) { printf("test %d: NOT OK: unexpected buffer content\n", testnum); return 1; } if (dstbuf[expect_sz] != 0xAA) { printf("test %d: NOT OK: corrupts memory with \"just enough\" bufsize\n", testnum); return 1; } memset(dstbuf, 0xAA, 512); for (i = 0; i < expect_sz; i++) { r0 = decode_base64(dstbuf, src, i); if (r0 > 0) { printf("test %d: NOT OK: buffer size %d should not be enough\n", testnum, i); return 1; } if (dstbuf[i] != 0xAA) { printf("test %d: NOT OK: corrupts memory with bufsize %d\n", testnum, i); return 1; } } printf("test %d: ok\n", testnum); return 0; } static int expect_junk_error(int testnum, char *src) { char *buf[20]; int r; r = decode_base64(buf, src, 20); if (r != -1) { printf("test %d: NOT OK: junk input not recognized\n", testnum); return 1; } printf("test %d: ok\n", testnum); return 0; } int main(void) { int ret = 0; /* from http://en.wikipedia.org/wiki/Base64 */ ret |= ok_string_test(1, "bGVhc3VyZS4=", "leasure."); ret |= ok_string_test(2, "bGVhc3VyZS4", "leasure."); ret |= ok_string_test(3, "ZWFzdXJlLg==", "easure."); ret |= ok_string_test(4, "ZWFzdXJlLg=", "easure."); ret |= ok_string_test(5, "ZWFzdXJlLg", "easure."); ret |= ok_string_test(6, "YXN1cmUu", "asure."); ret |= ok_string_test(7, "c3VyZS4=", "sure."); ret |= ok_string_test(8, "c3VyZS4", "sure."); ret |= ok_string_test(9, "TWFuIGlzIGRpc3Rpbmd1aXNoZWQsIG5vdCBvbmx5IGJ5IGhpcyByZWFzb24sIGJ1dCBieSB0aGlz\n" "IHNpbmd1bGFyIHBhc3Npb24gZnJvbSBvdGhlciBhbmltYWxzLCB3aGljaCBpcyBhIGx1c3Qgb2Yg\n" "dGhlIG1pbmQsIHRoYXQgYnkgYSBwZXJzZXZlcmFuY2Ugb2YgZGVsaWdodCBpbiB0aGUgY29udGlu\n" "dWVkIGFuZCBpbmRlZmF0aWdhYmxlIGdlbmVyYXRpb24gb2Yga25vd2xlZGdlLCBleGNlZWRzIHRo\n" "ZSBzaG9ydCB2ZWhlbWVuY2Ugb2YgYW55IGNhcm5hbCBwbGVhc3VyZS4=", "Man is distinguished, not only by his reason, but by this singular passion from other animals, which is a lust of the mind, that by a perseverance of delight in the continued and indefatigable generation of knowledge, exceeds the short vehemence of any carnal pleasure."); /* from http://tools.ietf.org/html/rfc4648#section-10 */ ret |= ok_string_test(10, "", ""); ret |= ok_string_test(11, "Zg==", "f"); ret |= ok_string_test(12, "Zg=", "f"); ret |= ok_string_test(13, "Zg", "f"); ret |= ok_string_test(14, "Zm8=", "fo"); ret |= ok_string_test(15, "Zm8", "fo"); ret |= ok_string_test(16, "Zm9v", "foo"); ret |= ok_string_test(17, "Zm9vYg==", "foob"); ret |= ok_string_test(18, "Zm9vYg=", "foob"); ret |= ok_string_test(19, "Zm9vYg", "foob"); ret |= ok_string_test(20, "Zm9vYmE=", "fooba"); ret |= ok_string_test(21, "Zm9vYmE", "fooba"); ret |= ok_string_test(22, "Zm9vYmFy", "foobar"); ret |= expect_junk_error(23, "?Zm9vYmFy"); ret |= expect_junk_error(24, "Z%m9vYmFy"); ret |= expect_junk_error(25, "Zm&9vYmFy"); ret |= expect_junk_error(26, "Zm9-vYmFy"); ret |= expect_junk_error(27, "Zm9v*YmFy"); ret |= expect_junk_error(28, "Zm9vY#mFy"); ret |= expect_junk_error(29, "Zm9vYm\x01Fy"); ret |= expect_junk_error(30, "Zm9vYmF!y"); ret |= expect_junk_error(31, "Zm9vYmFy."); return ret; } #endif validns-0.7/mempool.c000644 001751 000024 00000004306 12001246560 015115 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include "mempool.h" #include "carp.h" struct pool { struct pool *next; size_t pool_size; size_t free_index; char mem[0]; }; static struct pool *freespace = NULL; static struct pool *temp_freespace = NULL; static void new_pool(size_t size) { struct pool *pool; size = (size + sizeof(void *) - 1) / sizeof(void *); size *= sizeof(void *); pool = malloc(size + sizeof(struct pool)); if (!pool) croak(1, "new_pool malloc"); pool->next = freespace; pool->free_index = 0; pool->pool_size = size; freespace = pool; } void mem_requirements_hint(size_t size) { if (freespace) return; new_pool(size); } void *getmem(size_t size) { void *ret; size = (size + sizeof(void *) - 1) / sizeof(void *); size *= sizeof(void *); if (!freespace) new_pool(size > 256000 ? size : 256000); if (freespace->pool_size - freespace->free_index < size) new_pool(size > 256000 ? size : 256000); ret = freespace->mem + freespace->free_index; freespace->free_index += size; return ret; } void *getmem_temp(size_t size) { void *ret; size = (size + sizeof(void *) - 1) / sizeof(void *); size *= sizeof(void *); if (!temp_freespace) { size_t pool_size = size > 1024*1024 ? size : 1024*1024; pool_size = (pool_size + sizeof(void *) - 1) / sizeof(void *); pool_size *= sizeof(void *); temp_freespace = malloc(pool_size + sizeof(struct pool)); if (!temp_freespace) croak(1, "getmem_temp malloc"); temp_freespace->next = NULL; temp_freespace->free_index = 0; temp_freespace->pool_size = pool_size; } if (temp_freespace->pool_size - temp_freespace->free_index < size) croak(1, "getmem_temp request too large"); ret = temp_freespace->mem + temp_freespace->free_index; temp_freespace->free_index += size; return ret; } int freeall_temp(void) { if (temp_freespace) { temp_freespace->free_index = 0; } return 1; } char *quickstrdup(char *s) { char *r = getmem(strlen(s)+1); return strcpy(r, s); } char *quickstrdup_temp(char *s) { char *r = getmem_temp(strlen(s)+1); return strcpy(r, s); } validns-0.7/base64.h000644 001751 000024 00000000441 12001246565 014537 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #ifndef _BASE64_H_ #define _BASE64_H_ 1 int decode_base64(void *dst, char *src, size_t dstsize); #endif validns-0.7/rr.h000644 001751 000024 00000024501 12131600726 014076 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011-2013 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #ifndef _RR_H #define _RR_H 1 #define T_A 1 #define T_NS 2 #define T_CNAME 5 #define T_SOA 6 #define T_MB 7 #define T_MG 8 #define T_MR 9 #define T_PTR 12 #define T_HINFO 13 #define T_MINFO 14 #define T_MX 15 #define T_TXT 16 #define T_RP 17 #define T_AFSDB 18 #define T_X25 19 #define T_ISDN 20 #define T_RT 21 #define T_NSAP 22 #define T_PX 26 #define T_AAAA 28 #define T_LOC 29 #define T_SRV 33 #define T_NAPTR 35 #define T_KX 36 #define T_CERT 37 #define T_DNAME 39 #define T_DS 43 #define T_SSHFP 44 #define T_IPSECKEY 45 #define T_RRSIG 46 #define T_NSEC 47 #define T_DNSKEY 48 #define T_DHCID 49 #define T_NSEC3 50 #define T_NSEC3PARAM 51 #define T_TLSA 52 #define T_SPF 99 #define T_NID 104 #define T_L32 105 #define T_L64 106 #define T_LP 107 #define T_DLV 32769 #define T_MAX 32769 #define ALG_DSA 3 #define ALG_RSASHA1 5 #define ALG_DSA_NSEC3_SHA1 6 #define ALG_RSASHA1_NSEC3_SHA1 7 #define ALG_RSASHA256 8 #define ALG_RSASHA512 10 #define ALG_ECCGOST 12 #define ALG_ECDSAP256SHA256 13 #define ALG_ECDSAP384SHA384 14 #define ALG_PRIVATEDNS 253 #define ALG_PRIVATEOID 254 #define ALG_UNSUPPORTED 0 #define ALG_DSA_FAMILY 1 #define ALG_RSA_FAMILY 2 #define ALG_PRIVATE_FAMILY 3 #define ALG_ECC_FAMILY 4 #define RRCAST(t) struct rr_ ## t *rr = (struct rr_ ## t *)rrv struct cbtree; extern struct cbtree zone_data; extern char *zone_apex; extern int zone_apex_l; struct named_rr; struct rr_set; struct rr; typedef struct rr* (*rr_parse_func)(char *, long, int, char *); typedef char* (*rr_human_func)(struct rr*); typedef struct binary_data (*rr_wire_func)(struct rr*); typedef void* (*rr_validate_set_func)(struct rr_set*); typedef void* (*rr_validate_func)(struct rr*); struct rr_methods { rr_parse_func rr_parse; rr_human_func rr_human; rr_wire_func rr_wire; rr_validate_set_func rr_validate_set; rr_validate_func rr_validate; }; extern struct rr_methods rr_methods[T_MAX+1]; extern struct rr_methods unknown_methods; struct binary_data call_get_wired(struct rr *rr); struct rr *rr_parse_any(char *name, long ttl, int type, char *s); char* any_human(struct rr *rrv); struct binary_data any_wirerdata(struct rr *rrv); int name_belongs_to_zone(const char *name); void validate_record(struct rr *rr); void validate_zone(void); struct rr *store_record(int rdtype, char *name, long ttl, void *rrptr); int str2rdtype(char *rdtype, int *is_generic); char *rdtype2str(int type); struct named_rr *find_named_rr(char *name); struct named_rr *find_next_named_rr(struct named_rr *named_rr); struct rr_set *find_rr_set(int rdtype, char *name); struct rr_set *find_rr_set_in_named_rr(struct named_rr *named_rr, int rdtype); uint32_t get_rr_set_count(struct named_rr *named_rr); struct binary_data name2wire_name(char *s); int algorithm_type(int alg); int extract_algorithm(char **s, char *what); #define NAME_FLAG_APEX 1 #define NAME_FLAG_HAS_RECORDS 2 #define NAME_FLAG_DELEGATION 4 #define NAME_FLAG_NOT_AUTHORITATIVE 8 #define NAME_FLAG_NSEC3_ONLY 16 #define NAME_FLAG_KIDS_WITH_RECORDS 32 #define NAME_FLAG_SIGNED_DELEGATION 64 #define NAME_FLAG_APEX_PARENT 128 #define NAME_FLAG_THIS_WITH_RECORDS 256 struct named_rr { char *name; void *rr_sets; int line; char *file_name; uint32_t flags; struct named_rr *parent; }; struct rr_set { struct rr* head; struct rr* tail; struct named_rr *named_rr; int rdtype; int count; }; struct rr { struct rr* next; struct rr* prev; struct rr_set *rr_set; int ttl; int rdtype; int line; int is_generic; char *file_name; }; struct rr_any { struct rr rr; struct binary_data data; }; struct rr_a { struct rr rr; struct in_addr address; }; extern struct rr_methods a_methods; struct rr_soa { struct rr rr; uint32_t serial; int refresh, retry, expire, minimum; char *rname; char *mname; }; extern struct rr_methods soa_methods; struct rr_ns { struct rr rr; char *nsdname; }; extern struct rr_methods ns_methods; struct rr_dhcid { struct rr rr; int id_type; int digest_type; struct binary_data digest; }; extern struct rr_methods dhcid_methods; struct rr_txt { struct rr rr; int count; struct binary_data txt[1]; }; extern struct rr_methods txt_methods; struct rr_tlsa { struct rr rr; uint8_t cert_usage; uint8_t selector; uint8_t matching_type; struct binary_data association_data; }; extern struct rr_methods tlsa_methods; struct rr_ipseckey { struct rr rr; uint8_t precedence; uint8_t gateway_type; uint8_t algorithm; union { char *gateway_none; /* gateway_type == 0 */ struct in_addr gateway_ipv4; /* gateway_type == 1 */ struct in6_addr gateway_ipv6; /* gateway_type == 2 */ char *gateway_name; /* gateway_type == 3 */ } gateway; struct binary_data public_key; }; extern struct rr_methods ipseckey_methods; struct rr_nid { struct rr rr; uint16_t preference; uint64_t node_id; }; extern struct rr_methods nid_methods; struct rr_l32 { struct rr rr; uint16_t preference; uint32_t locator32; }; extern struct rr_methods l32_methods; struct rr_l64 { struct rr rr; uint16_t preference; uint64_t locator64; }; extern struct rr_methods l64_methods; struct rr_lp { struct rr rr; uint16_t preference; char *fqdn; }; extern struct rr_methods lp_methods; struct rr_naptr { struct rr rr; uint16_t order; uint16_t preference; struct binary_data flags; struct binary_data services; struct binary_data regexp; char *replacement; }; extern struct rr_methods naptr_methods; struct rr_nsec { struct rr rr; char *next_domain; struct binary_data type_bitmap; }; extern struct rr_methods nsec_methods; void validate_nsec_chain(void); struct rr_nsec3 { struct rr rr; uint8_t hash_algorithm; uint8_t flags; uint16_t iterations; struct binary_data salt; struct binary_data next_hashed_owner; struct binary_data type_bitmap; struct binary_data this_hashed_name; struct named_rr *corresponding_name; struct rr_nsec3 *next_nsec3; }; extern struct rr_methods nsec3_methods; struct rr_nsec3param { struct rr rr; uint8_t hash_algorithm; uint8_t flags; uint16_t iterations; struct binary_data salt; }; extern struct rr_methods nsec3param_methods; extern struct rr *nsec3param; struct rr_rrsig { struct rr rr; uint16_t type_covered; int algorithm; int labels; int orig_ttl; uint32_t sig_expiration; uint32_t sig_inception; uint16_t key_tag; char *signer; struct binary_data signature; }; extern struct rr_methods rrsig_methods; struct rr_srv { struct rr rr; uint16_t priority; uint16_t weight; uint16_t port; char *target; }; extern struct rr_methods srv_methods; struct rr_cname { struct rr rr; char *cname; }; extern struct rr_methods cname_methods; struct rr_mb { struct rr rr; char *madname; }; extern struct rr_methods mb_methods; struct rr_mg { struct rr rr; char *mgmname; }; extern struct rr_methods mg_methods; struct rr_minfo { struct rr rr; char *rmailbx; char *emailbx; }; extern struct rr_methods minfo_methods; struct rr_mr { struct rr rr; char *newname; }; extern struct rr_methods mr_methods; struct rr_dname { struct rr rr; char *target; }; extern struct rr_methods dname_methods; struct rr_aaaa { struct rr rr; struct in6_addr address; }; extern struct rr_methods aaaa_methods; struct rr_mx { struct rr rr; int preference; char *exchange; }; extern struct rr_methods mx_methods; struct rr_rt { struct rr rr; int preference; char *intermediate_host; }; extern struct rr_methods rt_methods; struct rr_afsdb { struct rr rr; int subtype; char *hostname; }; extern struct rr_methods afsdb_methods; struct rr_x25 { struct rr rr; struct binary_data psdn_address; }; extern struct rr_methods x25_methods; struct rr_isdn { struct rr rr; struct binary_data isdn_address; struct binary_data sa; int sa_present; }; extern struct rr_methods isdn_methods; struct rr_px { struct rr rr; int preference; char *map822; char *mapx400; }; extern struct rr_methods px_methods; struct rr_kx { struct rr rr; int preference; char *exchanger; }; extern struct rr_methods kx_methods; struct rr_dnskey { struct rr rr; uint16_t flags; uint8_t protocol; uint8_t algorithm; struct binary_data pubkey; /* calculated */ uint16_t key_tag; int pkey_built; void *pkey; }; extern struct rr_methods dnskey_methods; int dnskey_build_pkey(struct rr_dnskey *rr); struct rr_ds { struct rr rr; uint16_t key_tag; uint8_t algorithm; uint8_t digest_type; struct binary_data digest; }; extern struct rr_methods ds_methods; struct rr_dlv { struct rr rr; uint16_t key_tag; uint8_t algorithm; uint8_t digest_type; struct binary_data digest; }; extern struct rr_methods dlv_methods; struct rr_nsap { struct rr rr; struct binary_data data; }; extern struct rr_methods nsap_methods; struct rr_hinfo { struct rr rr; struct binary_data cpu; struct binary_data os; }; extern struct rr_methods hinfo_methods; struct rr_rp { struct rr rr; char *mbox_dname; char *txt_dname; }; extern struct rr_methods rp_methods; struct rr_loc { struct rr rr; uint8_t version; uint8_t size; uint8_t horiz_pre; uint8_t vert_pre; uint32_t latitude; uint32_t longitude; uint32_t altitude; }; extern struct rr_methods loc_methods; struct rr_ptr { struct rr rr; char *ptrdname; }; extern struct rr_methods ptr_methods; struct rr_sshfp { struct rr rr; uint8_t algorithm; uint8_t fp_type; struct binary_data fingerprint; }; extern struct rr_methods sshfp_methods; struct rr_spf { struct rr rr; int count; struct binary_data spf[1]; }; extern struct rr_methods spf_methods; struct rr_cert { struct rr rr; uint16_t type; uint16_t key_tag; int algorithm; struct binary_data certificate; }; extern struct rr_methods cert_methods; extern struct rr_nsec3 *first_nsec3; extern struct rr_nsec3 *latest_nsec3; extern void verify_all_keys(void); extern void* nsec3_validate(struct rr *rrv); extern void *remember_nsec3(char *name, struct rr_nsec3 *rr); extern void perform_remaining_nsec3checks(void); extern void *check_typemap(struct binary_data type_bitmap, struct named_rr *named_rr, struct rr *reference_rr); #endif validns-0.7/common.h000644 001751 000024 00000002623 12111430324 014735 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #ifndef _COMMON_H_ #define _COMMON_H_ 1 struct file_info { struct file_info *next; FILE *file; int line; int paren_mode; char buf[2048]; char name[0]; }; extern struct file_info *file_info; #define N_POLICY_CHECKS 9 #define POLICY_SINGLE_NS 0 #define POLICY_CNAME_OTHER_DATA 1 #define POLICY_NSEC3PARAM_NOT_APEX 2 #define POLICY_MX_ALIAS 3 #define POLICY_NS_ALIAS 4 #define POLICY_RP_TXT_EXISTS 5 #define POLICY_DNAME 6 #define POLICY_DNSKEY 7 #define POLICY_TLSA_HOST 8 struct globals { struct stats { int names_count; int rr_count; int rrset_count; int error_count; int skipped_dup_rr_count; int soa_rr_count; int signatures_verified; int delegations; int not_authoritative; int nsec3_count; } stats; struct command_line_options { int die_on_first_error; int no_output; int summary; int verbose; char *include_path; char *current_origin; uint32_t current_time; char policy_checks[N_POLICY_CHECKS]; int n_threads; } opt; int exit_code; long default_ttl; int nsec3_present; int nsec3_opt_out_present; int dnssec_active; }; extern struct globals G; #define SHA1_BYTES 20 #define SHA256_BYTES 32 #define SHA512_BYTES 64 /* GOST R 34.11-94 - 32 bytes */ #define GOST_BYTES 32 #endif validns-0.7/rrsig.c000644 001751 000024 00000027303 12111430324 014570 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" struct verification_data { struct verification_data *next; EVP_MD_CTX ctx; struct rr_dnskey *key; struct rr_rrsig *rr; int ok; }; struct keys_to_verify { struct keys_to_verify *next; struct rr_rrsig *rr; struct rr_set *signed_set; int n_keys; struct verification_data to_verify[1]; }; static struct keys_to_verify *all_keys_to_verify = NULL; static struct rr* rrsig_parse(char *name, long ttl, int type, char *s) { struct rr_rrsig *rr = getmem(sizeof(*rr)); int type_covered, key_tag; char *str_type_covered; struct binary_data sig; long long ts; str_type_covered = extract_label(&s, "type covered", "temporary"); if (!str_type_covered) return NULL; type_covered = str2rdtype(str_type_covered, NULL); if (type_covered <= 0 || type_covered > 65535) return NULL; rr->type_covered = type_covered; rr->algorithm = extract_algorithm(&s, "algorithm"); if (rr->algorithm == ALG_UNSUPPORTED) return NULL; if (rr->algorithm == ALG_PRIVATEDNS || rr->algorithm == ALG_PRIVATEOID) { return bitch("private algorithms are not supported in RRSIG"); } rr->labels = extract_integer(&s, "labels"); if (rr->labels < 0) return NULL; /* TODO validate labels, see http://tools.ietf.org/html/rfc4034#section-3.1.3 */ rr->orig_ttl = extract_timevalue(&s, "original TTL"); if (rr->orig_ttl < 0) return NULL; ts = extract_timestamp(&s, "signature expiration"); if (ts < 0) return NULL; rr->sig_expiration = ts; ts = extract_timestamp(&s, "signature inception"); if (ts < 0) return NULL; rr->sig_inception = ts; key_tag = extract_integer(&s, "key tag"); if (key_tag < 0) return NULL; rr->key_tag = key_tag; rr->signer = extract_name(&s, "signer name", 0); if (!rr->signer) return NULL; /* TODO validate signer name, http://tools.ietf.org/html/rfc4034#section-3.1.7 */ sig = extract_base64_binary_data(&s, "signature"); if (sig.length < 0) return NULL; /* TODO validate signature length based on algorithm */ rr->signature = sig; if (*s) { return bitch("garbage after valid RRSIG data"); } G.dnssec_active = 1; return store_record(type, name, ttl, rr); } static char* rrsig_human(struct rr *rrv) { // RRCAST(rrsig); // char s[1024]; //snprintf(s, 1024, "SOA %s %s %d %d %d %d %d", // rr->mname, rr->rname, rr->serial, // rr->refresh, rr->retry, rr->expire, rr->minimum); //return quickstrdup_temp(s); return NULL; } static struct binary_data rrsig_wirerdata_ex(struct rr *rrv, int with_signature) { RRCAST(rrsig); struct binary_data bd; bd = compose_binary_data("2114442d", 1, rr->type_covered, rr->algorithm, rr->labels, rr->orig_ttl, rr->sig_expiration, rr->sig_inception, rr->key_tag, name2wire_name(rr->signer)); if (with_signature) { return compose_binary_data("dd", 1, bd, rr->signature); } return bd; } static struct binary_data rrsig_wirerdata(struct rr *rrv) { return rrsig_wirerdata_ex(rrv, 1); } struct rr_with_wired { struct rr *rr; struct binary_data wired; }; static int compare_rr_with_wired(const void *va, const void *vb) { const struct rr_with_wired *a = va; const struct rr_with_wired *b = vb; int r; if (a->wired.length == b->wired.length) { return memcmp(a->wired.data, b->wired.data, a->wired.length); } else if (a->wired.length < b->wired.length) { r = memcmp(a->wired.data, b->wired.data, a->wired.length); if (r != 0) return r; return -1; } else { r = memcmp(a->wired.data, b->wired.data, b->wired.length); if (r != 0) return r; return 1; } } static struct verification_data *verification_queue = NULL; static int verification_queue_size = 0; static pthread_mutex_t queue_lock; static int workers_started = 0; static pthread_t *workers; void *verification_thread(void *dummy) { struct verification_data *d; struct timespec sleep_time; while (1) { if (pthread_mutex_lock(&queue_lock) != 0) croak(1, "pthread_mutex_lock"); d = verification_queue; if (d) { verification_queue = d->next; G.stats.signatures_verified++; } if (pthread_mutex_unlock(&queue_lock) != 0) croak(1, "pthread_mutex_unlock"); if (d) { d->next = NULL; if (EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey) == 1) d->ok = 1; if (pthread_mutex_lock(&queue_lock) != 0) croak(1, "pthread_mutex_lock"); verification_queue_size--; if (pthread_mutex_unlock(&queue_lock) != 0) croak(1, "pthread_mutex_unlock"); } else { sleep_time.tv_sec = 0; sleep_time.tv_nsec = 10000000; nanosleep(&sleep_time, NULL); } } } static void start_workers(void) { int i; if (workers_started) return; if (G.opt.verbose) fprintf(stderr, "starting workers for signature verification\n"); workers = getmem(sizeof(*workers)*G.opt.n_threads); for (i = 0; i < G.opt.n_threads; i++) { if (pthread_create(&workers[i], NULL, verification_thread, NULL) != 0) croak(1, "pthread_create"); } workers_started = 1; } static void schedule_verification(struct verification_data *d) { int cur_size; if (G.opt.n_threads > 1) { if (pthread_mutex_lock(&queue_lock) != 0) croak(1, "pthread_mutex_lock"); d->next = verification_queue; verification_queue = d; verification_queue_size++; cur_size = verification_queue_size; if (pthread_mutex_unlock(&queue_lock) != 0) croak(1, "pthread_mutex_unlock"); if (!workers_started && cur_size >= G.opt.n_threads) start_workers(); } else { G.stats.signatures_verified++; if (EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey) == 1) d->ok = 1; } } static int verify_signature(struct verification_data *d, struct rr_set *signed_set) { uint16_t b2; uint32_t b4; struct binary_data chunk; struct rr_with_wired *set; struct rr *signed_rr; int i; EVP_MD_CTX_init(&d->ctx); switch (d->rr->algorithm) { case ALG_DSA: case ALG_RSASHA1: case ALG_DSA_NSEC3_SHA1: case ALG_RSASHA1_NSEC3_SHA1: if (EVP_VerifyInit(&d->ctx, EVP_sha1()) != 1) return 0; break; case ALG_RSASHA256: if (EVP_VerifyInit(&d->ctx, EVP_sha256()) != 1) return 0; break; case ALG_RSASHA512: if (EVP_VerifyInit(&d->ctx, EVP_sha512()) != 1) return 0; break; default: return 0; } chunk = rrsig_wirerdata_ex(&d->rr->rr, 0); if (chunk.length < 0) return 0; EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length); set = getmem_temp(sizeof(*set) * signed_set->count); signed_rr = signed_set->tail; i = 0; while (signed_rr) { set[i].rr = signed_rr; set[i].wired = call_get_wired(signed_rr); if (set[i].wired.length < 0) return 0; i++; signed_rr = signed_rr->next; } qsort(set, signed_set->count, sizeof(*set), compare_rr_with_wired); for (i = 0; i < signed_set->count; i++) { chunk = name2wire_name(signed_set->named_rr->name); if (chunk.length < 0) return 0; EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length); b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(&d->ctx, &b2, 2); b2 = htons(1); /* class IN */ EVP_VerifyUpdate(&d->ctx, &b2, 2); b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(&d->ctx, &b4, 4); b2 = htons(set[i].wired.length); EVP_VerifyUpdate(&d->ctx, &b2, 2); EVP_VerifyUpdate(&d->ctx, set[i].wired.data, set[i].wired.length); } schedule_verification(d); return 1; } static void *rrsig_validate(struct rr *rrv) { RRCAST(rrsig); struct named_rr *named_rr; struct rr_set *signed_set; struct rr_dnskey *key = NULL; struct rr_set *dnskey_rr_set; int candidate_keys = 0; struct keys_to_verify *candidates; int i = 0; named_rr = rr->rr.rr_set->named_rr; if (G.opt.current_time < rr->sig_inception) { return moan(rr->rr.file_name, rr->rr.line, "%s signature is too new", named_rr->name); } if (G.opt.current_time > rr->sig_expiration) { return moan(rr->rr.file_name, rr->rr.line, "%s signature is too old", named_rr->name); } signed_set = find_rr_set_in_named_rr(named_rr, rr->type_covered); if (!signed_set) { return moan(rr->rr.file_name, rr->rr.line, "%s RRSIG exists for non-existing type %s", named_rr->name, rdtype2str(rr->type_covered)); } if (signed_set->tail->ttl != rr->orig_ttl) { return moan(rr->rr.file_name, rr->rr.line, "%s RRSIG's original TTL differs from corresponding record's", named_rr->name); } dnskey_rr_set = find_rr_set(T_DNSKEY, rr->signer); if (!dnskey_rr_set) { return moan(rr->rr.file_name, rr->rr.line, "%s RRSIG(%s): cannot find a signer key (%s)", named_rr->name, rdtype2str(rr->type_covered), rr->signer); } key = (struct rr_dnskey *)dnskey_rr_set->tail; while (key) { if (key->algorithm == rr->algorithm && key->key_tag == rr->key_tag) { candidate_keys++; dnskey_build_pkey(key); } key = (struct rr_dnskey *)key->rr.next; } if (candidate_keys == 0) return moan(rr->rr.file_name, rr->rr.line, "%s RRSIG(%s): cannot find the right signer key (%s)", named_rr->name, rdtype2str(rr->type_covered), rr->signer); candidates = getmem(sizeof(struct keys_to_verify) + (candidate_keys-1) * sizeof(struct verification_data)); candidates->next = all_keys_to_verify; candidates->rr = rr; candidates->signed_set = signed_set; candidates->n_keys = candidate_keys; all_keys_to_verify = candidates; key = (struct rr_dnskey *)dnskey_rr_set->tail; while (key) { if (key->algorithm == rr->algorithm && key->key_tag == rr->key_tag) { candidates->to_verify[i].key = key; candidates->to_verify[i].rr = rr; candidates->to_verify[i].ok = 0; candidates->to_verify[i].next = NULL; i++; } key = (struct rr_dnskey *)key->rr.next; } return rr; } static pthread_mutex_t *lock_cs; static long *lock_count; static unsigned long pthreads_thread_id(void) { unsigned long ret; ret=(unsigned long)pthread_self(); return(ret); } static void pthreads_locking_callback(int mode, int type, char *file, int line) { if (mode & CRYPTO_LOCK) { pthread_mutex_lock(&(lock_cs[type])); lock_count[type]++; } else { pthread_mutex_unlock(&(lock_cs[type])); } } void verify_all_keys(void) { struct keys_to_verify *k = all_keys_to_verify; int i; struct timespec sleep_time; if (G.opt.n_threads > 1) { lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); for (i = 0; i < CRYPTO_num_locks(); i++) { lock_count[i] = 0; pthread_mutex_init(&lock_cs[i],NULL); } CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id); CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback); if (pthread_mutex_init(&queue_lock, NULL) != 0) croak(1, "pthread_mutex_init"); } while (k) { freeall_temp(); for (i = 0; i < k->n_keys; i++) { if (dnskey_build_pkey(k->to_verify[i].key)) verify_signature(&k->to_verify[i], k->signed_set); } k = k->next; } start_workers(); /* this is needed in case n_threads is greater than the number of signatures to verify */ while (verification_queue_size > 0) { sleep_time.tv_sec = 0; sleep_time.tv_nsec = 10000000; nanosleep(&sleep_time, NULL); } k = all_keys_to_verify; while (k) { int ok = 0; for (i = 0; i < k->n_keys; i++) { if (k->to_verify[i].ok) { ok = 1; break; } } if (!ok) { struct named_rr *named_rr; named_rr = k->rr->rr.rr_set->named_rr; moan(k->rr->rr.file_name, k->rr->rr.line, "%s RRSIG(%s): cannot verify the signature", named_rr->name, rdtype2str(k->rr->type_covered), k->rr->signer); } k = k->next; } } struct rr_methods rrsig_methods = { rrsig_parse, rrsig_human, rrsig_wirerdata, NULL, rrsig_validate }; validns-0.7/mx.c000644 001751 000024 00000002707 12015701621 014073 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *mx_parse(char *name, long ttl, int type, char *s) { struct rr_mx *rr = getmem(sizeof(*rr)); rr->preference = extract_integer(&s, "MX preference"); if (rr->preference < 0) return NULL; /* XXX preference range check */ rr->exchange = extract_name(&s, "MX exchange", 0); if (!rr->exchange) return NULL; if (*s) { return bitch("garbage after valid MX data"); } return store_record(type, name, ttl, rr); } static char* mx_human(struct rr *rrv) { RRCAST(mx); char s[1024]; snprintf(s, 1024, "%d %s", rr->preference, rr->exchange); return quickstrdup_temp(s); } static struct binary_data mx_wirerdata(struct rr *rrv) { RRCAST(mx); return compose_binary_data("2d", 1, rr->preference, name2wire_name(rr->exchange)); } static void *mx_validate(struct rr *rrv) { RRCAST(mx); if (G.opt.policy_checks[POLICY_MX_ALIAS]) { if (find_rr_set(T_CNAME, rr->exchange)) { return moan(rr->rr.file_name, rr->rr.line, "MX exchange is an alias"); } } return NULL; } struct rr_methods mx_methods = { mx_parse, mx_human, mx_wirerdata, NULL, mx_validate }; validns-0.7/notes.mdwn000644 001751 000024 00000001212 11547570265 015331 0ustar00tobezstaff000000 000000 # validns notes ## OMISSIONS A number of corners were cut to assume the most usual way of doing things. Therefore, in many cases, `validns` currently does not strictly adhere to various standards. In particular, it should be possible (and easy) to construct a perfectly valid zone file which `validns` will report as problematic. It is expected that those cases will be all fixed over time. But if you have a valid zone which `validns` cannot parse, please do report this fact to the author, with examples. If there is a need for the community to fix a particular omission, it will be fixed sooner. Needless to say, patches are always welcome. validns-0.7/ns.c000644 001751 000024 00000003302 12015701624 014062 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *ns_parse(char *name, long ttl, int type, char *s) { struct rr_ns *rr = getmem(sizeof(*rr)); struct rr *ret_rr; rr->nsdname = extract_name(&s, "name server domain name", 0); if (!rr->nsdname) return NULL; if (*s) { return bitch("garbage after valid NS data"); } ret_rr = store_record(type, name, ttl, rr); if (ret_rr) { if (!(ret_rr->rr_set->named_rr->flags & (NAME_FLAG_APEX|NAME_FLAG_DELEGATION))) { ret_rr->rr_set->named_rr->flags |= NAME_FLAG_DELEGATION; G.stats.delegations++; } } return ret_rr; } static char* ns_human(struct rr *rrv) { RRCAST(ns); return rr->nsdname; } static struct binary_data ns_wirerdata(struct rr *rrv) { RRCAST(ns); return name2wire_name(rr->nsdname); } static void* ns_validate_set(struct rr_set *rr_set) { struct rr *rr; if (G.opt.policy_checks[POLICY_SINGLE_NS]) { if (rr_set->count < 2) { rr = rr_set->tail; return moan(rr->file_name, rr->line, "there should be at least two NS records per name"); } } return NULL; } static void *ns_validate(struct rr *rrv) { RRCAST(ns); if (G.opt.policy_checks[POLICY_NS_ALIAS]) { if (find_rr_set(T_CNAME, rr->nsdname)) { return moan(rr->rr.file_name, rr->rr.line, "NS data is an alias"); } } return NULL; } struct rr_methods ns_methods = { ns_parse, ns_human, ns_wirerdata, ns_validate_set, ns_validate }; validns-0.7/rr.c000644 001751 000024 00000047731 12131606456 014111 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011-2013 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "common.h" #include "mempool.h" #include "carp.h" #include "textparse.h" #include "rr.h" #include "cbtree.h" static char* rdtype2str_map[T_MAX+1] = { "0", "A", "NS", "MD", "MF", "CNAME", /* 5 */ "SOA", "MB", "MG", "MR", "NULL", /* 10 */ "WKS", "PTR", "HINFO", "MINFO", "MX", /* 15 */ "TXT", "RP", "AFSDB", "X25", "ISDN", /* 20 */ "RT", "NSAP", "NSAP-PTR", "SIG", "KEY", /* 25 */ "PX", "GPOS", "AAAA", "LOC", "NXT", /* 30 */ "EID", "NIMLOC", "SRV", "ATMA", "NAPTR", /* 35 */ "KX", "CERT", "A6", "DNAME", "SINK", /* 40 */ "OPT", "APL", "DS", "SSHFP", "IPSECKEY", /* 45 */ "RRSIG", "NSEC", "DNSKEY", "DHCID", "NSEC3", /* 50 */ "NSEC3PARAM", "TLSA", 0, 0, 0, 0, 0, 0, 0, 0, /* 60 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 70 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 80 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 90 */ 0, 0, 0, 0, 0, 0, 0, 0, "SPF", 0, /* 100 */ 0, 0, 0, "NID", "L32", "L64", "LP", }; struct cbtree zone_data = {NULL}; char *zone_apex = NULL; int zone_apex_l = 0; char *rdtype2str(int type) { char s[10]; char *r; if (type < 0 || type > 65535) { return "???"; } if (type > T_MAX) { sprintf(s, "TYPE%d", type); return quickstrdup_temp(s); } r = rdtype2str_map[type]; if (r) return r; if (type == 32769) { return rdtype2str_map[type] = "DLV"; } sprintf(s, "TYPE%d", type); return quickstrdup_temp(s); } static unsigned char *name2findable_name(char *s) { int l = strlen(s); unsigned char *res = getmem_temp(l+1); unsigned char *r = res; int i; if (l > 0 && s[l-1] == '.') l--; while (--l >= 0) { i = l; while (i >= 0 && s[i] != '.') i--; memcpy(r, s+i+1, l-i); r += l-i; *r = '\x01'; r++; l = i; } if (r > res) r--; *r = 0; return res; } struct binary_data name2wire_name(char *s) { unsigned char *res = getmem_temp(strlen(s)+2); unsigned char *r = res; unsigned char *c = res; struct binary_data toret; r++; *c = 0; while (*s) { if (*s != '.') { *r++ = *s++; } else { *c = (unsigned char)(r-c-1); c = r; *c = 0; r++; s++; } } *c = (unsigned char)(r-c-1); toret.length = r-res; toret.data = (char*)res; if (toret.length == 2) /* "." is just 00, not 00 00 */ toret.length = 1; return toret; } static struct named_rr *find_or_create_named_rr(char *name) { struct named_rr *named_rr = find_named_rr(name); if (!named_rr) { struct named_rr **named_rr_slot; char *s; named_rr = getmem(sizeof(struct named_rr)); named_rr->name = quickstrdup(name); named_rr->rr_sets = NULL; named_rr->line = file_info->line; named_rr->file_name = file_info->name; named_rr->flags = 0; named_rr->parent = NULL; named_rr_slot = (void *)cbtree_insert(&zone_data, (char *)name2findable_name(name)); if (!named_rr_slot) croak(2, "find_or_create_named_rr: tree insertion failed"); if (*named_rr_slot) croak(3, "find_or_create_named_rr: assertion error, %s should not be there", name); *named_rr_slot = named_rr; G.stats.names_count++; s = strchr(name, '.'); if (s && s[1] != '\0') { named_rr->parent = find_or_create_named_rr(s+1); } } return named_rr; } static struct rr_set *find_or_create_rr_set(struct named_rr *named_rr, int rdtype) { struct rr_set *rr_set = find_rr_set_in_named_rr(named_rr, rdtype); if (!rr_set) { struct rr_set **rr_set_slot; rr_set = getmem(sizeof(struct rr_set)); rr_set->head = NULL; rr_set->tail = NULL; rr_set->named_rr = named_rr; rr_set->rdtype = rdtype; rr_set->count = 0; JLI(rr_set_slot, named_rr->rr_sets, rdtype); if (rr_set_slot == PJERR) croak(2, "find_or_create_rr_set: JLI failed"); if (*rr_set_slot) croak(3, "find_or_create_rr_set: assertion error, %s/%s should not be there", named_rr->name, rdtype2str(rdtype)); *rr_set_slot = rr_set; G.stats.rrset_count++; } return rr_set; } int name_belongs_to_zone(const char *name) { int name_l; name_l = strlen(name); if (zone_apex && name_l >= zone_apex_l) { if (strcmp(zone_apex, name+name_l-zone_apex_l) != 0) { return 0; } else if (name_l > zone_apex_l && name[name_l-zone_apex_l-1] != '.') { return 0; } } else { if (zone_apex) { return 0; } else { // XXX this is actually very bad, zone apex is not know return 0; } } return 1; } struct binary_data call_get_wired(struct rr *rr) { rr_wire_func get_wired; if (rr->rdtype > T_MAX || rr->is_generic) get_wired = any_wirerdata; else get_wired = rr_methods[rr->rdtype].rr_wire; if (!get_wired) return bad_binary_data(); return get_wired(rr); } struct rr *store_record(int rdtype, char *name, long ttl, void *rrptr) { struct rr *rr = rrptr; struct named_rr *named_rr; struct rr_set *rr_set; int name_l; int apex_assigned = 0; int is_generic = 0; if (rdtype < 0) { rdtype = -rdtype; is_generic = 1; } name_l = strlen(name); if (name_l > 511) return bitch("name is too long: %s", name); if (G.stats.rr_count == 0) { if (rdtype != T_SOA) { return bitch("the first record in the zone must be an SOA record"); } else { zone_apex = name; zone_apex_l = name_l; apex_assigned = 1; } } if (zone_apex && name_l >= zone_apex_l) { if (strcmp(zone_apex, name+name_l-zone_apex_l) != 0) { return bitch("%s does not belong to zone %s", name, zone_apex); } else if (name_l > zone_apex_l && name[name_l-zone_apex_l-1] != '.') { return bitch("%s does not belong to zone %s", name, zone_apex); } } else { if (zone_apex) { return bitch("%s does not belong to zone %s", name, zone_apex); } else { croakx(3, "assertion error: %s does not belong to a zone", name); } } named_rr = find_or_create_named_rr(name); if (apex_assigned) { named_rr->flags |= NAME_FLAG_APEX; } rr_set = find_or_create_rr_set(named_rr, rdtype); rr->rdtype = rdtype; rr->ttl = ttl; rr->line = file_info->line; rr->file_name = file_info->name; rr->is_generic = is_generic; if (rr_set->count > 0) { struct binary_data new_d, old_d; struct rr *old_rr; new_d = call_get_wired(rr); if (new_d.length < 0) goto after_dup_check; old_rr = rr_set->tail; while (old_rr) { old_d = call_get_wired(old_rr); if (old_d.length == new_d.length && memcmp(old_d.data, new_d.data, old_d.length) == 0) { G.stats.skipped_dup_rr_count++; return old_rr; } old_rr = old_rr->next; } } after_dup_check: if (rdtype == T_SOA) { if (G.stats.soa_rr_count++) { return bitch("there could only be one SOA in a zone"); } } rr->rr_set = rr_set; rr->next = NULL; rr->prev = rr_set->head; rr_set->head = rr; if (rr->prev) rr->prev->next = rr; if (!rr_set->tail) rr_set->tail = rr; rr_set->count++; if (G.opt.verbose) { char *rdata; if (rdtype > T_MAX) rdata = any_human(rr); else rdata = rr_methods[rdtype].rr_human(rr); fprintf(stderr, "-> %s:%d: %s IN %ld %s", file_info->name, file_info->line, name, ttl, rdtype2str(rdtype)); if (rdata) { fprintf(stderr, " %s\n", rdata); } else { fprintf(stderr, "\n"); } } G.stats.rr_count++; named_rr->flags |= NAME_FLAG_HAS_RECORDS; return rr; } struct named_rr *find_named_rr(char *name) { struct named_rr **named_rr_slot; named_rr_slot = (void*) cbtree_find(&zone_data, (char *)name2findable_name(name)); if (named_rr_slot) return *named_rr_slot; return NULL; } struct named_rr *find_next_named_rr(struct named_rr *named_rr) { struct named_rr *res; if (cbtree_next(&zone_data, (char *)name2findable_name(named_rr->name), (intptr_t *)&res) == NULL) return NULL; return res; } struct rr_set *find_rr_set(int rdtype, char *name) { struct named_rr *named_rr; named_rr = find_named_rr(name); if (!named_rr) return NULL; return find_rr_set_in_named_rr(named_rr, rdtype); } struct rr_set *find_rr_set_in_named_rr(struct named_rr *named_rr, int rdtype) { struct rr_set **rr_set_slot; JLG(rr_set_slot, named_rr->rr_sets, rdtype); if (rr_set_slot) return *rr_set_slot; return NULL; } uint32_t get_rr_set_count(struct named_rr *named_rr) { uint32_t count; JLC(count, named_rr->rr_sets, 0, -1); return count; } struct rr *rr_parse_any(char *name, long ttl, int type, char *s) { struct rr_any *rr = getmem(sizeof(*rr)); long long len; if (*s++ != '\\') { invalid: return bitch("invalid custom type rdata"); } if (*s++ != '#') goto invalid; if (*s && !isspace(*s) && *s != ';' && *s != ')') goto invalid; s = skip_white_space(s); if (!s) return NULL; len = extract_integer(&s, "custom data size"); if (len < 0) return NULL; if (len > 65535) goto invalid; rr->data = extract_hex_binary_data(&s, "custom data", EXTRACT_EAT_WHITESPACE); if (rr->data.length < 0) return NULL; if (rr->data.length != len) return bitch("custom data is longer than specified"); if (*s) { return bitch("garbage after valid %s data", rdtype2str(type)); } return store_record(-type, name, ttl, rr); } char* any_human(struct rr *rrv) { RRCAST(any); char buf[80]; sprintf(buf, "\\# %d ...", rr->data.length); return quickstrdup_temp(buf); } struct binary_data any_wirerdata(struct rr *rrv) { RRCAST(any); return compose_binary_data("d", 1, rr->data); } struct rr_methods unknown_methods = { NULL, any_human, any_wirerdata, NULL, NULL }; int str2rdtype(char *rdtype, int *is_generic) { if (!rdtype) return -1; if (is_generic) *is_generic = 0; switch (*rdtype) { case 'a': if (strcmp(rdtype, "a") == 0) { return T_A; } else if (strcmp(rdtype, "aaaa") == 0) { return T_AAAA; } else if (strcmp(rdtype, "afsdb") == 0) { return T_AFSDB; } break; case 'c': if (strcmp(rdtype, "cname") == 0) { return T_CNAME; } else if (strcmp(rdtype, "cert") == 0) { return T_CERT; } break; case 'd': if (strcmp(rdtype, "ds") == 0) { return T_DS; } else if (strcmp(rdtype, "dnskey") == 0) { return T_DNSKEY; } else if (strcmp(rdtype, "dname") == 0) { return T_DNAME; } else if (strcmp(rdtype, "dlv") == 0) { return T_DLV; } else if (strcmp(rdtype, "dhcid") == 0) { return T_DHCID; } break; case 'h': if (strcmp(rdtype, "hinfo") == 0) { return T_HINFO; } break; case 'i': if (strcmp(rdtype, "ipseckey") == 0) { return T_IPSECKEY; } else if (strcmp(rdtype, "isdn") == 0) { return T_ISDN; } break; case 'k': if (strcmp(rdtype, "kx") == 0) { return T_KX; } break; case 'l': if (strcmp(rdtype, "loc") == 0) { return T_LOC; } else if (strcmp(rdtype, "l32") == 0) { return T_L32; } else if (strcmp(rdtype, "l64") == 0) { return T_L64; } else if (strcmp(rdtype, "lp") == 0) { return T_LP; } break; case 'm': if (strcmp(rdtype, "mx") == 0) { return T_MX; } else if (strcmp(rdtype, "mb") == 0) { return T_MB; } else if (strcmp(rdtype, "mg") == 0) { return T_MG; } else if (strcmp(rdtype, "minfo") == 0) { return T_MINFO; } else if (strcmp(rdtype, "mr") == 0) { return T_MR; } break; case 'n': if (strcmp(rdtype, "ns") == 0) { return T_NS; } else if (strcmp(rdtype, "naptr") == 0) { return T_NAPTR; } else if (strcmp(rdtype, "nsec") == 0) { return T_NSEC; } else if (strcmp(rdtype, "nsec3") == 0) { return T_NSEC3; } else if (strcmp(rdtype, "nid") == 0) { return T_NID; } else if (strcmp(rdtype, "nsec3param") == 0) { return T_NSEC3PARAM; } else if (strcmp(rdtype, "nsap") == 0) { return T_NSAP; } break; case 'p': if (strcmp(rdtype, "ptr") == 0) { return T_PTR; } else if (strcmp(rdtype, "px") == 0) { return T_PX; } break; case 'r': if (strcmp(rdtype, "rrsig") == 0) { return T_RRSIG; } else if (strcmp(rdtype, "rp") == 0) { return T_RP; } else if (strcmp(rdtype, "rt") == 0) { return T_RT; } break; case 's': if (strcmp(rdtype, "soa") == 0) { return T_SOA; } else if (strcmp(rdtype, "srv") == 0) { return T_SRV; } else if (strcmp(rdtype, "spf") == 0) { return T_SPF; } else if (strcmp(rdtype, "sshfp") == 0) { return T_SSHFP; } break; case 't': if (strcmp(rdtype, "txt") == 0) { return T_TXT; } else if (strcmp(rdtype, "tlsa") == 0) { return T_TLSA; } else if (strncmp(rdtype, "type", 4) == 0) { long type = strtol(rdtype+4, NULL, 10); if (is_generic) *is_generic = 1; if (type <= 0 || type > 65535) bitch("invalid rdtype %s", rdtype); return type; } break; case 'x': if (strcmp(rdtype, "x25") == 0) { return T_X25; } break; } bitch("invalid or unsupported rdtype %s", rdtype); return -1; } void validate_rrset(struct rr_set *rr_set) { struct rr *rr; int ttl; /* This can happen when rr_set was allocated but * nothing was added to it due to an error. */ if (rr_set->count == 0) return; rr = rr_set->tail; if (!rr) { croakx(4, "assertion failed: %s %s is null, but count is %d", rdtype2str(rr_set->rdtype), rr_set->named_rr->name, rr_set->count); } if (rr_set->rdtype < T_MAX && rr_methods[rr_set->rdtype].rr_validate_set) rr_methods[rr_set->rdtype].rr_validate_set(rr_set); ttl = rr->ttl; while (rr) { validate_record(rr); if (ttl != rr->ttl) { if (rr->rdtype != T_RRSIG) /* RRSIG is an exception */ moan(rr->file_name, rr->line, "TTL values differ within an RR set"); } rr = rr->next; } } void debug(struct named_rr *named_rr, char *s) { fprintf(stderr, "%s %s", s, named_rr->name); if ((named_rr->flags & NAME_FLAG_APEX)) fprintf(stderr, ", apex"); if ((named_rr->flags & NAME_FLAG_HAS_RECORDS)) fprintf(stderr, ", has records"); if ((named_rr->flags & NAME_FLAG_DELEGATION)) fprintf(stderr, ", delegation"); if ((named_rr->flags & NAME_FLAG_NOT_AUTHORITATIVE)) fprintf(stderr, ", not auth"); if ((named_rr->flags & NAME_FLAG_NSEC3_ONLY)) fprintf(stderr, ", nsec3 only"); if ((named_rr->flags & NAME_FLAG_KIDS_WITH_RECORDS)) fprintf(stderr, ", kid records"); if ((named_rr->flags & NAME_FLAG_SIGNED_DELEGATION)) fprintf(stderr, ", signed delegation"); if ((named_rr->flags & NAME_FLAG_APEX_PARENT)) fprintf(stderr, ", apex parent"); fprintf(stderr, "\n"); } static int validate_named_rr(const char *name, intptr_t *data, void *p) { struct named_rr *named_rr = *((struct named_rr **)data); Word_t rdtype; struct rr_set **rr_set_p; int nsec3_present = 0; int nsec3_only = 1; static int seen_apex = 0; if ((named_rr->flags & NAME_FLAG_APEX)) seen_apex = 1; if (!seen_apex) named_rr->flags |= NAME_FLAG_APEX_PARENT; if (named_rr->parent && (named_rr->parent->flags & (NAME_FLAG_DELEGATION|NAME_FLAG_NOT_AUTHORITATIVE)) != 0) { named_rr->flags |= NAME_FLAG_NOT_AUTHORITATIVE; if ((named_rr->flags & NAME_FLAG_HAS_RECORDS) != 0) { G.stats.not_authoritative++; } } if (G.nsec3_opt_out_present && (named_rr->flags & NAME_FLAG_DELEGATION)) { JLG(rr_set_p, named_rr->rr_sets, T_DS); if (!rr_set_p) named_rr->flags |= NAME_FLAG_NOT_AUTHORITATIVE; } //debug(named_rr, ">>>>"); rdtype = 0; JLF(rr_set_p, named_rr->rr_sets, rdtype); while (rr_set_p) { validate_rrset(*rr_set_p); if (rdtype == T_NSEC3) nsec3_present = 1; else if (rdtype != T_RRSIG) nsec3_only = 0; if (rdtype != T_NSEC3 && rdtype != T_RRSIG && rdtype != T_NS) named_rr->flags |= NAME_FLAG_THIS_WITH_RECORDS; if ((named_rr->flags & NAME_FLAG_NOT_AUTHORITATIVE) == 0 && rdtype != T_NS && rdtype != T_NSEC3 && rdtype != T_RRSIG) { struct named_rr *nrr = named_rr; int skip_first = rdtype == T_NS; while (nrr && (nrr->flags & NAME_FLAG_KIDS_WITH_RECORDS) == 0) { if ((nrr->flags & NAME_FLAG_APEX_PARENT) || strlen(nrr->name) < zone_apex_l) { nrr->flags |= NAME_FLAG_APEX_PARENT; break; } if (!skip_first) nrr->flags |= NAME_FLAG_KIDS_WITH_RECORDS; skip_first = 0; nrr = nrr->parent; } } if (rdtype == T_DS) { struct named_rr *nrr = named_rr; while (nrr && (nrr->flags & (NAME_FLAG_DELEGATION|NAME_FLAG_NOT_AUTHORITATIVE)) != 0) { // nrr->flags &= ~(NAME_FLAG_DELEGATION|NAME_FLAG_NOT_AUTHORITATIVE); nrr->flags |= NAME_FLAG_SIGNED_DELEGATION; nrr = nrr->parent; } } JLN(rr_set_p, named_rr->rr_sets, rdtype); } if (nsec3_present && nsec3_only) { named_rr->flags |= NAME_FLAG_NSEC3_ONLY; } return 1; } static void* nsec_validate_pass2(struct rr *rrv) { RRCAST(nsec); struct named_rr *named_rr, *next_named_rr; named_rr = rr->rr.rr_set->named_rr; next_named_rr = find_next_named_rr(named_rr); /* Skip empty non-terminals and not authoritative records from consideration */ while (next_named_rr) { if ((next_named_rr->flags & NAME_FLAG_HAS_RECORDS) == 0) { next_named_rr = find_next_named_rr(next_named_rr); continue; } if (next_named_rr->parent && (next_named_rr->parent->flags & (NAME_FLAG_DELEGATION|NAME_FLAG_NOT_AUTHORITATIVE)) != 0) { named_rr->flags |= NAME_FLAG_NOT_AUTHORITATIVE; next_named_rr = find_next_named_rr(next_named_rr); continue; } break; } if (strcasecmp(rr->next_domain, zone_apex) == 0) { if (next_named_rr) { return moan(rr->rr.file_name, rr->rr.line, "NSEC says %s is the last name, but %s exists", named_rr->name, next_named_rr->name); } } else { if (!next_named_rr) { return moan(rr->rr.file_name, rr->rr.line, "NSEC says %s comes after %s, but nothing does", rr->next_domain, named_rr->name); } else if (strcasecmp(rr->next_domain, next_named_rr->name) != 0) { return moan(rr->rr.file_name, rr->rr.line, "NSEC says %s comes after %s, but %s does", rr->next_domain, named_rr->name, next_named_rr->name); } } /* TODO: more checks */ return rr; } static int second_pass_one_name(const char *name, intptr_t *data, void *p) { struct named_rr *named_rr = *((struct named_rr **)data); struct rr_set **rr_set_p; freeall_temp(); JLG(rr_set_p, named_rr->rr_sets, T_NSEC); if (rr_set_p && (*rr_set_p)->tail) { nsec_validate_pass2((*rr_set_p)->tail); } return 1; } void validate_zone(void) { cbtree_allprefixed(&zone_data, "", validate_named_rr, NULL); cbtree_allprefixed(&zone_data, "", second_pass_one_name, NULL); if (G.dnssec_active && !G.nsec3_present) validate_nsec_chain(); } void validate_record(struct rr *rr) { freeall_temp(); if (!rr->is_generic && rr->rdtype < T_MAX && rr_methods[rr->rdtype].rr_validate) rr_methods[rr->rdtype].rr_validate(rr); } int extract_algorithm(char **s, char *what) { int alg; char *str_alg; if (isdigit(**s)) { alg = extract_integer(s, what); if (algorithm_type(alg) == ALG_UNSUPPORTED) { bitch("bad or unsupported algorithm %d", alg); return ALG_UNSUPPORTED; } return alg; } else { str_alg = extract_label(s, what, "temporary"); if (!str_alg) return ALG_UNSUPPORTED; if (strcmp(str_alg, "dsa") == 0) return ALG_DSA; if (strcmp(str_alg, "rsasha1") == 0) return ALG_RSASHA1; if (strcmp(str_alg, "dsa-nsec3-sha1") == 0) return ALG_DSA_NSEC3_SHA1; if (strcmp(str_alg, "rsasha1-nsec3-sha1") == 0) return ALG_RSASHA1_NSEC3_SHA1; if (strcmp(str_alg, "rsasha256") == 0) return ALG_RSASHA256; if (strcmp(str_alg, "rsasha512") == 0) return ALG_RSASHA512; if (strcmp(str_alg, "ecc-gost") == 0) return ALG_ECCGOST; if (strcmp(str_alg, "ecdsap256sha256") == 0) return ALG_ECDSAP256SHA256; if (strcmp(str_alg, "ecdsap384sha384") == 0) return ALG_ECDSAP384SHA384; if (strcmp(str_alg, "privatedns") == 0) return ALG_PRIVATEDNS; if (strcmp(str_alg, "privateoid") == 0) return ALG_PRIVATEOID; bitch("bad or unsupported algorithm %s", str_alg); return ALG_UNSUPPORTED; } } int algorithm_type(int alg) { switch (alg) { case ALG_DSA: return ALG_DSA_FAMILY; case ALG_RSASHA1: return ALG_RSA_FAMILY; case ALG_DSA_NSEC3_SHA1: return ALG_DSA_FAMILY; case ALG_RSASHA1_NSEC3_SHA1: return ALG_RSA_FAMILY; case ALG_RSASHA256: return ALG_RSA_FAMILY; case ALG_RSASHA512: return ALG_RSA_FAMILY; case ALG_ECCGOST: return ALG_ECC_FAMILY; case ALG_ECDSAP256SHA256: return ALG_ECC_FAMILY; case ALG_ECDSAP384SHA384: return ALG_ECC_FAMILY; case ALG_PRIVATEDNS: return ALG_PRIVATE_FAMILY; case ALG_PRIVATEOID: return ALG_PRIVATE_FAMILY; } return ALG_UNSUPPORTED; } validns-0.7/LICENSE000644 001751 000024 00000002425 12001246661 014310 0ustar00tobezstaff000000 000000 Copyright (c) 2011, 2012 Anton Berezin "". All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. validns-0.7/soa.c000644 001751 000024 00000003406 12015701612 014226 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr* soa_parse(char *name, long ttl, int type, char *s) { struct rr_soa *rr = getmem(sizeof(*rr)); long long i; rr->mname = extract_name(&s, "mname", 0); if (!rr->mname) return NULL; rr->rname = extract_name(&s, "rname", 0); if (!rr->rname) return NULL; i = extract_integer(&s, "serial"); if (i < 0) return NULL; if (i > 4294967295UL) return bitch("serial is out of range"); rr->serial = i; rr->refresh = extract_timevalue(&s, "refresh"); if (rr->refresh < 0) return NULL; rr->retry = extract_timevalue(&s, "retry"); if (rr->retry < 0) return NULL; rr->expire = extract_timevalue(&s, "expire"); if (rr->expire < 0) return NULL; rr->minimum = extract_timevalue(&s, "minimum"); if (rr->minimum < 0) return NULL; if (*s) { return bitch("garbage after valid SOA data"); } return store_record(type, name, ttl, rr); } static char* soa_human(struct rr *rrv) { RRCAST(soa); char s[1024]; snprintf(s, 1024, "%s %s %u %d %d %d %d", rr->mname, rr->rname, rr->serial, rr->refresh, rr->retry, rr->expire, rr->minimum); return quickstrdup_temp(s); } static struct binary_data soa_wirerdata(struct rr *rrv) { RRCAST(soa); return compose_binary_data("dd44444", 1, name2wire_name(rr->mname), name2wire_name(rr->rname), rr->serial, rr->refresh, rr->retry, rr->expire, rr->minimum); } struct rr_methods soa_methods = { soa_parse, soa_human, soa_wirerdata, NULL, NULL }; validns-0.7/textparse.c000644 001751 000024 00000047777 12131601354 015507 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include "common.h" #include "carp.h" #include "mempool.h" #include "textparse.h" #include "base64.h" #include "base32hex.h" int empty_line_or_comment(char *s) { while (isspace(*s)) s++; if (!*s) return 1; if (*s == ';') return 1; return 0; } char *skip_white_space(char *s) { while (isspace(*s)) s++; if (*s == ';') { while (*s) s++; } if (*s == 0) { if (file_info->paren_mode) { if (fgets(file_info->buf, 2048, file_info->file)) { file_info->line++; return skip_white_space(file_info->buf); } else { return bitch("unexpected end of file"); } } } if (*s == '(') { if (file_info->paren_mode) { return bitch("unexpected opening parenthesis"); } else { file_info->paren_mode = 1; s++; return skip_white_space(s); } } if (*s == ')') { if (file_info->paren_mode) { file_info->paren_mode = 0; s++; return skip_white_space(s); } else { return bitch("unexpected closing parenthesis"); } } return s; } static char *extract_name_slow(char **input, char *what, int options) { char buf[1024]; char *t = buf; char *s = *input; int d, l, ol; while (1) { if (isalnum(*s) || *s == '_' || *s == '.' || *s == '-') { if (t-buf >= 1022) return bitch("name too long"); *t++ = *s++; } else if (*s == '\\') { s++; if (isdigit(*s)) { d = *s - '0'; s++; if (!isdigit(*s)) return bitch("bad escape sequence"); d = d*10 + *s - '0'; s++; if (!isdigit(*s)) return bitch("bad escape sequence"); d = d*10 + *s - '0'; s++; if (d > 255) return bitch("bad escape sequence"); if (d == '.') return bitch("a dot within a label is not currently supported"); *((unsigned char *)t) = (unsigned char)d; if (t-buf >= 1022) return bitch("name too long"); t++; } else if (*s == '.') { return bitch("a dot within a label is not currently supported"); } else if (*s) { if (t-buf >= 1022) return bitch("name too long"); *t++ = *s++; } else { return bitch("backslash in the end of the line not parsable"); } } else { break; } } if (*s && !isspace(*s) && *s != ';' && *s != ')') { return bitch("%s is not valid", what); } *t = '\0'; l = strlen(buf); if (!l) return bitch("%s should not be empty", what); if (buf[l-1] != '.') { if (!G.opt.current_origin) { return bitch("do not know origin to determine %s", what); } ol = strlen(G.opt.current_origin); if (G.opt.current_origin[0] == '.') { if (l + ol >= 1023) return bitch("name too long"); strcat(buf, G.opt.current_origin); } else { if (l + ol >= 1022) return bitch("name too long"); strcat(buf, "."); strcat(buf, G.opt.current_origin); } } t = strchr(buf, '*'); if (t && (t != buf || t[1] != '.')) return bitch("%s: bad wildcard", what); if (buf[0] == '.' && buf[1] != '\0') return bitch("%s: name cannot start with a dot", what); if (strstr(buf, "..")) return bitch("%s: empty label in a name", what); *input = skip_white_space(s); if (!*input) return NULL; /* bitching's done elsewhere */ if (!(options & KEEP_CAPITALIZATION)) { t = buf; while (*t) { *t = tolower(*t); t++; } } t = quickstrdup(buf); return t; } char *extract_name(char **input, char *what, int options) { char *s = *input; char *r = NULL; char *end = NULL; char c; int wildcard = 0; if (*s == '@') { s++; if (*s && !isspace(*s) && *s != ';' && *s != ')') { return bitch("literal @ in %s is not all by itself", what); } if (!G.opt.current_origin) { return bitch("do not know origin to expand @ in %s", what); } r = quickstrdup(G.opt.current_origin); } else { if (!(isalnum(*s) || *s == '_' || *s == '.')) { if (*s == '*') { wildcard = 1; } else { if (*s == '\\') return extract_name_slow(input, what, options); return bitch("%s expected", what); } } s++; while (isalnum(*s) || *s == '.' || *s == '-' || *s == '_') s++; if (*s && !isspace(*s) && *s != ';' && *s != ')') { if (*s == '\\') return extract_name_slow(input, what, options); return bitch("%s is not valid", what); } if (!*s) end = s; c = *s; *s = '\0'; if (*(s-1) == '.') { r = quickstrdup(*input); } else { if (!G.opt.current_origin) { return bitch("do not know origin to determine %s", what); } r = getmem(strlen(*input) + 1 + strlen(G.opt.current_origin) + 1); if (G.opt.current_origin[0] == '.') { strcpy(mystpcpy(r, *input), G.opt.current_origin); } else { strcpy(mystpcpy(mystpcpy(r, *input), "."), G.opt.current_origin); } } *s = c; } if (end) { *input = end; } else { *input = skip_white_space(s); if (!*input) return NULL; /* bitching's done elsewhere */ } if (!(options & KEEP_CAPITALIZATION)) { s = r; while (*s) { *s = tolower(*s); s++; } } if (wildcard && r[1] != '.') { return bitch("%s: bad wildcard", what); } else if (r[0] == '.' && r[1] != '\0') { return bitch("%s: name cannot start with a dot", what); } return r; } char *extract_label(char **input, char *what, void *is_temporary) { char *s = *input; char *r = NULL; char *end = NULL; if (!isalpha(*s)) { return bitch("%s expected", what); } s++; while (isalnum(*s)) s++; if (*s && !isspace(*s)) { return bitch("%s is not valid", what); } if (!*s) end = s; *s++ = '\0'; if (is_temporary) { r = quickstrdup_temp(*input); } else { r = quickstrdup(*input); } if (end) { *input = end; } else { *input = skip_white_space(s); if (!*input) return NULL; /* bitching's done elsewhere */ } s = r; while (*s) { *s = tolower(*s); s++; } return r; } long long extract_integer(char **input, char *what) { char *s = *input; long long r = -1; char *end = NULL; char c; if (!isdigit(*s)) { bitch("%s expected", what); return -1; } s++; while (isdigit(*s)) s++; if (*s && !isspace(*s) && *s != ';' && *s != ')') { bitch("%s is not valid", what); return -1; } if (!*s) end = s; c = *s; *s = '\0'; r = strtoll(*input, NULL, 10); *s = c; if (end) { *input = end; } else { *input = skip_white_space(s); if (!*input) return -1; /* bitching's done elsewhere */ } return r; } int extract_double(char **input, char *what, double *val, int skip_m) { char *s = *input; char *end = NULL; char *stop; char c; int saw_m = 0; while (isdigit(*s) || *s == '+' || *s == '-' || *s == '.') s++; if (*s && !isspace(*s) && *s != ';' && *s != ')') { if (skip_m && (*s == 'm' || *s == 'M')) { saw_m = 1; } else { bitch("%s is not valid", what); return -1; } } if (!*s) end = s; c = *s; *s = '\0'; *val = strtod(*input, &stop); if (*stop != '\0') { *s = c; bitch("%s is not valid", what); return -1; } *s = c; if (saw_m) { s++; if (*s && !isspace(*s) && *s != ';' && *s != ')') { bitch("%s is not valid", what); return -1; } } if (end) { *input = end; } else { *input = skip_white_space(s); if (!*input) return -1; /* bitching's done elsewhere */ } return 1; } long extract_timevalue(char **input, char *what) { char *s = *input; int r = 0, acc = 0; if (!isdigit(*s)) { bitch("%s expected", what); return -1; } next_component: r = 0; while (isdigit(*s)) { r *= 10; r += *s - '0'; s++; } if (tolower(*s) == 's') { s++; } else if (tolower(*s) == 'm') { r *= 60; s++; } else if (tolower(*s) == 'h') { r *= 3600; s++; } else if (tolower(*s) == 'd') { r *= 86400; s++; } else if (tolower(*s) == 'w') { r *= 604800; s++; } acc += r; if (isdigit(*s)) goto next_component; if (*s && !isspace(*s) && *s != ';' && *s != ')') { bitch("%s is not valid", what); return -1; } *input = skip_white_space(s); if (!*input) return -1; /* bitching's done elsewhere */ return acc; } long long extract_timestamp(char **input, char *what) { char *s = *input; int year = 0; int month = 0; int day = 0; int hour = 0; int minute = 0; int second = 0; long long epoch = 0; struct tm tm; if (!isdigit(*s)) { bitch("%s expected", what); return -1; } year = year*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; year = year*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; year = year*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; year = year*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; month = month*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; month = month*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; day = day*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; day = day*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; hour = hour*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; hour = hour*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; minute = minute*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; minute = minute*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; second = second*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; second = second*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (*s && !isspace(*s) && *s != ';' && *s != ')') { bitch("%s is not valid", what); return -1; } if (second > 60 || minute > 59 || hour > 23 || day < 1 || day > 31 || month > 12 || year < 1900 || year > 2037) { bitch("%s is not valid", what); return -1; } memset(&tm, 0, sizeof(tm)); tm.tm_sec = second; tm.tm_min = minute; tm.tm_hour = hour; tm.tm_mday = day; tm.tm_mon = month - 1; tm.tm_year = year - 1900; epoch = mktime(&tm); if (epoch < 0) { bitch("%s is not valid", what); return -1; } goto done; looks_like_epoch: if (*s && !isspace(*s) && *s != ';' && *s != ')') { bitch("%s is not valid", what); return -1; } done: *input = skip_white_space(s); if (!*input) return -1; /* bitching's done elsewhere */ return epoch; } int extract_ipv4(char **input, char *what, struct in_addr *addr) { char *s = *input; char c; while (isdigit(*s) || *s == '.') { s++; } if (s == *input) { bitch("%s is not valid", what); return -1; } if (*s && !isspace(*s) && *s != ';' && *s != ')') { bitch("%s is not valid", what); return -1; } c = *s; *s = 0; if (inet_pton(AF_INET, *input, addr) != 1) { *s = c; bitch("cannot parse %s", what); return -1; } *s = c; *input = skip_white_space(s); if (!*input) { return -1; /* bitching's done elsewhere */ } return 1; } int extract_ipv6(char **input, char *what, struct in6_addr *addr) { char *s = *input; char c; while (isdigit(*s) || *s == ':' || *s == '.' || (*s >= 'a' && *s <= 'f') || (*s >= 'A' && *s <= 'F')) { s++; } if (s == *input) { bitch("%s is not valid", what); return -1; } if (*s && !isspace(*s) && *s != ';' && *s != ')') { bitch("%s is not valid", what); return -1; } c = *s; *s = 0; if (inet_pton(AF_INET6, *input, addr) != 1) { *s = c; bitch("cannot parse %s", what); return -1; } *s = c; *input = skip_white_space(s); if (!*input) { return -1; /* bitching's done elsewhere */ } return 1; } int extract_u64(char **input, char *what, uint64_t *r) { char *s = *input; uint8_t result = 0; unsigned u; #define GETHEXBLOCK if (!isxdigit(*s)) { bitch("%s is not valid", what); return -1; } \ u = 0; \ while (isxdigit(*s)) { \ if (isdigit(*s)) { \ u = (u << 4) | (*s - '0'); \ } else if (*s >= 'a' && *s <= 'f') { \ u = (u << 4) | (*s - 'a' + 10); \ } else { \ u = (u << 4) | (*s - 'A' + 10); \ } \ s++; \ } \ if (u > 0xffff) { bitch("%s is not valid, hex out of range", what); return -1; } \ result = (result << 16) | u; #define SKIPCOLON if (*s != ':') { bitch("%s is not valid", what); return -1; } s++; GETHEXBLOCK; SKIPCOLON; GETHEXBLOCK; SKIPCOLON; GETHEXBLOCK; SKIPCOLON; GETHEXBLOCK; *r = result; #undef GETHEXBLOCK #undef SKIPCOLON if (*s && !isspace(*s) && *s != ';' && *s != ')') { bitch("%s is not valid", what); return -1; } *input = skip_white_space(s); if (!*input) { return -1; /* bitching's done elsewhere */ } return 1; } struct binary_data bad_binary_data(void) { struct binary_data r; r.length = -1; r.data = NULL; return r; } struct binary_data extract_base64_binary_data(char **input, char *what) { char b64[4096]; int l64 = 0; char *s = *input; struct binary_data r = bad_binary_data(); int bl; while (s && *s) { if (!isalnum(*s) && *s != '=' && *s != '+' && *s != '/') { bitch("%s expected", what); return r; } while (isalnum(*s) || *s == '=' || *s == '+' || *s == '/') { if (l64 >= 4095) { bitch("%s is too long", what); return r; } b64[l64++] = *s++; } s = skip_white_space(s); } *input = s; if (!s) return r; b64[l64] = 0; bl = (l64 * 3 + 3)/4; r.data = getmem(bl); r.length = decode_base64(r.data, b64, bl); if (r.length < 0) { bitch("error decoding base64 %s", what); return r; } return r; } struct binary_data extract_base32hex_binary_data(char **input, char *what) { char b32[4096]; int l32 = 0; char *s = *input; struct binary_data r = bad_binary_data(); int bl; while ( (*s >= 'A' && *s <= 'V') || (*s >= 'a' && *s <= 'v') || (*s >= '0' && *s <= '9') || *s == '=') { if (l32 >= 4095) { bitch("%s is too long", what); return r; } b32[l32++] = *s++; } if (l32 <= 0) { bitch("%s expected", what); return r; } s = skip_white_space(s); *input = s; if (!s) return r; b32[l32] = 0; bl = (l32 * 5 + 7)/8; r.data = getmem(bl); r.length = decode_base32hex(r.data, b32, bl); if (r.length < 0) { bitch("error decoding base32hex %s", what); return r; } return r; } struct binary_data extract_text(char **input, char *what) { char *s = *input; struct binary_data r = bad_binary_data(); char *o = getmem_temp(65536); int l = 0; int c; if (*s != '"') { bitch("for now, %s must be put in double quotes", what); return r; } s++; more_text: while (*s && *s != '"') { if (*s == '\\') { s++; if (*s == 0) { bitch("bad backslash quoting of %s", what); return r; } else if (isdigit(*s)) { c = 0; while (isdigit(*s)) { c = c*10 + *s - '0'; s++; } o[l++] = (unsigned char)c; } else { o[l] = *s; goto new_char; } } else { o[l] = *s; new_char: if (l >= 65534) { bitch("%s string too long", what); return r; } l++; s++; } } if (!*s) { if (fgets(file_info->buf, 2048, file_info->file)) { file_info->line++; s = file_info->buf; goto more_text; } else { bitch("closing quote not found while parsing %s", what); return r; } } s++; *input = skip_white_space(s); if (!*input) return r; /* bitching's done elsewhere */ o[l] = 0; r.data = getmem(l+1); r.length = l; memcpy(r.data, o, l+1); return r; } struct binary_data extract_hex_binary_data(char **input, char *what, int eat_whitespace) { char hex[4096]; char *s = *input; struct binary_data r = bad_binary_data(); int hl, hi, hb; hex[0] = '0'; hl = 1; if (s[0] == '0' && (s[1] == 'x' || s[1] == 'X')) s += 2; if (eat_whitespace == EXTRACT_DONT_EAT_WHITESPACE) { while (isxdigit(*s)) { if (hl >= 4095) { bitch("%s is too long", what); return r; } hex[hl] = *s; s++; hl++; } if (*s && !isspace(*s) && *s != ';' && *s != ')') { bitch("%s is not valid", what); return r; } *input = skip_white_space(s); } else if (eat_whitespace == EXTRACT_EAT_WHITESPACE) { while (s && *s) { if (!isxdigit(*s)) { bitch("%s expected", what); return r; } while (isxdigit(*s)) { if (hl >= 4095) { bitch("%s is too long", what); return r; } hex[hl++] = *s++; } s = skip_white_space(s); } *input = s; } else { bitch("%s: internal: invalid eat_whitespace", what); } if (!*input) return r; /* bitching's done elsewhere */ hb = hl % 2 ? 1 : 0; if (hb == 0) bitch("%s: hex data does not represent whole number of bytes", what); r.data = getmem(hl/2); r.length = hl/2; memset(r.data, 0, r.length); for (hi = 0; hi < hl-hb; hi++) { r.data[hi/2] <<= 4; r.data[hi/2] |= 0x0f & (isdigit(hex[hi+hb]) ? hex[hi+hb] - '0' : tolower(hex[hi+hb]) - 'a' + 10); } return r; } struct binary_data new_set(void) { struct binary_data set; set.length = 256*(1+1+32); set.data = getmem_temp(set.length); memset(set.data, 0, set.length); return set; } void add_bit_to_set(struct binary_data *set, int bit) { int map; int map_base; int byte; if (bit < 0 || bit > 65535) croakx(1, "bitmap index out of range"); map = bit / 256; map_base = map*(1+1+32); set->data[map_base] = map; bit = bit & 0xff; byte = bit / 8; if (set->data[map_base + 1] <= byte) set->data[map_base + 1] = byte+1; set->data[map_base + 2 + byte] |= 0x80 >> (bit & 0x07); } struct binary_data compressed_set(struct binary_data *set) { int len = 0; int map; int map_base; struct binary_data r; for (map = 0; map <= 255; map++) { map_base = map*(1+1+32); if (set->data[map_base+1]) { len += 2 + set->data[map_base+1]; } } r.length = len; r.data = getmem(r.length); len = 0; for (map = 0; map <= 255; map++) { map_base = map*(1+1+32); if (set->data[map_base+1]) { memcpy(&r.data[len], &set->data[map_base], 2 + set->data[map_base+1]); len += 2 + set->data[map_base+1]; } } return r; } struct binary_data compose_binary_data(const char *fmt, int tmp, ...) { va_list ap; const char *args; int sz; struct binary_data bd; struct binary_data r; char *t; uint8_t b1; uint16_t b2; uint32_t b4; uint64_t b8; va_start(ap, tmp); args = fmt; sz = 0; while (*args) { switch (*args++) { case '1': va_arg(ap, unsigned int); sz += 1; break; case '2': va_arg(ap, unsigned int); sz += 2; break; case '4': va_arg(ap, unsigned int); sz += 4; break; case '8': va_arg(ap, uint64_t); sz += 8; break; case 'd': bd = va_arg(ap, struct binary_data); sz += bd.length; break; case 'b': bd = va_arg(ap, struct binary_data); if (bd.length > 255) croak(5, "compose_binary_data: 'b' data too long"); sz += bd.length + 1; break; case 'B': bd = va_arg(ap, struct binary_data); if (bd.length > 65535) croak(5, "compose_binary_data: 'B' data too long"); sz += bd.length + 2; break; default: croak(5, "compose_binary_data: bad format"); } } va_end(ap); r.length = sz; r.data = tmp ? getmem_temp(sz) : getmem(sz); t = r.data; va_start(ap, tmp); args = fmt; while (*args) { switch (*args++) { case '1': b1 = (uint8_t)va_arg(ap, unsigned int); memcpy(t, &b1, 1); t += 1; break; case '2': b2 = htons(va_arg(ap, unsigned int)); memcpy(t, &b2, 2); t += 2; break; case '4': b4 = htonl(va_arg(ap, unsigned int)); memcpy(t, &b4, 4); t += 4; break; case '8': b8 = htonl(va_arg(ap, uint64_t)); memcpy(t, &b8, 8); t += 8; break; case 'd': bd = va_arg(ap, struct binary_data); memcpy(t, bd.data, bd.length); t += bd.length; break; case 'b': bd = va_arg(ap, struct binary_data); b1 = (uint8_t)bd.length; memcpy(t, &b1, 1); t += 1; memcpy(t, bd.data, bd.length); t += bd.length; break; case 'B': bd = va_arg(ap, struct binary_data); b2 = htons(bd.length); memcpy(t, &b2, 2); t += 2; memcpy(t, bd.data, bd.length); t += bd.length; break; default: croak(5, "compose_binary_data: bad format"); } } va_end(ap); return r; } /* implementation taken from FreeBSD's libc (minus the __restrict keyword) */ char * mystpcpy(char *to, const char *from) { for (; (*to = *from); ++from, ++to); return(to); } validns-0.7/textparse.h000644 001751 000024 00000004264 12111430324 015467 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #ifndef _TEXTPARSE_H_ #define _TEXTPARSE_H_ #include struct binary_data { int length; char *data; }; struct binary_data compose_binary_data(const char *fmt, int tmp, ...); /* * Format: * 1 - byte * 2 - 16-bit, will convert to network byte order * 4 - 32-bit, will convert to network byte order * d - another binary structure, will incorporate its data * b - another binary structure, will incorporate its data, * and prepend the length as a byte (fatal error on overflow) * B - another binary structure, will incorporate its data, * and prepend the length as a 16-bit word in NBO, * fatal error on overflow * tmp : allocate temp storage if true, permanent if false * */ #define KEEP_CAPITALIZATION 32 int empty_line_or_comment(char *s); char *skip_white_space(char *s); char *extract_name(char **input, char *what, int options); char *extract_label(char **input, char *what, void *is_temporary); long long extract_integer(char **input, char *what); long extract_timevalue(char **input, char *what); long long extract_timestamp(char **input, char *what); int extract_ipv4(char **input, char *what, struct in_addr *addr); int extract_ipv6(char **input, char *what, struct in6_addr *addr); int extract_u64(char **input, char *what, uint64_t *r); int extract_double(char **input, char *what, double *val, int skip_m); struct binary_data extract_base32hex_binary_data(char **input, char *what); struct binary_data extract_base64_binary_data(char **input, char *what); struct binary_data extract_text(char **input, char *what); #define EXTRACT_DONT_EAT_WHITESPACE 0 #define EXTRACT_EAT_WHITESPACE 1 struct binary_data extract_hex_binary_data(char **input, char *what, int eat_whitespace); struct binary_data bad_binary_data(void); /* for NSEC/NSEC3 sets */ struct binary_data new_set(void); void add_bit_to_set(struct binary_data *set, int bit); struct binary_data compressed_set(struct binary_data *set); /* stpcpy(3) is not available everywhere */ char *mystpcpy(char *to, const char *from); #endif validns-0.7/usage.mdwn000644 001751 000024 00000011177 12133224675 015311 0ustar00tobezstaff000000 000000 % VALIDNS(1) % Anton Berezin % April 2011 # NAME validns - DNS and DSNSEC zone file validator # VERSION This document describes validns version 0.7 # SYNOPSIS validns *-h* validns [*options*] *zone-file* For validating stdin, specify "-" in place of *zone-file*. # DESCRIPTION Coming soon. # OPTIONS -h : Produce usage text and quit. -f : Quit on first validation error. Normally, `validns` continues working on a zone after encountering a parsing or validation error. -p *name* : Activate policy check *name*. By default, only basic checks and DNSSEC checks are performed. This option can be specified multiple times. See **POLICY CHECKS**, below, for details. The following names are understood: - single-ns - cname-other-data - dname - dnskey - nsec3param-not-apex - mx-alias - ns-alias - rp-txt-exists - tlsa-host - all -n *N* : Use N worker threads for parallelizable operations. The default is 0, meaning no parallelization. Currently only signature verification is parallelizable. -q : quiet - do not produce any output -s : print validation summary/stats -v : be extra verbose -I *path* : use this path for $INCLUDE files -z *origin* : use this origin as initial $ORIGIN -t *epoch-time* : Use specified time instead of the current time when verifying validity of the signatures. # BASIC CHECKS Every record and every supported directive should be parsable, which consitutes the most basic check of all. The `validns` program will report the exact reason why it cannot parse a record or a directive. Other basic checks include: - there could only be one SOA in a zone; - the first record in the zone must be an SOA record; - a record outside the apex; - TTL values differ within an RR set (excepting *RRSIG*); # DNSSEC CHECKS - *type* exists, but NSEC does not mention it for *name*; - NSEC mentions *type*, but no such record found for *name*; - NSEC says *x* is the last name, but *z* exists; - NSEC says *z* comes after *x*, but nothing does; - NSEC says *z* comes after *x*, but *y* does; - signature is too new; - signature is too old; - RRSIG exists for non-existing type *type*; - RRSIG's original TTL differs from corresponding record's; - RRSIG(*type*): cannot find a signer key; - RRSIG(*type*): cannot verify the signature; - RRSIG(*type*): cannot find the right signer key; - NSEC3 record name is not valid; - multiple NSEC3 with the same record name; - no corresponding NSEC3 found for *name*; - *type* exists, but NSEC3 does not mention it for *name*; - NSEC3 mentions *type*, but no such record found for *name*; - there are more record types than NSEC3 mentions for *name*; - broken NSEC3 chain, expected *name*, but nothing found; - broken NSEC3 chain, expected *name1*, but found *name2*; - NSEC3 without a corresponding record (or empty non-terminal). # POLICY CHECKS - there should be at least two NS records per name (or zero); - CNAME and other data (excluding possible RRSIG and NSEC); - DNAME checks: no multiple DNAMEs, no descendants of a node with a DNAME; please note that DNAME/CNAME clash is handled by CNAME and other data check already; - DNSKEY checks: public key too short, leading zero octets in public key exponent or modulus; - NSEC3PARAM, if present, should only be at the zone apex. - MX exchange should not be an alias - NS nsdname should not be an alias - TXT domain name mentioned in RP record must have a corresponding TXT record if it is within the zone - domain name of a TLSA record must be a proper prefixed DNS name # BUGS - textual segments in *TXT* and *HINFO* must be enclosed in double quotes; - there cannot be more than 20 textual segments in a *TXT* record; - *$INCLUDE* directive is not implemented; - a dot within a label is not currently supported; If at least one NSEC3 record uses opt-out flag, `validns` assumes it is used as much as possible, that is, every unsigned delegation does not have a corresponding NSEC3 record. This is done for reasons of efficiency, to avoid calculating cryptographic hashes of every unsigned delegation. If this assumption is wrong for a zone, `validns` will produce spurious validation errors. # ACKNOWLEDGEMENTS Thanks go to Andy Holdaway, Daniel Stirnimann, Dennis Kjaer Jensen, Goran Bengtson, Hirohisa Yamaguchi, Hugo Salgado, Jake Zack, Jakob Schlyter, Koh-ichi Ito, Mathieu Arnold, Miek Gieben, Patrik Wallstrom, Paul Wouters, Ryan Eby, Tony Finch, Willem Toorop, and YAMAGUCHI Takanori for bug reports, testing, discussions, and occasional patches. Special thanks to Stephane Bortzmeyer and Phil Regnauld. Thanks for AFNIC which funded major portion of the development. Thanks for SWITCH for additional funding. validns-0.7/installation.mdwn000644 001751 000024 00000001515 11732636076 016707 0ustar00tobezstaff000000 000000 # validns installation ## Compatibility Known to compile and work on: - FreeBSD 10.0 amd64 - FreeBSD 9.0 amd64 - FreeBSD 8.2 i386 - Ubuntu 10.10 1 i386 - Debian 5.0.3 "lenny" x86_64 - MacOS X 10.6.7 (10.7.0 Darwin) i386 Is likely to compile and work on any modern Unix-like OS. ## Requirements - Judy dynamic arrays - http://judy.sourceforge.net/ - FreeBSD: ports/devel/judy - Debian/Ubuntu: libjudy-dev - MacOS X: macports judy - Test::Command::Simple perl module (for tests only) - FreeBSD: ports/devel/p5-Test-Command-Simple - anywhere: cpanm Test::Command::Simple ## Compilation Type `make`. If there are troubles, have a long hard look at the `Makefile`, fix the problems, repeat. ## Installation Copy `validns` executable someplace. The manual page will be added soon. Once it is here, copy it some(other)place as well. validns-0.7/validns.1000644 001751 000024 00000012764 12133224712 015033 0ustar00tobezstaff000000 000000 .TH VALIDNS 1 "April 2011" .SH NAME .PP validns - DNS and DSNSEC zone file validator .SH VERSION .PP This document describes validns version 0.7 .SH SYNOPSIS .PP validns \f[I]-h\f[] validns [\f[I]options\f[]] \f[I]zone-file\f[] .PP For validating stdin, specify "-" in place of \f[I]zone-file\f[]. .SH DESCRIPTION .PP Coming soon. .SH OPTIONS .TP .B -h Produce usage text and quit. .RS .RE .TP .B -f Quit on first validation error. Normally, \f[C]validns\f[] continues working on a zone after encountering a parsing or validation error. .RS .RE .TP .B -p \f[I]name\f[] Activate policy check \f[I]name\f[]. By default, only basic checks and DNSSEC checks are performed. This option can be specified multiple times. See \f[B]POLICY CHECKS\f[], below, for details. The following names are understood: .RS .IP \[bu] 2 single-ns .IP \[bu] 2 cname-other-data .IP \[bu] 2 dname .IP \[bu] 2 dnskey .IP \[bu] 2 nsec3param-not-apex .IP \[bu] 2 mx-alias .IP \[bu] 2 ns-alias .IP \[bu] 2 rp-txt-exists .IP \[bu] 2 tlsa-host .IP \[bu] 2 all .RE .TP .B -n \f[I]N\f[] Use N worker threads for parallelizable operations. The default is 0, meaning no parallelization. Currently only signature verification is parallelizable. .RS .RE .TP .B -q quiet - do not produce any output .RS .RE .TP .B -s print validation summary/stats .RS .RE .TP .B -v be extra verbose .RS .RE .TP .B -I \f[I]path\f[] use this path for $INCLUDE files .RS .RE .TP .B -z \f[I]origin\f[] use this origin as initial $ORIGIN .RS .RE .TP .B -t \f[I]epoch-time\f[] Use specified time instead of the current time when verifying validity of the signatures. .RS .RE .SH BASIC CHECKS .PP Every record and every supported directive should be parsable, which consitutes the most basic check of all. The \f[C]validns\f[] program will report the exact reason why it cannot parse a record or a directive. .PP Other basic checks include: .IP \[bu] 2 there could only be one SOA in a zone; .IP \[bu] 2 the first record in the zone must be an SOA record; .IP \[bu] 2 a record outside the apex; .IP \[bu] 2 TTL values differ within an RR set (excepting \f[I]RRSIG\f[]); .SH DNSSEC CHECKS .IP \[bu] 2 \f[I]type\f[] exists, but NSEC does not mention it for \f[I]name\f[]; .IP \[bu] 2 NSEC mentions \f[I]type\f[], but no such record found for \f[I]name\f[]; .IP \[bu] 2 NSEC says \f[I]x\f[] is the last name, but \f[I]z\f[] exists; .IP \[bu] 2 NSEC says \f[I]z\f[] comes after \f[I]x\f[], but nothing does; .IP \[bu] 2 NSEC says \f[I]z\f[] comes after \f[I]x\f[], but \f[I]y\f[] does; .IP \[bu] 2 signature is too new; .IP \[bu] 2 signature is too old; .IP \[bu] 2 RRSIG exists for non-existing type \f[I]type\f[]; .IP \[bu] 2 RRSIG\[aq]s original TTL differs from corresponding record\[aq]s; .IP \[bu] 2 RRSIG(\f[I]type\f[]): cannot find a signer key; .IP \[bu] 2 RRSIG(\f[I]type\f[]): cannot verify the signature; .IP \[bu] 2 RRSIG(\f[I]type\f[]): cannot find the right signer key; .IP \[bu] 2 NSEC3 record name is not valid; .IP \[bu] 2 multiple NSEC3 with the same record name; .IP \[bu] 2 no corresponding NSEC3 found for \f[I]name\f[]; .IP \[bu] 2 \f[I]type\f[] exists, but NSEC3 does not mention it for \f[I]name\f[]; .IP \[bu] 2 NSEC3 mentions \f[I]type\f[], but no such record found for \f[I]name\f[]; .IP \[bu] 2 there are more record types than NSEC3 mentions for \f[I]name\f[]; .IP \[bu] 2 broken NSEC3 chain, expected \f[I]name\f[], but nothing found; .IP \[bu] 2 broken NSEC3 chain, expected \f[I]name1\f[], but found \f[I]name2\f[]; .IP \[bu] 2 NSEC3 without a corresponding record (or empty non-terminal). .SH POLICY CHECKS .IP \[bu] 2 there should be at least two NS records per name (or zero); .IP \[bu] 2 CNAME and other data (excluding possible RRSIG and NSEC); .IP \[bu] 2 DNAME checks: no multiple DNAMEs, no descendants of a node with a DNAME; please note that DNAME/CNAME clash is handled by CNAME and other data check already; .IP \[bu] 2 DNSKEY checks: public key too short, leading zero octets in public key exponent or modulus; .IP \[bu] 2 NSEC3PARAM, if present, should only be at the zone apex. .IP \[bu] 2 MX exchange should not be an alias .IP \[bu] 2 NS nsdname should not be an alias .IP \[bu] 2 TXT domain name mentioned in RP record must have a corresponding TXT record if it is within the zone .IP \[bu] 2 domain name of a TLSA record must be a proper prefixed DNS name .SH BUGS .IP \[bu] 2 textual segments in \f[I]TXT\f[] and \f[I]HINFO\f[] must be enclosed in double quotes; .IP \[bu] 2 there cannot be more than 20 textual segments in a \f[I]TXT\f[] record; .IP \[bu] 2 \f[I]$INCLUDE\f[] directive is not implemented; .IP \[bu] 2 a dot within a label is not currently supported; .PP If at least one NSEC3 record uses opt-out flag, \f[C]validns\f[] assumes it is used as much as possible, that is, every unsigned delegation does not have a corresponding NSEC3 record. This is done for reasons of efficiency, to avoid calculating cryptographic hashes of every unsigned delegation. If this assumption is wrong for a zone, \f[C]validns\f[] will produce spurious validation errors. .SH ACKNOWLEDGEMENTS .PP Thanks go to Andy Holdaway, Daniel Stirnimann, Dennis Kjaer Jensen, Goran Bengtson, Hirohisa Yamaguchi, Hugo Salgado, Jake Zack, Jakob Schlyter, Koh-ichi Ito, Mathieu Arnold, Miek Gieben, Patrik Wallstrom, Paul Wouters, Ryan Eby, Tony Finch, Willem Toorop, and YAMAGUCHI Takanori for bug reports, testing, discussions, and occasional patches. .PP Special thanks to Stephane Bortzmeyer and Phil Regnauld. .PP Thanks for AFNIC which funded major portion of the development. Thanks for SWITCH for additional funding. .SH AUTHORS Anton Berezin. validns-0.7/nsec.c000644 001751 000024 00000006777 12111430324 014406 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. 604800 NSEC example.com. NS DS RRSIG NSEC 604800 RRSIG NSEC 10 3 604800 20130321184221 ( 20130219184221 35615 example.com. WWg7EiYoY8Hp593I2i5Mkl2ezg7YuAnq0y75 oymTCuEfGwh4OxbMT/mWNqAFL5Y8f0YoQOOY wZP0m/sGK/EJN7ulNsfQyULY4WsyHIGlKMwT KdyDXJLrmrzlmRnGv7pFb0bo53n3osE0uFfH yMQYOkQRYfqa4yWXF9Nl48dy67frtVih0foy 9Mm76mmJSDUd/jGsYQmaoFGVU/a64rWapVQ9 O/mXPqr6Pw2ZCHecsF4ElMEp41YqG1DfR5QR khTjvTlg4aTKvgX1YuvDhjUygSHit47xn2NC 2WwEZF+vYXT9DIUCMcKdVeb4bjWwUXbWNFqz Ca3jb/mpOpUDFnrRPw== ) * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr* nsec_parse(char *name, long ttl, int type, char *s) { struct rr_nsec *rr = getmem(sizeof(*rr)); struct binary_data bitmap; char *str_type = NULL; int ltype; rr->next_domain = extract_name(&s, "next domain", KEEP_CAPITALIZATION); /* TODO: validate next_domain, http://tools.ietf.org/html/rfc4034#section-4.1.1 */ bitmap = new_set(); while (s && *s) { str_type = extract_label(&s, "type list", "temporary"); if (!str_type) return NULL; ltype = str2rdtype(str_type, NULL); if (ltype < 0) return NULL; add_bit_to_set(&bitmap, ltype); } if (!s) return NULL; if (!str_type) { return bitch("NSEC type list should not be empty"); } rr->type_bitmap = compressed_set(&bitmap); G.dnssec_active = 1; return store_record(type, name, ttl, rr); } static char* nsec_human(struct rr *rrv) { RRCAST(nsec); char ss[1024]; char *s = ss; int l; char *base; int i, k; int type; char *type_name; l = snprintf(s, 1024, "%s", rr->next_domain); s += l; base = rr->type_bitmap.data; while (base - rr->type_bitmap.data < rr->type_bitmap.length) { for (i = 0; i < base[1]; i++) { for (k = 0; k <= 7; k++) { if (base[2+i] & (0x80 >> k)) { type = ((unsigned char)base[0])*256 + i*8 + k; type_name = rdtype2str(type); l = snprintf(s, 1024-(s-ss), " %s", type_name); s += l; } } } base += base[1]+2; } return quickstrdup_temp(ss); } static struct binary_data nsec_wirerdata(struct rr *rrv) { RRCAST(nsec); return compose_binary_data("dd", 1, name2wire_name(rr->next_domain), rr->type_bitmap); } static void* nsec_validate(struct rr *rrv) { RRCAST(nsec); struct named_rr *named_rr; named_rr = rr->rr.rr_set->named_rr; if (!check_typemap(rr->type_bitmap, named_rr, rrv)) return NULL; return rr; } void validate_nsec_chain(void) { struct rr_set *rr_set; struct named_rr *named_rr; rr_set = find_rr_set(T_NSEC, zone_apex); if (!rr_set) { named_rr = find_named_rr(zone_apex); moan(named_rr->file_name, named_rr->line, "apex NSEC not found"); return; } while (1) { char name[1024]; struct rr_nsec *rr = (struct rr_nsec *)rr_set->tail; char *s, *t; if (strcasecmp(rr->next_domain, zone_apex) == 0) /* chain complete */ break; s = rr->next_domain; t = name; while (*s) *t++ = tolower(*s++); *t = 0; rr_set = find_rr_set(T_NSEC, name); if (!rr_set) { moan(rr->rr.file_name, rr->rr.line, "broken NSEC chain %s -> %s", rr->rr.rr_set->named_rr->name, rr->next_domain); return; } } } struct rr_methods nsec_methods = { nsec_parse, nsec_human, nsec_wirerdata, NULL, nsec_validate }; validns-0.7/aaaa.c000644 001751 000024 00000002157 12001246675 014341 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *aaaa_parse(char *name, long ttl, int type, char *s) { struct rr_aaaa *rr = getmem(sizeof(*rr)); if (extract_ipv6(&s, "IPv6 address", &rr->address) <= 0) return NULL; if (*s) { return bitch("garbage after valid AAAA data"); } return store_record(type, name, ttl, rr); } static char* aaaa_human(struct rr *rrv) { RRCAST(aaaa); char s[1024]; if (inet_ntop(AF_INET6, &rr->address, s, 1024)) return quickstrdup_temp(s); return "????"; } static struct binary_data aaaa_wirerdata(struct rr *rrv) { RRCAST(aaaa); struct binary_data r; r.length = sizeof(rr->address); r.data = (void *)&rr->address; return r; } struct rr_methods aaaa_methods = { aaaa_parse, aaaa_human, aaaa_wirerdata, NULL, NULL }; validns-0.7/dnskey.c000644 001751 000024 00000010372 12001246700 014736 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr* dnskey_parse(char *name, long ttl, int type, char *s) { struct rr_dnskey *rr = getmem(sizeof(*rr)); struct binary_data key; int flags, proto, algorithm; unsigned int ac; int i; flags = extract_integer(&s, "flags"); if (flags < 0) return NULL; if (flags & 0xfefe) return bitch("reserved flags bits are set"); if (flags & 0x0001 && !(flags & 0x0100)) return bitch("SEP bit is set but Zone Key bit is unset"); rr->flags = flags; /* TODO validate that `name` is the name of the zone if flags have Zone Key bit set */ proto = extract_integer(&s, "protocol"); if (proto < 0) return NULL; if (proto != 3) return bitch("bad protocol value"); rr->protocol = proto; algorithm = extract_algorithm(&s, "algorithm"); if (algorithm == ALG_UNSUPPORTED) return NULL; if (algorithm == ALG_PRIVATEDNS || algorithm == ALG_PRIVATEOID) { return bitch("private algorithms are not supported in DNSKEY"); } rr->algorithm = algorithm; key = extract_base64_binary_data(&s, "public key"); if (key.length < 0) return NULL; /* TODO validate key length based on algorithm */ rr->pubkey = key; ac = 0; ac += rr->flags; ac += rr->protocol << 8; ac += rr->algorithm; for (i = 0; i < rr->pubkey.length; i++) { ac += (i & 1) ? (unsigned char)rr->pubkey.data[i] : ((unsigned char)rr->pubkey.data[i]) << 8; } ac += (ac >> 16) & 0xFFFF; rr->key_tag = ac & 0xFFFF; rr->pkey_built = 0; rr->pkey = NULL; if (*s) { return bitch("garbage after valid DNSKEY data"); } return store_record(type, name, ttl, rr); } static char* dnskey_human(struct rr *rrv) { RRCAST(dnskey); char s[1024]; snprintf(s, 1024, "%hu %d %d XXX ; key id = %hu", rr->flags, rr->protocol, rr->algorithm, rr->key_tag); return quickstrdup_temp(s); } static struct binary_data dnskey_wirerdata(struct rr *rrv) { RRCAST(dnskey); return compose_binary_data("211d", 1, rr->flags, rr->protocol, rr->algorithm, rr->pubkey); } static void *dnskey_validate(struct rr *rrv) { RRCAST(dnskey); if (G.opt.policy_checks[POLICY_DNSKEY]) { if (algorithm_type(rr->algorithm) == ALG_RSA_FAMILY) { unsigned int e_bytes; unsigned char *pk; int l; pk = (unsigned char *)rr->pubkey.data; l = rr->pubkey.length; e_bytes = *pk++; l--; if (e_bytes == 0) { if (l < 2) return moan(rr->rr.file_name, rr->rr.line, "public key is too short"); e_bytes = (*pk++) << 8; e_bytes += *pk++; l -= 2; } if (l < e_bytes) return moan(rr->rr.file_name, rr->rr.line, "public key is too short"); if (*pk == 0) return moan(rr->rr.file_name, rr->rr.line, "leading zero octets in public key exponent"); pk += e_bytes; l -= e_bytes; if (l > 0 && *pk == 0) return moan(rr->rr.file_name, rr->rr.line, "leading zero octets in key modulus"); } } return NULL; } struct rr_methods dnskey_methods = { dnskey_parse, dnskey_human, dnskey_wirerdata, NULL, dnskey_validate }; int dnskey_build_pkey(struct rr_dnskey *rr) { if (rr->pkey_built) return rr->pkey ? 1 : 0; rr->pkey_built = 1; if (algorithm_type(rr->algorithm) == ALG_RSA_FAMILY) { RSA *rsa; EVP_PKEY *pkey; unsigned int e_bytes; unsigned char *pk; int l; rsa = RSA_new(); if (!rsa) goto done; pk = (unsigned char *)rr->pubkey.data; l = rr->pubkey.length; e_bytes = *pk++; l--; if (e_bytes == 0) { if (l < 2) /* public key is too short */ goto done; e_bytes = (*pk++) << 8; e_bytes += *pk++; l -= 2; } if (l < e_bytes) /* public key is too short */ goto done; rsa->e = BN_bin2bn(pk, e_bytes, NULL); pk += e_bytes; l -= e_bytes; rsa->n = BN_bin2bn(pk, l, NULL); pkey = EVP_PKEY_new(); if (!pkey) goto done; if (!EVP_PKEY_set1_RSA(pkey, rsa)) goto done; rr->pkey = pkey; } done: if (!rr->pkey) { moan(rr->rr.file_name, rr->rr.line, "error building pkey"); } return rr->pkey ? 1 : 0; } validns-0.7/naptr.c000644 001751 000024 00000003671 12131607432 014600 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011-2013 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *naptr_parse(char *name, long ttl, int type, char *s) { struct rr_naptr *rr = getmem(sizeof(*rr)); int i; struct binary_data text; i = extract_integer(&s, "order"); if (i < 0) return NULL; if (i >= 65536) return bitch("order range is not valid"); rr->order = i; i = extract_integer(&s, "preference"); if (i < 0) return NULL; if (i >= 65536) return bitch("preference range is not valid"); rr->preference = i; text = extract_text(&s, "flags"); if (text.length < 0) return NULL; for (i = 0; i < text.length; i++) { if (!isalnum(text.data[i])) { return bitch("flags contains illegal characters"); } } rr->flags = text; text = extract_text(&s, "services"); if (text.length < 0) return NULL; rr->services = text; text = extract_text(&s, "regexp"); if (text.length < 0) return NULL; rr->regexp = text; rr->replacement = extract_name(&s, "replacement", 0); if (!rr->replacement) return NULL; if (*s) { return bitch("garbage after valid NAPTR data"); } return store_record(type, name, ttl, rr); } static char* naptr_human(struct rr *rrv) { RRCAST(naptr); char s[1024]; snprintf(s, 1024, "%hu %hu \"%s\" ...", rr->order, rr->preference, rr->flags.data); return quickstrdup_temp(s); } static struct binary_data naptr_wirerdata(struct rr *rrv) { RRCAST(naptr); return compose_binary_data("22bbbd", 1, rr->order, rr->preference, rr->flags, rr->services, rr->regexp, name2wire_name(rr->replacement)); } struct rr_methods naptr_methods = { naptr_parse, naptr_human, naptr_wirerdata, NULL, NULL }; validns-0.7/srv.c000644 001751 000024 00000003175 12015701641 014263 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *srv_parse(char *name, long ttl, int type, char *s) { struct rr_srv *rr = getmem(sizeof(*rr)); int i; /* TODO validate `name` (underscores etc) http://tools.ietf.org/html/rfc2782 */ i = extract_integer(&s, "priority"); if (i < 0) return NULL; if (i >= 65536) return bitch("priority range is not valid"); rr->priority = i; i = extract_integer(&s, "weight"); if (i < 0) return NULL; if (i >= 65536) return bitch("weight range is not valid"); rr->weight = i; i = extract_integer(&s, "port"); if (i < 0) return NULL; if (i >= 65536) return bitch("port range is not valid"); rr->port = i; rr->target = extract_name(&s, "target", 0); if (!rr->target) return NULL; if (*s) { return bitch("garbage after valid SRV data"); } return store_record(type, name, ttl, rr); } static char* srv_human(struct rr *rrv) { RRCAST(srv); char s[1024]; snprintf(s, 1024, "%hu %hu %hu %s", rr->priority, rr->weight, rr->port, rr->target); return quickstrdup_temp(s); } static struct binary_data srv_wirerdata(struct rr *rrv) { RRCAST(srv); return compose_binary_data("222d", 1, rr->priority, rr->weight, rr->port, name2wire_name(rr->target)); } struct rr_methods srv_methods = { srv_parse, srv_human, srv_wirerdata, NULL, NULL }; validns-0.7/base32hex.c000644 001751 000024 00000021102 12001246712 015221 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "base32hex.h" /* base32/normal alignment: * * 0 1 2 3 4 5 6 7 * |12345|123 45|12345|1 2345|1234 5|12345|12 345|12345| * |12345 678|12 34567 8|1234 5678|1 23456 78|123 45678| * 0 1 2 3 4 * * normal byte 0 is (base32[0] << 3) | (base32[1] >> 2) * masks: F8; 07 * normal byte 1 is ((base32[1]&0x03) << 6) | (base32[2] << 1) | (base32[3] >> 4) * masks: C0; 3E; 01 * normal byte 2 is ((base32[3]&0x0F) << 4) | (base32[4] >> 1) * masks: F0; 0F * normal byte 3 is ((base32[4]&0x01) << 7) | (base32[5] << 2) | (base32[6] >> 3) * masks: 80; 7C; 03 * normal byte 4 is ((base32[6]&0x07) << 5) | base32[7] * masks: E0; 1F */ int decode_base32hex(void *dest, char *src, size_t dstsize) { size_t processed = 0; int full_bytes = 0; unsigned char *dst = dest; while (*src) { int v; if (*src >= 'A' && *src <= 'V') v = *src - 'A' + 10; else if (*src >= 'a' && *src <= 'v') v = *src - 'a' + 10; else if (*src >= '0' && *src <= '9') v = *src - '0'; else if (isspace(*src) || *src == '=') { src++; continue; } else { /* any junk chars means input is corrupted */ errno = EINVAL; return -1; } src++; if (processed % 8 == 0) { if (dstsize <= 0) { errno = EINVAL; return -1; } dst[0] &= 0x07; dst[0] |= (v << 3) & 0xF8; processed++; } else if (processed % 8 == 1) { if (dstsize < 1) { errno = EINVAL; return -1; } dst[0] &= 0xF8; dst[0] |= (v >> 2) & 0x07; if (dstsize >= 2) { dst[1] &= 0x3F; dst[1] |= (v << 6) & 0xC0; } processed++; full_bytes++; } else if (processed % 8 == 2) { if (dstsize < 2) { errno = EINVAL; return -1; } dst[1] &= 0xC1; dst[1] |= (v << 1) & 0x3E; processed++; } else if (processed % 8 == 3) { if (dstsize < 2) { errno = EINVAL; return -1; } dst[1] &= 0xFE; dst[1] |= (v >> 4) & 0x01; if (dstsize >= 3) { dst[2] &= 0x0F; dst[2] |= (v << 4) & 0xF0; } processed++; full_bytes++; } else if (processed % 8 == 4) { if (dstsize < 3) { errno = EINVAL; return -1; } dst[2] &= 0xF0; dst[2] |= (v >> 1) & 0x0F; if (dstsize >= 4) { dst[3] &= 0x7F; dst[3] |= (v << 7) & 0x80; } processed++; full_bytes++; } else if (processed % 8 == 5) { if (dstsize < 4) { errno = EINVAL; return -1; } dst[3] &= 0x83; dst[3] |= (v << 2) & 0x7C; processed++; } else if (processed % 8 == 6) { if (dstsize < 4) { errno = EINVAL; return -1; } dst[3] &= 0xFC; dst[3] |= (v >> 3) & 0x03; if (dstsize >= 5) { dst[4] &= 0x1F; dst[4] |= (v << 5) & 0xE0; } processed++; full_bytes++; } else { if (dstsize < 5) { errno = EINVAL; return -1; } dst[4] &= 0xE0; dst[4] |= v & 0x1F; processed++; dst += 5; dstsize -= 5; full_bytes++; } } return full_bytes; } int encode_base32hex(void *dest, size_t dstsize, void *source, size_t srclength) { size_t need_dstsize; int byte = 0; unsigned char *dst = dest; unsigned char *src = source; int i; need_dstsize = 8*(srclength / 5); switch (srclength % 5) { case 1: need_dstsize += 2; break; case 2: need_dstsize += 4; break; case 3: need_dstsize += 5; break; case 4: need_dstsize += 7; break; } if (dstsize < need_dstsize) { errno = EINVAL; return -1; } while (srclength) { switch (byte) { case 0: dst[0] = *src >> 3; dst[1] = (*src & 0x07) << 2; break; case 1: dst[1] |= (*src >> 6) & 0x03; dst[2] = (*src >> 1) & 0x1f; dst[3] = (*src & 0x01) << 4; break; case 2: dst[3] |= (*src >> 4) & 0x0f; dst[4] = (*src & 0x0f) << 1; break; case 3: dst[4] |= (*src >> 7) & 0x01; dst[5] = (*src >> 2) & 0x1f; dst[6] = (*src & 0x03) << 3; break; case 4: dst[6] |= (*src >> 5) & 0x07; dst[7] = *src & 0x1f; break; } srclength--; src++; byte++; if (byte == 5) { dst += 8; byte = 0; } } dst = dest; for (i = 0; i < need_dstsize; i++) { if (*dst < 10) *dst = *dst +'0'; else if (*dst < 32) *dst = *dst - 10 + 'a'; else *dst = '?'; dst++; } return need_dstsize; } #ifdef TEST_PROGRAM static int ok_string_test(int testnum, char *src, char *expect) { unsigned char dstbuf[512]; unsigned char reverse_buf[1024]; int r, r0, i; int expect_sz = strlen(expect); int expect_reverse; char *s, *d; if (expect_sz >= 512) { printf("test %d: NOT OK: internal *test* error, buffer too small for proper testing, FIXME\n", testnum); return 1; } memset(dstbuf, 0xAA, 512); r = decode_base32hex(dstbuf, src, expect_sz); if (r != expect_sz) { printf("test %d: NOT OK: expect size %d, got %d\n", testnum, expect_sz, r); return 1; } else if (memcmp(dstbuf, expect, r) != 0) { printf("test %d: NOT OK: unexpected buffer content\n", testnum); return 1; } if (dstbuf[expect_sz] != 0xAA) { printf("test %d: NOT OK: corrupts memory with \"just enough\" bufsize\n", testnum); return 1; } r = encode_base32hex(reverse_buf, 1024, dstbuf, expect_sz); s = src; d = (char*)dstbuf; expect_reverse = 0; while (*s) { if (*s != ' ' && *s != '=') { *d++ = tolower(*s); expect_reverse++; } s++; } if (r != expect_reverse) { printf("test %d: NOT OK: REVERSE: expect size %d, got %d\n", testnum, expect_reverse, r); return 1; } else if (memcmp(reverse_buf, dstbuf, r) != 0) { printf("test %d: NOT OK: REVERSE: unexpected buffer content\n", testnum); return 1; } memset(dstbuf, 0xAA, 512); for (i = 0; i < expect_sz; i++) { r0 = decode_base32hex(dstbuf, src, i); if (r0 > 0) { printf("test %d: NOT OK: buffer size %d should not be enough\n", testnum, i); return 1; } if (dstbuf[i] != 0xAA) { printf("test %d: NOT OK: corrupts memory with bufsize %d\n", testnum, i); return 1; } } printf("test %d: ok\n", testnum); return 0; } static int expect_junk_error(int testnum, char *src) { char *buf[20]; int r; r = decode_base32hex(buf, src, 20); if (r != -1) { printf("test %d: NOT OK: junk input not recognized\n", testnum); return 1; } printf("test %d: ok\n", testnum); return 0; } int main(void) { int ret = 0; int t = 1; /* from http://tools.ietf.org/html/rfc4648#section-10 */ ret |= ok_string_test(t++, "", ""); ret |= ok_string_test(t++, "CO======", "f"); ret |= ok_string_test(t++, "Co=====", "f"); ret |= ok_string_test(t++, "cO====", "f"); ret |= ok_string_test(t++, "co===", "f"); ret |= ok_string_test(t++, "CO==", "f"); ret |= ok_string_test(t++, "CO=", "f"); ret |= ok_string_test(t++, "CO", "f"); ret |= ok_string_test(t++, "CPNG====", "fo"); ret |= ok_string_test(t++, "cPNG===", "fo"); ret |= ok_string_test(t++, "cpNG==", "fo"); ret |= ok_string_test(t++, "cpnG=", "fo"); ret |= ok_string_test(t++, "cpng", "fo"); ret |= ok_string_test(t++, "CPNMU===", "foo"); ret |= ok_string_test(t++, "CPnMU==", "foo"); ret |= ok_string_test(t++, "CPnmu=", "foo"); ret |= ok_string_test(t++, "cpNMU", "foo"); ret |= ok_string_test(t++, "CPNMUOG=", "foob"); ret |= ok_string_test(t++, "CPNMUoG", "foob"); ret |= ok_string_test(t++, "CPNMUOJ1", "fooba"); ret |= ok_string_test(t++, "cPnMuOj1", "fooba"); ret |= ok_string_test(t++, "CpNmUoJ1", "fooba"); ret |= ok_string_test(t++, "CpNm UoJ1", "fooba"); ret |= ok_string_test(t++, "CPNMUOJ1E8======", "foobar"); ret |= ok_string_test(t++, "CPNMuOJ1E8=====", "foobar"); ret |= ok_string_test(t++, "CpNMuOJ1E8====", "foobar"); ret |= ok_string_test(t++, "CpNMuOJ1e8===", "foobar"); ret |= ok_string_test(t++, "CpNmuOJ 1e8==", "foobar"); ret |= ok_string_test(t++, "CpnmuOJ 1e8=", "foobar"); ret |= ok_string_test(t++, "Cpn muOj 1e8", "foobar"); ret |= expect_junk_error(t++, "?m9vmF"); ret |= expect_junk_error(t++, "%m9vmF"); ret |= expect_junk_error(t++, "m&9vmF"); ret |= expect_junk_error(t++, "m9-vmF"); ret |= expect_junk_error(t++, "m9v*mF"); ret |= expect_junk_error(t++, "m9v#mF"); ret |= expect_junk_error(t++, "m9vm\x01F"); ret |= expect_junk_error(t++, "m9vmF!"); ret |= expect_junk_error(t++, "m9vmF."); ret |= expect_junk_error(t++, "CpnmuOj/1e8x"); ret |= expect_junk_error(t++, "CpnYmuOj1e8"); ret |= expect_junk_error(t++, "CZpnmuOj1e8"); ret |= expect_junk_error(t++, "CzpnmuOj1e8"); ret |= ok_string_test(t++, "MEQIMI6FJE5NI47PJAHV5QIGU1LV3JLJ", "\xb3\xb5\x2b\x48\xcf\x9b\x8b\x79\x10\xf9\x9a\xa3\xf2\xea\x50\xf0\x6b\xf1\xce\xb3"); return ret; } #endif validns-0.7/base32hex.h000644 001751 000024 00000000574 12001246715 015243 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #ifndef _BASE32HEX_H_ #define _BASE32HEX_H_ 1 int decode_base32hex(void *dst, char *src, size_t dstsize); int encode_base32hex(void *dest, size_t dstsize, void *source, size_t srclength); #endif validns-0.7/nsec3.c000644 001751 000024 00000010545 12111430324 014455 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" #include "base32hex.h" static struct rr* nsec3_parse(char *name, long ttl, int type, char *s) { struct rr_nsec3 *rr = getmem(sizeof(*rr)); struct rr *ret_rr; struct binary_data bitmap; int i; int opt_out = 0; char *str_type = NULL; int ltype; i = extract_integer(&s, "hash algorithm"); if (i < 0) return NULL; if (i > 255) return bitch("bad hash algorithm value"); if (i != 1) return bitch("unrecognized or unsupported hash algorithm"); rr->hash_algorithm = i; i = extract_integer(&s, "flags"); if (i < 0) return NULL; if (i > 255) return bitch("bad flags value"); if (!(i == 0 || i == 1)) return bitch("unsupported flags value"); if (i == 1) opt_out = 1; rr->flags = i; i = extract_integer(&s, "iterations"); if (i < 0) return NULL; if (i > 2500) return bitch("bad iterations value"); rr->iterations = i; /* TODO validate iteration count according to key size, * as per http://tools.ietf.org/html/rfc5155#section-10.3 */ if (*s == '-') { rr->salt.length = 0; rr->salt.data = NULL; s++; if (*s && !isspace(*s) && *s != ';' && *s != ')') return bitch("salt is not valid"); s = skip_white_space(s); } else { rr->salt = extract_hex_binary_data(&s, "salt", EXTRACT_DONT_EAT_WHITESPACE); if (rr->salt.length <= 0) return NULL; if (rr->salt.length > 255) return bitch("salt is too long"); } rr->next_hashed_owner = extract_base32hex_binary_data(&s, "next hashed owner"); if (rr->next_hashed_owner.length != 20) { return bitch("next hashed owner does not have the right size"); } bitmap = new_set(); while (s && *s) { str_type = extract_label(&s, "type list", "temporary"); if (!str_type) return NULL; ltype = str2rdtype(str_type, NULL); if (ltype < 0) return NULL; add_bit_to_set(&bitmap, ltype); } if (!s) return NULL; rr->type_bitmap = compressed_set(&bitmap); rr->corresponding_name = NULL; rr->next_nsec3 = NULL; if (!remember_nsec3(name, rr)) return NULL; ret_rr = store_record(type, name, ttl, rr); if (ret_rr) { G.nsec3_present = 1; G.dnssec_active = 1; G.stats.nsec3_count++; if (opt_out) { G.nsec3_opt_out_present = 1; } if (ret_rr && !nsec3param) nsec3param = ret_rr; } return ret_rr; } static char* nsec3_human(struct rr *rrv) { RRCAST(nsec3); char ss[1024]; char *s = ss; int l; int i; l = snprintf(s, 1024, "%u %u %u ", rr->hash_algorithm, rr->flags, rr->iterations); s += l; if (rr->salt.length) { for (i = 0; i < rr->salt.length; i++) { l = snprintf(s, 1024-(s-ss), "%02X", (unsigned char)rr->salt.data[i]); s += l; } } else { sprintf(s, "-"); } return quickstrdup_temp(ss); } static struct binary_data nsec3_wirerdata(struct rr *rrv) { RRCAST(nsec3); return compose_binary_data("112bbd", 1, rr->hash_algorithm, rr->flags, rr->iterations, rr->salt, rr->next_hashed_owner, rr->type_bitmap); } struct rr_nsec3 *first_nsec3 = NULL; struct rr_nsec3 *latest_nsec3 = NULL; void* nsec3_validate(struct rr *rrv) { RRCAST(nsec3); if (!first_nsec3) { first_nsec3 = rr; } if (latest_nsec3) { if (memcmp(latest_nsec3->next_hashed_owner.data, rr->this_hashed_name.data, 20) != 0) { char *expected_name = quickstrdup_temp(rr->rr.rr_set->named_rr->name); /* guaranteed to have same length, I think */ encode_base32hex(expected_name, 32, latest_nsec3->next_hashed_owner.data, 20); if (rr == first_nsec3) { moan(latest_nsec3->rr.file_name, latest_nsec3->rr.line, "broken NSEC3 chain, expected %s, but nothing found", expected_name); } else { moan(latest_nsec3->rr.file_name, latest_nsec3->rr.line, "broken NSEC3 chain, expected %s, but found %s", expected_name, rr->rr.rr_set->named_rr->name); } if (rr != first_nsec3) latest_nsec3->next_nsec3 = rr; latest_nsec3 = rr; return NULL; } if (rr != first_nsec3) latest_nsec3->next_nsec3 = rr; } latest_nsec3 = rr; return rr; } struct rr_methods nsec3_methods = { nsec3_parse, nsec3_human, nsec3_wirerdata, NULL, nsec3_validate }; validns-0.7/nsec3param.c000644 001751 000024 00000005440 12111430324 015474 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" struct rr *nsec3param = NULL; static struct rr* nsec3param_parse(char *name, long ttl, int type, char *s) { struct rr_nsec3param *rr = getmem(sizeof(*rr)); struct rr *ret_rr; int i; i = extract_integer(&s, "hash algorithm"); if (i < 0) return NULL; if (i > 255) return bitch("bad hash algorithm value"); if (i != 1) return bitch("unrecognized or unsupported hash algorithm"); rr->hash_algorithm = i; i = extract_integer(&s, "flags"); if (i < 0) return NULL; if (i > 255) return bitch("bad flags value"); if (i != 0) return bitch("flags is supposed to be 0 for NSEC3PARAM"); rr->flags = i; i = extract_integer(&s, "iterations"); if (i < 0) return NULL; if (i > 2500) return bitch("bad iterations value"); rr->iterations = i; /* TODO validate iteration count according to key size, * as per http://tools.ietf.org/html/rfc5155#section-10.3 */ if (*s == '-') { rr->salt.length = 0; rr->salt.data = NULL; s++; if (*s && !isspace(*s) && *s != ';' && *s != ')') return bitch("salt is not valid"); s = skip_white_space(s); } else { rr->salt = extract_hex_binary_data(&s, "salt", EXTRACT_DONT_EAT_WHITESPACE); if (rr->salt.length <= 0) return NULL; if (rr->salt.length > 255) return bitch("salt is too long"); } if (*s) { return bitch("garbage after valid NSEC3PARAM data"); } G.dnssec_active = 1; ret_rr = store_record(type, name, ttl, rr); if (ret_rr && !nsec3param && (ret_rr->rr_set->named_rr->flags & NAME_FLAG_APEX)) nsec3param = ret_rr; if (G.opt.policy_checks[POLICY_NSEC3PARAM_NOT_APEX] && (ret_rr->rr_set->named_rr->flags & NAME_FLAG_APEX) == 0) { return bitch("NSEC3PARAM found not at zone apex"); } return ret_rr; } static char* nsec3param_human(struct rr *rrv) { RRCAST(nsec3param); char ss[1024]; char *s = ss; int l; int i; l = snprintf(s, 1024, "%u %u %u ", rr->hash_algorithm, rr->flags, rr->iterations); s += l; if (rr->salt.length) { for (i = 0; i < rr->salt.length; i++) { l = snprintf(s, 1024-(s-ss), "%02X", (unsigned char)rr->salt.data[i]); s += l; } } else { sprintf(s, "-"); } return quickstrdup_temp(ss); } static struct binary_data nsec3param_wirerdata(struct rr *rrv) { RRCAST(nsec3param); return compose_binary_data("112b", 1, rr->hash_algorithm, rr->flags, rr->iterations, rr->salt); } struct rr_methods nsec3param_methods = { nsec3param_parse, nsec3param_human, nsec3param_wirerdata, NULL, NULL }; validns-0.7/base32hex-test000755 001751 000024 00000025210 11545113463 015774 0ustar00tobezstaff000000 000000 ELF >@@ˆ@8@@@@@@ÀÀ@@@@ØØØØPØP(ààPàP@@Påtd¤¤@¤@44Qåtd/libexec/ld-elf.so.1FreeBSD·»   iœ@4øP<ØPb¬@TG¼@ -Ì@œèPOðPuÜ@9ñÿPsì@3zü@ô _Jv_RegisterClasseslibc.so.7__mb_sb_limitprintfenviron__progname__error_CurrentRuneLocalememset_init_tlsatexitstrlen_endFBSD_1.0°(z†èPðP°P¸PÀPÈPÐP ØP àP Hƒìè_èÚ HƒÄÃÿ5ÿ%ÿ%héàÿÿÿÿ%héÐÿÿÿÿ%þhéÀÿÿÿÿ%öhé°ÿÿÿÿ%îhé ÿÿÿÿ%æhéÿÿÿÿ%Þhé€ÿÿÿUH‰åAWAVSHƒìHcLtßL‰5ÌI‰ÿIƒÇH…Û~&I‹H…ÀtH‰‘ëfffffHÿÀ€ù/t芄Éuò¸àPH…Àt H‰÷Hè{ÿÿÿëHè#ÿÿÿ¿”@HèhÿÿÿHèîþÿÿ‰ßL‰þL‰òHè‰ÇHè<ÿÿÿUH‰åŠF„Àtë#HƒÀH‰-ÿÑH‹$H‹H…ÉuäÆ]ÃffffffffUH‰åHƒ=¤t ¸H…Àu]ÿP]ÿàHƒìD‹ÍI‰ÑHƒÆE1ÀE1Òë6ffff¾ÁHÉL‰ÀƒàuJM…É„&¶ÍIƒÀƒâ ЈHƒÆ¶Nÿ„É„A¿<v½AŸ<w|¾ÁH©L‰Àƒàt¶HƒøtzHƒø„îHƒøfff„Hƒø„1Hƒø„`Hƒøf„}Iƒù†¶W‰ÈIƒÀƒàIƒéAƒÂƒâà ЈGHƒÇéfÿÿÿAÐ< wF¾ÁHÐé.ÿÿÿM…Ét`¶‰ÈÁøƒàƒâø ÐIƒùˆv¶W‰ÈÁàƒâ? ЈGIƒÀAƒÂéÿÿÿ¾Á…ÀxD9Ø}HcÐH‹—öDÐA@…øþÿÿ€ù=„ïþÿÿèJýÿÿAºÿÿÿÿÇD‰ÐHƒÄÃIƒùvá¶W IƒÀƒà>ƒâÁ ЈGéµþÿÿIƒùvÀ¶W‰ÈÁøƒàƒâþ ÐIƒùˆG†kÿÿÿ¶W‰ÈÁàƒâ ЈGéUÿÿÿIƒùv†¶W‰ÈÑøƒàƒâð ÐIƒùˆG†2ÿÿÿ¶W‰ÈÁàƒâ ЈGéÿÿÿIƒù†Iÿÿÿ¶WIƒÀƒà|ƒâƒ ЈGéþÿÿIƒù† ÿÿÿ¶W‰ÈÁøƒàƒâü ÐIƒùˆG†Ëþÿÿ¶W‰ÈÁàƒâ ЈGéµþÿÿfffffffffffSº‰ûHì H‰çèiýÿÿƒÀt‰Þ¿ø@1ÀèüÿÿHÄ ¸[É޿±@1ÀèöûÿÿHÄ 1À[ÃfffffffffffL‰d$àL‰l$èA‰ýL‰t$ðH‰\$ÐH‰×H‰l$ØL‰|$øHìHH‰t$I‰ÖèÔûÿÿ=ÿI‰Ä~ND‰î¿(@1Àè‹ûÿÿ¸H‹œ$H‹¬$ L‹¤$(L‹¬$0L‹´$8L‹¼$@HÄHÃfL|$º¾ªIcìL‰ÿèûÿÿH‹t$H‰êL‰ÿèfüÿÿA9Ät!‰ÁD‰âD‰î¿€@1Àè ûÿÿ¸éyÿÿÿffüH9íL‰þL‰÷H‰éó¦u €|,ªt2D‰î¿à@1ÀèÕúÿÿ¸éEÿÿÿD‰î¿°@1Àè¼úÿÿ¸é,ÿÿÿº¾ªL‰ÿè€úÿÿE…ä~NAD$ÿ1ÛHhëfB€<;ªuNHƒÃH9ët/H‹t$H‰ÚL‰ÿè°ûÿÿ…À~܉ÚD‰î¿ @1ÀèWúÿÿ¸éÇþÿÿD‰î¿±@1Àè>úÿÿ1Àé±þÿÿ‰ÚD‰î¿X@1Àè&úÿÿ¸é–þÿÿAWº½@¿H‰ÖAVAUATUSHì˜èþÿÿº¾@¾À@¿‰D$èþÿÿº¾@¾É@¿‰Ãèïýÿÿº¾@¾Ñ@¿‰D$ è×ýÿÿº¾@¾Ø@¿‰D$è¿ýÿÿº¾@¾Þ@¿‰D$è§ýÿÿº¾@¾ã@¿‰D$èýÿÿº¾@¾ç@¿‰D$èwýÿÿºê@¾í@¿ ‰D$ è_ýÿÿºê@¾ö@¿ ‰D$$èGýÿÿºê@¾þ@¿ ‰D$(è/ýÿÿºê@¾@¿ ‰D$,èýÿÿºê@¾ @¿ ‰D$0èÿüÿÿº@¾@¿‰D$4èçüÿÿº@¾@¿‰D$8èÏüÿÿº@¾%@¿‰D$<è·üÿÿº@¾,@¿‰D$@èŸüÿÿº2@¾7@¿‰D$Dè‡üÿÿº2@¾@@¿‰D$HèoüÿÿºH@¾N@¿‰D$LèWüÿÿºH@¾W@¿‰D$Pè?üÿÿºH@¾`@¿‰D$Tè'üÿÿºH@¾i@¿‰D$Xèüÿÿºu@¾|@¿‰D$\è÷ûÿÿºu@¾@¿‰D$`èßûÿÿºu@¾@¿‰D$dèÇûÿÿºu@¾¬@¿‰D$hè¯ûÿÿºu@¾º@¿‰D$lè—ûÿÿºu@¾È@¿‰D$pèûÿÿºu@¾Õ@¿‰D$tègûÿÿ¾â@¿‰D$xèôúÿÿ¾é@¿ ‰D$|èáúÿÿ¾ð@¿!‰„$€èËúÿÿ¾÷@¿"‰„$„èµúÿÿ¾þ@¿#‰„$ˆèŸúÿÿ¾@¿$‰„$Œè‰úÿÿ¾ @¿%‰„$èsúÿÿ¾@¿&‰„$”è]úÿÿ¾@¿'‰ÅèLúÿÿ¾ @¿(A‰Çè:úÿÿ¾-@¿)A‰Æè(úÿÿ¾9@¿*A‰ÅèúÿÿºE@¾@¿+A‰Äè_úÿÿ \$ \$ \$ \$ \$ \$ \$ \$$ \$( \$, \$0 \$4 \$8 \$< \$@ \$D \$H \$L \$P \$T \$X \$\ \$` \$d \$h \$l \$p \$t \$x \$| œ$€ œ$„ œ$ˆ œ$Œ œ$ œ$”HĘ ëD ûD óD ëD ã ÉØ[]A\A]A^A_ÃUH‰åSHƒìHƒ=ÿÿt»pPffffffÿHƒ{øÿH[øuóHƒÄ[]ÃHƒìèöÿÿHƒÄÃ$FreeBSD: src/lib/csu/amd64/crti.S,v 1.7 2004/03/21 01:39:01 peter Exp $test %d: NOT OK: junk input not recognized test %d: NOT OK: internal *test* error, buffer too small for proper testing, FIXME test %d: NOT OK: expect size %d, got %d test %d: NOT OK: unexpected buffer content test %d: NOT OK: corrupts memory with "just enough" bufsize test %d: NOT OK: buffer size %d should not be enough test %d: NOT OK: corrupts memory with bufsize %d MEQIMI6FJE5NI47PJAHV5QIGU1LV3JLJtest %d: ok fCO======Co=====cO====co===CO==CO=COfoCPNG====cPNG===cpNG==cpnG=cpngfooCPNMU===CPnMU==CPnmu=cpNMUfoobCPNMUOG=CPNMUoGfoobaCPNMUOJ1cPnMuOj1CpNmUoJ1CpNm UoJ1foobarCPNMUOJ1E8======CPNMuOJ1E8=====CpNMuOJ1E8====CpNMuOJ1e8===CpNmuOJ 1e8==CpnmuOJ 1e8=Cpn muOj 1e8?m9vmF%m9vmFm&9vmFm9-vmFm9v*mFm9v#mFm9vmm9vmF!m9vmF.CpnmuOj/1e8xCpnYmuOj1e8CZpnmuOj1e8³µ+HÏ›‹yùš£òêPðkñγ$FreeBSD: src/lib/csu/amd64/crtn.S,v 1.6 2004/03/21 01:39:01 peter Exp $;Plñÿÿllòÿÿœìôÿÿ´LõÿÿÔ ÷ÿÿü½@ˆPzRx ,@†  ƒŽL@qDd @QAƒN°$„ð @ÀJŒaІƒŽ4¬° @§BOB B(A0A8GЃ†ŒŽ x@ ”@0@Ð@€@ ˜P¨Ð@ @0 þÿÿo€@ÿÿÿoðÿÿo`@ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿàP¢@²@Â@Ò@â@ò@@$FreeBSD: src/lib/csu/common/crtbrand.c,v 1.6 2007/12/04 12:18:43 kib Exp $$FreeBSD: src/lib/csu/amd64/crt1.c,v 1.16 2010/03/05 13:28:05 uqs Exp $GCC: (GNU) 4.2.1 20070719 [FreeBSD].symtab.strtab.shstrtab.interp.note.ABI-tag.hash.dynsym.dynstr.gnu.version.gnu.version_r.rela.dyn.rela.plt.init.text.fini.rodata.eh_frame_hdr.data.eh_frame.dynamic.ctors.dtors.jcr.got.bss.comment@#@10@0L7 €@€P?Ð@ÐGÿÿÿo`@`Tþÿÿo€@€ c @ 0mÐ@Ш wx@xrŒ@Œ€}@„ ƒ”@”‰¨@¨û‘¤@¤4ŸØPØ¥øPøä¯àPà¸pPp¿€P€ÆP˘P˜PÐèPèÕ軣ވ 5 ¨'à@@0@€@Ð@`@€@ @ Ð@ x@ Œ@ @ ”@¨@¤@ØPøPàPpP€PP˜PèPñÿ@&ñÿDñÿ&ñÿOñÿ„  @5š à@"¦ðPÈèPàPípPû€POñÿ  `@4xP,ˆP9ØPGPSñÿDñÿSñÿqñÿ} @Q ð @ÀžàP§àP´œ@È @qÙ x@ßøPçØPò @ù¬@T ¼@ Ì@œ-ñÿèP9 ° @§>èPV ”@\ðPyÜ@9ˆñÿèP˜P¥ñÿPªì@3»ü@ôÌ /usr/src/lib/csu/amd64/crt1.cabitag/usr/src/lib/csu/amd64/crti.S/usr/src/gnu/lib/csu/../../../contrib/gcc/crtstuff.c__do_global_dtors_auxframe_dummy__do_global_dtors_aux.completed.b__do_global_dtors_aux.p__JCR_LIST____CTOR_LIST____DTOR_LIST____do_global_ctors_aux__CTOR_END____DTOR_END____FRAME_END____JCR_END__/usr/src/lib/csu/amd64/crtn.Sbase32hex.cexpect_junk_errorok_string_test_DYNAMIC__dso_handle_init_tls@@FBSD_1.0decode_base32hex_initenviron__progname_startmemset@@FBSD_1.0__error@@FBSD_1.0printf@@FBSD_1.0__bss_startmain__mb_sb_limit@@FBSD_1.0_fini_CurrentRuneLocale@@FBSD_1.0exit@@FBSD_1.0_edata_GLOBAL_OFFSET_TABLE__endatexit@@FBSD_1.0strlen@@FBSD_1.0_Jv_RegisterClassesvalidns-0.7/hinfo.c000644 001751 000024 00000002447 12131471556 014565 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *hinfo_parse(char *name, long ttl, int type, char *s) { struct rr_hinfo *rr = getmem(sizeof(*rr)); rr->cpu = extract_text(&s, "CPU"); if (rr->cpu.length < 0) return NULL; if (rr->cpu.length > 255) return bitch("CPU string is too long"); rr->os = extract_text(&s, "OS"); if (rr->os.length < 0) return NULL; if (rr->os.length > 255) return bitch("OS string is too long"); if (*s) { return bitch("garbage after valid HINFO data"); } return store_record(type, name, ttl, rr); } static char* hinfo_human(struct rr *rrv) { RRCAST(hinfo); char s[1024]; snprintf(s, 1024, "\"%s\" \"%s\"", rr->cpu.data, rr->os.data); return quickstrdup_temp(s); } static struct binary_data hinfo_wirerdata(struct rr *rrv) { RRCAST(hinfo); return compose_binary_data("bb", 1, rr->cpu, rr->os); } struct rr_methods hinfo_methods = { hinfo_parse, hinfo_human, hinfo_wirerdata, NULL, NULL }; validns-0.7/technical-notes.mdwn000644 001751 000024 00000005302 11555515517 017263 0ustar00tobezstaff000000 000000 # validns technical notes ## Data structures considerations - the whole parsed zone must be loaded into memory - some validations work on individual records - thus, whole zone traversal is needed - some validations work on records sorted in a particular way - the "canonical order" described here http://tools.ietf.org/html/rfc4034#section-6.1 - thus, this traversal should be in this canonical order - Judy is a good way to quickly find and iterate over string-indexed data - but it uses normal lexicographic sort order - is it possible to map the names in such a way that the result, sorted lexicographically, will correspond to the canonical order? - if we agree that labels cannot contain chr(0) - this, strictly speaking, is possible - but we ignore that this can be seen in practice - and, if we agree that labels cannot contain chr(1) - same as above - possible, but it's not within "IN" class - then we can reverse the name and use chr(1) as the label separator - we could just use chr(0) as the label separator, but then we cannot use normal C-style strings, so the code will be somewhat more complex - some validations apply to given names - need quick retrieval of all records with a given name - some validations require complete RR sets - need quick retrieval of all records in a given RR set ## Memory requirements and execution speed Naturally, memory usage is much higher on 64-bit platforms. For a 4 million records zone, it eats around 700 MB on a 64-bit platform, and only around 400 MB on a 32-bit platform. It also looks that 32-bit version is somewhat faster than 64-bit one, although I did not do a strict comparison - the tested machines were not the same. ## TODO The todo list is not complete by its nature. - proper manual page - a test for every error message - zone validations specified in RFC 1035 - multiple verboseness levels (`-v` option repeated) - include file support - `-I` option - embedding lua for flexible validations - "policy validations" - `-p policy-file` option - `-r policy-rule` option (maybe?) - better platform support - `stpcpy()` might not be everywhere ## DONE The done list is not complete. - (./) usage() function - (./) options support (`getopt`) - (./) $TTL support - (./) $ORIGIN support - (./) `-z` option for initial ORIGIN - (./) master file support (RFC 1035, section 5) - (./) see whether there were changes to it - `-v` option for verbose - (./) `-q` option for extra quiet - (./) `-f` option (die on first error) - (./) `-s` option - produce validation summary/statistics - (./) nice CPAN module for external programs output testing? - (./) looks like Test::Command::Simple is what I want - (./) wire RDATA format - (./) NSEC3 parsing validns-0.7/ds.c000644 001751 000024 00000004657 12111430324 014057 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr* ds_parse(char *name, long ttl, int type, char *s) { struct rr_ds *rr = getmem(sizeof(*rr)); int key_tag, algorithm, digest_type; key_tag = extract_integer(&s, "key tag"); if (key_tag < 0) return NULL; rr->key_tag = key_tag; algorithm = extract_algorithm(&s, "algorithm"); if (algorithm == ALG_UNSUPPORTED) return NULL; rr->algorithm = algorithm; digest_type = extract_integer(&s, "digest type"); if (digest_type < 0) return NULL; rr->digest_type = digest_type; rr->digest = extract_hex_binary_data(&s, "digest", EXTRACT_EAT_WHITESPACE); if (rr->digest.length < 0) return NULL; /* See http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xml * for valid digest types. */ switch (digest_type) { case 1: if (rr->digest.length != SHA1_BYTES) { return bitch("wrong SHA-1 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA1_BYTES); } break; case 2: if (rr->digest.length != SHA256_BYTES) { return bitch("wrong SHA-256 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA256_BYTES); } break; case 3: if (rr->digest.length != GOST_BYTES) { return bitch("wrong GOST R 34.11-94 digest length: %d bytes found, %d bytes expected", rr->digest.length, GOST_BYTES); } break; default: return bitch("bad or unsupported digest type %d", digest_type); } if (*s) { return bitch("garbage after valid DS data"); } G.dnssec_active = 1; return store_record(type, name, ttl, rr); } static char* ds_human(struct rr *rrv) { RRCAST(ds); char ss[4096]; char *s = ss; int l; int i; l = snprintf(s, 4096, "%u %u %u ", rr->key_tag, rr->algorithm, rr->digest_type); s += l; for (i = 0; i < rr->digest.length; i++) { l = snprintf(s, 4096-(s-ss), "%02X", (unsigned char)rr->digest.data[i]); s += l; } return quickstrdup_temp(ss); } static struct binary_data ds_wirerdata(struct rr *rrv) { RRCAST(ds); return compose_binary_data("211d", 1, rr->key_tag, rr->algorithm, rr->digest_type, rr->digest); } struct rr_methods ds_methods = { ds_parse, ds_human, ds_wirerdata, NULL, NULL }; validns-0.7/sshfp.c000644 001751 000024 00000003556 12001246752 014601 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr* sshfp_parse(char *name, long ttl, int type, char *s) { struct rr_sshfp *rr = getmem(sizeof(*rr)); int algorithm, fp_type; algorithm = extract_integer(&s, "algorithm"); if (algorithm < 0) return NULL; if (algorithm != 1 && algorithm != 2) return bitch("unsupported algorithm"); rr->algorithm = algorithm; fp_type = extract_integer(&s, "fp type"); if (fp_type < 0) return NULL; if (fp_type != 1) return bitch("unsupported fp_type"); rr->fp_type = fp_type; rr->fingerprint = extract_hex_binary_data(&s, "fingerprint", EXTRACT_EAT_WHITESPACE); if (rr->fingerprint.length < 0) return NULL; if (rr->fingerprint.length != SHA1_BYTES) { return bitch("wrong SHA-1 fingerprint length: %d bytes found, %d bytes expected", rr->fingerprint.length, SHA1_BYTES); } if (*s) { return bitch("garbage after valid SSHFP data"); } return store_record(type, name, ttl, rr); } static char* sshfp_human(struct rr *rrv) { RRCAST(sshfp); char ss[4096]; char *s = ss; int l; int i; l = snprintf(s, 4096, "%u %u ", rr->algorithm, rr->fp_type); s += l; for (i = 0; i < rr->fingerprint.length; i++) { l = snprintf(s, 4096-(s-ss), "%02X", (unsigned char)rr->fingerprint.data[i]); s += l; } return quickstrdup_temp(ss); } static struct binary_data sshfp_wirerdata(struct rr *rrv) { RRCAST(sshfp); return compose_binary_data("11d", 1, rr->algorithm, rr->fp_type, rr->fingerprint); } struct rr_methods sshfp_methods = { sshfp_parse, sshfp_human, sshfp_wirerdata, NULL, NULL }; validns-0.7/loc.c000644 001751 000024 00000012344 12001246735 014227 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static uint8_t double2loc_format(double val) { if (val > 1000000000) { return (((uint8_t)(val / 1000000000)) << 4) | 9; } else if (val > 100000000) { return (((uint8_t)(val / 100000000)) << 4) | 8; } else if (val > 10000000) { return (((uint8_t)(val / 10000000)) << 4) | 7; } else if (val > 1000000) { return (((uint8_t)(val / 1000000)) << 4) | 6; } else if (val > 100000) { return (((uint8_t)(val / 100000)) << 4) | 5; } else if (val > 10000) { return (((uint8_t)(val / 10000)) << 4) | 4; } else if (val > 1000) { return (((uint8_t)(val / 1000)) << 4) | 3; } else if (val > 100) { return (((uint8_t)(val / 100)) << 4) | 2; } else if (val > 10) { return (((uint8_t)(val / 10)) << 4) | 1; } else { return (((uint8_t)(val)) << 4); } } static struct rr *loc_parse(char *name, long ttl, int type, char *s) { struct rr_loc *rr = getmem(sizeof(*rr)); long long i; int deg; int min; double sec, val; rr->version = 0; /* latitude block */ i = extract_integer(&s, "degrees latitude"); if (i < 0) return NULL; if (i > 90) return bitch("degrees latitude not in the range 0..90"); deg = i; min = 0; sec = 0; if (isdigit(*s)) { i = extract_integer(&s, "minutes latitude"); if (i < 0) return NULL; if (i > 59) return bitch("minutes latitude not in the range 0..59"); min = i; if (isdigit(*s)) { /* restricted floating point, starting with a digit */ if (extract_double(&s, "seconds latitude", &sec, 0) < 0) return NULL; if (sec < 0 || sec > 59.999) return bitch("seconds latitude not in the range 0..59.999"); } } rr->latitude = sec*1000 + .5 + min*1000*60 + deg*1000*60*60; if (*s == 'n' || *s == 'N') { s++; rr->latitude = 2147483648u + rr->latitude; } else if (*s == 's' || *s == 'S') { s++; rr->latitude = 2147483648u - rr->latitude; } else { return bitch("latitude: N or S is expected"); } if (*s && !isspace(*s) && *s != ';' && *s != ')') { return bitch("latitude: N or S is expected"); } s = skip_white_space(s); if (!s) return NULL; /* longitude block */ i = extract_integer(&s, "degrees longitude"); if (i < 0) return NULL; if (i > 180) return bitch("degrees longitude not in the range 0..90"); deg = i; min = 0; sec = 0; if (isdigit(*s)) { i = extract_integer(&s, "minutes longitude"); if (i < 0) return NULL; if (i > 59) return bitch("minutes longitude not in the range 0..59"); min = i; if (isdigit(*s)) { /* restricted floating point, starting with a digit */ if (extract_double(&s, "seconds longitude", &sec, 0) < 0) return NULL; if (sec < 0 || sec > 59.999) return bitch("seconds longitude not in the range 0..59.999"); } } rr->longitude = sec*1000 + .5 + min*1000*60 + deg*1000*60*60; if (*s == 'e' || *s == 'E') { s++; rr->longitude = 2147483648u + rr->longitude; } else if (*s == 'w' || *s == 'W') { s++; rr->longitude = 2147483648u - rr->longitude; } else { return bitch("longitude: E or W is expected"); } if (*s && !isspace(*s) && *s != ';' && *s != ')') { return bitch("longitude: E or W is expected"); } s = skip_white_space(s); if (!s) return NULL; if (extract_double(&s, "altitude", &val, 1) < 0) return NULL; if (val < -100000.00 || val > 42849672.95) return bitch("altitude is out of supported range"); rr->altitude = (val + 100000.00) * 100 + 0.5; if (*s) { if (extract_double(&s, "sphere size", &val, 1) < 0) return NULL; if (val < 0 || val > 90000000.00) return bitch("sphere size is out of supported range"); rr->size = double2loc_format(val * 100 + 0.5); if (*s) { if (extract_double(&s, "horizontal precision", &val, 1) < 0) return NULL; if (val < 0 || val > 90000000.00) return bitch("horizontal precision is out of supported range"); rr->horiz_pre = double2loc_format(val * 100 + 0.5); if (*s) { if (extract_double(&s, "vertical precision", &val, 1) < 0) return NULL; if (val < 0 || val > 90000000.00) return bitch("vertical precision is out of supported range"); rr->vert_pre = double2loc_format(val * 100 + 0.5); } else { rr->vert_pre = double2loc_format(10 * 100 + 0.5); } } else { rr->horiz_pre = double2loc_format(10000 * 100 + 0.5); } } else { rr->size = double2loc_format(1 * 100 + 0.5); } if (*s) { return bitch("garbage after valid LOC data"); } return store_record(type, name, ttl, rr); } static char* loc_human(struct rr *rrv) { // struct rr_loc *rr = (struct rr_loc *)rrv; // char s[1024]; // snprintf(s, 1024, "\"%s\" \"%s\"", rr->cpu.data, rr->os.data); // return quickstrdup_temp(s); return "meow"; } static struct binary_data loc_wirerdata(struct rr *rrv) { RRCAST(loc); return compose_binary_data("1111444", 1, rr->version, rr->size, rr->horiz_pre, rr->vert_pre, rr->latitude, rr->longitude, rr->altitude); } struct rr_methods loc_methods = { loc_parse, loc_human, loc_wirerdata, NULL, NULL }; validns-0.7/Changes000644 001751 000024 00000001624 12133225240 014572 0ustar00tobezstaff000000 000000 Revision history for validns. 0.7 Tue Apr 16 12:37:11 CEST 2013 Support for KX, DLV, DHCID, NAPTR records. Support for X25, ISDN, RT, PX records. Support for MB, MG, MR, MINFO, AFSDB records. NSEC chain validation fix. Do not allow LP point to itself. Miscellaneous performance improvements. Miscellaneous portability fixes. Miscellaneous bug fixes. 0.6 Thu Oct 4 16:40:56 CEST 2012 Support for TLSA records. Support for ILNP (NID, L64, L3, LP) records (untested). Support for IPSECKEY records. Handle TYPEXXX for known types correctly. A number of NSEC3-related bug fixes. Miscellaneous bug fixes. 0.5 Thu Jun 7 15:45:55 CEST 2012 Parallelize signature verification (-n option) 0.4 Thu Mar 22 15:48:25 CET 2012 Support ECC algorithms in DS and DNSKEY (by Miek Gieben) Fix a parsing bug for \nnn in text fields (by Göran Bengtson) 0.3 Tue Feb 14 14:09:54 CET 2012 First packaged release. validns-0.7/nsec3checks.c000644 001751 000024 00000017271 12115210432 015641 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" #include "base32hex.h" #include "cbtree.h" static struct binary_data name2hash(char *name, struct rr *param) { struct rr_nsec3param *p = (struct rr_nsec3param *)param; EVP_MD_CTX ctx; unsigned char md0[EVP_MAX_MD_SIZE]; unsigned char md1[EVP_MAX_MD_SIZE]; unsigned char *md[2]; int mdi = 0; struct binary_data r = bad_binary_data(); struct binary_data wire_name = name2wire_name(name); int i; int digest_size; md[0] = md0; md[1] = md1; if (wire_name.length < 0) return r; /* XXX Maybe use Init_ex and Final_ex for speed? */ EVP_MD_CTX_init(&ctx); if (EVP_DigestInit(&ctx, EVP_sha1()) != 1) return r; digest_size = EVP_MD_CTX_size(&ctx); EVP_DigestUpdate(&ctx, wire_name.data, wire_name.length); EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length); EVP_DigestFinal(&ctx, md[mdi], NULL); for (i = 0; i < p->iterations; i++) { if (EVP_DigestInit(&ctx, EVP_sha1()) != 1) return r; EVP_DigestUpdate(&ctx, md[mdi], digest_size); mdi = (mdi + 1) % 2; EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length); EVP_DigestFinal(&ctx, md[mdi], NULL); } r.length = digest_size; r.data = getmem(digest_size); memcpy(r.data, md[mdi], digest_size); return r; } int sorted_hashed_names_count; uint32_t mask; struct binary_data *sorted_hashed_names; void *nsec3_hash; static int validate_nsec3_for_name(const char *name, intptr_t *data, void *p) { struct named_rr *named_rr = *((struct named_rr **)data); struct binary_data hash; struct rr_nsec3 **nsec3_slot; struct rr_nsec3 *nsec3; if ((named_rr->flags & mask) == NAME_FLAG_KIDS_WITH_RECORDS) { //fprintf(stderr, "--- need nsec3, kids with records: %s\n", named_rr->name); needs_nsec3: freeall_temp(); hash = name2hash(named_rr->name, nsec3param); if (hash.length < 0) { moan(named_rr->file_name, named_rr->line, "internal: cannot calculate hashed name"); goto next; } if (hash.length != 20) croak(4, "assertion failed: wrong hashed name size %d", hash.length); JHSG(nsec3_slot, nsec3_hash, hash.data, hash.length); if (nsec3_slot == PJERR) croak(5, "perform_remaining_nsec3checks: JHSG failed"); if (!nsec3_slot) { moan(named_rr->file_name, named_rr->line, "no corresponding NSEC3 found for %s", named_rr->name); goto next; } nsec3 = *nsec3_slot; if (!nsec3) croak(6, "assertion failed: existing nsec3 from hash is empty"); nsec3->corresponding_name = named_rr; sorted_hashed_names_count++; check_typemap(nsec3->type_bitmap, named_rr, &nsec3->rr); } else if ((named_rr->flags & (NAME_FLAG_NOT_AUTHORITATIVE|NAME_FLAG_SIGNED_DELEGATION)) == NAME_FLAG_SIGNED_DELEGATION) { //fprintf(stderr, "--- need nsec3, signed delegation: %s\n", named_rr->name); goto needs_nsec3; } else if (!G.nsec3_opt_out_present && (named_rr->flags & (NAME_FLAG_APEX_PARENT|NAME_FLAG_NOT_AUTHORITATIVE|NAME_FLAG_DELEGATION|NAME_FLAG_HAS_RECORDS)) == 0) { //fprintf(stderr, "--- need nsec3, empty non-term: %s\n", named_rr->name); goto needs_nsec3; } else if (!G.nsec3_opt_out_present && (named_rr->flags & (NAME_FLAG_DELEGATION|NAME_FLAG_NOT_AUTHORITATIVE))==NAME_FLAG_DELEGATION) { //fprintf(stderr, "--- need nsec3, no opt-out: %s\n", named_rr->name); goto needs_nsec3; } else if (!G.nsec3_opt_out_present && (named_rr->flags & (NAME_FLAG_THIS_WITH_RECORDS|NAME_FLAG_NOT_AUTHORITATIVE)) == NAME_FLAG_THIS_WITH_RECORDS) { //fprintf(stderr, "--- need nsec3, this with records: %s\n", named_rr->name); goto needs_nsec3; } else { //fprintf(stderr, "--- NO need for nsec3: %s\n", named_rr->name); } next: return 1; } void perform_remaining_nsec3checks(void) { struct rr_nsec3 *nsec3; sorted_hashed_names_count = 0; mask = NAME_FLAG_NOT_AUTHORITATIVE|NAME_FLAG_NSEC3_ONLY|NAME_FLAG_KIDS_WITH_RECORDS; if (G.nsec3_opt_out_present) { mask |= NAME_FLAG_DELEGATION; } cbtree_allprefixed(&zone_data, "", validate_nsec3_for_name, NULL); nsec3 = first_nsec3; while (nsec3) { if (!nsec3->corresponding_name) { moan(nsec3->rr.file_name, nsec3->rr.line, "NSEC3 without a corresponding record (or empty non-terminal)"); } nsec3 = nsec3->next_nsec3; } } void *remember_nsec3(char *name, struct rr_nsec3 *rr) { char hashed_name[33]; char binary_hashed_name[20]; int l; struct rr_nsec3 **nsec3_slot; l = strlen(name); if (l < 33 || name[32] != '.') return bitch("NSEC3 record name is not valid"); if (l == 33 && zone_apex_l != 1) /* root zone */ return bitch("NSEC3 record name is not valid"); if (l > 33 && strcmp(name+33, zone_apex) != 0) return bitch("NSEC3 record name is not valid"); memcpy(hashed_name, name, 32); hashed_name[32] = 0; l = decode_base32hex(binary_hashed_name, hashed_name, 20); if (l != 20) return bitch("NSEC3 record name is not valid"); JHSI(nsec3_slot, nsec3_hash, binary_hashed_name, 20); if (nsec3_slot == PJERR) croak(2, "remember_nsec3: JHSI failed"); if (*nsec3_slot) return bitch("multiple NSEC3 with the same record name"); *nsec3_slot = rr; rr->this_hashed_name.length = 20; rr->this_hashed_name.data = getmem(20); memcpy(rr->this_hashed_name.data, binary_hashed_name, 20); return rr; } void *check_typemap(struct binary_data type_bitmap, struct named_rr *named_rr, struct rr *reference_rr) { int type; char *base; int i, k; struct rr_set *set; uint32_t nsec_distinct_types = 0; uint32_t real_distinct_types; base = type_bitmap.data; while (base - type_bitmap.data < type_bitmap.length) { for (i = 0; i < base[1]; i++) { for (k = 0; k <= 7; k++) { if (base[2+i] & (0x80 >> k)) { type = ((unsigned char)base[0])*256 + i*8 + k; nsec_distinct_types++; set = find_rr_set_in_named_rr(named_rr, type); if (!set) { return moan(reference_rr->file_name, reference_rr->line, "%s mentions %s, but no such record found for %s", rdtype2str(reference_rr->rdtype), rdtype2str(type), named_rr->name); } } } } base += base[1]+2; } real_distinct_types = get_rr_set_count(named_rr); if (real_distinct_types > nsec_distinct_types) { void *bitmap = NULL; struct rr_set **rr_set_slot; int rc; Word_t rcw; Word_t rdtype; int skipped = 0; base = type_bitmap.data; while (base - type_bitmap.data < type_bitmap.length) { for (i = 0; i < base[1]; i++) { for (k = 0; k <= 7; k++) { if (base[2+i] & (0x80 >> k)) { type = ((unsigned char)base[0])*256 + i*8 + k; J1S(rc, bitmap, type); } } } base += base[1]+2; } rdtype = 0; JLF(rr_set_slot, named_rr->rr_sets, rdtype); while (rr_set_slot) { J1T(rc, bitmap, (*rr_set_slot)->rdtype); if (!rc) { if ((named_rr->flags & NAME_FLAG_DELEGATION) && ((*rr_set_slot)->rdtype == T_A || (*rr_set_slot)->rdtype == T_AAAA)) { skipped++; } else { moan(reference_rr->file_name, reference_rr->line, "%s exists, but %s does not mention it for %s", rdtype2str((*rr_set_slot)->rdtype), rdtype2str(reference_rr->rdtype), named_rr->name); J1FA(rcw, bitmap); return NULL; } } JLN(rr_set_slot, named_rr->rr_sets, rdtype); } J1FA(rcw, bitmap); if (real_distinct_types - skipped > nsec_distinct_types) { return moan(reference_rr->file_name, reference_rr->line, "internal: we know %s typemap is wrong, but don't know any details", rdtype2str(reference_rr->rdtype)); } } return reference_rr; } validns-0.7/ptr.c000644 001751 000024 00000001720 12015701645 014254 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *ptr_parse(char *name, long ttl, int type, char *s) { struct rr_ptr *rr = getmem(sizeof(*rr)); rr->ptrdname = extract_name(&s, "name server domain name", 0); if (!rr->ptrdname) return NULL; if (*s) { return bitch("garbage after valid PTR data"); } return store_record(type, name, ttl, rr); } static char* ptr_human(struct rr *rrv) { RRCAST(ptr); return rr->ptrdname; } static struct binary_data ptr_wirerdata(struct rr *rrv) { RRCAST(ptr); return name2wire_name(rr->ptrdname); } struct rr_methods ptr_methods = { ptr_parse, ptr_human, ptr_wirerdata, NULL, NULL }; validns-0.7/todo.mdwn000644 001751 000024 00000003316 11564427734 015156 0ustar00tobezstaff000000 000000 Goals / development milestones / features for validns: 1. Requirements for an initial public release (missing functionality/doc) Task/feature/functionality % done Descr ----------------------------------------------------------------------------- - understand all standard rdtypes 80 - currently missing: AFSDB, APL, CERT, DHCID, DLV, DNAME, HIP, IPSECKEY, KEY, KX, SIG, SPF, TA, TKEY - initial user documentation 30 2. Performance and other non-critical enhancements - speed up signature verification 0 - the initial parsing cannot (and possibly other operations) be easily parallelized, via using multiple threads but signature checks can - add an incremental checks mode 0 - store hashes of succesfully (do not do expensive verified records verifications which were done previously, provided the records did not change) 3. Nice to have features, for post-release - user-defined policy checks via 0 - lua API shall provide lua embedding (split out convenient means to access syntactical and policy validation) and search records, so that policy checks involving relationships between records can be implemented by the user - speed up signature verification 0 - requires significan via GPU crypto offload amount of experimentation validns-0.7/threads.c000644 001751 000024 00000001422 11652053117 015100 0ustar00tobezstaff000000 000000 #include #include #ifdef __GLIBC__ #include #elif defined(__APPLE__) || defined(__FreeBSD__) #include #include #endif /* supposedly, #if defined(PTW32_VERSION) || defined(__hpux) return pthread_num_processors_np(); but I cannot verify that at the moment */ #if defined(__GLIBC__) int ncpus(void) { return get_nprocs(); } #elif defined(__APPLE__) || defined(__FreeBSD__) int ncpus(void) { int count; size_t size=sizeof(count); return sysctlbyname("hw.ncpu",&count,&size,NULL,0) ? 0 : count; } #else int ncpus(void) { return 0; } /* "Don't know */ #endif /* Supposedly, sysconf() can also be used in some cases: #include int const count=sysconf(_SC_NPROCESSORS_ONLN); return (count>0)?count:0; */ validns-0.7/rp.c000644 001751 000024 00000003067 12015701652 014074 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *rp_parse(char *name, long ttl, int type, char *s) { struct rr_rp *rr = getmem(sizeof(*rr)); rr->mbox_dname = extract_name(&s, "mbox domain name", 0); if (!rr->mbox_dname) return NULL; rr->txt_dname = extract_name(&s, "txt domain name", 0); if (!rr->txt_dname) return NULL; if (*s) { return bitch("garbage after valid RP data"); } return store_record(type, name, ttl, rr); } static char* rp_human(struct rr *rrv) { RRCAST(rp); char s[1024]; snprintf(s, 1024, "\"%s\" \"%s\"", rr->mbox_dname, rr->txt_dname); return quickstrdup_temp(s); } static struct binary_data rp_wirerdata(struct rr *rrv) { RRCAST(rp); return compose_binary_data("dd", 1, name2wire_name(rr->mbox_dname), name2wire_name(rr->txt_dname)); } static void *rp_validate(struct rr *rrv) { RRCAST(rp); if (G.opt.policy_checks[POLICY_RP_TXT_EXISTS]) { if (name_belongs_to_zone(rr->txt_dname) && !find_rr_set(T_TXT, rr->txt_dname)) { return moan(rr->rr.file_name, rr->rr.line, "%s RP TXT %s does not exist", rr->rr.rr_set->named_rr->name, rr->txt_dname); } } return NULL; } struct rr_methods rp_methods = { rp_parse, rp_human, rp_wirerdata, NULL, rp_validate }; validns-0.7/cert.c000644 001751 000024 00000006732 12001246760 014411 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" /* See http://tools.ietf.org/html/rfc4398 for CERT description. * See http://www.iana.org/assignments/cert-rr-types/cert-rr-types.xml * for certificate types. The version implemented here * has "Last Updated" equal to "2006-09-27" */ static int extract_certificate_type(char **s, char *what) { int type; char *str_type; if (isdigit(**s)) { type = extract_integer(s, what); if (type >= 1 && type <= 8) return type; if (type == 253 || type == 254) return type; if (type >= 65280 && type <= 65534) return type; if (type < 0 || type > 65535) { bitch("bad certificate type %d", type); return -1; } if (type == 0 || type == 255 || type == 65535) { bitch("certificate type %d is reserved by IANA", type); return -1; } bitch("certificate type %d is unassigned", type); return -1; } else { str_type = extract_label(s, what, "temporary"); if (!str_type) return -1; if (strcmp(str_type, "pkix") == 0) return 1; if (strcmp(str_type, "spki") == 0) return 2; if (strcmp(str_type, "pgp") == 0) return 3; if (strcmp(str_type, "ipkix") == 0) return 4; if (strcmp(str_type, "ispki") == 0) return 5; if (strcmp(str_type, "ipgp") == 0) return 6; if (strcmp(str_type, "acpkix") == 0) return 7; if (strcmp(str_type, "iacpkix") == 0) return 8; if (strcmp(str_type, "uri") == 0) return 253; if (strcmp(str_type, "oid") == 0) return 254; bitch("bad certificate type %s", str_type); return -1; } } static struct rr* cert_parse(char *name, long ttl, int type, char *s) { struct rr_cert *rr = getmem(sizeof(*rr)); int cert_type, key_tag, alg; cert_type = extract_certificate_type(&s, "certificate type"); if (cert_type < 0) return NULL; rr->type = cert_type; key_tag = extract_integer(&s, "key tag"); if (key_tag < 0) return NULL; if (key_tag > 65535) return bitch("bad key tag"); rr->key_tag = key_tag; if (isdigit(*s)) { alg = extract_integer(&s, "algorithm"); if (alg < 0) return NULL; if (alg > 255) return bitch("bad algorithm"); if (alg != 0) { /* 0 is just fine */ if (algorithm_type(alg) == ALG_UNSUPPORTED) return bitch("bad algorithm %d", alg); } } else { alg = extract_algorithm(&s, "algorithm"); if (alg == ALG_UNSUPPORTED) return NULL; } rr->algorithm = alg; if (alg == 0 && key_tag != 0) { /* we might want to bitch here, but RFC says "SHOULD", so we don't */ } rr->certificate = extract_base64_binary_data(&s, "certificate"); if (rr->certificate.length < 0) return NULL; /* TODO validate cert length based on algorithm */ if (*s) { return bitch("garbage after valid CERT data"); } return store_record(type, name, ttl, rr); } static char* cert_human(struct rr *rrv) { RRCAST(cert); char s[1024]; snprintf(s, 1024, "%d %d %d ...", rr->type, rr->key_tag, rr->algorithm); return quickstrdup_temp(s); } static struct binary_data cert_wirerdata(struct rr *rrv) { RRCAST(cert); return compose_binary_data("221d", 1, rr->type, rr->key_tag, rr->algorithm, rr->certificate); } struct rr_methods cert_methods = { cert_parse, cert_human, cert_wirerdata, NULL, NULL }; validns-0.7/spf.c000644 001751 000024 00000003721 12001246764 014243 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" /* XXX * We need to add the following spf-specific policy checks: * - record not too long (DNS name + length of SPF+TXT < 450) - rfc4408, 3.1.4 * - record should match /^v=spf1( |$)/ - rfc4408, 4.5 * - maybe check for other syntax features * - there should be an identical TXT record - rfc4408, 3.1.1 * - there should only be one SPF per DNS name - rfc4408, 4.5 */ static struct rr *spf_parse(char *name, long ttl, int type, char *s) { struct rr_spf *rr; struct binary_data spf[20]; int i; i = 0; while (*s) { if (i >= 20) return bitch("program limit: too many SPF text segments"); spf[i] = extract_text(&s, "SPF text segment"); if (spf[i].length < 0) return NULL; if (spf[i].length > 255) return bitch("SPF segment too long"); i++; } if (i == 0) return bitch("empty text record"); rr = getmem(sizeof(*rr) + sizeof(struct binary_data) * (i-1)); rr->count = i; for (i = 0; i < rr->count; i++) { rr->spf[i] = spf[i]; } return store_record(type, name, ttl, rr); } static char* spf_human(struct rr *rrv) { RRCAST(spf); char ss[1024]; int i; char *s = ss; int l; for (i = 0; i < rr->count; i++) { l = snprintf(s, 1024-(s-ss), "\"%s\" ", rr->spf[i].data); s += l; } return quickstrdup_temp(ss); } static struct binary_data spf_wirerdata(struct rr *rrv) { RRCAST(spf); struct binary_data r, t; int i; r = bad_binary_data(); t.length = 0; t.data = NULL; for (i = 0; i < rr->count; i++) { r = compose_binary_data("db", 1, t, rr->spf[i]); t = r; } return r; } struct rr_methods spf_methods = { spf_parse, spf_human, spf_wirerdata, NULL, NULL }; validns-0.7/lp.c000644 001751 000024 00000002413 12072772032 014063 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *lp_parse(char *name, long ttl, int type, char *s) { struct rr_lp *rr = getmem(sizeof(*rr)); int preference; rr->preference = preference = extract_integer(&s, "LP preference"); if (preference < 0) return NULL; rr->fqdn = extract_name(&s, "LP fqdn", 0); if (!rr->fqdn) return NULL; if (strcasecmp(name, rr->fqdn) == 0) { return bitch("LP points to itself"); } if (*s) { return bitch("garbage after valid LP data"); } return store_record(type, name, ttl, rr); } static char* lp_human(struct rr *rrv) { RRCAST(lp); char s[1024]; snprintf(s, 1024, "%d %s", rr->preference, rr->fqdn); return quickstrdup_temp(s); } static struct binary_data lp_wirerdata(struct rr *rrv) { RRCAST(lp); return compose_binary_data("2d", 1, rr->preference, name2wire_name(rr->fqdn)); } struct rr_methods lp_methods = { lp_parse, lp_human, lp_wirerdata, NULL, NULL }; validns-0.7/dname.c000644 001751 000024 00000004506 12015701655 014541 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" /* DNAMEs are described in http://tools.ietf.org/html/rfc2672 */ static struct rr *dname_parse(char *name, long ttl, int type, char *s) { struct rr_dname *rr = getmem(sizeof(*rr)); rr->target = extract_name(&s, "dname target", 0); if (!rr->target) return NULL; if (*s) { return bitch("garbage after valid DNAME data"); } return store_record(type, name, ttl, rr); } static char* dname_human(struct rr *rrv) { RRCAST(dname); return rr->target; } static struct binary_data dname_wirerdata(struct rr *rrv) { RRCAST(dname); return name2wire_name(rr->target); } static void* dname_validate_set(struct rr_set *rr_set) { struct rr *rr; struct rr_set *suspect; int count; struct named_rr *named_rr, *next_named_rr; if (G.opt.policy_checks[POLICY_DNAME]) { named_rr = rr_set->named_rr; rr = rr_set->tail; if (rr_set->count > 1) return moan(rr->file_name, rr->line, "multiple DNAMEs"); /* This check is already handled by "CNAME and other data" in cname.c * another_set = find_rr_set_in_named_rr(named_rr, T_CNAME); if (another_set) return moan(rr->file_name, rr->line, "DNAME cannot co-exist with a CNAME"); */ next_named_rr = find_next_named_rr(named_rr); /* handle http://tools.ietf.org/html/rfc5155#section-10.2 case */ if (next_named_rr && next_named_rr->parent == named_rr && (named_rr->flags & NAME_FLAG_APEX)) { count = get_rr_set_count(next_named_rr); if (count > 0) { suspect = find_rr_set_in_named_rr(next_named_rr, T_RRSIG); if (suspect) count--; suspect = find_rr_set_in_named_rr(next_named_rr, T_NSEC3); if (suspect) count--; if (count == 0) next_named_rr = find_next_named_rr(next_named_rr); } } if (next_named_rr && next_named_rr->parent == named_rr) return moan(rr->file_name, rr->line, "DNAME must not have any children (but %s exists)", next_named_rr->name); } return NULL; } struct rr_methods dname_methods = { dname_parse, dname_human, dname_wirerdata, dname_validate_set, NULL }; validns-0.7/tlsa.c000644 001751 000024 00000006045 12001257435 014415 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" /* See http://www.rfc-editor.org/internet-drafts/draft-ietf-dane-protocol-23.txt * for TLSA description. */ static struct rr* tlsa_parse(char *name, long ttl, int type, char *s) { struct rr_tlsa *rr = getmem(sizeof(*rr)); int cert_usage, selector, matching_type; cert_usage = extract_integer(&s, "certificate usage field"); if (cert_usage < 0) return NULL; if (cert_usage > 3) return bitch("bad certificate usage field"); rr->cert_usage = cert_usage; selector = extract_integer(&s, "selector field"); if (selector < 0) return NULL; if (selector > 1) return bitch("bad selector field"); rr->selector = selector; matching_type = extract_integer(&s, "matching type field"); if (matching_type < 0) return NULL; if (matching_type > 2) return bitch("bad matching type field"); rr->matching_type = matching_type; rr->association_data = extract_hex_binary_data(&s, "certificate association data", EXTRACT_EAT_WHITESPACE); if (rr->association_data.length < 0) return NULL; switch (rr->matching_type) { case 1: if (rr->association_data.length != SHA256_BYTES) return bitch("bad SHA-256 hash length"); break; case 2: if (rr->association_data.length != SHA512_BYTES) return bitch("bad SHA-512 hash length"); break; } if (*s) { return bitch("garbage after valid TLSA data"); } return store_record(type, name, ttl, rr); } static char* tlsa_human(struct rr *rrv) { RRCAST(tlsa); char s[1024]; snprintf(s, 1024, "%d %d %d ...", rr->cert_usage, rr->selector, rr->matching_type); return quickstrdup_temp(s); } static struct binary_data tlsa_wirerdata(struct rr *rrv) { RRCAST(tlsa); return compose_binary_data("111d", 1, rr->cert_usage, rr->selector, rr->matching_type, rr->association_data); } static void* tlsa_validate_set(struct rr_set *rr_set) { struct rr *rr; struct named_rr *named_rr; char *s; int port = 0; int len; if (G.opt.policy_checks[POLICY_TLSA_HOST]) { rr = rr_set->tail; named_rr = rr_set->named_rr; /* _25._tcp.mail.example.com. */ s = named_rr->name; if (*s != '_') { not_a_prefixed_domain_name: return moan(rr->file_name, rr->line, "not a proper prefixed DNS domain name"); } s++; while (isdigit(*s)) { port = port * 10 + *s - '0'; s++; } if (port <= 0 || port > 65535) goto not_a_prefixed_domain_name; if (*s++ != '.') goto not_a_prefixed_domain_name; len = strlen(s); if (len < 6) goto not_a_prefixed_domain_name; if (memcmp(s, "_tcp.", 5) != 0 && memcmp(s, "_udp.", 5) != 0 && memcmp(s, "_sctp.", 6) != 0) goto not_a_prefixed_domain_name; } return NULL; } struct rr_methods tlsa_methods = { tlsa_parse, tlsa_human, tlsa_wirerdata, tlsa_validate_set, NULL }; validns-0.7/nid.c000644 001751 000024 00000002515 12011272212 014211 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *nid_parse(char *name, long ttl, int type, char *s) { struct rr_nid *rr = getmem(sizeof(*rr)); int preference; rr->preference = preference = extract_integer(&s, "NID preference"); if (preference < 0) return NULL; if (extract_u64(&s, "NodeID", &rr->node_id) < 0) return NULL; if (*s) { return bitch("garbage after valid NID data"); } return store_record(type, name, ttl, rr); } static char* nid_human(struct rr *rrv) { RRCAST(nid); char s[1024]; snprintf(s, 1024, "%d %x:%x:%x:%x", rr->preference, (unsigned)(rr->node_id >> 48) & 0xffff, (unsigned)(rr->node_id >> 32) & 0xffff, (unsigned)(rr->node_id >> 16) & 0xffff, (unsigned)(rr->node_id >> 0) & 0xffff); return quickstrdup_temp(s); } static struct binary_data nid_wirerdata(struct rr *rrv) { RRCAST(nid); return compose_binary_data("28", 1, rr->preference, rr->node_id); } struct rr_methods nid_methods = { nid_parse, nid_human, nid_wirerdata, NULL, NULL }; validns-0.7/l32.c000644 001751 000024 00000002547 12011272227 014052 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *l32_parse(char *name, long ttl, int type, char *s) { struct rr_l32 *rr = getmem(sizeof(*rr)); struct in_addr ipv4_like; int preference; rr->preference = preference = extract_integer(&s, "L32 preference"); if (preference < 0) return NULL; if (extract_ipv4(&s, "Locator32", &ipv4_like) <= 0) return NULL; rr->locator32 = ipv4_like.s_addr; if (*s) { return bitch("garbage after valid L32 data"); } return store_record(type, name, ttl, rr); } static char* l32_human(struct rr *rrv) { RRCAST(l32); char s[1024]; snprintf(s, 1024, "%d %d.%d.%d.%d", rr->preference, (rr->locator32 >> 24) & 0xff, (rr->locator32 >> 16) & 0xff, (rr->locator32 >> 8) & 0xff, (rr->locator32 >> 0) & 0xff); return quickstrdup_temp(s); } static struct binary_data l32_wirerdata(struct rr *rrv) { RRCAST(l32); return compose_binary_data("24", 1, rr->preference, rr->locator32); } struct rr_methods l32_methods = { l32_parse, l32_human, l32_wirerdata, NULL, NULL }; validns-0.7/l64.c000644 001751 000024 00000002534 12011272263 014053 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *l64_parse(char *name, long ttl, int type, char *s) { struct rr_l64 *rr = getmem(sizeof(*rr)); int preference; rr->preference = preference = extract_integer(&s, "L64 preference"); if (preference < 0) return NULL; if (extract_u64(&s, "Locator64", &rr->locator64) < 0) return NULL; if (*s) { return bitch("garbage after valid L64 data"); } return store_record(type, name, ttl, rr); } static char* l64_human(struct rr *rrv) { RRCAST(l64); char s[1024]; snprintf(s, 1024, "%d %x:%x:%x:%x", rr->preference, (unsigned)(rr->locator64 >> 48) & 0xffff, (unsigned)(rr->locator64 >> 32) & 0xffff, (unsigned)(rr->locator64 >> 16) & 0xffff, (unsigned)(rr->locator64 >> 0) & 0xffff); return quickstrdup_temp(s); } static struct binary_data l64_wirerdata(struct rr *rrv) { RRCAST(l64); return compose_binary_data("28", 1, rr->preference, rr->locator64); } struct rr_methods l64_methods = { l64_parse, l64_human, l64_wirerdata, NULL, NULL }; validns-0.7/mb.c000644 001751 000024 00000001657 12131263777 014066 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011-2013 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *mb_parse(char *name, long ttl, int type, char *s) { struct rr_mb *rr = getmem(sizeof(*rr)); rr->madname = extract_name(&s, "madname", 0); if (!rr->madname) return NULL; if (*s) { return bitch("garbage after valid MB data"); } return store_record(type, name, ttl, rr); } static char* mb_human(struct rr *rrv) { RRCAST(mb); return rr->madname; } static struct binary_data mb_wirerdata(struct rr *rrv) { RRCAST(mb); return name2wire_name(rr->madname); } struct rr_methods mb_methods = { mb_parse, mb_human, mb_wirerdata, NULL, NULL }; validns-0.7/cbtree.h000644 001751 000024 00000003315 12115206666 014726 0ustar00tobezstaff000000 000000 #ifndef _CBTREE_H #define _CBTREE_H #include #include struct cbtree { void *root; }; /* Re: use of intptr_t instead of void * or a union { void *; int }: * I am aware it is not recommened (see * http://stackoverflow.com/questions/9492798/using-intptr-t-instead-of-void), * but I am not sure I agree; maybe I just don't understand all * implications. Anyways, Judy trees, which I am replacing in my code * with this tiny library, are using "unsigned long", which * is even worse, but works everywherewhere I tested it. */ /* Search for the string u in the tree t. * Returns: * NULL if not found, or * a pointer to a user value associated with the string */ intptr_t *cbtree_find(struct cbtree *t, const char *u); /* Insert the string u into the tree t. * Returns: * NULL in case of an error, or * a pointer to a user value associated with the string; * the user value will be initialized to 0 in * case the insertion has happened, and left * untouched in case the string was already in the tree. */ intptr_t *cbtree_insert(struct cbtree *t, const char *u); /* Delete the string u from the tree t. * Returns: * 0 in case u was not in t, or * a user value which was associated with the string; * please note that the user value can be 0 as well, * so there is no general way to distinguish these two * situations */ intptr_t cbtree_delete(struct cbtree *t, const char *u); void cbtree_clear(struct cbtree *t); int cbtree_allprefixed(struct cbtree *t, const char *prefix, int (*handle)(const char *, intptr_t *, void *), void *arg); void cbtree_dump(struct cbtree *t); char *cbtree_next(struct cbtree *t, const char *u, intptr_t *data); #endif validns-0.7/mg.c000644 001751 000024 00000001657 12131265534 014064 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011-2013 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *mg_parse(char *name, long ttl, int type, char *s) { struct rr_mg *rr = getmem(sizeof(*rr)); rr->mgmname = extract_name(&s, "mgmname", 0); if (!rr->mgmname) return NULL; if (*s) { return bitch("garbage after valid MG data"); } return store_record(type, name, ttl, rr); } static char* mg_human(struct rr *rrv) { RRCAST(mg); return rr->mgmname; } static struct binary_data mg_wirerdata(struct rr *rrv) { RRCAST(mg); return name2wire_name(rr->mgmname); } struct rr_methods mg_methods = { mg_parse, mg_human, mg_wirerdata, NULL, NULL }; validns-0.7/ipseckey.c000644 001751 000024 00000011235 12033060006 015252 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011, 2012 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *ipseckey_parse(char *name, long ttl, int type, char *s) { struct rr_ipseckey *rr = getmem(sizeof(*rr)); int i; rr->precedence = i = extract_integer(&s, "precedence"); if (i < 0) return NULL; if (i >= 256) return bitch("precedence range is not valid"); rr->gateway_type = i = extract_integer(&s, "gateway type"); if (i < 0) return NULL; if (i > 3) return bitch("gateway type is not valid"); rr->algorithm = i = extract_integer(&s, "algorithm"); if (i < 0) return NULL; if (i > 2) return bitch("algorithm is not valid"); switch (rr->gateway_type) { case 0: rr->gateway.gateway_none = extract_name(&s, "gateway/.", KEEP_CAPITALIZATION); if (!rr->gateway.gateway_none) return NULL; if (strcmp(rr->gateway.gateway_none, ".") != 0) return bitch("gateway must be \".\" for gateway type 0"); break; case 1: if (extract_ipv4(&s, "gateway/IPv4", &rr->gateway.gateway_ipv4) <= 0) return NULL; break; case 2: if (extract_ipv6(&s, "gateway/IPv6", &rr->gateway.gateway_ipv6) <= 0) return NULL; break; case 3: rr->gateway.gateway_name = extract_name(&s, "gateway/name", KEEP_CAPITALIZATION); if (!rr->gateway.gateway_name) return NULL; break; default: croakx(7, "assertion failed: gateway type %d not within range", rr->gateway_type); } /* My reading of http://tools.ietf.org/html/rfc4025 is fuzzy on: * * - whether it is possible to have algorithm 0 and non-empty key; * - whether it is possible to have empty key and algorithm != 0. * * Here I assume "not possible" for both. */ switch (rr->algorithm) { case 0: break; case 1: /* DSA key */ rr->public_key = extract_base64_binary_data(&s, "public key"); if (rr->public_key.length < 0) return NULL; break; case 2: /* RSA key */ rr->public_key = extract_base64_binary_data(&s, "public key"); if (rr->public_key.length < 0) return NULL; break; default: croakx(7, "assertion failed: algorithm %d not within range", rr->algorithm); } if (*s) { return bitch("garbage after valid IPSECKEY data"); } return store_record(type, name, ttl, rr); } static char* ipseckey_human(struct rr *rrv) { RRCAST(ipseckey); char s[1024], gw[1024]; switch (rr->gateway_type) { case 0: strcpy(gw, rr->gateway.gateway_none); break; case 1: inet_ntop(AF_INET, &rr->gateway.gateway_ipv4, gw, 1024); break; case 2: inet_ntop(AF_INET6, &rr->gateway.gateway_ipv6, gw, 1024); break; case 3: strcpy(gw, rr->gateway.gateway_name); break; default: strcpy(gw, "??"); } snprintf(s, 1024, "( %d %d %d %s ... )", rr->precedence, rr->gateway_type, rr->algorithm, gw); return quickstrdup_temp(s); } static struct binary_data ipseckey_wirerdata(struct rr *rrv) { RRCAST(ipseckey); struct binary_data helper; switch (rr->gateway_type) { case 0: if (rr->algorithm != 0) return compose_binary_data("111d", 1, rr->precedence, rr->gateway_type, rr->algorithm, rr->public_key); else return compose_binary_data("111", 1, rr->precedence, rr->gateway_type, rr->algorithm); break; case 1: helper.length = sizeof(rr->gateway.gateway_ipv4); helper.data = (void *)&rr->gateway.gateway_ipv4; if (rr->algorithm != 0) return compose_binary_data("111dd", 1, rr->precedence, rr->gateway_type, rr->algorithm, helper, rr->public_key); else return compose_binary_data("111d", 1, rr->precedence, rr->gateway_type, rr->algorithm, helper); break; case 2: helper.length = sizeof(rr->gateway.gateway_ipv6); helper.data = (void *)&rr->gateway.gateway_ipv6; if (rr->algorithm != 0) return compose_binary_data("111dd", 1, rr->precedence, rr->gateway_type, rr->algorithm, helper, rr->public_key); else return compose_binary_data("111d", 1, rr->precedence, rr->gateway_type, rr->algorithm, helper); break; case 3: if (rr->algorithm != 0) return compose_binary_data("111dd", 1, rr->precedence, rr->gateway_type, rr->algorithm, name2wire_name(rr->gateway.gateway_name), rr->public_key); else return compose_binary_data("111d", 1, rr->precedence, rr->gateway_type, rr->algorithm, name2wire_name(rr->gateway.gateway_name)); break; } return bad_binary_data(); } struct rr_methods ipseckey_methods = { ipseckey_parse, ipseckey_human, ipseckey_wirerdata, NULL, NULL }; validns-0.7/cbtree.c000644 001751 000024 00000021100 12115206667 014712 0ustar00tobezstaff000000 000000 /* djb's critbit with associated data storage. * * Based on https://github.com/agl/critbit, which is in public domain. * Changes: * - data storage added * - cweb removed * - functions renamed and data types cleaned to my liking */ #include #include #include #include #include #include "cbtree.h" struct node { void *child[2]; uint32_t byte; uint8_t otherbits; }; /* our own memory management */ struct pool { struct pool *next; size_t pool_size; size_t free_index; char mem[0]; }; static struct pool *internal = NULL; static struct pool *external = NULL; static int new_pool(struct pool **root, size_t size) { struct pool *pool; size = (size + sizeof(void *) - 1) / sizeof(void *); size *= sizeof(void *); pool = malloc(size + sizeof(struct pool)); if (!pool) { return 1; } pool->next = *root; pool->free_index = 0; pool->pool_size = size; *root = pool; return 0; } static void *alloc(struct pool **root, size_t size) { void *ret; size = (size + sizeof(void *) - 1) / sizeof(void *); size *= sizeof(void *); if (!*root) if (new_pool(root, size > 256000 ? size : 256000) != 0) return NULL; if ((*root)->pool_size - (*root)->free_index < size) if (new_pool(root, size > 256000 ? size : 256000) != 0) return NULL; ret = (*root)->mem + (*root)->free_index; (*root)->free_index += size; return ret; } /* main code */ intptr_t* cbtree_find(struct cbtree *t, const char *u) { const uint8_t *ubytes = (void *)u; const size_t ulen = strlen(u); uint8_t *p = t->root; /* Test for empty tree */ if (!p) return NULL; /* Walk tree for best member */ while (1 & (intptr_t) p) { struct node *q = (void *)(p - 1); /* Calculate direction */ int direction; uint8_t c = 0; if (q->byte < ulen) c = ubytes[q->byte]; direction = (1 + (q->otherbits | c)) >> 8; p = q->child[direction]; } /* The leaves contain "[data ptr][string]" */ if (strcmp(u, (const char *)(p + sizeof(intptr_t))) == 0) return (intptr_t *)p; return NULL; } intptr_t* cbtree_insert(struct cbtree *t, const char *u) { const uint8_t *const ubytes = (void *) u; const size_t ulen = strlen(u); uint8_t *p = t->root; /* Deal with inserting into an empty tree */ if (!p) { char *x = alloc(&external, ulen + 1 + sizeof(intptr_t)); if (!x) return NULL; *((intptr_t *)x) = 0; memcpy(x + sizeof(intptr_t), u, ulen + 1); t->root = x; return (intptr_t *)x; } /* Walk tree for best member */ while (1 & (intptr_t) p) { struct node *q = (void *)(p - 1); /* Calculate direction */ int direction; uint8_t c = 0; if (q->byte < ulen) c = ubytes[q->byte]; direction = (1 + (q->otherbits | c)) >> 8; p = q->child[direction]; } /* Find the critical bit */ /* 1: Find differing byte */ uint32_t newbyte; uint32_t newotherbits; for (newbyte = 0; newbyte < ulen; ++newbyte) { if (p[sizeof(intptr_t) + newbyte] != ubytes[newbyte]) { newotherbits = p[sizeof(intptr_t) + newbyte] ^ ubytes[newbyte]; goto different_byte_found; } } if (p[sizeof(intptr_t) + newbyte] != 0) { newotherbits = p[sizeof(intptr_t) + newbyte]; goto different_byte_found; } return (intptr_t *)p; different_byte_found: /* 2: Find differing bit */ newotherbits |= newotherbits >> 1; newotherbits |= newotherbits >> 2; newotherbits |= newotherbits >> 4; newotherbits = (newotherbits & ~(newotherbits >> 1)) ^ 255; uint8_t c = p[sizeof(intptr_t) + newbyte]; int newdirection = (1 + (newotherbits | c)) >> 8; /* Insert new string */ /* 1: Allocate new node structure */ struct node *newnode; newnode = alloc(&internal, sizeof(struct node)); if (!newnode) return NULL; char *x = alloc(&external, ulen + 1 + sizeof(intptr_t)); if (!x) return NULL; *((intptr_t *)x) = 0; memcpy(x + sizeof(intptr_t), ubytes, ulen + 1); newnode->byte = newbyte; newnode->otherbits = newotherbits; newnode->child[1 - newdirection] = x; /* 2: Insert new node */ void **wherep = &t->root; for (;;) { uint8_t *p = *wherep; if (!(1 & (intptr_t) p)) break; struct node *q = (void *) (p - 1); if (q->byte > newbyte) break; if (q->byte == newbyte && q->otherbits > newotherbits) break; uint8_t c = 0; if (q->byte < ulen) c = ubytes[q->byte]; const int direction = (1 + (q->otherbits | c)) >> 8; wherep = q->child + direction; } newnode->child[newdirection] = *wherep; *wherep = (void *) (1 + (char *) newnode); return (intptr_t *)x; } intptr_t cbtree_delete(struct cbtree *t, const char *u) { const uint8_t *ubytes = (void *) u; const size_t ulen = strlen(u); uint8_t *p = t->root; void **wherep = &t->root; void **whereq = 0; struct node *q = 0; int direction = 0; intptr_t ret; /* Deal with deleting from an empty tree */ if (!p) return 0; /* Walk the tree for the best match */ while (1 & (intptr_t) p) { whereq = wherep; q = (void *) (p - 1); uint8_t c = 0; if (q->byte < ulen) c = ubytes[q->byte]; direction = (1 + (q->otherbits | c)) >> 8; wherep = q->child + direction; p = *wherep; } /* Check the best match */ if (0 != strcmp(u, (const char *)(p + sizeof(intptr_t)))) return 0; ret = *((intptr_t *)p); /* Remove the element and/or node */ if (!whereq) { t->root = 0; return ret; } *whereq = q->child[1 - direction]; // free(q); return ret; } static void traverse(void *top) { uint8_t *p = top; if (1 & (intptr_t) p) { struct node *q = (void *) (p - 1); traverse(q->child[0]); traverse(q->child[1]); // free(q); } else { // free(p); } } void cbtree_clear(struct cbtree *t) { if (t->root) traverse(t->root); t->root = NULL; } static int allprefixed_traverse(uint8_t *top, int (*handle)(const char *, intptr_t *, void *), void *arg) { int direction; /* Deal with an internal node */ if (1 & (intptr_t) top) { struct node *q = (void *) (top - 1); for (direction = 0; direction < 2; ++direction) switch(allprefixed_traverse(q->child[direction], handle, arg)) { case 1: break; case 0: return 0; default: return -1; } return 1; } /* Deal with an external node */ return handle((const char *)(top + sizeof(intptr_t)), (intptr_t *)top, arg); } int cbtree_allprefixed(struct cbtree *t, const char *prefix, int (*handle)(const char *, intptr_t *, void *), void *arg) { const uint8_t *ubytes = (void *) prefix; const size_t ulen = strlen(prefix); uint8_t *p = t->root; uint8_t *top = p; int i; if (!p) return 1; /* S = $\emptyset$ */ /* Walk tree, maintaining top pointer */ while (1 & (intptr_t) p) { struct node *q = (void *) (p - 1); uint8_t c = 0; if (q->byte < ulen) c = ubytes[q->byte]; const int direction = (1 + (q->otherbits | c)) >> 8; p = q->child[direction]; if (q->byte < ulen) top = p; } /* Check prefix */ for (i = 0; i < ulen; ++i) { if (p[i+sizeof(intptr_t)] != ubytes[i]) return 1; } return allprefixed_traverse(top, handle, arg); } static const char *byte_to_binary(int x) { static char b[9]; int z; b[0] = '\0'; for (z = 128; z > 0; z >>= 1) strcat(b, ((x & z) == z) ? "1" : "0"); return b; } static void traverse_dump(void *top, int level, int byte) { uint8_t *p = top; int i; for (i = 0; i < level; i++) printf(" "); if (1 & (intptr_t) p) { struct node *q = (void *) (p - 1); printf("[byte(%d),otherbits(%s)]\n", q->byte, byte_to_binary(q->otherbits)); traverse_dump(q->child[0], level + 1, q->byte); traverse_dump(q->child[1], level + 1, q->byte); } else { const size_t ulen = strlen((char *)(p + sizeof(intptr_t))); int c = byte < ulen ? p[sizeof(intptr_t) + byte] : 0; printf("\"%s\" (%s)\n", p + sizeof(intptr_t), byte_to_binary(c)); } } void cbtree_dump(struct cbtree *t) { if (t->root) traverse_dump(t->root, 0, 0); printf("\n"); } char* cbtree_next(struct cbtree *t, const char *u, intptr_t *data) { const uint8_t *ubytes = (void *) u; const size_t ulen = strlen(u); uint8_t *p = t->root; uint8_t *branch = NULL; if (!p) return NULL; /* Walk tree, maintaining top pointer */ while (1 & (intptr_t) p) { struct node *q = (void *) (p - 1); uint8_t c = 0; if (q->byte < ulen) c = ubytes[q->byte]; const int direction = (1 + (q->otherbits | c)) >> 8; if (direction == 0) branch = q->child[1]; p = q->child[direction]; } /* check whether what we found is what we are looking for already */ if (strcmp((char *)(p + sizeof(intptr_t)), u) > 0) { if (data) *data = *((intptr_t *)p); return (char *)(p + sizeof(intptr_t)); } if (!branch) return NULL; /* select the lowest value on the branch */ p = branch; while (1 & (intptr_t) p) { struct node *q = (void *) (p - 1); p = q->child[0]; } if (data) *data = *((intptr_t *)p); return (char *)(p + sizeof(intptr_t)); } validns-0.7/mr.c000644 001751 000024 00000001657 12131266156 014100 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011-2013 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *mr_parse(char *name, long ttl, int type, char *s) { struct rr_mr *rr = getmem(sizeof(*rr)); rr->newname = extract_name(&s, "newname", 0); if (!rr->newname) return NULL; if (*s) { return bitch("garbage after valid MR data"); } return store_record(type, name, ttl, rr); } static char* mr_human(struct rr *rrv) { RRCAST(mr); return rr->newname; } static struct binary_data mr_wirerdata(struct rr *rrv) { RRCAST(mr); return name2wire_name(rr->newname); } struct rr_methods mr_methods = { mr_parse, mr_human, mr_wirerdata, NULL, NULL }; validns-0.7/minfo.c000644 001751 000024 00000002256 12131472303 014557 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011-2013 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *minfo_parse(char *name, long ttl, int type, char *s) { struct rr_minfo *rr = getmem(sizeof(*rr)); rr->rmailbx = extract_name(&s, "rmailbx", 0); if (!rr->rmailbx) return NULL; rr->emailbx = extract_name(&s, "emailbx", 0); if (!rr->emailbx) return NULL; if (*s) { return bitch("garbage after valid MINFO data"); } return store_record(type, name, ttl, rr); } static char* minfo_human(struct rr *rrv) { RRCAST(minfo); char s[1024]; snprintf(s, 1024, "%s %s", rr->rmailbx, rr->emailbx); return quickstrdup_temp(s); } static struct binary_data minfo_wirerdata(struct rr *rrv) { RRCAST(minfo); return compose_binary_data("dd", 1, name2wire_name(rr->rmailbx), name2wire_name(rr->emailbx)); } struct rr_methods minfo_methods = { minfo_parse, minfo_human, minfo_wirerdata, NULL, NULL }; validns-0.7/afsdb.c000644 001751 000024 00000002430 12131473261 014524 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011-2013 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *afsdb_parse(char *name, long ttl, int type, char *s) { struct rr_afsdb *rr = getmem(sizeof(*rr)); rr->subtype = extract_integer(&s, "AFSDB subtype"); if (rr->subtype < 0) return NULL; if (rr->subtype != 1 && rr->subtype != 2) return bitch("unknown AFSDB subtype"); rr->hostname = extract_name(&s, "AFSDB hostname", 0); if (!rr->hostname) return NULL; if (*s) { return bitch("garbage after valid AFSDB data"); } return store_record(type, name, ttl, rr); } static char* afsdb_human(struct rr *rrv) { RRCAST(afsdb); char s[1024]; snprintf(s, 1024, "%d %s", rr->subtype, rr->hostname); return quickstrdup_temp(s); } static struct binary_data afsdb_wirerdata(struct rr *rrv) { RRCAST(afsdb); return compose_binary_data("2d", 1, rr->subtype, name2wire_name(rr->hostname)); } struct rr_methods afsdb_methods = { afsdb_parse, afsdb_human, afsdb_wirerdata, NULL, NULL }; validns-0.7/x25.c000644 001751 000024 00000002600 12131504602 014054 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011-2013 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" /* XXX Does not accept multiple character-strings */ static struct rr *x25_parse(char *name, long ttl, int type, char *s) { struct rr_x25 *rr = getmem(sizeof(*rr)); int i; rr->psdn_address = extract_text(&s, "PSDN-address"); if (rr->psdn_address.length < 0) return NULL; if (rr->psdn_address.length > 255) return bitch("PSDN-address too long"); if (rr->psdn_address.length < 4) return bitch("PSDN-address too short"); for (i = 0; i < rr->psdn_address.length; i++) { if (!isdigit(rr->psdn_address.data[i])) return bitch("PSDN-address contains non-digits"); } if (*s) { return bitch("garbage after valid X25 data"); } return store_record(type, name, ttl, rr); } static char* x25_human(struct rr *rrv) { RRCAST(x25); return rr->psdn_address.data; } static struct binary_data x25_wirerdata(struct rr *rrv) { RRCAST(x25); return compose_binary_data("b", 1, rr->psdn_address); } struct rr_methods x25_methods = { x25_parse, x25_human, x25_wirerdata, NULL, NULL }; validns-0.7/isdn.c000644 001751 000024 00000003057 12131506057 014410 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011-2013 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" /* XXX Does not accept multiple character-strings */ static struct rr *isdn_parse(char *name, long ttl, int type, char *s) { struct rr_isdn *rr = getmem(sizeof(*rr)); rr->isdn_address = extract_text(&s, "ISDN-address"); if (rr->isdn_address.length < 0) return NULL; if (rr->isdn_address.length > 255) return bitch("ISDN-address too long"); rr->sa_present = 0; if (*s) { rr->sa = extract_text(&s, "subaddress"); if (rr->sa.length < 0) return NULL; if (rr->sa.length > 255) return bitch("subaddress too long"); rr->sa_present = 1; } if (*s) { return bitch("garbage after valid ISDN data"); } return store_record(type, name, ttl, rr); } static char* isdn_human(struct rr *rrv) { RRCAST(isdn); return rr->isdn_address.data; } static struct binary_data isdn_wirerdata(struct rr *rrv) { RRCAST(isdn); struct binary_data r, t; r = bad_binary_data(); t.length = 0; t.data = NULL; r = compose_binary_data("db", 1, t, rr->isdn_address); t = r; if (rr->sa_present) { r = compose_binary_data("db", 1, t, rr->sa); t = r; } return r; } struct rr_methods isdn_methods = { isdn_parse, isdn_human, isdn_wirerdata, NULL, NULL }; validns-0.7/rt.c000644 001751 000024 00000002324 12131507040 014065 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011-2013 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *rt_parse(char *name, long ttl, int type, char *s) { struct rr_rt *rr = getmem(sizeof(*rr)); rr->preference = extract_integer(&s, "RT preference"); if (rr->preference < 0) return NULL; rr->intermediate_host = extract_name(&s, "intermediate-host", 0); if (!rr->intermediate_host) return NULL; if (*s) { return bitch("garbage after valid RT data"); } return store_record(type, name, ttl, rr); } static char* rt_human(struct rr *rrv) { RRCAST(rt); char s[1024]; snprintf(s, 1024, "%d %s", rr->preference, rr->intermediate_host); return quickstrdup_temp(s); } static struct binary_data rt_wirerdata(struct rr *rrv) { RRCAST(rt); return compose_binary_data("2d", 1, rr->preference, name2wire_name(rr->intermediate_host)); } struct rr_methods rt_methods = { rt_parse, rt_human, rt_wirerdata, NULL, NULL }; validns-0.7/px.c000644 001751 000024 00000002442 12131511070 014066 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011-2013 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *px_parse(char *name, long ttl, int type, char *s) { struct rr_px *rr = getmem(sizeof(*rr)); rr->preference = extract_integer(&s, "PX preference"); if (rr->preference < 0) return NULL; rr->map822 = extract_name(&s, "map822", 0); if (!rr->map822) return NULL; rr->mapx400 = extract_name(&s, "mapx400", 0); if (!rr->mapx400) return NULL; if (*s) { return bitch("garbage after valid KX data"); } return store_record(type, name, ttl, rr); } static char* px_human(struct rr *rrv) { RRCAST(px); char s[1024]; snprintf(s, 1024, "%d %s %s", rr->preference, rr->map822, rr->mapx400); return quickstrdup_temp(s); } static struct binary_data px_wirerdata(struct rr *rrv) { RRCAST(px); return compose_binary_data("2dd", 1, rr->preference, name2wire_name(rr->map822), name2wire_name(rr->mapx400)); } struct rr_methods px_methods = { px_parse, px_human, px_wirerdata, NULL, NULL }; validns-0.7/kx.c000644 001751 000024 00000002262 12131511125 014062 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011-2013 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *kx_parse(char *name, long ttl, int type, char *s) { struct rr_kx *rr = getmem(sizeof(*rr)); rr->preference = extract_integer(&s, "KX preference"); if (rr->preference < 0) return NULL; rr->exchanger = extract_name(&s, "KX exchanger", 0); if (!rr->exchanger) return NULL; if (*s) { return bitch("garbage after valid KX data"); } return store_record(type, name, ttl, rr); } static char* kx_human(struct rr *rrv) { RRCAST(kx); char s[1024]; snprintf(s, 1024, "%d %s", rr->preference, rr->exchanger); return quickstrdup_temp(s); } static struct binary_data kx_wirerdata(struct rr *rrv) { RRCAST(kx); return compose_binary_data("2d", 1, rr->preference, name2wire_name(rr->exchanger)); } struct rr_methods kx_methods = { kx_parse, kx_human, kx_wirerdata, NULL, NULL }; validns-0.7/dlv.c000644 001751 000024 00000004526 12131511516 014236 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011-2013 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr* dlv_parse(char *name, long ttl, int type, char *s) { struct rr_dlv *rr = getmem(sizeof(*rr)); int key_tag, algorithm, digest_type; key_tag = extract_integer(&s, "key tag"); if (key_tag < 0) return NULL; rr->key_tag = key_tag; algorithm = extract_algorithm(&s, "algorithm"); if (algorithm == ALG_UNSUPPORTED) return NULL; rr->algorithm = algorithm; digest_type = extract_integer(&s, "digest type"); if (digest_type < 0) return NULL; rr->digest_type = digest_type; rr->digest = extract_hex_binary_data(&s, "digest", EXTRACT_EAT_WHITESPACE); if (rr->digest.length < 0) return NULL; switch (digest_type) { case 1: if (rr->digest.length != SHA1_BYTES) { return bitch("wrong SHA-1 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA1_BYTES); } break; case 2: if (rr->digest.length != SHA256_BYTES) { return bitch("wrong SHA-256 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA256_BYTES); } break; case 3: if (rr->digest.length != GOST_BYTES) { return bitch("wrong GOST R 34.11-94 digest length: %d bytes found, %d bytes expected", rr->digest.length, GOST_BYTES); } break; default: return bitch("bad or unsupported digest type %d", digest_type); } if (*s) { return bitch("garbage after valid DLV data"); } G.dnssec_active = 1; return store_record(type, name, ttl, rr); } static char* dlv_human(struct rr *rrv) { RRCAST(dlv); char ss[4096]; char *s = ss; int l; int i; l = snprintf(s, 4096, "%u %u %u ", rr->key_tag, rr->algorithm, rr->digest_type); s += l; for (i = 0; i < rr->digest.length; i++) { l = snprintf(s, 4096-(s-ss), "%02X", (unsigned char)rr->digest.data[i]); s += l; } return quickstrdup_temp(ss); } static struct binary_data dlv_wirerdata(struct rr *rrv) { RRCAST(dlv); return compose_binary_data("211d", 1, rr->key_tag, rr->algorithm, rr->digest_type, rr->digest); } struct rr_methods dlv_methods = { dlv_parse, dlv_human, dlv_wirerdata, NULL, NULL }; validns-0.7/dhcid.c000644 001751 000024 00000003023 12131521742 014515 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011-2013 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr* dhcid_parse(char *name, long ttl, int type, char *s) { struct rr_dhcid *rr = getmem(sizeof(*rr)); struct binary_data data; data = extract_base64_binary_data(&s, "rdata"); if (data.length < 0) return NULL; if (data.length < 3) return bitch("rdata too short"); rr->id_type = data.data[0]*256 + data.data[1]; if (rr->id_type > 2) return bitch("unsupported identifier type %s", rr->id_type); rr->digest_type = data.data[2]; if (rr->digest_type != 1) return bitch("unsupported digest type %s", rr->digest_type); if (data.length != 35) return bitch("wrong digest length, must be 32 for SHA-256"); /* let's cheat a bit */ data.length -= 3; data.data += 3; rr->digest = data; if (*s) { return bitch("garbage after valid DHCID data"); } return store_record(type, name, ttl, rr); } static char* dhcid_human(struct rr *rrv) { return "..."; } static struct binary_data dhcid_wirerdata(struct rr *rrv) { RRCAST(dhcid); return compose_binary_data("21d", 1, rr->id_type, rr->digest_type, rr->digest); } struct rr_methods dhcid_methods = { dhcid_parse, dhcid_human, dhcid_wirerdata, NULL, NULL }; validns-0.7/nsap.c000644 001751 000024 00000001737 12131600520 014405 0ustar00tobezstaff000000 000000 /* * Part of DNS zone file validator `validns`. * * Copyright 2011-2013 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr* nsap_parse(char *name, long ttl, int type, char *s) { struct rr_nsap *rr = getmem(sizeof(*rr)); rr->data = extract_hex_binary_data(&s, "NSAP data", EXTRACT_EAT_WHITESPACE); if (rr->data.length < 0) return NULL; if (*s) { return bitch("garbage after valid NSAP data"); } return store_record(type, name, ttl, rr); } static char* nsap_human(struct rr *rrv) { return "..."; } static struct binary_data nsap_wirerdata(struct rr *rrv) { RRCAST(nsap); return compose_binary_data("d", 1, rr->data); } struct rr_methods nsap_methods = { nsap_parse, nsap_human, nsap_wirerdata, NULL, NULL }; validns-0.7/Makefile000644 001751 000024 00000020540 12131601046 014735 0ustar00tobezstaff000000 000000 # The following options seem to work fine on Linux, FreeBSD, and Darwin OPTIMIZE=-O2 -g CFLAGS=-Wall -Werror -pthread --no-strict-aliasing INCPATH=-I/usr/local/include -I/opt/local/include -I/usr/local/ssl/include CC?=cc # These additional options work on Solaris/gcc to which I have an access # (when combined with the options above, and CC=gcc). #EXTRALPATH=-L/usr/local/ssl/lib -Wl,-R,/usr/local/ssl/lib #EXTRALIBS=-lnsl -lrt # According to Daniel Stirnimann, the following is needed # to make it work on Solaris/cc. #CFLAGS=-fast -xtarget=ultra3 -m64 -xarch=sparcvis2 #INCPATH=-I/opt/sws/include #CC=cc #EXTRALPATH=-L/opt/sws/lib/64 -R/opt/sws/lib/64 #EXTRALIBS-lrt -lnsl #EXTRALINKING=-mt -lpthread validns: main.o carp.o mempool.o textparse.o base64.o base32hex.o \ rr.o soa.o a.o cname.o mx.o ns.o \ rrsig.o nsec.o dnskey.o txt.o aaaa.o \ naptr.o srv.o nsec3param.o nsec3.o ds.o \ hinfo.o loc.o nsec3checks.o ptr.o \ sshfp.o threads.o rp.o spf.o cert.o \ dname.o tlsa.o nid.o l32.o l64.o lp.o \ ipseckey.o cbtree.o mb.o mg.o mr.o minfo.o \ afsdb.o x25.o isdn.o rt.o px.o kx.o \ dlv.o dhcid.o nsap.o $(CC) $(CFLAGS) $(OPTIMIZE) -o validns \ main.o carp.o mempool.o textparse.o base64.o base32hex.o \ rr.o soa.o a.o cname.o mx.o ns.o \ rrsig.o nsec.o dnskey.o txt.o aaaa.o \ naptr.o srv.o nsec3param.o nsec3.o ds.o \ hinfo.o loc.o nsec3checks.o ptr.o \ sshfp.o threads.o rp.o spf.o cert.o \ dname.o tlsa.o nid.o l32.o l64.o lp.o \ ipseckey.o cbtree.o mb.o mg.o mr.o minfo.o \ afsdb.o x25.o isdn.o rt.o px.o kx.o \ dlv.o dhcid.o nsap.o \ -L/usr/local/lib -L/opt/local/lib $(EXTRALPATH) \ -lJudy -lcrypto $(EXTRALIBS) $(EXTRALINKING) clean: -rm -f validns main.o carp.o mempool.o textparse.o -rm -f rr.o soa.o a.o cname.o mx.o ns.o -rm -f rrsig.o nsec.o dnskey.o txt.o aaaa.o -rm -f naptr.o srv.o nsec3param.o nsec3.o ds.o -rm -f hinfo.o loc.o nsec3checks.o ptr.o -rm -f sshfp.o base32hex.o base64.o threads.o -rm -f rp.o spf.o cert.o dname.o tlsa.o -rm -f nid.o l32.o l64.o lp.o ipseckey.o -rm -f cbtree.o mb.o mg.o mr.o minfo.o -rm -f afsdb.o x25.o isdn.o rt.o px.o kx.o -rm -f dlv.o dhcid.o nsap.o -rm -f validns.core core @echo ':-)' main.o: main.c common.h carp.h mempool.h textparse.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o main.o main.c $(INCPATH) carp.o: carp.c carp.h common.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o carp.o carp.c $(INCPATH) mempool.o: mempool.c mempool.h carp.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o mempool.o mempool.c $(INCPATH) textparse.o: textparse.c common.h carp.h mempool.h textparse.h base64.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o textparse.o textparse.c $(INCPATH) base64.o: base64.c base64.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o base64.o base64.c $(INCPATH) base32hex.o: base32hex.c base32hex.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o base32hex.o base32hex.c $(INCPATH) rr.o: rr.c common.h mempool.h carp.h textparse.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o rr.o rr.c $(INCPATH) soa.o: soa.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o soa.o soa.c $(INCPATH) a.o: a.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o a.o a.c $(INCPATH) cname.o: cname.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o cname.o cname.c $(INCPATH) mb.o: mb.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o mb.o mb.c $(INCPATH) mg.o: mg.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o mg.o mg.c $(INCPATH) minfo.o: minfo.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o minfo.o minfo.c $(INCPATH) mr.o: mr.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o mr.o mr.c $(INCPATH) mx.o: mx.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o mx.o mx.c $(INCPATH) afsdb.o: afsdb.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o afsdb.o afsdb.c $(INCPATH) x25.o: x25.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o x25.o x25.c $(INCPATH) isdn.o: isdn.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o isdn.o isdn.c $(INCPATH) rt.o: rt.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o rt.o rt.c $(INCPATH) px.o: px.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o px.o px.c $(INCPATH) kx.o: kx.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o kx.o kx.c $(INCPATH) dlv.o: dlv.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o dlv.o dlv.c $(INCPATH) dhcid.o: dhcid.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o dhcid.o dhcid.c $(INCPATH) nsap.o: nsap.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o nsap.o nsap.c $(INCPATH) ns.o: ns.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o ns.o ns.c $(INCPATH) rrsig.o: rrsig.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o rrsig.o rrsig.c $(INCPATH) nsec.o: nsec.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o nsec.o nsec.c $(INCPATH) dnskey.o: dnskey.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o dnskey.o dnskey.c $(INCPATH) txt.o: txt.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o txt.o txt.c $(INCPATH) aaaa.o: aaaa.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o aaaa.o aaaa.c $(INCPATH) naptr.o: naptr.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o naptr.o naptr.c $(INCPATH) srv.o: srv.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o srv.o srv.c $(INCPATH) nsec3param.o: nsec3param.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o nsec3param.o nsec3param.c $(INCPATH) nsec3.o: nsec3.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o nsec3.o nsec3.c $(INCPATH) ds.o: ds.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o ds.o ds.c $(INCPATH) hinfo.o: hinfo.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o hinfo.o hinfo.c $(INCPATH) loc.o: loc.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o loc.o loc.c $(INCPATH) nsec3checks.o: nsec3checks.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o nsec3checks.o nsec3checks.c $(INCPATH) ptr.o: ptr.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o ptr.o ptr.c $(INCPATH) sshfp.o: sshfp.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o sshfp.o sshfp.c $(INCPATH) rp.o: rp.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o rp.o rp.c $(INCPATH) spf.o: spf.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o spf.o spf.c $(INCPATH) cert.o: cert.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o cert.o cert.c $(INCPATH) dname.o: dname.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o dname.o dname.c $(INCPATH) tlsa.o: tlsa.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o tlsa.o tlsa.c $(INCPATH) nid.o: nid.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o nid.o nid.c $(INCPATH) l32.o: l32.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o l32.o l32.c $(INCPATH) l64.o: l64.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o l64.o l64.c $(INCPATH) lp.o: lp.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o lp.o lp.c $(INCPATH) ipseckey.o: ipseckey.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o ipseckey.o ipseckey.c $(INCPATH) cbtree.o: cbtree.c cbtree.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o cbtree.o cbtree.c $(INCPATH) threads.o: threads.c $(CC) $(CFLAGS) $(OPTIMIZE) -c -o threads.o threads.c $(INCPATH) test: validns perl -MTest::Harness -e 'runtests("t/test.pl")' test-details: validns perl t/test.pl test64: $(CC) -Wall -O2 -o base64-test base64.c -DTEST_PROGRAM ./base64-test test32hex: $(CC) -Wall -O2 -o base32hex-test base32hex.c -DTEST_PROGRAM ./base32hex-test validns-0.7/t/zones/000755 001751 000024 00000000000 12072772252 014711 5ustar00tobezstaff000000 000000 validns-0.7/t/issues/000755 001751 000024 00000000000 12131607210 015051 5ustar00tobezstaff000000 000000 validns-0.7/t/test.pl000644 001751 000024 00000034605 12131607265 015074 0ustar00tobezstaff000000 000000 #! /usr/bin/perl use 5.006; use strict; use warnings; use Test::More; BEGIN { use_ok("Test::Command::Simple"); } unless (*run{CODE}) { done_testing; exit(0); } my @e; for my $threads ("", qw(-n2 -n4 -n6 -n8)) { my @threads; push @threads, $threads if $threads; run('./validns', @threads, 't/zones/galaxyplus.org'); is(rc, 0, 'valid zone parses ok'); run('./validns', @threads, '-t1320094109', 't/zones/example.sec.signed'); is(rc, 0, 'valid signed zone parses ok'); run('./validns', @threads, '-t1303720010', 't/zones/example.sec.signed'); isnt(rc, 0, 'valid signed zone with timestamps in the future'); @e = split /\n/, stderr; like(shift @e, qr/signature is too new/, "signature is too new"); run('./validns', @threads, '-t1386850832', 't/zones/example.sec.signed'); isnt(rc, 0, 'valid signed zone with timestamps in the past'); @e = split /\n/, stderr; like(shift @e, qr/signature is too old/, "signature is too old"); run('./validns', @threads, '-s', '-pall', 't/zones/manyerrors.zone'); isnt(rc, 0, 'bad zone returns an error'); @e = split /\n/, stderr; # main.c like(shift @e, qr/unrecognized directive: \$FUNNYDIRECTIVE/, "unrecognized directive 1"); like(shift @e, qr/unrecognized directive: \$ORIGINBUTNOTREALLY/, "unrecognized directive 2"); like(shift @e, qr/bad \$ORIGIN format/, "not really an origin"); like(shift @e, qr/\$ORIGIN value expected/, "empty origin"); like(shift @e, qr/garbage after valid \$ORIGIN/, "bad origin"); like(shift @e, qr/unrecognized directive: \$TTLAST/, "unrecognized directive 3"); like(shift @e, qr/bad \$TTL format/, "not really a TTL"); like(shift @e, qr/\$TTL value expected/, "empty TTL"); like(shift @e, qr/\$TTL value expected/, "funny TTL"); like(shift @e, qr/\$TTL value is not valid/, "bad TTL"); like(shift @e, qr/\$TTL value is not valid/, "bad TTL take 2"); like(shift @e, qr/garbage after valid \$TTL/, "bad TTL take 3"); like(shift @e, qr/unrecognized directive: \$INCLUDESSIMO/, "unrecognized directive 4"); like(shift @e, qr/bad \$INCLUDE format/, "not really an include"); like(shift @e, qr/unrecognized directive: \$/, "unrecognized directive 5"); like(shift @e, qr/unrecognized directive: \$/, "unrecognized directive 6"); # TODO once INCLUDE is implemented, add more tests ## TODO continue main.c at "cannot assume previous name" like(shift @e, qr/class or type expected/, "nonsense line"); like(shift @e, qr/the first record in the zone must be an SOA record/, "non-SOA 1"); like(shift @e, qr/the first record in the zone must be an SOA record/, "non-SOA 2"); like(shift @e, qr/serial is out of range/, "out of range serial"); like(shift @e, qr/there could only be one SOA in a zone/, "another SOA"); like(shift @e, qr/name server domain name expected/, "empty NS"); like(shift @e, qr/garbage after valid NS/, "bad NS"); like(shift @e, qr/IPv4 address is not valid/, "empty A"); like(shift @e, qr/garbage after valid A data/, "bad A"); like(shift @e, qr/cannot parse IPv4 address/, "bad A IP"); like(shift @e, qr/IPv4 address is not valid/, "not an IP in A"); like(shift @e, qr/IPv6 address is not valid/, "empty AAAA"); like(shift @e, qr/garbage after valid AAAA data/, "bad AAAA"); like(shift @e, qr/IPv6 address is not valid/, "bad AAAA IP"); like(shift @e, qr/IPv6 address is not valid/, "not an IP in AAAA"); like(shift @e, qr/MX preference expected/, "empty MX"); like(shift @e, qr/MX exchange expected/, "MX without exchange"); like(shift @e, qr/garbage after valid MX data/, "bad MX"); like(shift @e, qr/bad SHA-256 hash length/, "TLSA SHA-256"); like(shift @e, qr/bad SHA-512 hash length/, "TLSA SHA-512"); like(shift @e, qr/certificate association data: hex data does not represent whole number of bytes/, "TLSA nibbles"); like(shift @e, qr/bad certificate usage field/, "TLSA certificate usage"); like(shift @e, qr/TTL is not valid/, "TLSA certificate usage fallout"); like(shift @e, qr/certificate usage field expected/, "TLSA certificate usage"); like(shift @e, qr/TTL is not valid/, "TLSA certificate usage fallout"); like(shift @e, qr/bad selector field/, "TLSA selector"); like(shift @e, qr/TTL is not valid/, "TLSA selector fallout"); like(shift @e, qr/selector field expected/, "TLSA selector"); like(shift @e, qr/TTL is not valid/, "TLSA selector fallout"); like(shift @e, qr/bad matching type field/, "TLSA matching type"); like(shift @e, qr/TTL is not valid/, "TLSA matching type fallout"); like(shift @e, qr/matching type field expected/, "TLSA matching type"); like(shift @e, qr/TTL is not valid/, "TLSA matching type fallout"); like(shift @e, qr/outside.org. does not belong to zone galaxyplus.org./, "outsider"); like(shift @e, qr/long.outside.org. does not belong to zone galaxyplus.org./, "long outsider"); like(shift @e, qr/outsidegalaxyplus.org. does not belong to zone galaxyplus.org./, "tricky outsider"); like(shift @e, qr/bad algorithm 177/, "bad CERT algorithm"); like(shift @e, qr/bad or unsupported algorithm meow/, "bad CERT algorithm mnemonic"); like(shift @e, qr/bad certificate type 100000/, "bad CERT type"); like(shift @e, qr/is reserved by IANA/, "reserved CERT type"); like(shift @e, qr/certificate type 700 is unassigned/, "unassigned CERT type"); like(shift @e, qr/bad certificate type meow/, "bad CERT type"); like(shift @e, qr/bad key tag/, "bad key tag"); like(shift @e, qr/certificate expected/, "bad base64"); like(shift @e, qr/there could only be one SOA in a zone/, "another SOA at the end"); like(shift @e, qr/record name is not valid/, "wildcard is the middle"); like(shift @e, qr/record name: bad wildcard/, "bad wildcard"); like(shift @e, qr/name cannot start with a dot/, "dot-something"); like(shift @e, qr/name cannot start with a dot/, "dot-dot"); like(shift @e, qr/garbage after valid DNAME data/, "DNAME garbage"); ## actual validations done after parsing like(shift @e, qr/CNAME and other data/, "CNAME+CNAME"); like(shift @e, qr/CNAME and other data/, "CNAME+something else"); like(shift @e, qr/there should be at least two NS records/, "NS limit"); like(shift @e, qr/not a proper prefixed DNS domain name/, "TLSA host 1"); like(shift @e, qr/not a proper prefixed DNS domain name/, "TLSA host 2"); like(shift @e, qr/TTL values differ within an RR set/, "TTL conflict"); like(shift @e, qr/multiple DNAMEs/, "Multiple DNAMEs"); like(shift @e, qr/DNAME must not have any children \(but something.zzzz3.galaxyplus.org. exists\)/, "DNAME with children"); like(shift @e, qr/CNAME and other data/, "DNAME+CNAME"); like(shift @e, qr/DNAME must not have any children \(but z.zzzz5.galaxyplus.org. exists\)/, "DNAME with children 2"); is(+@e, 0, "no unaccounted errors"); #like(stdout, qr/validation errors: XX/, "error count"); run('./validns', @threads, '-s', '-t1320094109', 't/zones/example.sec.signed.with-errors'); isnt(rc, 0, 'bad signed zone returns an error'); @e = split /\n/, stderr; like(shift @e, qr/wrong GOST .* digest length/, "wrong GOST digest length"); like(shift @e, qr/MX exists, but NSEC does not mention it/, "NSEC incomplete"); like(shift @e, qr/NSEC mentions SRV, but no such record found/, "NSEC lists too much"); like(shift @e, qr/RRSIG exists for non-existing type NAPTR/, "RRSIG for absent"); like(shift @e, qr/RRSIG's original TTL differs from corresponding record's/, "RRSIG orig ttl bad"); like(shift @e, qr/RRSIG\(NSEC\): cannot find a signer key/, "unknown signer"); like(shift @e, qr/NSEC says mail.example.sec. comes after example.sec., but ghost.example.sec. does/, "NSEC chain error"); like(shift @e, qr/NSEC says ns1.example.sec. comes after mail.example.sec., but nosuch.example.sec. does/, "NSEC chain error"); like(shift @e, qr/NSEC says ns2.example.sec. comes after ns1.example.sec., but ns122.example.sec. does/, "NSEC chain error"); like(shift @e, qr/NSEC says www.example.sec. is the last name, but zzz.example.sec. exists/, "NSEC chain not the last"); like(shift @e, qr/NSEC says zzzz.example.sec. comes after zzz.example.sec., but nothing does/, "NSEC chain unexpected last"); like(shift @e, qr/RRSIG\(NSEC\): cannot verify the signature/, "NSEC incomplete fallout") for 1..4; like(shift @e, qr/RRSIG\(NSEC\): cannot verify the signature/, "NSEC lists too much fallout") for 1..4; is(+@e, 0, "no unaccounted errors"); # RFC 2181 policy checks run('./validns', @threads, '-p', 'all', '-z', 'example1.jp', 't/zones/mx-ns-alias'); is(rc, 0, 'parses OK if we cannot determine the fact of aliasing'); run('./validns', @threads, '-p', 'all', '-z', 'example.jp', 't/zones/mx-ns-alias'); isnt(rc, 0, 'RFC 2181 policy checks are active'); @e = split /\n/, stderr; like(shift @e, qr/NS data is an alias/, "NS data is an alias"); like(shift @e, qr/MX exchange is an alias/, "MX exchange is an alias"); is(+@e, 0, "no unaccounted errors for 2181 policy checks"); run('./validns', @threads, '-p', 'mx-alias', '-p', 'ns-alias', '-z', 'example.jp', 't/zones/mx-ns-alias'); isnt(rc, 0, 'RFC 2181 policy checks are active (individually activated)'); @e = split /\n/, stderr; like(shift @e, qr/NS data is an alias/, "NS data is an alias"); like(shift @e, qr/MX exchange is an alias/, "MX exchange is an alias"); is(+@e, 0, "no unaccounted errors for individually activated checks"); run('./validns', @threads, '-p', 'mx-alias', '-z', 'example.jp', 't/zones/mx-ns-alias'); isnt(rc, 0, 'mx-alias policy check'); @e = split /\n/, stderr; like(shift @e, qr/MX exchange is an alias/, "MX exchange is an alias"); is(+@e, 0, "no unaccounted errors for mx-alias check"); run('./validns', @threads, '-p', 'ns-alias', '-z', 'example.jp', 't/zones/mx-ns-alias'); isnt(rc, 0, 'ns-alias policy check'); @e = split /\n/, stderr; like(shift @e, qr/NS data is an alias/, "NS data is an alias"); is(+@e, 0, "no unaccounted errors for ns-alias check"); # RP policy run('./validns', @threads, '-p', 'all', '-z', 'example.jp', 't/zones/rp-policy'); isnt(rc, 0, 'RP policy check is active'); @e = split /\n/, stderr; like(shift @e, qr/RP TXT.*?does not exist/, "RP TXT is not there"); is(+@e, 0, "no unaccounted errors for RP policy checks"); run('./validns', @threads, '-z', 'example.jp', 't/zones/rp-policy'); is(rc, 0, 'RP policy check is inactive'); run('./validns', @threads, '-v', 't/zones/ttl-regression.zone'); is(rc, 0, 'ttl regression parses OK'); like(stderr, qr/ns\.example\.com\.\s+IN\s+600\s+A\s+192\.0\.2\.1/, "Default TTL changes correctly"); run('./validns', @threads, '-v', 't/zones/misc-regression.zone'); is(rc, 0, 'misc regression parses OK'); like(stderr, qr/"alias"/, "We parse \\nnn in text correctly"); like(stderr, qr/"";"/, "We parse \\\" in text correctly"); run('./validns', @threads, '-v', 't/zones/ttl.zone'); is(rc, 0, 'ttl test parses OK'); like(stderr, qr/ns\.example\.com\.\s+IN\s+600\s+A\s+192\.0\.2\.1/, "Default TTL changes correctly"); like(stderr, qr/\s+example\.com\.\s+IN\s+200\s+NS\s+ns\.example\.com\./, "TTL without default picked up correctly"); # DNSKEY extra checks run('./validns', @threads, 't/zones/dnskey-exponent.zone'); is(rc, 0, 'dnskey parses OK without policy checks'); run('./validns', @threads, '-p', 'all', 't/zones/dnskey-exponent.zone'); isnt(rc, 0, 'dnskey extra checks fail'); @e = split /\n/, stderr; like(shift @e, qr/leading zero octets in public key exponent/, "leading zeroes in exponent 1"); like(shift @e, qr/leading zero octets in public key exponent/, "leading zeroes in exponent 2"); is(+@e, 0, "no unaccounted errors for DNSKEY policy checks"); # issue 21: https://github.com/tobez/validns/issues/21 run('./validns', @threads, '-t1345815800', 't/issues/21-nsec3-without-corresponding/example.sec.signed'); is(rc, 0, 'issue 21 did not come back'); # issue 24: https://github.com/tobez/validns/issues/24 run('./validns', @threads, '-t1345815800', 't/issues/24-delegated-nsec3/example.sec.signed'); is(rc, 0, 'issue 24 did not come back'); # issue 25: https://github.com/tobez/validns/issues/25 run('./validns', @threads, '-t1345815800', 't/issues/25-nsec/example.sec.signed'); is(rc, 0, 'issue 25 did not come back'); # issue 26: https://github.com/tobez/validns/issues/26 run('./validns', @threads, '-t1349357570', 't/issues/26-spurios-glue/example.sec.signed.no-optout'); is(rc, 0, 'issue 26 did not come back (NSEC3 NO optout)'); run('./validns', @threads, '-t1349357570', 't/issues/26-spurios-glue/example.sec.signed.optout'); is(rc, 0, 'issue 26 did not come back (NSEC3 optout)'); run('./validns', @threads, '-t1349358570', 't/issues/26-spurios-glue/example.sec.signed.nsec'); is(rc, 0, 'issue 26 did not come back (NSEC)'); # issues about NSEC chain validation raised by Daniel Stirnimann run('./validns', @threads, '-t1361306089', 't/issues/nsec-chain/example.com.signed'); is(rc, 0, 'all is good when all NSEC are there'); run('./validns', @threads, '-t1361306089', 't/issues/nsec-chain/example.com.signed-without-first-nsec'); isnt(rc, 0, 'zone without first NSEC returns an error'); @e = split /\n/, stderr; is(scalar @e, 1, "only one error here"); like(shift @e, qr/apex NSEC not found/, "apex NSEC not found"); run('./validns', @threads, '-t1361306089', 't/issues/nsec-chain/example.com.signed-without-last-nsec'); isnt(rc, 0, 'zone without an NSEC returns an error'); @e = split /\n/, stderr; is(scalar @e, 1, "only one error here"); like(shift @e, qr/broken NSEC chain example.com. -> domain1.example.com./, "broken NSEC chain detected"); # IPSECKEY tests run('./validns', @threads, 't/zones/ipseckey-errors'); isnt(rc, 0, 'bad zone returns an error'); @e = split /\n/, stderr; like(shift @e, qr/precedence expected/, "bad-precedence 1"); like(shift @e, qr/precedence range is not valid/, "bad-precedence 2"); like(shift @e, qr/gateway type expected/, "bad-gw-type 1"); like(shift @e, qr/gateway type is not valid/, "bad-gw-type 2"); like(shift @e, qr/algorithm expected/, "bad-algo 1"); like(shift @e, qr/algorithm is not valid/, "bad-algo 2"); like(shift @e, qr/gateway must be "\." for gateway type 0/, "gw-not-dot"); like(shift @e, qr/cannot parse gateway\/IPv4/, "bad-ip4 1"); like(shift @e, qr/gateway\/IPv4 is not valid/, "bad-ip4 2"); like(shift @e, qr/gateway\/IPv4 is not valid/, "bad-ip4 3"); like(shift @e, qr/cannot parse gateway\/IPv6/, "bad-ip6 1"); like(shift @e, qr/gateway\/IPv6 is not valid/, "bad-ip6 2"); like(shift @e, qr/cannot parse gateway\/IPv6/, "bad-ip6 3"); like(shift @e, qr/cannot parse gateway\/IPv6/, "bad-ip6 4"); like(shift @e, qr/garbage after valid IPSECKEY data/, "garbage-key"); # Verify that "." is 00 and not 00 00 run('./validns', @threads, '-t1361306089', 't/issues/dot-is-single-zero/example.sec.signed'); is(rc, 0, 'dot is zero, all is good'); # Check rare RRs run('./validns', @threads, '-t1365591600', 't/issues/lots-of-rare-rrs/all.rr.org'); is(rc, 0, 'rare RRs are parsed correctly, all is good'); } done_testing; validns-0.7/t/issues/26-spurios-glue/000755 001751 000024 00000000000 12072772032 017745 5ustar00tobezstaff000000 000000 validns-0.7/t/issues/24-delegated-nsec3/000755 001751 000024 00000000000 12015706761 020237 5ustar00tobezstaff000000 000000 validns-0.7/t/issues/21-nsec3-without-corresponding/000755 001751 000024 00000000000 12015710446 022666 5ustar00tobezstaff000000 000000 validns-0.7/t/issues/25-nsec/000755 001751 000024 00000000000 12015701770 016234 5ustar00tobezstaff000000 000000 validns-0.7/t/issues/nsec-chain/000755 001751 000024 00000000000 12111430324 017057 5ustar00tobezstaff000000 000000 validns-0.7/t/issues/dot-is-single-zero/000755 001751 000024 00000000000 12131605340 020506 5ustar00tobezstaff000000 000000 validns-0.7/t/issues/lots-of-rare-rrs/000755 001751 000024 00000000000 12131607176 020202 5ustar00tobezstaff000000 000000 validns-0.7/t/issues/lots-of-rare-rrs/all.rr.org000600 001751 000024 00000041433 12131471236 022076 0ustar00tobezstaff000000 000000 all.rr.org. 600 IN SOA ns1.all.rr.org. postmaster.all.rr.org. 1365591457 3600 600 86400 300 all.rr.org. 600 IN RRSIG SOA 7 3 600 20130410115638 20130410105629 54974 all.rr.org. JXs7cD0b3vbf9y6E68bY/xQ9Hwkb0ZUrgrj0Og9ol4OYaGuHF3fNV7iFBNy5dxGjGCc3jXTNBM0qqlZbRJkw2nF3X2KWjthh8CWE8SwY0EsaQGB48+ooSoZdnkFjK0gwZSjWuWQ1vIZi27hbT08IPXzeNJuROGWx5n8h1LcPR1k= all.rr.org. 600 IN DNSKEY 257 3 7 AwEAAcj3L+4HQwnDi8d/RtzTkQ2C2nhG6loHdSwxRSiJ6QuEnmEG7pAr+k1XdOijUWID3e+X6kGqOkwYy6e6mbjlrTqxqQcjRMOV4e2tsVnRvOqAmVOQBDNs+FUWt9iWkLd5iWeJy6IxfTOjiJf5hJqLYyLfAATggq2YUcAgdzGcCilzeOLUNAD6+dT56hHz7qetituUxMkENlSzA9PAwzdoNWhChkfVzur464m9QPsTzOsn40SpYOnczRcBXvdfbme4n8JLLPR3JF55uFhJRpdyTJ4d+BD01Zd4WkVE1wnKxZXCKX3vlns1jZd9V+tcOtqwNRhOFxxzHosRvgp57QvlMpM= ;{id = 43083 (ksk), size = 2048b} all.rr.org. 600 IN DNSKEY 256 3 7 AwEAAcEpJKnT6f2BpVl7eYdOA/p50n8t6e0CB4Fnaze6oiu/UF/SNY6G08cTJ5q7B8Jj9k4AiAph/FpTF1WkG30kE6JDo1t5M+qESC5IP1niS0vvVOKuPn0xygNZU9Yq2Kw9ifv3aFFM1Iu4G1Oo79EDYn/Id1WMYST9oExCIKJpSyyJ ;{id = 54974 (zsk), size = 1024b} all.rr.org. 600 IN DNSKEY 256 3 5 AQPSKmynfzW4kyBv015MUG2DeIQ3Cbl+BBZH4b/0PY1kxkmvHjcZc8nokfzj31GajIQKY+5CptLr3buXA10hWqTkF7H6RfoRqXQeogmMHfpftf6zMv1LyBUgia7za6ZEzOJBOztyvhjL742iU/TpPSEDhm2SNKLijfUppn1UaNvv4w== ;{id = 2642 (zsk), size = 1024b} all.rr.org. 600 IN RRSIG DNSKEY 7 3 600 20130410115643 20130410105629 43083 all.rr.org. t440YGFURqwrsG6XPr3FXSyF8/O5dQ7IdoN9ctPJBffTJuHKmKs72pmeYHzw905PRpUySYP6dNImhi/REe5y7KcD05ys7UymIlo53F3oJPz9t918UGuFbeMd2/ml7JbkpuZA21zNl4ICiXFjFdM3zqb3lWh4lUO1fOMtzHWB2Qvtr8hrhIhujq5JBTwRPSpDIGl6iVkmLFvuR90+8410QdebhOkuEZno/sb17HprcrU7VpJCJOGU/SHCuzLHnJeBdk5TtGQ0WSo0v9Da27glO4MKkMpCz5JU3vw1c0xJ7Aya+sgrJVuWs5OZTY5WH43QrepqKOMTgpnwH0mxSaHYcg== all.rr.org. 0 IN NSEC3PARAM 1 0 5 dfe3a4ef6152d5ab all.rr.org. 0 IN RRSIG NSEC3PARAM 7 3 0 20130410115731 20130410105629 54974 all.rr.org. wQKmR0Tsz8XSe7ty2OV3aKyWhvNloHvgvj3wxz1IhUdlkWewiecf6+OARygyt+0mUSRuikKV0ZvzjzTooiTZr+vC3YcZN0Sx0woCJkfxGh98KW8bQ53Wt/mVF+/OwIjqiRPS0ZJKtYItIlBrwEWn89RM8LOcO6R0HkOP2AXWpOE= all.rr.org. 300 IN NS ns1.example.com. all.rr.org. 300 IN RRSIG NS 7 3 300 20130410115647 20130410105629 54974 all.rr.org. VFgrYVdjVIJWS932Qw+al8p6gEFyJgsz88wWLfLUYi5ZNa0h8l9Lko4Lh1s2B+45FIEKpDtUurdzY5g6sqec1uGRWdTBhNNghyFeRBAwHA9+0DhLFQQPuRChX4skpHC15Al4cmNGXmw2JPo9LL4sR9TKpeBF6UFU8B9IZcCCgl4= all.rr.org. 300 IN MB mb-madname.example.com. all.rr.org. 300 IN RRSIG MB 7 3 300 20130410115729 20130410105629 54974 all.rr.org. QqpV9ODE4BhOU3GMGkPkPEmIvJxurkRC9eZ+Sgik5f0eeX0z4/XAKNx2mFVel7HefbfOCpJTe6odWWA74ZnxdTxvCoyPsJrp+uSbjs18K9yUj+GOAeiOqGo48+NGcAV76dDktVH21Po2dSN6c+lB0rhhmEEqIf+ah07iUPz0SFc= all.rr.org. 300 IN MG mg-mgmname.example.com. all.rr.org. 300 IN RRSIG MG 7 3 300 20130410115810 20130410105629 54974 all.rr.org. LfXUeTX24jLoOoyW36BrT15XELCDy9J0ov1Lm3DGNF7n1+Krt12NWP+tlhZRcql/LJw9ms49K772ll6LctzjppvPAqipk9DlxVHG0+joQFUEfv9ba1mgmgcMX16uklTwcUtUvLYINLx5+pJd+MnfTJAtlBhS+GYt9j+daUHMuc4= all.rr.org. 300 IN MR mr-newname.example.com. all.rr.org. 300 IN RRSIG MR 7 3 300 20130410115648 20130410105629 54974 all.rr.org. mXAh1voDX9BFxyIJH9N48VXjaaZH123gr0b0pAZJBndzxNsRF/NWe5+ll6moMwsEWzcrdZXv/J2qteDK1GsMjepTXq1jdbLuCaQYZu+1oCUGVjZo4f1A31wY03lZfaQq1XcYDeJPMoB0oEQ11ZZHczpuvrSE28IpOv8CIj4ZMhw= all.rr.org. 300 IN HINFO "SUN4/110" "UNIX" all.rr.org. 300 IN RRSIG HINFO 7 3 300 20130410115710 20130410105629 54974 all.rr.org. HethM0wWVfFoHk+k1H1wEFA2x5t5xGXXa/jWUTRGvdmvdU5DoibykO2ulTbhnWfha4gvufFBG+hh+94UPA2rEiACha0c1oWoaXkUfcGZJdhjJzfP84Y7Zujd+1+Iz8XdDWgCD1Q4VRCsKeHU3zfquVOAC0NEBXoSfpm9Q0nbV1A= all.rr.org. 300 IN MINFO minfo-rmailbx.example.com. minfo-emailbx.example.com. all.rr.org. 300 IN RRSIG MINFO 7 3 300 20130410115818 20130410105629 54974 all.rr.org. no9mgivSgSTU7HW9Tw6A8w171GRVkeObQfDmkYtK6w8/hsaZnP3sxCJ4450ik9S2HG3664dzLDP30Vr2mXQxqRDbFbk0sAbFLAxctGx1FJCcbov91K5OyeT/P5GaNDREjvnI4fPACeBmKOYwl0nPA+x97gfiOKyMojONlqRHnOk= all.rr.org. 300 IN MX 10 venera.all.rr.org. all.rr.org. 300 IN RRSIG MX 7 3 300 20130410115753 20130410105629 54974 all.rr.org. pQQ4jRKH/hvZuHZ4Gzzr8eXAGTSkl8kdae6Cf3iFRth+b/i8A2k3mhDbvMj5vZfr2SCSRQlj8c4Iwav3V/v3KKfJaCUqis/ezS7S2j3yp6ZLD4ovYVkf4eCRDuuyNV24ueOA9Qw3666NsjzgCj/VR1bDE8P3OKFciD6839w7ab4= all.rr.org. 300 IN RP rp-mbox.example.com. rp-txtdname.example.com. all.rr.org. 300 IN RRSIG RP 7 3 300 20130410115643 20130410105629 54974 all.rr.org. nzLrxR5toebeRucvM8pJHDy9gC1VbZho2tsh1YW5JAHs7+NApZhMDrx3Q1YK7YCNR6N7A0s9BNz0GCOjn+8/WjTgmgMboEGGFhzbAyY1feoWesPhA3teSHKGonwbsSSameg0p3zeHb6xsdH1Xy4iipldplknmDNptH6MDD/jigU= all.rr.org. 300 IN AFSDB 1 afsdb-hostname.example.com. all.rr.org. 300 IN RRSIG AFSDB 7 3 300 20130410115708 20130410105629 54974 all.rr.org. EkXQh/xF8BRRTlFBMnGhLiM71DajHFdBozPbnIm4jBoNbfpY6lL177793lRGrVYw3w+VwHIq9G6PTpoqvVdn2MC1nhTVzi3UOeJHJcL1W8YiwMcX9JF42fBC4EdmFosb2iiOjhhDY8YtNxV3sKm2EFXaxF19363L/49Nqu9eAr4= all.rr.org. 300 IN X25 "311061700956" all.rr.org. 300 IN RRSIG X25 7 3 300 20130410115750 20130410105629 54974 all.rr.org. HWpORPHWtudr/A0Fs3+lNo93tDLEeNaAXMBsoA2x+Uw6ZIfst9YtHo97+p/t+im/ujN+ecL2zJY9FwJIa6EOwozzlslTACxUdMdkw19PcSd4pDygKq12OR5gkwnrCKPnP+1Tw7jIdQgxsQ40sKKGOoF4P13DWJqCWKCgfkh3RZ8= all.rr.org. 300 IN ISDN "150862028003217" "004" all.rr.org. 300 IN RRSIG ISDN 7 3 300 20130410115631 20130410105629 54974 all.rr.org. VxgkkyThoBwnvqL/wsp061RXQFcqjTr1MH/TZcACxLJPYfyaVHf7/DsXcl3R+lVbZ1qKjO53zmhpshLBtAztpHKP1fH0s03jG6Vjo8ZpQ+3gCAvgUjmF1qfRBDsfqiwLNSnzvWOsZr1ztHcu6iwvTmzU4RHroSDE8zOnni0TXV8= all.rr.org. 300 IN RT 10 net.prime.com. all.rr.org. 300 IN RRSIG RT 7 3 300 20130410115645 20130410105629 54974 all.rr.org. dzlz4VrEni+LwvW6OaC0KX+/FCT8Z11XxKcQWK6dOG/mKO1/RCtAUrmgKutkXato47aBc7pfkmglvWaX6pA9libUvVZ+9L236IlZFqPkH3wLGwD0aGbdOx7BpR8R+XQ/vaUaYG5aTw4FfJZuMsliAyMkNIOPb946QfMDAtovb6Q= all.rr.org. 300 IN NSAP 0x47000580005a0000000001e133ffffff00016100 all.rr.org. 300 IN RRSIG NSAP 7 3 300 20130410115822 20130410105629 54974 all.rr.org. N4F77O7TdbQ4qZiYQANmgaUO24fEjxIvdHhI7tbWYFTClzGiMt2HEss9GlGIwFXDDhTnnlCJ7tZ5CWK0iJLt+1PDzShwk5IsWp/4a8AbOYpY148jUKAXETpLNRBCMfZDz+svw5mVTnYb3nsQ1rfOc+9PO5swa8vTCU6+TnrKBr4= all.rr.org. 300 IN PX 10 net2.it. prmd-net2.admd-p400.c-it. all.rr.org. 300 IN RRSIG PX 7 3 300 20130410115645 20130410105629 54974 all.rr.org. QI49aymhAWe7U48kAg8w0f2bayZZNS4X2DM1sICBpwqkCBzbzb6Wkb27OavwESkuqFczIgCLefUY6V8sWdpAYxEa6UxXOI4gqmtdU0QCgVC3wrvWl4Lmp16GCsPCNj0QT48LQylM5k3HDa6qkV4ws99QEUF7FyLsf+1Ui7hhEgM= all.rr.org. 300 IN AAAA 2001:db8::3 all.rr.org. 300 IN RRSIG AAAA 7 3 300 20130410115720 20130410105629 54974 all.rr.org. odKMWjUxeqm6MScpuWVEwpGIWVHWcBuvHYObwJ/N0ESe/8dj1/9hM19BbTAlx0T/CGgoZAciMtanVAahicGXGXxwOji1LQNzEsYEKkyNWYf0T6LWgCsK/WbkA1hxNKEmENvH9IwGLotS5zcgErqcIc44ns5jT2V4HwCpm/ylbKk= all.rr.org. 300 IN LOC 42 21 54.500 N 71 06 18.300 W -24m 30m 10000m 10m all.rr.org. 300 IN RRSIG LOC 7 3 300 20130410115634 20130410105629 54974 all.rr.org. FdziErbL/quIRYH9P+u+4kiAnwdB+PuTU21qh12JhusotZDAmAjBpvdHsjcIAIJmK/oR+najm5AKirJCnxj9F6pGdK3xPo1bIinFALYnlJzpHEklpBe8A9AMrfxxFnCCEKxqa2d95Oe8n1NcZGMBTiqBhxDRmcnmlS33FA+YJlc= all.rr.org. 300 IN NAPTR 100 10 "" "" "!^urn:cid:.+@([^\\.]+\\.)(.*)$!\\2!i" . all.rr.org. 300 IN RRSIG NAPTR 7 3 300 20130410115656 20130410105629 54974 all.rr.org. iZH5FWlSU8GIy6VQsUTorMdaRAG3Wbo1irlzrPbRuAQmPCfredI2236MvU1ZhQdy0O7OV9MbXxn6TmLWJWmntceBDj+sCauuMPMmU4+rZAuLhlV/MSspftlDXqnkvC6bzCFfhVDoFyF2zKY4Xs8JKPc6mfDeXUyGyLrgmV++hLk= all.rr.org. 300 IN KX 2 rt1.example.com. all.rr.org. 300 IN RRSIG KX 7 3 300 20130410115645 20130410105629 54974 all.rr.org. a52c4EMSQYVdBtJhi+JcgO3wVx/JuCDYgwQ68mo0LZ9M0fnUGDx1l6somvZMQoi/fbvfzUAZ62oU2UDW9Oz9enIxe5DmyYN+57gDqEDbNg3SoBrVIoOcftFQml6X+JH/grQ21no8hZLP5JXrJ8cHZ8ROhPST8J1NbLUKjp0uHEk= all.rr.org. 300 IN CERT IPGP 0 0 FFsAyW1dVK7hIGuvhN56r26UwJx/ all.rr.org. 300 IN RRSIG CERT 7 3 300 20130410115632 20130410105629 54974 all.rr.org. CcY3yTFCBjK+YQ9ZqZiSuPKUCdezf3n4Ul/UwwUy/39nZRYeU1MXOaAtnAzmNCMqER6/AHwweJ4d+6oSrLsAYoDUBToHwyhMg8at/f4TZ4UZSYGVj1fF3MS1mVdUAeHlN5/ZgVVoFX1nt93i7DIbAUjSKwHHBrTSQFyVb9kNhXM= all.rr.org. 300 IN SSHFP 2 1 123456789abcdef67890123456789abcdef67890 all.rr.org. 300 IN RRSIG SSHFP 7 3 300 20130410115742 20130410105629 54974 all.rr.org. cvXx5xDRh1fhNriUN66qpjmzW+pCFov32WALjEtZHKZ08UHDcw7oYk0bAITGEIa+JCujQ7RkAMgwpbFbyZYoJgV78j+YaEquqfT7ZjZDy8FB8eL9P+HpHqoXtEXLvO2WYsbtU5phSESflzW/8kOvFWduO5IRZPbstE4BdfauVa4= all.rr.org. 300 IN IPSECKEY 10 1 2 192.0.2.38 AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== all.rr.org. 300 IN RRSIG IPSECKEY 7 3 300 20130410115721 20130410105629 54974 all.rr.org. FwJEQzEu1pZkpnAYZc3cWCCdgVsCyserUhJVeByjaMD3oHvfSbmdIT/IbOYyTrmfSFpwcsdJ6oJ+bNEwIISzaM/puSAjT2sN5+ryoSjaqePldM2/iZdf44N21UhyH7IfxFfryhdzIHdq0jnFkaCX+Y4c76vqpHitlaUYXdv8IDI= all.rr.org. 300 IN DHCID AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA= all.rr.org. 300 IN RRSIG DHCID 7 3 300 20130410115751 20130410105629 54974 all.rr.org. ssk8jk702AJwC7tO6+b8IhgIoiSRjXDLw72EVaiwlOuNR+HV5gATb1FG3Ng/APg6wDWNEy6VRhv7pQQHm/E0gFBAzkUSfCCw/yUX0fVlw3PhC1qs0di4Id3I6sKBK7ZstNzUtoOXfqjF7xvGU60EPA4ZSDvQkCCdvO4Ok5RIdQM= all.rr.org. 300 IN SPF "v=spf1 +mx a:colo.example.com/28 -all" all.rr.org. 300 IN RRSIG SPF 7 3 300 20130410115804 20130410105629 54974 all.rr.org. HHseYzie8UWI+NPBto4pTZAKaT0V3U8iYbwsAb0WYi3MK9FJAFPM8RcUflDGMKjkA0UBEb1udIKbQfRmknK9GtifSnQupEnWhnbHEmbnJ+zAsSS6k0aZ4vgm8GGB29OTqmkETAxYH0X/0FniJw7P9LUU/KnOqs/wnNOFkMQnxgs= all.rr.org. 300 IN DLV 12345 3 1 123456789abcdef67890123456789abcdef67890 all.rr.org. 300 IN RRSIG DLV 7 3 300 20130410115749 20130410105629 54974 all.rr.org. Ddtqn8hfhSHSL9krYFfBPCDPUf6ABrrXwa/xiOzD9MrfnxaIZcGt7HZuVjj1fbXdrklacVTyDMgpLGTJHKn4TnCsgUzBvoCRrHZpCsS8eL2dCBc5EfIMjuIPM2V5/bZbCNdxji0FJQ5lebO/XlSpl51T75iAa1ntN0+RsqYb37A= lsjuf2e6mg5p2lhd4ifn9j1d0tau9v6m.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab p9idn47k3i4hl7uvrsala2cika6iqhrt NS SOA MB MG MR HINFO MINFO MX RP AFSDB X25 ISDN RT NSAP PX AAAA LOC NAPTR KX CERT SSHFP IPSECKEY RRSIG DNSKEY DHCID NSEC3PARAM SPF DLV lsjuf2e6mg5p2lhd4ifn9j1d0tau9v6m.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115739 20130410105629 54974 all.rr.org. otfOdRSrnRxCz9vGEXwFoyxplCw5ZIm8L/fAtf7LBv/uq/WBes1oJ/hGcjNbJ98upD1OSQuP8H8fyZ9+XWOQ5YCdXFnO+oASPjko1eTDWDRE4NvpHuv0G2f73nFRvQDxJKx0k/geYSHMhtpy1jliDY9jMPSbkWaTjTqO1itznYE= ;;Empty non-terminal _domainkey.all.rr.org. ap94ot77hb4828sgce8b1vviq70e9vlb.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab g2l2o193s2lss98gj7rmmktavpqfjvq8 ap94ot77hb4828sgce8b1vviq70e9vlb.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115702 20130410105629 54974 all.rr.org. IOCr90ztV18liuUpYYWwRN+wJ+aLQWTRpo7eb3vShpvDwLQFbQT9AKLQ/av3bCsmML28r5pn4czZC1MEXpTyYPbhTSBSyb8kU5DeauSOU+bjdQpgJppZ0eEQ1iKNRV7MY4mlVPa/jJ5MJuF/jjWAHRovYmgPBOanIXBBUqq3jv4= selector._domainkey.all.rr.org. 300 IN TXT "v=DKIM1; n=Use=20DKIM; p=AwEAAZfbYw8SffZwsbrCLbC+JLErREIF6Yfe9aqsa1Pz6tpGWiLxm9rSL6/YoBvNP3UWX91YDF0JMo6lhu3UIZjITvIwDhx+RJYko9vLzaaJKXGf3ygy6z+deWoZJAV1lTY0Ltx9genboe88CSCHw9aSLkh0obN9Ck8R6zAMYR19ciM/; t=s" selector._domainkey.all.rr.org. 300 IN RRSIG TXT 7 5 300 20130410115828 20130410105629 54974 all.rr.org. KT6xh9I5XLsvNxSfB469KXOv6MFRNAPBjOd25UcgMt+iaTKHzNWqW4dO3XfzJeT+/fi/zDhGsuwcBvd9Hv+vS/G5EWC9zWmkTpGtWONJcWe7sFh6JvBXKEb044vzB0fpYPRCrE3gztgJL+/hMLdo8Kie7bcK6twe4YyZoSkRz/g= g2l2o193s2lss98gj7rmmktavpqfjvq8.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab ibhek6s8u0esfnqpdrm8tuo03rgcfkjn TXT RRSIG g2l2o193s2lss98gj7rmmktavpqfjvq8.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115652 20130410105629 54974 all.rr.org. soUOUj4nUVLWpjbCTaxYP/IwZsCUxDNqEvGEhtcWu3WX24C/nn3B8AFUHgYhzoU59cbcV8KX04DknCBx14iRB6nUGISCXLTDVL2oW7235UFgJf1+SAnPzh0xiqqbMhoC+TONUTIumD8aWOc4nreRCJu6sF3A9l8B4/exFwOsluc= ;;Empty non-terminal _tcp.all.rr.org. k8gq8bbuj67kiblf6eibvia6v06bdjnt.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab kguhs2hk2v7lkk84rksoepthlhstbp3h k8gq8bbuj67kiblf6eibvia6v06bdjnt.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115715 20130410105629 54974 all.rr.org. DKWpBw4n8w4DAL8wJ0iHoKiPc6fIZz89MyVz+92ZGdBkx8+tv+7YtiEWPaTouVu76lJQn+04FphXL3eRNacCljmWgq4KDo63GJQtQPMlUcaj4dY1DL/XjW05So0pZMxpgM2Q2WhpkS7VaqmtVlrnH/dHiB9zPeKCjMVCpN7evwk= _http._tcp.all.rr.org. 300 IN SRV 0 5 80 ns1.example.com. _http._tcp.all.rr.org. 300 IN RRSIG SRV 7 5 300 20130410115722 20130410105629 54974 all.rr.org. l4TKCA0c2PodZZMspzR8UJpYxhvrSiyY7MGeQSWseRW09dj43gEiJoIlxq3AaK0lw4FDzyfWcA2CYRwL3RW2cBSfKyHp4Ubmhm91WPzlIxec9amtVkYq4WrC9h8tfblfceoNyOv48QTew1pw9a/Gah5jnw4de3XNy1PgZkh6HtM= p9idn47k3i4hl7uvrsala2cika6iqhrt.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab rdg0v236pd1v9ol0rhhft0c8a26unhvu SRV RRSIG p9idn47k3i4hl7uvrsala2cika6iqhrt.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115700 20130410105629 54974 all.rr.org. RzjxnjDsBWBSKNIxPaI9yhOWsnleFNaL6iuXPhFF6sZtH3ejL+AQsnQiQO17vBPPzb6AILiBT7MWTF3YkZASEys978HWbHWgWESZDndXypJZe115v+yaU/rKGlx16lxtLbXSDqat+rsRBZdri8L6UwULlKDmwxnNMb57bVnR21o= bar.all.rr.org. 300 IN PTR ns1.all.rr.org. bar.all.rr.org. 300 IN RRSIG PTR 7 4 300 20130410115724 20130410105629 54974 all.rr.org. hqmf6g3txmdk6PuCnQ/ve5Cp7Oyh4Iol4bXNBsyvIZDsWto2UvUq0csquD21Tpo/MIq8BPCXesQMseprR+zZBr3w5qQbQJikvwUt1mx1mqABcPJeDgIPmBeIYys71IaTNdgmKib6rB9xndpeXuBtKJ737f+B0y3avy9eTsHbRfg= 17dh4524ajdqdot2u7ouvoko5p9assdh.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab 2t74lut69cjlkdoikr2lhjnaud9prhqh PTR RRSIG 17dh4524ajdqdot2u7ouvoko5p9assdh.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115813 20130410105629 54974 all.rr.org. BvO6S1ZV58+QmFVFytvs4nRlQ43zaqgEL2/Omuyy3RXqTSSUjrX9wiyJ+ncLiITBXZYtoZHv6Xyr7U6kk/sA8CRVOHA29iyd/kr8yl+0YUEb+p05SSxH014i0AG4UXBaQbF20qGoM3hN4GJwmTHllv6eYB3svPh+27k1bWcc6CE= foo.all.rr.org. 300 IN CNAME ns1.all.rr.org. foo.all.rr.org. 300 IN RRSIG CNAME 7 4 300 20130410115632 20130410105629 54974 all.rr.org. I6BTgHmnZ5VIRywDWAKwf+k6XvuSQyWEAfED1TtK6Vrels39qo8Jc4yDoSzeorAwizNYABPTFpQZucTCkgxn75vTxFKK7aLem5opkw7uZFrGH3y3WoEp7utAtmrHYl5KtaB0u4FL9P2qfj8G2TfmnvwahHSBU4HvKxWcAFyEq/8= a2oddelqgm2q40lr53o246garr6a1lo1.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab ap94ot77hb4828sgce8b1vviq70e9vlb CNAME RRSIG a2oddelqgm2q40lr53o246garr6a1lo1.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115735 20130410105629 54974 all.rr.org. OiYcHnhPg+Y4uA/lNC4SpO/wIPNYxv2AgQDAhDZZTHwEop99sWaTPWTo+l+Eu8gKswB2FRjEgY8kGuTfwSJjXibFuXSTwDs6xQdZfCmIatHnFPuSTV7WUub2L7ry03w6hnL31WzEnIHMESglKw3Wny2QHPfxpm+BArDryQ5lhOc= frobozz.all.rr.org. 300 IN DNAME frobozz-division.acme.example. frobozz.all.rr.org. 300 IN RRSIG DNAME 7 4 300 20130410115653 20130410105629 54974 all.rr.org. Q7y8w/y7BzLtzMI6eTlFj4TqbFfRhHUJMRsj5uY0TFESrHzIdxjanZebsvcfXSwA9KCadXx7jQdmAHtS1eNeuIZrAidQFeu2PWJJ5O/yGbswrmeNlcF46Mwz7qCKa3MzY5//liHZWbvZDM5o2w25+O6pkt2ICkkhlk4DcmcSSaI= rdg0v236pd1v9ol0rhhft0c8a26unhvu.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab 17dh4524ajdqdot2u7ouvoko5p9assdh DNAME RRSIG rdg0v236pd1v9ol0rhhft0c8a26unhvu.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115820 20130410105629 54974 all.rr.org. uOVkY3yt9Lkws8Q/CnWB+T3gO3jgOubKyxL5p8P/0ehX5PoxEs5PQ8/IzLHSX9gkRW6ZZS4veb9Q5PChayVbYcJj7Hla06b/rBvYC7vwxlw66dhKfx1Hd6DwVPrNWz8P4OrIMmIafpmCw+iILMIE2mPMfidn8MDgS0e2qSR3pOA= helium.all.rr.org. 300 IN HINFO "Shuttle-ST61G4 Intel PIV3000" "FreeBSD 7.0-STABLE" helium.all.rr.org. 300 IN RRSIG HINFO 7 4 300 20130410115658 20130410105629 54974 all.rr.org. qFTZmZu71gTIEN9M1ShvWq+xyqGniMreuq2y6weYsSZCy32IQlFHuw8IBgkeqnrgToFFvC8ZQPC+gUp5jyN8WfTKmQLPdJJyuDQhiybQdPQgxA0mg/RYlQiTjVnzZkDkPAymYee4qBxk/gGhJcwGkHVJLZJRc79ydwhmoUVolwQ= kguhs2hk2v7lkk84rksoepthlhstbp3h.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab lsjuf2e6mg5p2lhd4ifn9j1d0tau9v6m HINFO RRSIG kguhs2hk2v7lkk84rksoepthlhstbp3h.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115706 20130410105629 54974 all.rr.org. fYKJ/LZ3dvudYeP6fT+NjTwAdJX3OaYJQ8Ty4zDvnwizhV3usQdgkjL/UoSLUBRCFj9Y4x4C5ZZ+3Z6YSvkTO8vceFwoUl7QNwMKg4/R1yBte9GcH7BesMpG2QTovnXc1CEha4XHTWsGEjrFj1WOmz5kKruImykv0ILlbIjy37w= ns1.all.rr.org. 300 IN A 10.1.0.52 ns1.all.rr.org. 300 IN RRSIG A 7 4 300 20130410115651 20130410105629 54974 all.rr.org. tI8y5xo0zsUSeeh0ZJUuWr2xvbEtN5B5TFMwmOHOU70TNjcBLC1LE+2M9wtjn09mLphY84+YHzAH7PcpJByIwbstWAkHdjzjRpvQYg1UoeA6m/5hypTAU+7UWO99i4ccPKd7pM686zlQNBeDBdoQHVVDutQeXsXJ+BqchraKN2M= 2t74lut69cjlkdoikr2lhjnaud9prhqh.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab a2oddelqgm2q40lr53o246garr6a1lo1 A RRSIG 2t74lut69cjlkdoikr2lhjnaud9prhqh.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115819 20130410105629 54974 all.rr.org. TVwpq/lVeLnHws9G0N4/ksa7xwWjQA5o0OBy/FIdGLZutp9crtQVRlk/03Bzfv2t0BiqIb/PrZtScvG+3X0Wm8JqjYod/akHtrMlpPx/mPE7d6dMpyU2cOSeYrfge4T1VuCHTmjdweo/Hl3JrwEF7fmr18b+RdiD+dS4IIV9QCk= sub.all.rr.org. 300 IN DS 12345 3 1 123456789abcdef67890123456789abcdef67890 sub.all.rr.org. 300 IN RRSIG DS 7 4 300 20130410115708 20130410105629 54974 all.rr.org. YPFdLZvdgZFp49p66slbZF/xp6D4Jm64NCR5ADl3D0OXs8nB64eh78IPIRJb8T55ob70FCSaW7zgBXSVrAeIYDEBHXXYYtaU45uuAtJeDLbo27j1FaSPiXERduc/01nARQOcGrEKRHMOw7rnihizFlfyCS4EWhyh5RX3NP0bLcg= ibhek6s8u0esfnqpdrm8tuo03rgcfkjn.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab k8gq8bbuj67kiblf6eibvia6v06bdjnt DS RRSIG ibhek6s8u0esfnqpdrm8tuo03rgcfkjn.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115706 20130410105629 54974 all.rr.org. DWDO17UjzuSJCovz7w3vjRfQZR4qqr7qbOUCdcrkni4FnjU5PpF6+B7+dWUBHKwHf9jcH6QBElELoiYwAEuTZ3CZ8ofKNfvWCrekKEr3gUHSbL2Qh0tS3dZrYYm5WzpkZBZZqorjgVX1iAbOYx3KbhvsEBhFB6YSVLKpyXb9KiA= validns-0.7/t/issues/dot-is-single-zero/Kexample.sec.+008+48381.private000644 001751 000024 00000003247 12131602774 025503 0ustar00tobezstaff000000 000000 Private-key-format: v1.2 Algorithm: 8 (RSASHA256) Modulus: 1k6+cu1N1CN90iqofey1vu8jpsmWDbvdOnihGmeaeaCLMMW0tCGci/UyvcC7BJZUgN5q+6LJYgC1+/DLR/cRgi/xizmQOIqzw8TWT3TJDB8LneHHIfXQbMacDHhK62t2SHXDgczWcwF2VMxrSD3LGMnS+b9PuofOP7d1NSLzizwO7aZ8wPqejL6V5nYi5fuUVxrxLMM2aFQ9ORe4WsH9BS6hjYXJOF+J1P6eE5CnN+1W0ty1rQTRS/c9xUOnV3u8FewARgYevniva9vd5d05OagXKH9vJ6FSU+rWAMQfSYFGVZtQepsacrKiXPR1HTW7xIlg/pQvDHSZnSnkGagwfw== PublicExponent: AQAB PrivateExponent: LOxwy9Km3/NYqre6fjsilhW3GX1kcRiSdXFYBBr3rMtUojKvgJsTH9uUeWZvTbTdne4B6yHiqSKRA3Eki79k8i9uqMq2SsP4ju8yJZHLmzjezIfJoHrQ6BxyFcMZoWPzdZkKFKmFwrHpxjjbvFcHvfiAu025Pta9C2o/rZXYC7V3BWQowqYBfukdpZkCEhzFzEtC1ROXN4jPJBwNIma52QTLH6jK5BOfOJ5DhS1SF+r/EkuvXnylApVfjPfUIC8ocVvpn5WLoabWL+eURIi6MvVT59ppzc6WRUT2PxDskT2WUWfw3zq5B7JCM8/qfYIDUHvt1h6JcJHTAOz9Hr2f4Q== Prime1: 8UNey2U7voMhZmVUMpH5C8q7+hp6PQ6dUYd+hjaQVnsDOLPBT+zZf8R3str7pY/xlOOHy+DxYmZ0e17OumSOXTeQR4VSdsr/tpWc/qd2jd1I5N58R4G/yZHgTm8pm6VRb7NwZ7Eg6o2z0G2UEykFeberyg4U6SHBDP6DZNvGrQk= Prime2: 42XeoQUBshFkTYekdeqPfGqC1YXsK0URLGAbPbk8HlOiG7ueVmUnsAS47lyuEJPzIUgqqBbDM+CCdW8AvPJFDXa09l4akfCrLRyAdkreGj3bgmUs5wUFbDZyOHvRFSxdUI8LOcAhXthy86l+wErKwm6sWfd1oPGvMmC1qiSsW0c= Exponent1: JpdjK1+3DcNF7W4Z6LjmwFceeGQR14Bl86ubtnY14k9s9X3zVwiIxeI0T1yt0g7TUsCOcTM7CUVgLne8053QE+MWZgpSZYQVISyPX0CEOy8BQPLBqGJ9vg1idslbO3VXMGngegWgQUSHVbihbesq4AxcI0bbW2s1yRFRDSoGfpk= Exponent2: NbR7bd/21I1S+RSN/ONW2/VzzOYCLv3y3l4cUOmMj0UFRjN7Y8AkLWgQHQt6eKPYigW3PVeS5o+hgAalT/qP4GwmtQDomYsTgmX22Pk5l00AqL0oa6895p69PyXO7Yc6yqnd5te/idzo2S8wpk2DsYPd5KmS+F3cGLPKc9KRekU= Coefficient: ev+8Aj3u6mICRe6Y0NqYTGrXSBMDXf92dI4+CZtwy43cyTvvZSABWvlLTTXf8XAlnnPxszSpG7+e8bQk4A7ZIagcDFSUjzwtVoLqKqbyLPMNjJKqvGW2iTwfpXAHTadd9EmvTPsEVCJnZAvkyn9XQ49phL9IkFzj9kmSrGqnN4Q= validns-0.7/t/issues/dot-is-single-zero/Kexample.sec.+008+48381.key000644 001751 000024 00000000602 12131602774 024611 0ustar00tobezstaff000000 000000 example.sec. IN DNSKEY 256 3 8 AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg273Tp4oRpnmnmgizDFtLQh nIv1Mr3AuwSWVIDeavuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90yQwf C53hxyH10GzGnAx4Sutrdkh1w4HM1nMBdlTMa0g9yxjJ0vm/T7qHzj+3 dTUi84s8Du2mfMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB/QUuoY2F yThfidT+nhOQpzftVtLcta0E0Uv3PcVDp1d7vBXsAEYGHr54r2vb3eXd OTmoFyh/byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01u8SJYP6ULwx0 mZ0p5BmoMH8= validns-0.7/t/issues/dot-is-single-zero/example.sec000644 001751 000024 00000001457 12131605336 022651 0ustar00tobezstaff000000 000000 $TTL 1d $INCLUDE Kexample.sec.+008+48381.key @ IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL IN NS ns1.example.net. IN NAPTR 100 10 "" "" "!^urn:cid:.+@([^\\.]+\\.)(.*)$!\\2!i" . re-root IN NAPTR 102 10 "u" "E2U+email" "!^.*$!mailto:information@example.com!i" . no-re-root IN NAPTR 103 10 "u" "E2U+email" "" . re-non-root IN NAPTR 102 10 "u" "E2U+email" "!^.*$!mailto:information@example.com!i" meow.woof. no-re-non-root IN NAPTR 103 10 "u" "E2U+email" "" example.sec. validns-0.7/t/issues/dot-is-single-zero/dsset-example.sec.000644 001751 000024 00000000247 12131605337 024044 0ustar00tobezstaff000000 000000 example.sec. IN DS 48381 8 1 99477B577BF885AB2512B8DCA052D7B71DD968BA example.sec. IN DS 48381 8 2 E5411AAE0758711B164730F9069CCFA3CAB00391FDD76D04EB3E8610 CAA09E93 validns-0.7/t/issues/dot-is-single-zero/example.sec.signed000644 001751 000024 00000017375 12131605337 024130 0ustar00tobezstaff000000 000000 ; File written on Thu Apr 11 21:11:27 2013 ; dnssec_signzone version 9.8.3-P4 example.sec. 86400 IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 8 2 86400 20131212121212 ( 20111010101010 48381 example.sec. Fq4k/jiJFok+7glF4Nm0i58I524rmoJ1b6/N At6JVKWl0oja6db3puWnOP8hr+LeVcVWurqu XoV9Gka08da0xwaBmGnLZOalEUgN7b9MOsWu lSGhA/rA44GBdB8DLENt2XaM3EeSQ7IMLBGb ObOmwYrVgJbJpa8Nw3CtyzjqYSzde+BQuN/4 EYyP7fMdS8Uj6vHZq8XxolYeLgQBAmqDRg2X d0rETlT1SUfvAlckb6IIJEJl+qLDHWrebPWK ubVYzRrjTia8AKuo/UIuI2WYzAM7BNchh/7L GSh0HntsdrZ38ZeT82hr/ApfFIXpu/8jrQD+ muqATnMaAaFx10+j5A== ) 86400 NS ns1.example.net. 86400 RRSIG NS 8 2 86400 20131212121212 ( 20111010101010 48381 example.sec. I69J8S4zvi0luZE0va+MOum7IUODu7szp479 k844Mx4L5wb77SPxsiKwgVFtWOmFSgmNM935 ormzCsuAOTvtvm7b2Egov5Qo4yl/JvU3i0mR vLYFgGK0HFWFYM7Fj17ypqwMlAo2WYKYTVTa I9YWebM6saSkT2N19NTwBj1dGsW0CVzJPKo2 +ihnFi8FnoR7phZrEig0Z0U2zUmjgexYnrLU RRTzDtbAuDddRUr/tKmGrjTokpEKN7VzoNQi 5m9hiZQkoPrjui8k0KAckHSAiXKk+foKYrt8 TExvBjWCTHVIVk9JmsIBpyVtX/YLAGAorJyR nHAfTf6Z+YekBJbNrQ== ) 86400 NAPTR 100 10 "" "" "!^urn:cid:.+@([^\\.]+\\.)(.*)$!\\2!i" . 86400 RRSIG NAPTR 8 2 86400 20131212121212 ( 20111010101010 48381 example.sec. eaoY5DkXxp8NOLVfzqayHae7SeokwxAEkDFc Sk6xdRafMXrvJ4WDtfx7rcqq26WBcUXtvvG3 E/1ZXkCVekTjFu9XxYnaTgvoXzps8ybyTQ3a iTaDvttAwX21c7xAEOeqcxUiCQ6Uu6U5Baw8 8BqKc/tYMFv/lSlTK33LiqLjXOMrBWLsRdhP 4rbicl/xFnvFNz+MUMROpmcEVMhF4VWIflHS V521exuvW695/kRuvFzOUuvzP4NKaBVJizI1 RW3x5cx11UsVT5I6Si4h4PMeOcYFfZTCcwYt iIeBB9JcVAD8KDhe4ouMDS09R8o0ceHF4uJl uPbOyTsuLe4MuMB+zg== ) 604800 NSEC no-re-non-root.example.sec. NS SOA NAPTR RRSIG NSEC DNSKEY 604800 RRSIG NSEC 8 2 604800 20131212121212 ( 20111010101010 48381 example.sec. Pj5YE+pnDboIDPF/j1j7kZVMDRFaTN+7CDHC Y7DLCEO4V8t7sQkT6JW116tvmSjBato3fdrc u52IEbVZMvRM1An8uHAnBfvK+Bt44P6s55P5 fsqwi8KR8odCZLPcwsWK1ev0nDSmHk/PAHzd ROOxhbaltxs3hg8UNdk72dAwVFOj1A/etJHJ UMvTuj7bI4fGC1wpMm/jdnbG74lHOfj5e98F 3QZtTEv7ZOMoyrivs23hvjYV+r5miVbdw3LY 7OFtwfabWHaCgaV/zgqNoVgXqeexSIScXbO3 QiLh2QjJWwBgTaE5asUepmw6boB5lhNbJ75l pMhn2BkrtdZyeiP5Aw== ) 86400 DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; key id = 48381 86400 RRSIG DNSKEY 8 2 86400 20131212121212 ( 20111010101010 48381 example.sec. pOw63jF88dUEJt9V6jP5ddD1rUSGEyNn6ih1 Be7GWq2dcrY1ZxgI3fN8fGfCXyB089MdphUy 83TmWcz2KiuD0qRy/F0bK4sI4hk/2eokBVTo 31pIFNxZsANduz2nP9OoceLMxk5TCmm9zipr Bf0Ysrky0BReY2FRUjjaWNV4MuiMEf8ToZ/2 1+Zbqe7RGP0Z/IchDN2hpA+qHizloKTIFOCV sqG2CKHiG3ZcXMWKQaohuCrQyR9ee/vmF8ZQ IrY36SifxcgrT7cycE8NFhIlReLf7M41oYeo erdZHzrGZVGn2ZKCW1spsgpBRXdh37HvdVaV 8NOQSnaXLi1paogk1g== ) no-re-non-root.example.sec. 86400 IN NAPTR 103 10 "u" "E2U+email" "" example.sec. 86400 RRSIG NAPTR 8 3 86400 20131212121212 ( 20111010101010 48381 example.sec. thOK3O1btgK+IxcmKDo2BZx+tHOOhIRFJroj fmTan7U1Gm0ylrIGOpw64N0q1cUrn99g2iNF +p0zXo1k1ZMDXDG59jnzvQvqrq8h7XCA3GH1 ZI4Jts2xmvsmlBRmkGs6BexJHbsu2gA6bOE2 PTfcriQHRxLNe/H2/ysA2/C+uywf3ud6eLtT ztBR5m+m34IBAJ0MIZED0VD4XW7CV8jwSlQo cZXfdX9VYVyM7xCJt1C4BesMSojUGRk5at2Q 4/giW1bXGEqtbJj5xST4HBONnyzhPqK8slsx aVynOT60K3os+1M+Th3nPwPLhMMuXyi4pu+V gFnfeysv3lDLaWSoOw== ) 604800 NSEC no-re-root.example.sec. NAPTR RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20131212121212 ( 20111010101010 48381 example.sec. Imd15dZ1PVf12U8c21QUUD8aAFf3rC/pa9kb Ip/zMGShCDGT2wNd08TEjTHxaSHEWUJU4+9E DdL8S/dU9bEwjrkzH9dmp8VItVfo95rZmPvU jIypT6XdNinTkkeBSkoc1TNmOov/H/8UnzyA ryuXY/+GCyz8Srx3Iv388NxGDgSi89RBxcpJ pEcIwEhs6AGtc7dPc+oAVpqekCkADgF83N10 AwA/yLd1rUpAc/sZphiu5iQHeDUR6DAvhIk1 AN2F7HgVKmtgaVni7MLEQjzqPASN/jAx2mf5 jGBz3jeCiuGhkh8GMhI8g3Hu37q6Noa4FYO9 HLfrFgZVly6NPx3C8w== ) no-re-root.example.sec. 86400 IN NAPTR 103 10 "u" "E2U+email" "" . 86400 RRSIG NAPTR 8 3 86400 20131212121212 ( 20111010101010 48381 example.sec. Sa2e/jOAImtSOP+rJIimYtqs4UzkW0o1QbZJ hbyPlMwNicl6/tWCwlGnGOm+KCRMvo6DNgU7 kVHBMH1oZoHy674XRXP1VsNL24fXe3pTa5fq hVSKfY0sO/GnIZ4emmJ+HCIuKK8ML/U8Y2Si eart9IXhrwGtEPU0/RiU9oUsUWCA8Fd7eKx7 8k1qZCVYSq7uWhVsPpJAlernp1GEqggfc6hz y0q77BnJs/Hg0ZruwV8LhCSaOa3FLUBdXr78 AammfUfkkkoR4hREAgAV1hX/s3sFAkLe0z4y IyCKI38tzWSk9Fnvqh1ciUEK2Twk4+T916R4 iLFczgMHT32MSrWMzQ== ) 604800 NSEC re-non-root.example.sec. NAPTR RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20131212121212 ( 20111010101010 48381 example.sec. h1PxESogvqIgh9qIPVRK6gV+Ku2kczLvfcYx JjosK1sbyJHV3Wi0YJkSAdfmRAx5Xwx/kD4Z Rx3AVkR2vDxS8vHp/W8P7ZBSoc2FBPEHEDcl ip9M9HJRJrAwQAoPW8FRsR5xWQlK3jR5cQeu p6gtHYmX3bEGG9DJ4y9nOlfQJiKiiGzsrw3T p4YyznucIiszk4T9t9MROATvBnb+IqgnZgd/ 70NBHLBRokPSjxlo6urQCuA8c5pAAc6CNlbx bQrYCb1vQkR7HxtLT0D7TMsGk1VM9tDrRKji fdaGZuOcwpE6fyKVKscSSIbrmQyuWodeR5yQ zpWkkaYzGiiayhO5iQ== ) re-non-root.example.sec. 86400 IN NAPTR 102 10 "u" "E2U+email" "!^.*$!mailto:information@example.com!i" meow.woof. 86400 RRSIG NAPTR 8 3 86400 20131212121212 ( 20111010101010 48381 example.sec. CXKyN8XHuH0VoFmiGOBcNs39q8/+qrOF+QAM 78i0OkLLMz2v/aM2lrSOb+Hry5DWh+ot8G9U XI78hnP0ASZeB+8lQvEJIVuOiSEve8rPTPsQ 4tGmsryg85Kj9LUtCTEKCNV6YJaUVqt4mz8z h1f0SEbhqv0e3/7M7sYrWVTfB/kX0Bj8UqkH /05ga8XxMIMxtWsr75zlAZsscb61tn6XVa0B 3MV5O0U1eG1qoFeTuAbvr1DfZK0uF6ECCUyx JX8U2oo12Sxcz0o5L7Qfk0xERIwjxtN4lQ8R 9BdYLztEFxPPNGKKsvhSywLNZzL1hci+gNjq oO7yOXNxALYtmvKjBw== ) 604800 NSEC re-root.example.sec. NAPTR RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20131212121212 ( 20111010101010 48381 example.sec. Xqs0A2TayUWY/kqPFyOy+igaEqv3htnTdXCl C+yxb34UpJ8tBnbOVMchPvgRtfrWyKHdnQYw ovfdVsJ2vjWJ3CaZlji37Hq3+RdMM4I+ysUl mxKYqtb5StmpT2oHVk+YTLzSCcDCKaC3/1gk tCFXBxwmfj7KgnWXUtnO3JnaDKhRPFl2BJXA vWzcRNo1JsLa0HWDbvMe9WlHEgPZLjFV4D49 UgS3MPr+ugzpRe8oMFhwxRb5Jwhg09npoc/n iX9njvRbbFkWz8TpYpBxKd2gDfHmMmaHjorE ZFJZc1f9827L9bZC/ZQ4C0hjgnOVVnBadjSr 3C8ycWv1DYri5E20mA== ) re-root.example.sec. 86400 IN NAPTR 102 10 "u" "E2U+email" "!^.*$!mailto:information@example.com!i" . 86400 RRSIG NAPTR 8 3 86400 20131212121212 ( 20111010101010 48381 example.sec. FyUk9M6UtLK7SWoMR/lzOk3ZGzgvF0EyNR2E IngjzVMpZwgmxmumUgYGnXb7QNqgbv+0hq1O w6KFBLfGxAjM+R9Jl8TqiAsJ+iBUnPgf09aK AefnC7iF6O3ZpoZm3sXCogH6URXb9th0BIhE wIcp0zUBn9K7ZO0DpLT9o9SvOcJ6IyC1q2MX gb/vCD9J1ldIvzIixG4Kf9R7pOz3Skumxxh0 AdDpFaUnz4e8z+Mx1ggiaxu+7xpCyHt9IpqO xNUWXkDnAT7gJdmuRNrfMrZ95l1d9tRBRzdr a2hxjPKzkZZES22JP4bOacBIsmv9oFeWNwVl BTE21qIBdDbNM++aKA== ) 604800 NSEC example.sec. NAPTR RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20131212121212 ( 20111010101010 48381 example.sec. G7ALxMAtp+ZSLfaGoJ7G1OcEsO1GFI86ogY0 TlSH7RRj+Gq9AEI3q/wJYzmgxTiZyGNsQCHv gd6eetKCFhL7Bh5yyOwYClQVK+mPqLx0iqHt H3bkGiISUenbRBCMyjpb4MD2t0yDd0aXwqcL Pv6oOIKmdhFsZb+F+JvSMjSQjGJ5AWqFxZ9O Ip/VoJ24uO98vcTRaN8lyhRV+vYFfIFbaQOU Pki2DDN7HkOBLLL0XAMbX2B7lM24es0tp3F3 Y97FqegjBsbuEG2qD30FHeom97/cQBtf0MpA YgQbu9OFCi+wmE0CSANMAEecc+c86aMDjjC9 0X3fa5X5yacuZxz9zQ== ) validns-0.7/t/issues/nsec-chain/example.com000644 001751 000024 00000001035 12111430324 021211 0ustar00tobezstaff000000 000000 $TTL 1d $INCLUDE Kexample.com.+010+35615.key @ IN SOA ns.example.com. hostmaster.example.com. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL IN NS ns1.example.net. domain1 IN NS ns1.example.net. IN DS 2629 8 1 422D2A1FEADD36337C719964637CA08EB4C6BECB validns-0.7/t/issues/nsec-chain/Kexample.com.+010+35615.private000644 001751 000024 00000003361 12111430324 024032 0ustar00tobezstaff000000 000000 Private-key-format: v1.3 Algorithm: 10 (RSASHA512) Modulus: 5iAul8GZHa77PuybdoyNZVMZx+8sUgUFDfO+mUJ5Wso+USLSU3QXOMtE8cqxAXbZOdIXGOy70MobGPnR/uxf0+xpk1G85hd1V2euHlggmC7kFyxO2lf6elAAACpQLSdf6beMmS9K91aO1EhgXcSseIJFqbqswMUZID0i6kr5ntMl/P8lFjE5tgWg5nKxVtMQs9COn6GTdB1IEOJizmrYprEVjP2vXwGUxQyZTBU0QNOKyIXb2KO7jiqf6lypxFJQzUWax70JKNrCW1eEDQH9ZuFgNDaSIo7lRBLhCKncLSwDcoQKKsIxwltcShogfNc6uQ0YltoKrRugd3K2N1BJQw== PublicExponent: AQAB PrivateExponent: JBU/uQPeIk1hj8hByCDZut2A2VyjMmkfFcT2ScmmhZnYk5hGKle1nG4i7Va+0l/0R6Cthnb4LBDElvH0/2fIzs3u7+6NE/bxqzbSkmd3FOWlVgzYgFvzJmKM3XnFAI9/9oGVRh+oPYgQ9TA0C//emzax/Z8Ln15IRknPw7Tl1wUwfAhUf9FR1FZ1oaD3hKuWx7jsvHCkKAtXoOlmTTBnTRAfVrlWdEONuln/iJuIEkuiTAD5m3jmiMljF1clTb/cczSPZhqPwlx9bqpj8cyePavrrJDIC2aseqs+E9t9oKeDj0Oi7/X083+7AX/XjcD05GohbgLeCAExH98gkB5OIQ== Prime1: 9iaC0LohyI7f4v4F1vwc+mVkeYvg6P7+3h3oC3R8iaE2sAwEFuDEmXXgbhkzvZiUbjGVzaGAj1HcbYzbrYCGsbx+8qWCCHW6e3/5sL7yoflsLF7y4XU7FVl9hsJSRcqkTEHwA1mRFpmy4kBkpzsBbfmNPnqJYIoGwS3lmr58rp0= Prime2: 71WEyVg6cxrInrciL9Ae7qm1ab7RF9sSqdF4UWhQDYPZJ0BimNoQsAa76o+UBM/Qld9NMBXKu8no2ydWnkXb6LraUpFkAxF89MRAkCLlzV6n5ABmwGrLGIcKUp/J2T8Gw3ojxClcCEnskx5295K86835FGbx/xEQdaHVpDXKYV8= Exponent1: NlU11uDfCCgRX0d2/odT1il/Th0EHin7FAhB6hViT/bX3XApjus6Oi18xpCljRoa2V/0kxktCXWmVEAdVWTjVmQnGWRTGY7zBMOw18SuRfaKXBjxP7bivcmtHYvTITijn3mGgxbIIdb3V12jWg56OE43US03Gaod55I79jZJyzk= Exponent2: XwePz/qOSsHpwstocZ+riIwuEizIDTbZNECOC5TlpFgj0ygHfjWnxp0F5F7aIQb7BWdC2MLuWp4TLWFzTSjj5oa6xWohUe6RtQZvtEuG/4KEG03lfqVouvZzrNbxaKdT4i4PIYZimo/vtYK1Lhw/k0mXivhNQj/eTzbRA4CwOPU= Coefficient: AdcUDb/gzCkVid24q5fusFX1qzilGI4BDA9VVvf6XICZWHX3p8L3GB4H/KFNokHLFJtbAVLsi5T/glxyH+eRlfkQMg6EmgsOgTBpiOp3/VzO182qR8gHeVEYSUoRXLYo9UhtGdUF290YBYbhwjJkLEIfYe/lhfwMlzN9va3EUXw= Created: 20130219194149 Publish: 20130219194149 Activate: 20130219194149 validns-0.7/t/issues/nsec-chain/dsset-example.com.000644 001751 000024 00000000251 12111430324 022406 0ustar00tobezstaff000000 000000 example.com. IN DS 35615 10 1 5293F83B0138B06E62542BF8D41C7AC4176BB08E example.com. IN DS 35615 10 2 B5995969441CEEA4C2114AAE50C40D730B65CFCDB76545AD02F73177 E8BD1A8F validns-0.7/t/issues/nsec-chain/Kexample.com.+010+35615.key000644 001751 000024 00000001137 12111430324 023147 0ustar00tobezstaff000000 000000 ; This is a zone-signing key, keyid 35615, for example.com. ; Created: 20130219194149 (Tue Feb 19 20:41:49 2013) ; Publish: 20130219194149 (Tue Feb 19 20:41:49 2013) ; Activate: 20130219194149 (Tue Feb 19 20:41:49 2013) example.com. IN DNSKEY 256 3 10 AwEAAeYgLpfBmR2u+z7sm3aMjWVTGcfvLFIFBQ3zvplCeVrKPlEi0lN0 FzjLRPHKsQF22TnSFxjsu9DKGxj50f7sX9PsaZNRvOYXdVdnrh5YIJgu 5BcsTtpX+npQAAAqUC0nX+m3jJkvSvdWjtRIYF3ErHiCRam6rMDFGSA9 IupK+Z7TJfz/JRYxObYFoOZysVbTELPQjp+hk3QdSBDiYs5q2KaxFYz9 r18BlMUMmUwVNEDTisiF29iju44qn+pcqcRSUM1Fmse9CSjawltXhA0B /WbhYDQ2kiKO5UQS4Qip3C0sA3KECirCMcJbXEoaIHzXOrkNGJbaCq0b oHdytjdQSUM= validns-0.7/t/issues/nsec-chain/example.com.signed000644 001751 000024 00000007634 12111430324 022474 0ustar00tobezstaff000000 000000 ; File written on Tue Feb 19 20:42:21 2013 ; dnssec_signzone version 9.8.3-P4 example.com. 86400 IN SOA ns.example.com. hostmaster.example.com. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 10 2 86400 20130321184221 ( 20130219184221 35615 example.com. fSRKU+K9f0tGSpUVNFtQc0TBufHSMhQ4yWZX fv1+osKrMVHxfluIwlYa5ExqFBvf2EwVvruF 2gk3KGR9WtM62Ub+MsBCRZCZeIrfEZ5tWPRf UHSbi7WwOD7ELQw6yeZLiG+8BRZSove8txHC N0GqaB3FeFRg1BRnErsmutfG/TvNS2ihjeTw IIjELjcHbe79tsvD+JIzSHghWt0b+7dHpD5A Z0mNAhBSgRwtwb2BtrLwJhtRX+spPlM6iy87 6pfADRZQCzAlv4aridie5pQzFG15FLyyfvbF 5/YtMZjuAaBNf+2KqhZbGWQFuPLB9C30Vqa0 qQ7o10OAn3QQGHE+iA== ) 86400 NS ns1.example.net. 86400 RRSIG NS 10 2 86400 20130321184221 ( 20130219184221 35615 example.com. B3H3TYnpWgpc4cqIS79F/GSxSrUTaDdJEtVj Ps4fj0ETKrjBxIkq8r36/srAD72VK8nGuVvW aC90q6hy+T5oRjnDGke8XcOZLTeSsdqSiElL DgEFhKhL80Sxr9sMd2V+N7KzSLlPKsYtAW+O 5ktr/21CSzE0lhDI8b/GO8Hjs9gZwyMzLzlx j3kVtMlsul5aJrCA2WtdKEBXTiFrhr4FU+hY moe3uwrUNR6MHhb+l1IVo2yKCDBD7ZZ1ToGz dl2XuHEWiuOKiUAizTcpnWbdMWzSJMkrKx1/ gXdAq1q1t8VIi9WJs4XyKEDuJG0Ep8BeUTmE 4QbwLrOe1Tabell4eQ== ) 604800 NSEC domain1.example.com. NS SOA RRSIG NSEC DNSKEY 604800 RRSIG NSEC 10 2 604800 20130321184221 ( 20130219184221 35615 example.com. fi1kPn544HwVk3M/BhM0g2oyLrRj6XfS+r14 qbVtMtT4s9Nk7hmtKlqCjSvPRl+ichW9cGRn pfYC6cDkKb6VX6RUqtCfN+A1s+f9iX/TPCkY mo4FgxioOG6ZUNBxsbgYsBjM08VwtOf+4VZV P+NvRpbMvmNRJux2Ftba+wB0GA4Bl/x1jx5R O4EI8/hENXxnc+ak/eJdBRy7yDFgBMVvp2ZI 8nt353uXhq+C/HpB8CmQO290GpUStpQlQ9aW e5usfRplUfHLSvF+YfJGBV+7WxfQa7REIdXw 7wmbHdS0iy4XtyGXVs9/cFipP5l82skYl4zb YZol9Opb28njTmdxtg== ) 86400 DNSKEY 256 3 10 ( AwEAAeYgLpfBmR2u+z7sm3aMjWVTGcfvLFIF BQ3zvplCeVrKPlEi0lN0FzjLRPHKsQF22TnS Fxjsu9DKGxj50f7sX9PsaZNRvOYXdVdnrh5Y IJgu5BcsTtpX+npQAAAqUC0nX+m3jJkvSvdW jtRIYF3ErHiCRam6rMDFGSA9IupK+Z7TJfz/ JRYxObYFoOZysVbTELPQjp+hk3QdSBDiYs5q 2KaxFYz9r18BlMUMmUwVNEDTisiF29iju44q n+pcqcRSUM1Fmse9CSjawltXhA0B/WbhYDQ2 kiKO5UQS4Qip3C0sA3KECirCMcJbXEoaIHzX OrkNGJbaCq0boHdytjdQSUM= ) ; key id = 35615 86400 RRSIG DNSKEY 10 2 86400 20130321184221 ( 20130219184221 35615 example.com. Qx8EkBJQK08TIY9Ftt974UC788Nof2zwmCZM 203uXl/Pm6iDN/FgEigcl2IvtuhxrWiEvNJD dINpepPOkusX9apzG1pSs5rMj8RBxhEv60i1 OfBeC7F/jU6CY6f7JvQ+ULPwvQ2e3/r8P3jY 4ErC2rsxSJpAzKkWUWokNIS9e2VJA8FCpJCI oJbesCGXH7ydDFZ+x6+z60xGRIhK2/MoCzGu WbLRHww77y4q1ePC7v35hh4uoMPTwbtaD1P6 pw3ELhXuHMlh+A/K5v7gVfZWYEFipe/r2YhM dbjGdB9/ZTTiQddFBVll7G4EqhSqTA7+elTV RB9EkLCRntIpYCh9BQ== ) domain1.example.com. 86400 IN NS ns1.example.net. 86400 DS 2629 8 1 ( 422D2A1FEADD36337C719964637CA08EB4C6 BECB ) 86400 RRSIG DS 10 3 86400 20130321184221 ( 20130219184221 35615 example.com. cv4HDaasJ4SKii6DPbfHf+rRy/i4WBxRo4Uz 84B5Ta4tB5LaJF69c8T10mPC4jnwIFvcJ+1G h07mQZdt1FyPLMJM4lOEj9Nj+mKEtf25lRtT 58Rph6n95wwanRvuELtUEjeU+F7vMyCj2aFw NLXHIvyWvtbPCJOrSfyB7TPH+sIltOoMCziF 0kHHiMrVqV9CE8hjq5MgdbyZ2/LdF7vYNza3 btNmSJY0WpmoTyoHu9+bMQQdAKHfUx9u+MPJ jbF77yqBIzEkbV1j4eeQ5NLA6YlXmowuhhxF 8U+dko4h7TRxkmq0ih5XQJVoKnih76Dj7p/2 oHYE204X16iJXqKXLQ== ) 604800 NSEC example.com. NS DS RRSIG NSEC 604800 RRSIG NSEC 10 3 604800 20130321184221 ( 20130219184221 35615 example.com. WWg7EiYoY8Hp593I2i5Mkl2ezg7YuAnq0y75 oymTCuEfGwh4OxbMT/mWNqAFL5Y8f0YoQOOY wZP0m/sGK/EJN7ulNsfQyULY4WsyHIGlKMwT KdyDXJLrmrzlmRnGv7pFb0bo53n3osE0uFfH yMQYOkQRYfqa4yWXF9Nl48dy67frtVih0foy 9Mm76mmJSDUd/jGsYQmaoFGVU/a64rWapVQ9 O/mXPqr6Pw2ZCHecsF4ElMEp41YqG1DfR5QR khTjvTlg4aTKvgX1YuvDhjUygSHit47xn2NC 2WwEZF+vYXT9DIUCMcKdVeb4bjWwUXbWNFqz Ca3jb/mpOpUDFnrRPw== ) validns-0.7/t/issues/nsec-chain/example.com.signed-without-first-nsec000644 001751 000024 00000006560 12111430324 026245 0ustar00tobezstaff000000 000000 ; File written on Tue Feb 19 20:42:21 2013 ; dnssec_signzone version 9.8.3-P4 example.com. 86400 IN SOA ns.example.com. hostmaster.example.com. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 10 2 86400 20130321184221 ( 20130219184221 35615 example.com. fSRKU+K9f0tGSpUVNFtQc0TBufHSMhQ4yWZX fv1+osKrMVHxfluIwlYa5ExqFBvf2EwVvruF 2gk3KGR9WtM62Ub+MsBCRZCZeIrfEZ5tWPRf UHSbi7WwOD7ELQw6yeZLiG+8BRZSove8txHC N0GqaB3FeFRg1BRnErsmutfG/TvNS2ihjeTw IIjELjcHbe79tsvD+JIzSHghWt0b+7dHpD5A Z0mNAhBSgRwtwb2BtrLwJhtRX+spPlM6iy87 6pfADRZQCzAlv4aridie5pQzFG15FLyyfvbF 5/YtMZjuAaBNf+2KqhZbGWQFuPLB9C30Vqa0 qQ7o10OAn3QQGHE+iA== ) 86400 NS ns1.example.net. 86400 RRSIG NS 10 2 86400 20130321184221 ( 20130219184221 35615 example.com. B3H3TYnpWgpc4cqIS79F/GSxSrUTaDdJEtVj Ps4fj0ETKrjBxIkq8r36/srAD72VK8nGuVvW aC90q6hy+T5oRjnDGke8XcOZLTeSsdqSiElL DgEFhKhL80Sxr9sMd2V+N7KzSLlPKsYtAW+O 5ktr/21CSzE0lhDI8b/GO8Hjs9gZwyMzLzlx j3kVtMlsul5aJrCA2WtdKEBXTiFrhr4FU+hY moe3uwrUNR6MHhb+l1IVo2yKCDBD7ZZ1ToGz dl2XuHEWiuOKiUAizTcpnWbdMWzSJMkrKx1/ gXdAq1q1t8VIi9WJs4XyKEDuJG0Ep8BeUTmE 4QbwLrOe1Tabell4eQ== ) 86400 DNSKEY 256 3 10 ( AwEAAeYgLpfBmR2u+z7sm3aMjWVTGcfvLFIF BQ3zvplCeVrKPlEi0lN0FzjLRPHKsQF22TnS Fxjsu9DKGxj50f7sX9PsaZNRvOYXdVdnrh5Y IJgu5BcsTtpX+npQAAAqUC0nX+m3jJkvSvdW jtRIYF3ErHiCRam6rMDFGSA9IupK+Z7TJfz/ JRYxObYFoOZysVbTELPQjp+hk3QdSBDiYs5q 2KaxFYz9r18BlMUMmUwVNEDTisiF29iju44q n+pcqcRSUM1Fmse9CSjawltXhA0B/WbhYDQ2 kiKO5UQS4Qip3C0sA3KECirCMcJbXEoaIHzX OrkNGJbaCq0boHdytjdQSUM= ) ; key id = 35615 86400 RRSIG DNSKEY 10 2 86400 20130321184221 ( 20130219184221 35615 example.com. Qx8EkBJQK08TIY9Ftt974UC788Nof2zwmCZM 203uXl/Pm6iDN/FgEigcl2IvtuhxrWiEvNJD dINpepPOkusX9apzG1pSs5rMj8RBxhEv60i1 OfBeC7F/jU6CY6f7JvQ+ULPwvQ2e3/r8P3jY 4ErC2rsxSJpAzKkWUWokNIS9e2VJA8FCpJCI oJbesCGXH7ydDFZ+x6+z60xGRIhK2/MoCzGu WbLRHww77y4q1ePC7v35hh4uoMPTwbtaD1P6 pw3ELhXuHMlh+A/K5v7gVfZWYEFipe/r2YhM dbjGdB9/ZTTiQddFBVll7G4EqhSqTA7+elTV RB9EkLCRntIpYCh9BQ== ) domain1.example.com. 86400 IN NS ns1.example.net. 86400 DS 2629 8 1 ( 422D2A1FEADD36337C719964637CA08EB4C6 BECB ) 86400 RRSIG DS 10 3 86400 20130321184221 ( 20130219184221 35615 example.com. cv4HDaasJ4SKii6DPbfHf+rRy/i4WBxRo4Uz 84B5Ta4tB5LaJF69c8T10mPC4jnwIFvcJ+1G h07mQZdt1FyPLMJM4lOEj9Nj+mKEtf25lRtT 58Rph6n95wwanRvuELtUEjeU+F7vMyCj2aFw NLXHIvyWvtbPCJOrSfyB7TPH+sIltOoMCziF 0kHHiMrVqV9CE8hjq5MgdbyZ2/LdF7vYNza3 btNmSJY0WpmoTyoHu9+bMQQdAKHfUx9u+MPJ jbF77yqBIzEkbV1j4eeQ5NLA6YlXmowuhhxF 8U+dko4h7TRxkmq0ih5XQJVoKnih76Dj7p/2 oHYE204X16iJXqKXLQ== ) 604800 NSEC example.com. NS DS RRSIG NSEC 604800 RRSIG NSEC 10 3 604800 20130321184221 ( 20130219184221 35615 example.com. WWg7EiYoY8Hp593I2i5Mkl2ezg7YuAnq0y75 oymTCuEfGwh4OxbMT/mWNqAFL5Y8f0YoQOOY wZP0m/sGK/EJN7ulNsfQyULY4WsyHIGlKMwT KdyDXJLrmrzlmRnGv7pFb0bo53n3osE0uFfH yMQYOkQRYfqa4yWXF9Nl48dy67frtVih0foy 9Mm76mmJSDUd/jGsYQmaoFGVU/a64rWapVQ9 O/mXPqr6Pw2ZCHecsF4ElMEp41YqG1DfR5QR khTjvTlg4aTKvgX1YuvDhjUygSHit47xn2NC 2WwEZF+vYXT9DIUCMcKdVeb4bjWwUXbWNFqz Ca3jb/mpOpUDFnrRPw== ) validns-0.7/t/issues/nsec-chain/example.com.signed-without-last-nsec000644 001751 000024 00000006600 12111430324 026054 0ustar00tobezstaff000000 000000 ; File written on Tue Feb 19 20:42:21 2013 ; dnssec_signzone version 9.8.3-P4 example.com. 86400 IN SOA ns.example.com. hostmaster.example.com. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 10 2 86400 20130321184221 ( 20130219184221 35615 example.com. fSRKU+K9f0tGSpUVNFtQc0TBufHSMhQ4yWZX fv1+osKrMVHxfluIwlYa5ExqFBvf2EwVvruF 2gk3KGR9WtM62Ub+MsBCRZCZeIrfEZ5tWPRf UHSbi7WwOD7ELQw6yeZLiG+8BRZSove8txHC N0GqaB3FeFRg1BRnErsmutfG/TvNS2ihjeTw IIjELjcHbe79tsvD+JIzSHghWt0b+7dHpD5A Z0mNAhBSgRwtwb2BtrLwJhtRX+spPlM6iy87 6pfADRZQCzAlv4aridie5pQzFG15FLyyfvbF 5/YtMZjuAaBNf+2KqhZbGWQFuPLB9C30Vqa0 qQ7o10OAn3QQGHE+iA== ) 86400 NS ns1.example.net. 86400 RRSIG NS 10 2 86400 20130321184221 ( 20130219184221 35615 example.com. B3H3TYnpWgpc4cqIS79F/GSxSrUTaDdJEtVj Ps4fj0ETKrjBxIkq8r36/srAD72VK8nGuVvW aC90q6hy+T5oRjnDGke8XcOZLTeSsdqSiElL DgEFhKhL80Sxr9sMd2V+N7KzSLlPKsYtAW+O 5ktr/21CSzE0lhDI8b/GO8Hjs9gZwyMzLzlx j3kVtMlsul5aJrCA2WtdKEBXTiFrhr4FU+hY moe3uwrUNR6MHhb+l1IVo2yKCDBD7ZZ1ToGz dl2XuHEWiuOKiUAizTcpnWbdMWzSJMkrKx1/ gXdAq1q1t8VIi9WJs4XyKEDuJG0Ep8BeUTmE 4QbwLrOe1Tabell4eQ== ) 604800 NSEC domain1.example.com. NS SOA RRSIG NSEC DNSKEY 604800 RRSIG NSEC 10 2 604800 20130321184221 ( 20130219184221 35615 example.com. fi1kPn544HwVk3M/BhM0g2oyLrRj6XfS+r14 qbVtMtT4s9Nk7hmtKlqCjSvPRl+ichW9cGRn pfYC6cDkKb6VX6RUqtCfN+A1s+f9iX/TPCkY mo4FgxioOG6ZUNBxsbgYsBjM08VwtOf+4VZV P+NvRpbMvmNRJux2Ftba+wB0GA4Bl/x1jx5R O4EI8/hENXxnc+ak/eJdBRy7yDFgBMVvp2ZI 8nt353uXhq+C/HpB8CmQO290GpUStpQlQ9aW e5usfRplUfHLSvF+YfJGBV+7WxfQa7REIdXw 7wmbHdS0iy4XtyGXVs9/cFipP5l82skYl4zb YZol9Opb28njTmdxtg== ) 86400 DNSKEY 256 3 10 ( AwEAAeYgLpfBmR2u+z7sm3aMjWVTGcfvLFIF BQ3zvplCeVrKPlEi0lN0FzjLRPHKsQF22TnS Fxjsu9DKGxj50f7sX9PsaZNRvOYXdVdnrh5Y IJgu5BcsTtpX+npQAAAqUC0nX+m3jJkvSvdW jtRIYF3ErHiCRam6rMDFGSA9IupK+Z7TJfz/ JRYxObYFoOZysVbTELPQjp+hk3QdSBDiYs5q 2KaxFYz9r18BlMUMmUwVNEDTisiF29iju44q n+pcqcRSUM1Fmse9CSjawltXhA0B/WbhYDQ2 kiKO5UQS4Qip3C0sA3KECirCMcJbXEoaIHzX OrkNGJbaCq0boHdytjdQSUM= ) ; key id = 35615 86400 RRSIG DNSKEY 10 2 86400 20130321184221 ( 20130219184221 35615 example.com. Qx8EkBJQK08TIY9Ftt974UC788Nof2zwmCZM 203uXl/Pm6iDN/FgEigcl2IvtuhxrWiEvNJD dINpepPOkusX9apzG1pSs5rMj8RBxhEv60i1 OfBeC7F/jU6CY6f7JvQ+ULPwvQ2e3/r8P3jY 4ErC2rsxSJpAzKkWUWokNIS9e2VJA8FCpJCI oJbesCGXH7ydDFZ+x6+z60xGRIhK2/MoCzGu WbLRHww77y4q1ePC7v35hh4uoMPTwbtaD1P6 pw3ELhXuHMlh+A/K5v7gVfZWYEFipe/r2YhM dbjGdB9/ZTTiQddFBVll7G4EqhSqTA7+elTV RB9EkLCRntIpYCh9BQ== ) domain1.example.com. 86400 IN NS ns1.example.net. 86400 DS 2629 8 1 ( 422D2A1FEADD36337C719964637CA08EB4C6 BECB ) 86400 RRSIG DS 10 3 86400 20130321184221 ( 20130219184221 35615 example.com. cv4HDaasJ4SKii6DPbfHf+rRy/i4WBxRo4Uz 84B5Ta4tB5LaJF69c8T10mPC4jnwIFvcJ+1G h07mQZdt1FyPLMJM4lOEj9Nj+mKEtf25lRtT 58Rph6n95wwanRvuELtUEjeU+F7vMyCj2aFw NLXHIvyWvtbPCJOrSfyB7TPH+sIltOoMCziF 0kHHiMrVqV9CE8hjq5MgdbyZ2/LdF7vYNza3 btNmSJY0WpmoTyoHu9+bMQQdAKHfUx9u+MPJ jbF77yqBIzEkbV1j4eeQ5NLA6YlXmowuhhxF 8U+dko4h7TRxkmq0ih5XQJVoKnih76Dj7p/2 oHYE204X16iJXqKXLQ== ) validns-0.7/t/issues/25-nsec/Kexample.sec.+008+48381.private000644 001751 000024 00000003247 12015651370 023221 0ustar00tobezstaff000000 000000 Private-key-format: v1.2 Algorithm: 8 (RSASHA256) Modulus: 1k6+cu1N1CN90iqofey1vu8jpsmWDbvdOnihGmeaeaCLMMW0tCGci/UyvcC7BJZUgN5q+6LJYgC1+/DLR/cRgi/xizmQOIqzw8TWT3TJDB8LneHHIfXQbMacDHhK62t2SHXDgczWcwF2VMxrSD3LGMnS+b9PuofOP7d1NSLzizwO7aZ8wPqejL6V5nYi5fuUVxrxLMM2aFQ9ORe4WsH9BS6hjYXJOF+J1P6eE5CnN+1W0ty1rQTRS/c9xUOnV3u8FewARgYevniva9vd5d05OagXKH9vJ6FSU+rWAMQfSYFGVZtQepsacrKiXPR1HTW7xIlg/pQvDHSZnSnkGagwfw== PublicExponent: AQAB PrivateExponent: LOxwy9Km3/NYqre6fjsilhW3GX1kcRiSdXFYBBr3rMtUojKvgJsTH9uUeWZvTbTdne4B6yHiqSKRA3Eki79k8i9uqMq2SsP4ju8yJZHLmzjezIfJoHrQ6BxyFcMZoWPzdZkKFKmFwrHpxjjbvFcHvfiAu025Pta9C2o/rZXYC7V3BWQowqYBfukdpZkCEhzFzEtC1ROXN4jPJBwNIma52QTLH6jK5BOfOJ5DhS1SF+r/EkuvXnylApVfjPfUIC8ocVvpn5WLoabWL+eURIi6MvVT59ppzc6WRUT2PxDskT2WUWfw3zq5B7JCM8/qfYIDUHvt1h6JcJHTAOz9Hr2f4Q== Prime1: 8UNey2U7voMhZmVUMpH5C8q7+hp6PQ6dUYd+hjaQVnsDOLPBT+zZf8R3str7pY/xlOOHy+DxYmZ0e17OumSOXTeQR4VSdsr/tpWc/qd2jd1I5N58R4G/yZHgTm8pm6VRb7NwZ7Eg6o2z0G2UEykFeberyg4U6SHBDP6DZNvGrQk= Prime2: 42XeoQUBshFkTYekdeqPfGqC1YXsK0URLGAbPbk8HlOiG7ueVmUnsAS47lyuEJPzIUgqqBbDM+CCdW8AvPJFDXa09l4akfCrLRyAdkreGj3bgmUs5wUFbDZyOHvRFSxdUI8LOcAhXthy86l+wErKwm6sWfd1oPGvMmC1qiSsW0c= Exponent1: JpdjK1+3DcNF7W4Z6LjmwFceeGQR14Bl86ubtnY14k9s9X3zVwiIxeI0T1yt0g7TUsCOcTM7CUVgLne8053QE+MWZgpSZYQVISyPX0CEOy8BQPLBqGJ9vg1idslbO3VXMGngegWgQUSHVbihbesq4AxcI0bbW2s1yRFRDSoGfpk= Exponent2: NbR7bd/21I1S+RSN/ONW2/VzzOYCLv3y3l4cUOmMj0UFRjN7Y8AkLWgQHQt6eKPYigW3PVeS5o+hgAalT/qP4GwmtQDomYsTgmX22Pk5l00AqL0oa6895p69PyXO7Yc6yqnd5te/idzo2S8wpk2DsYPd5KmS+F3cGLPKc9KRekU= Coefficient: ev+8Aj3u6mICRe6Y0NqYTGrXSBMDXf92dI4+CZtwy43cyTvvZSABWvlLTTXf8XAlnnPxszSpG7+e8bQk4A7ZIagcDFSUjzwtVoLqKqbyLPMNjJKqvGW2iTwfpXAHTadd9EmvTPsEVCJnZAvkyn9XQ49phL9IkFzj9kmSrGqnN4Q= validns-0.7/t/issues/25-nsec/Kexample.sec.+008+48381.key000644 001751 000024 00000000602 12015651370 022327 0ustar00tobezstaff000000 000000 example.sec. IN DNSKEY 256 3 8 AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg273Tp4oRpnmnmgizDFtLQh nIv1Mr3AuwSWVIDeavuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90yQwf C53hxyH10GzGnAx4Sutrdkh1w4HM1nMBdlTMa0g9yxjJ0vm/T7qHzj+3 dTUi84s8Du2mfMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB/QUuoY2F yThfidT+nhOQpzftVtLcta0E0Uv3PcVDp1d7vBXsAEYGHr54r2vb3eXd OTmoFyh/byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01u8SJYP6ULwx0 mZ0p5BmoMH8= validns-0.7/t/issues/25-nsec/example.sec000644 001751 000024 00000001124 12015700772 020362 0ustar00tobezstaff000000 000000 $TTL 1d $INCLUDE Kexample.sec.+008+48381.key @ IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL IN NS ns1.example.net. subA IN NS ns1.example.net. subb IN NS ns1.example.net. subC IN NS ns1.example.net. myMX IN MX 5 mx.example.net. validns-0.7/t/issues/25-nsec/dsset-example.sec.000644 001751 000024 00000000247 12015700776 021571 0ustar00tobezstaff000000 000000 example.sec. IN DS 48381 8 1 99477B577BF885AB2512B8DCA052D7B71DD968BA example.sec. IN DS 48381 8 2 E5411AAE0758711B164730F9069CCFA3CAB00391FDD76D04EB3E8610 CAA09E93 validns-0.7/t/issues/25-nsec/example.sec.signed000644 001751 000024 00000013044 12015700776 021642 0ustar00tobezstaff000000 000000 ; File written on Fri Aug 24 15:30:38 2012 ; dnssec_signzone version 9.8.3-P2 example.sec. 86400 IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 8 2 86400 20121220000000 ( 20120820000000 48381 example.sec. qzY4pxbPjaFEQyE960A1GD918TUlhq4RoJ+B QT5pkYo8RvqsN5g2MnfCegfe6ZS2/kwTMmWC XLFyP4bglatyq6YpSb/nCNLsp7GHvkA1lkzb VhvenUbYIvOjUXx6ME165fZbpP0NaUETvG6P LKncqB2ts+Ru7ZsXZqBeAokxvc0Nf3q7JKHO SHIV97zEeGxEbUqnbAVkjJzDeaUuIK6BBL0d 2cRpi385lVcAbDk0byH9l7nVzVeSf7NO06lX j4Nr7kWvDrp3+8G0ArawsjwuSf8++B8fqxPH hjvfw5hpvsKt99muko/gTsL/N3x7bAH9QQRe U+jSnD27HBChCJSFXg== ) 86400 NS ns1.example.net. 86400 RRSIG NS 8 2 86400 20121220000000 ( 20120820000000 48381 example.sec. thEwFRgijT/clJZq37540NFYrb/qPEMXdiuM z1QsNXzNumsuVmPyxTwv0YFOEh1yMesFQGhf AEVS+V9AoE+xA/r+eM64p+OMrxHmd476jyAi eEGUOiNx9sZBEIYXB8tr0RRadWzoRtovpJ72 S6mJ2vBT9BIHFt14BVbQayLwf9mqpD4zQ5MU gL33OxNXRdSsxRIxTyeC9RSSUd5hmCkNxjdX k2ZbY4AlCZPcFOcdI8ZhLWd1mBD+e3xBwPwn OILFQ/VpL5BCTB8Zw4yGAX8W0O2g7eXITD1p /WVKj8ssLW8mlEjBvTC7SBPiPo0T+wt7jJUT kcQz/cwfgGcGBgY0oQ== ) 604800 NSEC myMX.example.sec. NS SOA RRSIG NSEC DNSKEY 604800 RRSIG NSEC 8 2 604800 20121220000000 ( 20120820000000 48381 example.sec. m3GzdLzAPvf5ZUUWISV5cKGyNgDUZSbtKm2K vZ3Pm0vcBTvanrVsi4cyG9lpr0P+LnrRUgZ+ KgoBK3WG24vtLmPRHxdmRctYQ0HsxfEq474N ifwQzaHenv70OTy4luViH1fbBtyUUH1AFeJ7 28Jj9gf6bJ0ZdUNPg0nU5uxqUiP98dEHn6JX MMBGRMWrKzLM0QF8BP5P2BQ89JHnHVxDrzog CzG9Uf1+bbd4j4QVvWjk3m7Wqf4Cb/fezMsm lyme5u4yo3phrPgYCWWCgd+IssU7dNaxMnWE uaycDuVSRmBotgfm03ANUiEbKb9arcfukSbg IgGDyvfpvTzcpYi7cQ== ) 86400 DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; key id = 48381 86400 RRSIG DNSKEY 8 2 86400 20121220000000 ( 20120820000000 48381 example.sec. G2GT1BOwgV/uTbJf93jmUvl7bmu9I9gaV3B9 Iol/FeOE8/GQhpKYCM6zF6gT8iZtFJ37IYgD tF5Zi+9nWE6HfvVtB6cltAL5Ud0Tkzuwf2XY XsqnwiBmFlkJJgzNG7po0gkCWWrUpv+kg0Mn 0JJfmSOvo3srOyEg42pAWcEJ7dvAz/DgcOCk ef9i4cxlRRtgWE4a4QkHH/V7pFDAOEvWkXg3 RUih5VIFM0POxnqgS/QRbca2Zm6FyCgkbHR1 QF+ojRSKGVKkE2VbIcPX7yUcBagg6WdkWjri ZHZlwgF0bzbBNTc61MYiSK/PyDQpS1/m2JPd OVidiTu6ajWJpUo6jQ== ) myMX.example.sec. 86400 IN MX 5 mx.example.net. 86400 RRSIG MX 8 3 86400 20121220000000 ( 20120820000000 48381 example.sec. iDUsHGQ4Zj9vEDUsojq08tVxOG6s+wjs3Qtf DFXVPeqXmThdaMIVALzUyJYwnU0a4RNaM0lQ FcFiK3y8fGuvMYQVUhheKBDLc0MmAht9CjJi faUNJaNSTw/rjWtduJidzEaWUk5lh75YV3hc YPk54jEbgTYTEJKCbfgDfRVShxAk64TM++Sh xKSSW+4s2jKr98coYCcWYsHE6WlJXi0EJuDb o84YG0MKoaURNcvEwWBwHhpxLnzT+7Yg7/AN 2bmogQLy40Yr8bS9DiyBZikXJt01Bj+2sTrw t4JIxBPCPy08YayZzYcMLJ2M4FL0f633bWzX 4CPKb0ZLimqsAPXbPQ== ) 604800 NSEC subA.example.sec. MX RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20121220000000 ( 20120820000000 48381 example.sec. ljtWqo0kh1F5NZ1vNGaLipgKCxEQ+c5deq0I 0wK8xOUSCjT5q8Ac8tIX6B50NIjw65YpOfQu wzPVJM8PSsBA6eZuKIBKKy0MzD+X+eirunvS wpJ6PHix8C4/eChrNZlEJs4AX6Q6nVuCH4b4 rIDClNiOTC7cXiWSK3FWgCzWpgWpG5yusRdb EzDCyb5UTfnzcCZdjBRjXRA1c22nODgIlgS2 rqEJqn2o79CU8bYMx/LCQ96CO9y4XyVwAayK ekSo6f7w7YPcwb9aFURN2mQ7ZP1sGxWUifVx zpLE7aqM4fhlanG8OGEyvCZd2uXbtkdlw2m9 LGN/2omLoKgBK77JCg== ) subA.example.sec. 86400 IN NS ns1.example.net. 604800 NSEC subb.example.sec. NS RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20121220000000 ( 20120820000000 48381 example.sec. t68GfTtpxY7WZ8TVWBEEQdcsORVdG8a7hgL2 MMQgMW5K2DmdURAW3mEf8m8uXU2AwKJ+xCWL /LXVfkxqFMVI4dyn6YGLbCyVv8RggATIt6b1 saEFTvByo2WThWnJU3r8Sq4LV35NurjruZ/o DJVhTc//zPSSIQpUrz2kuUcOsL+djG3hJi+/ TB7CsrLGdEaD9elTwwAk9lvy0ZvfVhN63w0Q BPMtSRPkARNfsHLJS6m8zutcUIbAPBF7FZDp PUly5LNvZYbUQvFwo7A8JaZBUOBjFZ1apagt FV3dBVtRXuBIBraFwJjUuKIApX177uYpxD8l kDTfWeD/JD95z3a9Gg== ) subb.example.sec. 86400 IN NS ns1.example.net. 604800 NSEC subC.example.sec. NS RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20121220000000 ( 20120820000000 48381 example.sec. LJZFwPB4Aw4dLfqUnjmv3zeoKm/3ZZyHRusN NniNNct8zaH7rqfTZHQoSBMH//YyyeJwQ7uO 7YIRIJvIi3z1iM2FpxuHihtUE9fIHPOGpjo/ t42bh611Lod+OReiukOaUOkhavg0wMfYEX99 Bw2V+Sk5z4UrLwJd/slQYjow4ZnFIubpJhqt gw0fsygW6wb3XN9zs+nNo0XD1ksdQOyKu4tA ZmYXWYCEbw/BIg8BDw3TnqUxbV44namLTSUg 97rA/90Nh/s1tsDQ3RbL7iaCbBH8ylSyCz5m av1L+WK51LUJNgzm/fNJvI9kFzUG8s9oespe f+r2hqgomotK4WdxMQ== ) subC.example.sec. 86400 IN NS ns1.example.net. 604800 NSEC example.sec. NS RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20121220000000 ( 20120820000000 48381 example.sec. twkPkw069EOqYcUugvM2qD7+/Yk51+91WRnz Cq8AR8P4KlaBvahWg997haey4q8wV1rXsAXu lMc9iNgmX6TaIiHoq9kMXumELWzE8Oxa/ymH vvQnMOk2j0zcKh/7lyGeTX7cpSvXhz450XH3 3EfQeb6BLzlwyXgfnx/kGLS/lIez66Py/92v 2M87By7Gx69dv1vbBleeVxsYKmKe+sal7Ayl ZPP9+NlOqZqDBrCXvwOmn+ScfCbeYxgMzmcf 2LMBEGxpDHRfBuV35hOzOVCce47CCip1Xian Jmnh1A3dqZJXCrxFZidvAYVm7jEtAI8FS1OL VjBf8zzsLfQKiMpeGA== ) validns-0.7/t/issues/21-nsec3-without-corresponding/example.sec.signed000644 001751 000024 00000035170 12015710321 026263 0ustar00tobezstaff000000 000000 ; File written on Fri Aug 24 16:33:53 2012 ; dnssec_signzone version 9.8.3 example.sec. 86400 IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 8 2 86400 20120923133353 ( 20120824133353 48381 example.sec. QySkSzvLPglLtsg976XY0GAdDCzZY9IEiVrn PAsFloXokhd3sYDi+/Wg+XNNPasoqvUv75c9 JYbXyV9ZF0axe7TVvCmynNi2fn5xvfU3MbiX bQqkoJq708xLtxkDjkKj4wo7aLfNXqItdvlG 8MBNI7lUMd9V1EAp1+sKz4oCbAm67dUZsJTs NNQewA2NTkZG8SLU12ueBoEm3SFIkDaGf3pr BqFKnKo7Dpi5quPydRyZv23lDkAFv86eMBky 7Ftz5JSnTrxQ96J5idVzc+8V2VJJLCMps/Lg 0f8EWXU13oy8hVNHgsbMkMgwuhK0TpoAQ3Xu 12I+iB9gXmOB7S1TWw== ) 86400 NS ns1.example.net. 86400 RRSIG NS 8 2 86400 20120923133353 ( 20120824133353 48381 example.sec. jq61ICTW2ofwSICLNMF5DiPO1wH6Y8t/oDO6 5Rz07pV02fSbEZXHpap4MLne0ikOqKPtFhsP qdircIdp9SccoXq1biKu+6yw0sGRwbR82Foq 4LIgz9yoSr0W2bUICSaa7SZDtnqpTj9tyVVx 9hFWM1DemqyU9k6wi3Qtvqyge9NRH2IbQstr Z6IhlpKlxeNR9P+H0aoYEoqfYIb8rSlv9KFq wB6HeBCgBl0rJ/EpHQI9P9SZzgvgVjzAgWzb yXCmwkDUoFNDaIt+6rbWIWxTO3NETVOPcCRh fWFJpahmKqy+7sQOdXYtOkUp4T48bMttktMN jGx0TDN6hDUWPOGKrA== ) 86400 DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; key id = 48381 86400 RRSIG DNSKEY 8 2 86400 20120923133353 ( 20120824133353 48381 example.sec. CxJvtfEuhQr694uCQg6fyz2sAg+TqH242DnL BSidvv9GzKZdHiZs+iFfcrGC4nJ3pTeWMv5/ zp2AXXkpJeCdW5Gy1xy9aexDRJuUMaFzE4xN v/QTdDzBWJBujDNM1C/HstntlQvOGLLTFGsY JCfVguYs0qqSPNd9fbDs7/edhMDe3f6v68+O UISrEgfy2PJpGeg5idX+63G4GE0OOa08dwUw LJQAGpobUjk3TjSh08jllQ21iQIdUV1pxfrC qBu2HH8ZMlSpk4ZoTsDKCNGy5VMQcRxtOOa6 9kTcmhNakfxnK+24Wu+xjqmmIWBPKxtmhYfw IlzGSu2uuGd7PvwovA== ) 0 NSEC3PARAM 1 0 1 94CD 0 RRSIG NSEC3PARAM 8 2 0 20120923133353 ( 20120824133353 48381 example.sec. N5gosx8Suslg27+3wPYAP8gXeH91Wc4ebH5H mZMkEL5b0ODgSvVgPhwTRRE1/SJGzXGWXSpW VopGKMh6SLBNAmfi6gsRtIfPutJA6hmqRtqK JiKEi6Sy3gRLKPJC1Hd/v8K2rslSoCFFsive w5cZBonS85f7n+BA9VglfQmPqux2/LvykcGS /tVGz5zZXWRdPPapj5e+TKrBfVglmcaIL9uk c4uMHtSkdwlKrXV2SCPK6H9meYIsEg8SvIXN Kx2Wfo3hvD9XINYRKwsN6FGFYrOvHpdJI/Mz QUZ70+nUQU4sbV3Y4yoHhI9Y8Dn8khdCqjCg ynbFt1GVrA0QobO9WQ== ) 9.8.7.6.5.4.3.2.33.example.sec. 86400 IN NS ns1.example.net. 1.1.1.1.1.1.1.1.1.1.33.example.sec. 86400 IN NS ns1.example.net. 6.5.4.3.2.33.example.sec. 86400 IN NS ns1.example.net. 0A8475SNU6T5P84AMC4I7KAEAMKCMIAF.example.sec. 604800 IN NSEC3 1 0 1 94CD 1F02V227102AEBUICGPQNPFSMSQ56UNC 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. mipK0k5i2YVpsDosay3tcOBgvykaBn9gaDJN /otEJTXurcfGkRria5C3AsTrq68PIhM9Ct5v bJxgaz0ab1hBHhDe8AZNVzrqrYWmmSgpNrBk VJTx3YnYUuO25MYEEh00/1/JYyHwaGdtjkoD KAwAUt7NqlLZjEHWlZUap+2sxeq1T6l6owDu xt/FNpb8QdUXYK5lsaqCWbNTHWQ3F8n49h1Y ve+m5NtbFL8+7qxrBRSC68eBTPrQfsAym4oB yU05KTFLgHgI7CrexI1dyx+mb19LA0IVKGas bo8lD20VQdiGuEflZj04rihXmJYGU/rNrV4r BhyABAvc26GMfGIa1w== ) 4H7F6LT6O2L8EJJEK17S0MPTF3G1GMS3.example.sec. 604800 IN NSEC3 1 0 1 94CD 6MMR4M238C6KQ7OL4J0HD33VSF2RBFE6 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. lX7thD4OK1v7YDU4waKvTR/YZN0c/jpLcZRh vEw/wVY6o2ZjC4DPmFlhHNDGcNil1Dtwxxnq iO4T6iNZOWWnnGy3WprLlO9hN6eZvC3c0jio uDynQyHytpwNIUtLSiHEqhNZUUt2f4BK0C6o oMFepT/+dKBuyK+FWWkjVswrhmPbpTvnKUOh ob2ONOh1UcOhjtTjl8kr51DnDe6/xOACCi4L a8UvTLRROvWUoQt4U7A8n4svrc7oYTh+lIfb I/6NYX6loVa9g1hiipx+Kn7VkcGGSTWP5lFv jx3nl9QyrqZYUMeCyF4FgYv2R029bxRJM4xN e03+Kwof3LuK6RiRhg== ) ANUH4A3TCIVO884LMD5SA3S1563VKCOG.example.sec. 604800 IN NSEC3 1 0 1 94CD B23STANUG8J6J7Q86S978IDEOHR9SKOK NS SOA RRSIG DNSKEY NSEC3PARAM 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. z8HofxVlX+519QE5aW0uywdOA6O+YP8y5Yr5 wJlyyLefw5Fti0dmU7qGzR5NoOxTfyH+lJDb 7IPB5DaA4OI3wA6XCHJ1CVrNZJ7kKOt35L0N vR1cq89V0wISlfVSMa4Lh6qOvfjEFcpZOziQ +G9s2hYdKQIxHEAmX35H+ZK3yDuWKgGvZCiP wARqDipOzAbsgMUXUFT4/q1YhXENU44yxMGv QoZWskJ5bfrHWvZY/PDPQX18JziMM5zkL+sJ 32HtIl2Ji3bPboqbGKrfXg35v6LR2oNl56Bq TTFFmGwUr0GOhJhtJOHxtxJ7gc6JBkn6MdG0 Rm41tHPCdsJqi2eYZA== ) B48FHI6PGSEKSCPQHI53K69GG9QPT86F.example.sec. 604800 IN NSEC3 1 0 1 94CD BUA7DPQPLLPMOFP3570HUGOCO0PMK9TI 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. ByAqe7JjTyKwuudzVHqZTQCtJLT3NSlKVGvQ EcpOVPr6f4VXHCpJ2U0uw1SgdzZgw/trIo0z MWY0MU94NDPZ0jt0G4Bz9CXF+MJSOmXF/G8D +DEvC0rdeAi3tMupIGMyAkkeL3hLiyo7FCBx SsuqWu0FQ5Gd2PTYUXiSX3ZG9NlTtDgjHtPS doAfO5ZtIJyLXUK6hWgEdNrfJOM/yDh7AS0y L7oHhk7xoGz+6U2ZoiScEIZ/wg2Ry02fvRgl CdkfQUAWctgpeBybCkImdlE18Ww3jPmknTcw fFpIsMGvdHW/yh7YMPibf9brn+l53DC52wQF hXENXf1Igy5KfMIgDQ== ) B23STANUG8J6J7Q86S978IDEOHR9SKOK.example.sec. 604800 IN NSEC3 1 0 1 94CD B48FHI6PGSEKSCPQHI53K69GG9QPT86F 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. YpjhuKP/CxZi1+/xsnYlq3Hb6KmxjXu7NaZ7 wL2+m1f5ffB8cu+1VMdMjXd9rA87KM+nZmIH ZgkM13BjscZYfZrD1QxTHZOpK98DsP0BVjab V3YxS99SrpWIWbsSGSnGuVnTIFg4Rc2Q7UY0 cPz2aPbTSjaYtmE+b4DS5KtZpsQUOc/mlPU5 1RiMkMOJqSnflQY922C43Xg/DaywBWaI18b1 gyL5wMyZ2OU+I1EVK1e/Hgp3xTU+VZFfH981 ooZvbHxTqvR2RPN/CiRmkb1j8OR8rtzQlAUq zE/N2G225694CXjbhnuxtMQDnARZ+YY59efI qRVe3R3RVwiIvnxubQ== ) 1F02V227102AEBUICGPQNPFSMSQ56UNC.example.sec. 604800 IN NSEC3 1 0 1 94CD 4H7F6LT6O2L8EJJEK17S0MPTF3G1GMS3 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. Sl0o9shH2wSZ11t342nNF8umWjmCc6aFTPab mhRnFDzzG2d++Cx4dXMsasDtUVspKQheiowA j6HZZSGYEQfmW8XFs5Hf4h0NVkQ83i3euXGl S1zbM0DiaGbNueIPSEyUBOyR1zzaBjzyhf6P axvora+y5Yb/UeiFQgvZY6JKBib9RHT61Dpk 8C30CK+KpBRIAa3nu+oESqP+qe+UDF6Gia8t Mn/8BMP+j070A38lrMFjfGmKq5QzMKP86Jnl dG88wXSmUe1EzvUM7Y/djimPvGfSfIFl7J8t rhQ3Cfs/Etu92HfQEqAhCg94BCv95RJXf9rj 6P2IRl7fn7tz8DPtcg== ) 71FH7088MFQ3GHCT8F0NKT9PF3BT46CC.example.sec. 604800 IN NSEC3 1 0 1 94CD ANUH4A3TCIVO884LMD5SA3S1563VKCOG 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. bFgJbtvnx6+ICYygvHrxhuCgZxcgUFA24pQl XwVUJqVgP+t8AfJ0GNURvoli4sxAa1ujJH/1 pdDrSTUSswqBClKM+n0C5Z1ZVEDdGLMsjxfH hRcnUaup5dwC2gwvxUg7ZYxUjxeCiLOc2UEA 7A/ASY/qwtMunGeXKFycY93k0F6udeFqnIFG jqR2yAoi271PbTkj7osSIJZJGi5bGIGlKDpu ht30LBfG243IlZeAm2nxg2vE9d4Nd+ZRlMJ0 8H9vahBubbT0yfJiREnILL14i4FvST++5i1y iaSRJPH2rMUp4oSsTvh8W07LjiytOG8IJkyY T1A2UFL/DOBxD2O8nw== ) IR5OEOOO61L2NLSFRK4OLKUJ6FEARD1Q.example.sec. 604800 IN NSEC3 1 0 1 94CD K9KP0QD9J3T0F3DH2LQPPB37CPPNP3PF 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. scrCa9zRBY4h4gHoe/esvDALkI7c6x6vXY4F pA7AnTb+L5WCrfp6tXiINwQ1Uvv16Olut162 QHdAe7GW1XQGdbuJ8tzBtQ9YkS6DvArSYYjb KiHMFND1dvy5UBc7BWJwM7ysLwdjEfiYkKBs WIZ/bfE3MbT3qRou/Kv8WQa33ELlkZ7x6sEs 5Era4soZ7SRzN4jba5r9TBwJoP9VQn7uNl2r h0hFclD4grfUcMZRcun3voVoVmpY/72xStsc r7btSUfDrzbcJP9W1WYcPDbsmyobY4QrYSCO VUzBP17DjEzIMztg+u5R7FhClb9lZ6qhrikW KtcOq3+nKs2JauRM4Q== ) BUA7DPQPLLPMOFP3570HUGOCO0PMK9TI.example.sec. 604800 IN NSEC3 1 0 1 94CD DGRBPEHGU29PPOAAQS0TK0K8KJLI60CF NS 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. EveB6krVUhecm3eWRh55oiDuHOfceimuJSAy 4KNd59B/+8FBB7U6KyaLm9YGZDP5d3wyP5Py 4G8z6j7vdTGbLTFsHyOxHwU1MGEqZU4vIB7N LX3P42CjD9FKFfTLS8ig0HJaxa/wYRMoxvxa fIPZZxuC/NR6ULLr6t7YIWp+rktew0vXAaPP tgmfEU9zAMqYsnKhyTttTT543btuXfHBg9th csf9dEz+p/lq1WZbyTTR4hs7ZkRYLA6TCI9q vxee5Hsfhjv2k1B7YA1AFCikAt3xqbxcuhir KpW66JXjbrp5ZxONejbYb3SLdY3PpWg2Al2W WHSV6e0cVZ47QsIFzw== ) K9KP0QD9J3T0F3DH2LQPPB37CPPNP3PF.example.sec. 604800 IN NSEC3 1 0 1 94CD MQAMDNGOIK8QUBPB4GDEG0EVOK91DQJ6 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. UFg9mb+GA3lmzuN/bJUdHf1o65i729zK0NUZ wQGscZD8q6vY+cPuaCGZxPBdIe0Jaf2XXzjp rJVyLwbdYVIR4IuoUZJLQbCfGOrBxp5BHTf8 ybft2+7foWAAQc8GNvhYKkmEpHdyfUWLrj8x Z4U+NP1fdBvO43TN0upQyeYTNa6E4umgQtYa zkMXeeQWf4+vf0Ue14rCEtCOFN2BDksL4mJF c93c1MfRMkTYX/2L7dtAfDgwcywdU+ndqXJv XC60MFEJfj/7oHO3LUQd1XdkNqg4gnyx6TgN zBcUXgN40FUZzRTHf5sXikmhm1Jm5Akaaune NB0mJ4DVzw8XLdDy2A== ) MQAMDNGOIK8QUBPB4GDEG0EVOK91DQJ6.example.sec. 604800 IN NSEC3 1 0 1 94CD PFQHTQGF3T3O7NQ37E7APPJS4E7G6FQI 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. aREhBMyCg3PaF9cbN2jS8Imj3GrfwrM2C3gU zVcJqD1SxPOGwr0UQq+IJxp2jf/4gKyGIU1V TQ2jFkdNLuF4tHtu4OQCAYwG7ngtawm/bT5J R7ecSVRQOmowEZa9/VbF8qN8EuTmB7L9wB2W 2Efj6moE/Yt0SLJ5UIbRoKN5mJZaxjzWOif5 F+xE7yi2JVOve4mbAkxV/cqYInksWedvrKZt SMBkIYbritHml3EHhI4MkDzAyDhw6rgY6P8I tWCgVZf/8NSTW8J89hon9y4Z5CZuQHZigdkx DVmcd6tsNyPlTP8HT4D+z5SaSD1GFKONjk5Z vYu3LXMlw2OT+8UsXA== ) 6MMR4M238C6KQ7OL4J0HD33VSF2RBFE6.example.sec. 604800 IN NSEC3 1 0 1 94CD 71FH7088MFQ3GHCT8F0NKT9PF3BT46CC NS 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. gH3QQQEbhWs3lNZn7yL+BMg8jOeILxZCMW4e 0iOBAfWpMxyxgvv9Jy3X9SQxui3zso6CfaoU av6bMupDNYvGsRb2e9I9K3KQKv48wI8Z7UN+ /z1RqXy7izL4MX7Df4EYnKvhi0eLGI4hBJLq my2AR4wswQiPG1tnBDa7lbx+o85GtHlX62lO MD8lS5CvkSxDMBb5bChR5DYl8NChdtaSMxRD yH7DZ6CI6t7ICUTKQs2aV8S6OTHmUQvDyA3U KThFvxPdSv9Cf+FAQzN9kwNSGC4gxjJYQtjA XjEIc+2ZPtOYI8+YJpAlNtR0kcy9TO5M9ioZ tEvquxTTQooWNuxdTQ== ) DGRBPEHGU29PPOAAQS0TK0K8KJLI60CF.example.sec. 604800 IN NSEC3 1 0 1 94CD E7Q5FM6A5MAMV8HQ7O6A8F5RIF1VJGMO 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. xH7j5GQt3bah8ezTmXZ7/LsWLHw2PDCrmBtA bEuqpKS/O7HvwVkQ1tQp1xznzpifDye2TqKH tnEY6sWJ+hbByDrP87j5oP6ZuRTnzCtwUU6c qqfEUV0JrAptkx+kxC4kLGjdB1OvaAiXvRg0 fhBaY458MLwQh7AxFsqv9Jd4KtJeVtm7PcWK VoHPckh2LdZJQyiUl7+5zUKhsGBzEqU7BZck OLPd6ccVJrNkOXfyrsYHj5NXILFtjJ/+avaY kiTYYp8ix9bSLG6LBbWuaDNcjgGV3hI2Woo2 onBRmHmuklKgmmmbZ+YRT94FZnkrQRtUlRo1 nRLQN21PBXCOfwYQAA== ) GGTEST9KCG7P1MNV2U653M6CIGD9Q6UJ.example.sec. 604800 IN NSEC3 1 0 1 94CD IR5OEOOO61L2NLSFRK4OLKUJ6FEARD1Q A RRSIG 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. vAQghXrUpaoGUONOUjKRSxBIno5udi5R9GhP L/ocMnuUYtIjtkPqFNmuIFpqMKOy34aox/TD SPuZjfb4+OMcdHw0Zz9FT6U/jw2B2aAWcrDf oU6HasH3e2lCUZizwiaCPPhFMuBdZjuwMqHN BMCW9JfsJ9ohKl+OJ7i/eS0MgAWU7/o/hmAl NRA4Q9fCUlivMQ+ZW+GUBLDzZh3tDMsIXhTK EenhqSZdL563ZmRnxe9hg2+rjp7T42UxtzUu MCt71MGnp+Q4ki8RjubLyDsjNbW9oXs02EwT B7Exydd4GHGXBiYdUt2fFHp1pJ5sgObvSoue FTw3xBWZ+TCnuohK/A== ) E7Q5FM6A5MAMV8HQ7O6A8F5RIF1VJGMO.example.sec. 604800 IN NSEC3 1 0 1 94CD GGTEST9KCG7P1MNV2U653M6CIGD9Q6UJ 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. NtTit77tk2WR/L0n3LcBnzceSfceR0y8bJjx 65oUXd+y+nu+c8I+OxmRDeoZHcHFvjH7TOpK /bET+/KUbs/43wMYsq5pIRAq6iY+pNZnnkOQ 8P4lhKm15dpFb4dO1y3rXQxhT278BMoRDrMH sOTveerXFOVI7hi7dSXsZp34to7hhdVrsF36 u00ogWJERVIZll3sCQOvKWyfFI8f8M69vWw1 o0U4OR3iWmz9L0zgIgxxSHHKnBZmW7cP+zW9 D746pMchP2TAYB43LZAMotU6jPLgWCcF0olz 73KJdziRJnko4ARx+iMgiWOUw0ujvCwK5kDo lTmrDPe6/z8aXM/roQ== ) VJ5SSNKSNS2CP5O6DCDDHK8HLH6N7CVC.example.sec. 604800 IN NSEC3 1 0 1 94CD 0A8475SNU6T5P84AMC4I7KAEAMKCMIAF 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. nP9dmjAs6A4GdtsD9Xk3S0WOt5Tg9cSXJQDT Ff+bd95AJKUeDRk0L71iUa60CYAHfDLI60gp M5JgO0YgCloLzV9UFvkDj7Fe+v7Ptyl9mdEk e7KwLBSVJyRsKMbgB+BgvenXEOH9hIiG+8CE uokdOvUEERaUYk3zaoA5SScFGoVy6v9GwCcq adUC16d5/WyNuaO2InVl2ug8dX1WtnZzdl09 evjhKiDiLABJ4Z1sLvkJsaNrwFpYn+Xkdv/W MIb08A9FypXXavAV3zJJZyB2eyQG2Ae8ozNs r7H06agUsiZKKMYtusq8FI7ISmgHPKbOu3ZZ dT6l4pFLmuXimm5LmQ== ) PFQHTQGF3T3O7NQ37E7APPJS4E7G6FQI.example.sec. 604800 IN NSEC3 1 0 1 94CD PII3ACEVPP84TH3B1FCEUBN9E8R1PQT6 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. t3PvXIfG9zqm90xrzWhYYcvSB8ZO26ia3c71 uXs+3XS94BJF8cnvecAq26YTmbwCkm4y6AQg 1P3VmM5fZqHHq5eGthdSMgACpGYk/1KL+ZtU qJ08LbtGFLS/Ai1YNOu+xVFj7Z1D27rAghGb 30z+qjkkgNKgF8RrtUrQtuZZHYljjypJ0bhU ehZitu87s0tLIGZIK8EvZ1lkAr+RcdOau37x HGIYSX262YOd7QZ/XytwhpnxjU6z99EefOKf sP9e5U1Q76czO9iptn8m17lkEKIFEEP8jUtF KGR1Qsb6PgDkAV82giZDxgFlq4WarIk6olu0 K03HV9skBS5BV2HqOg== ) PII3ACEVPP84TH3B1FCEUBN9E8R1PQT6.example.sec. 604800 IN NSEC3 1 0 1 94CD UB3H790SAMOQSDHHGOFHG1SBHU35K00O 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. 0RfXq4uTIqZJQzcGQ4s1FzIyafMn8Y9gO7zp Lf59a81Wr7feYG+KuOXc9sJC8Kk1Aerd1bSv bAmskxHxBI2cjjI4S8JDSGVezymeqMsopoEH c8jiACBjc9rCx2Z97YcXElo8PxE9AkC/a6/V PHXGr0aS3P6QB1O9AHE1rIv5t9mrATJkE1TF CH/ravS0ZaSZKPCLw7zSDObT9K4OazvRJHFO VAqd1rX8J5SHBs3ss9p3kBfnedaMNb2GLfjo Tky+WTIYoHexC2s4Kxdfj/8wWqlhw6JIcO9X g7Tc500A4/58YU7JqmLfu7a3H0kVF2oXwxkA KPlfulSsPGFYjB+5ng== ) UB3H790SAMOQSDHHGOFHG1SBHU35K00O.example.sec. 604800 IN NSEC3 1 0 1 94CD VJ5SSNKSNS2CP5O6DCDDHK8HLH6N7CVC 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. kWKeBzW7N07cmtm7TtqzJfPJOcxNHqr7nQpJ XqyRe2SvNlaUJpxqgTOQn3SjrsG4GUA5+j6Y Y/MjScGeSME0xIWiPV1ZBGnm/9mB8FEePK58 PvBLa7SlKj2v3mvlMlZQzJa657NtV5hbaVcx JP8YbK2W4zTGS8htg2VZMvRSfSV8gQwgKQlB BGeIeM+xfYkrxvklRfLl6+ogZlJVfPH71SLO PiEXrvfxU0HWbvej1HsNXdQDjv3Ix5vd8xZ9 QW4pyl+BHe22+Dx/TpAAoSXGdntuKuZqPF6P bpBZrMZcqdPlODnEUBgzGB3ChaZvaf4BlHzs vYqwsj87D5atXL3pOQ== ) bebe.meme.example.sec. 86400 IN A 1.2.3.4 86400 RRSIG A 8 4 86400 20120923133353 ( 20120824133353 48381 example.sec. vIeL1Bu8xiDbEn25Uard5kbWnI44qm7zMm7c ZRTHlvfBlEfo0uAqdOEsABmIDuj6bYfqifHC 6YpsPU246RKOLwZ+FGZn9hTiWkixCu4gi/Cg ynKCgRNprJdvRTiGTQ5glS2q0wNwn6SSgBAD F5W6wu/R6k2MHCzJHoR45xLwwsDBqPAvPMlB NgrtQh+L++zhvC5bw78WBnLY6h2wxlgby/6O qwiYbHborqhQLzIYmneOluceptx5gk9F5B10 8QTG8wDtACj2TcKUT5vQ8+ZzmC8l3CNKVoKO B2PrrtfNEaCNfYIjfW5d9feZkjxxqLSzrMTg FZT6ntGLpEOxDRgYxw== ) validns-0.7/t/issues/21-nsec3-without-corresponding/example.sec000644 001751 000024 00000001124 12012522162 025004 0ustar00tobezstaff000000 000000 $TTL 1d $INCLUDE Kexample.sec.+008+48381.key @ IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL IN NS ns1.example.net. 1.1.1.1.1.1.1.1.1.1.33 IN NS ns1.example.net. 6.5.4.3.2.33 IN NS ns1.example.net. 9.8.7.6.5.4.3.2.33 IN NS ns1.example.net. bebe.meme IN A 1.2.3.4 validns-0.7/t/issues/21-nsec3-without-corresponding/dsset-example.sec.000644 001751 000024 00000000247 12015710321 026206 0ustar00tobezstaff000000 000000 example.sec. IN DS 48381 8 1 99477B577BF885AB2512B8DCA052D7B71DD968BA example.sec. IN DS 48381 8 2 E5411AAE0758711B164730F9069CCFA3CAB00391FDD76D04EB3E8610 CAA09E93 validns-0.7/t/issues/21-nsec3-without-corresponding/Kexample.sec.+008+48381.private000644 001751 000024 00000003247 12012467245 027656 0ustar00tobezstaff000000 000000 Private-key-format: v1.2 Algorithm: 8 (RSASHA256) Modulus: 1k6+cu1N1CN90iqofey1vu8jpsmWDbvdOnihGmeaeaCLMMW0tCGci/UyvcC7BJZUgN5q+6LJYgC1+/DLR/cRgi/xizmQOIqzw8TWT3TJDB8LneHHIfXQbMacDHhK62t2SHXDgczWcwF2VMxrSD3LGMnS+b9PuofOP7d1NSLzizwO7aZ8wPqejL6V5nYi5fuUVxrxLMM2aFQ9ORe4WsH9BS6hjYXJOF+J1P6eE5CnN+1W0ty1rQTRS/c9xUOnV3u8FewARgYevniva9vd5d05OagXKH9vJ6FSU+rWAMQfSYFGVZtQepsacrKiXPR1HTW7xIlg/pQvDHSZnSnkGagwfw== PublicExponent: AQAB PrivateExponent: LOxwy9Km3/NYqre6fjsilhW3GX1kcRiSdXFYBBr3rMtUojKvgJsTH9uUeWZvTbTdne4B6yHiqSKRA3Eki79k8i9uqMq2SsP4ju8yJZHLmzjezIfJoHrQ6BxyFcMZoWPzdZkKFKmFwrHpxjjbvFcHvfiAu025Pta9C2o/rZXYC7V3BWQowqYBfukdpZkCEhzFzEtC1ROXN4jPJBwNIma52QTLH6jK5BOfOJ5DhS1SF+r/EkuvXnylApVfjPfUIC8ocVvpn5WLoabWL+eURIi6MvVT59ppzc6WRUT2PxDskT2WUWfw3zq5B7JCM8/qfYIDUHvt1h6JcJHTAOz9Hr2f4Q== Prime1: 8UNey2U7voMhZmVUMpH5C8q7+hp6PQ6dUYd+hjaQVnsDOLPBT+zZf8R3str7pY/xlOOHy+DxYmZ0e17OumSOXTeQR4VSdsr/tpWc/qd2jd1I5N58R4G/yZHgTm8pm6VRb7NwZ7Eg6o2z0G2UEykFeberyg4U6SHBDP6DZNvGrQk= Prime2: 42XeoQUBshFkTYekdeqPfGqC1YXsK0URLGAbPbk8HlOiG7ueVmUnsAS47lyuEJPzIUgqqBbDM+CCdW8AvPJFDXa09l4akfCrLRyAdkreGj3bgmUs5wUFbDZyOHvRFSxdUI8LOcAhXthy86l+wErKwm6sWfd1oPGvMmC1qiSsW0c= Exponent1: JpdjK1+3DcNF7W4Z6LjmwFceeGQR14Bl86ubtnY14k9s9X3zVwiIxeI0T1yt0g7TUsCOcTM7CUVgLne8053QE+MWZgpSZYQVISyPX0CEOy8BQPLBqGJ9vg1idslbO3VXMGngegWgQUSHVbihbesq4AxcI0bbW2s1yRFRDSoGfpk= Exponent2: NbR7bd/21I1S+RSN/ONW2/VzzOYCLv3y3l4cUOmMj0UFRjN7Y8AkLWgQHQt6eKPYigW3PVeS5o+hgAalT/qP4GwmtQDomYsTgmX22Pk5l00AqL0oa6895p69PyXO7Yc6yqnd5te/idzo2S8wpk2DsYPd5KmS+F3cGLPKc9KRekU= Coefficient: ev+8Aj3u6mICRe6Y0NqYTGrXSBMDXf92dI4+CZtwy43cyTvvZSABWvlLTTXf8XAlnnPxszSpG7+e8bQk4A7ZIagcDFSUjzwtVoLqKqbyLPMNjJKqvGW2iTwfpXAHTadd9EmvTPsEVCJnZAvkyn9XQ49phL9IkFzj9kmSrGqnN4Q= validns-0.7/t/issues/21-nsec3-without-corresponding/Kexample.sec.+008+48381.key000644 001751 000024 00000000602 12012467245 026764 0ustar00tobezstaff000000 000000 example.sec. IN DNSKEY 256 3 8 AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg273Tp4oRpnmnmgizDFtLQh nIv1Mr3AuwSWVIDeavuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90yQwf C53hxyH10GzGnAx4Sutrdkh1w4HM1nMBdlTMa0g9yxjJ0vm/T7qHzj+3 dTUi84s8Du2mfMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB/QUuoY2F yThfidT+nhOQpzftVtLcta0E0Uv3PcVDp1d7vBXsAEYGHr54r2vb3eXd OTmoFyh/byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01u8SJYP6ULwx0 mZ0p5BmoMH8= validns-0.7/t/issues/24-delegated-nsec3/example.sec000644 001751 000024 00000001053 12015706757 022372 0ustar00tobezstaff000000 000000 $TTL 1d $INCLUDE Kexample.sec.+008+48381.key @ IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL IN NS ns1.example.net. sub IN NS ns1.example.net. test.sub IN A 127.0.0.1 sub2 IN NS ns1.sub2 ns1.sub2 IN A 1.2.3.4 validns-0.7/t/issues/24-delegated-nsec3/Kexample.sec.+008+48381.private000644 001751 000024 00000003247 12015706246 025222 0ustar00tobezstaff000000 000000 Private-key-format: v1.2 Algorithm: 8 (RSASHA256) Modulus: 1k6+cu1N1CN90iqofey1vu8jpsmWDbvdOnihGmeaeaCLMMW0tCGci/UyvcC7BJZUgN5q+6LJYgC1+/DLR/cRgi/xizmQOIqzw8TWT3TJDB8LneHHIfXQbMacDHhK62t2SHXDgczWcwF2VMxrSD3LGMnS+b9PuofOP7d1NSLzizwO7aZ8wPqejL6V5nYi5fuUVxrxLMM2aFQ9ORe4WsH9BS6hjYXJOF+J1P6eE5CnN+1W0ty1rQTRS/c9xUOnV3u8FewARgYevniva9vd5d05OagXKH9vJ6FSU+rWAMQfSYFGVZtQepsacrKiXPR1HTW7xIlg/pQvDHSZnSnkGagwfw== PublicExponent: AQAB PrivateExponent: LOxwy9Km3/NYqre6fjsilhW3GX1kcRiSdXFYBBr3rMtUojKvgJsTH9uUeWZvTbTdne4B6yHiqSKRA3Eki79k8i9uqMq2SsP4ju8yJZHLmzjezIfJoHrQ6BxyFcMZoWPzdZkKFKmFwrHpxjjbvFcHvfiAu025Pta9C2o/rZXYC7V3BWQowqYBfukdpZkCEhzFzEtC1ROXN4jPJBwNIma52QTLH6jK5BOfOJ5DhS1SF+r/EkuvXnylApVfjPfUIC8ocVvpn5WLoabWL+eURIi6MvVT59ppzc6WRUT2PxDskT2WUWfw3zq5B7JCM8/qfYIDUHvt1h6JcJHTAOz9Hr2f4Q== Prime1: 8UNey2U7voMhZmVUMpH5C8q7+hp6PQ6dUYd+hjaQVnsDOLPBT+zZf8R3str7pY/xlOOHy+DxYmZ0e17OumSOXTeQR4VSdsr/tpWc/qd2jd1I5N58R4G/yZHgTm8pm6VRb7NwZ7Eg6o2z0G2UEykFeberyg4U6SHBDP6DZNvGrQk= Prime2: 42XeoQUBshFkTYekdeqPfGqC1YXsK0URLGAbPbk8HlOiG7ueVmUnsAS47lyuEJPzIUgqqBbDM+CCdW8AvPJFDXa09l4akfCrLRyAdkreGj3bgmUs5wUFbDZyOHvRFSxdUI8LOcAhXthy86l+wErKwm6sWfd1oPGvMmC1qiSsW0c= Exponent1: JpdjK1+3DcNF7W4Z6LjmwFceeGQR14Bl86ubtnY14k9s9X3zVwiIxeI0T1yt0g7TUsCOcTM7CUVgLne8053QE+MWZgpSZYQVISyPX0CEOy8BQPLBqGJ9vg1idslbO3VXMGngegWgQUSHVbihbesq4AxcI0bbW2s1yRFRDSoGfpk= Exponent2: NbR7bd/21I1S+RSN/ONW2/VzzOYCLv3y3l4cUOmMj0UFRjN7Y8AkLWgQHQt6eKPYigW3PVeS5o+hgAalT/qP4GwmtQDomYsTgmX22Pk5l00AqL0oa6895p69PyXO7Yc6yqnd5te/idzo2S8wpk2DsYPd5KmS+F3cGLPKc9KRekU= Coefficient: ev+8Aj3u6mICRe6Y0NqYTGrXSBMDXf92dI4+CZtwy43cyTvvZSABWvlLTTXf8XAlnnPxszSpG7+e8bQk4A7ZIagcDFSUjzwtVoLqKqbyLPMNjJKqvGW2iTwfpXAHTadd9EmvTPsEVCJnZAvkyn9XQ49phL9IkFzj9kmSrGqnN4Q= validns-0.7/t/issues/24-delegated-nsec3/Kexample.sec.+008+48381.key000644 001751 000024 00000000602 12015706246 024330 0ustar00tobezstaff000000 000000 example.sec. IN DNSKEY 256 3 8 AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg273Tp4oRpnmnmgizDFtLQh nIv1Mr3AuwSWVIDeavuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90yQwf C53hxyH10GzGnAx4Sutrdkh1w4HM1nMBdlTMa0g9yxjJ0vm/T7qHzj+3 dTUi84s8Du2mfMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB/QUuoY2F yThfidT+nhOQpzftVtLcta0E0Uv3PcVDp1d7vBXsAEYGHr54r2vb3eXd OTmoFyh/byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01u8SJYP6ULwx0 mZ0p5BmoMH8= validns-0.7/t/issues/24-delegated-nsec3/dsset-example.sec.000644 001751 000024 00000000247 12015706761 023567 0ustar00tobezstaff000000 000000 example.sec. IN DS 48381 8 1 99477B577BF885AB2512B8DCA052D7B71DD968BA example.sec. IN DS 48381 8 2 E5411AAE0758711B164730F9069CCFA3CAB00391FDD76D04EB3E8610 CAA09E93 validns-0.7/t/issues/24-delegated-nsec3/example.sec.signed000644 001751 000024 00000011316 12015706761 023640 0ustar00tobezstaff000000 000000 ; File written on Fri Aug 24 16:21:37 2012 ; dnssec_signzone version 9.8.3 example.sec. 86400 IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 8 2 86400 20120923132137 ( 20120824132137 48381 example.sec. tbjigL7HBI1uY1R5m/QrGVGYv0pWNz0TJiMl 5s600fiDV/0t4eZO0sLsa14gNWSycaHzZpeH AA29ZV07g+i/WE2BrNj00JzqfGeX3r8hd+LP vTF7pHAG4syGweqokn9F0ePG/HvW3263i3eN OuFJS7yeo1ey0REsCpkaMvmiTGYy4Ns/J3ft kIT92X7p9Ok4ECm2jvYUykXSa8oChWK65EIQ 3VbMn+X7od686gw8disrBIgHYSlWO5cPHIe+ T60PqGB9RM6INT+8x8t1hyYDgZcWlL9J0bM+ QNp24ug1E3nKNgtg8Uf9jvA4HGzRxuB4L0PH RCLY5Mv64LoNcuGmPA== ) 86400 NS ns1.example.net. 86400 RRSIG NS 8 2 86400 20120923132137 ( 20120824132137 48381 example.sec. uZ3XcCp2Ko/NqC184GE+3Vl0kaxFRs1QkpAB cZRS3DvTlFTJQFpAOpBD3YBiP4QTz6weJh9W seg0/ykNlfxzRJjLTMijsAK5M3CEIfIA+1hV 5AiqEXIsD1VvwB4bmeMZY2HgYteyfP9waNmS KE6hZG4VV4lHMdfxy6ovsi6UOGQrfA6+RdZ4 rRbMrQy4TofLPYWFA18TwcJRND+KMiLrbEB0 nsE7wtw09E6Fo/p9rfOJSId9zpkivSywvN60 dx5lH3RDM7dRKedLT26uWodoc+sm5ksma4b3 lVpkvVuRYsjx5380MC6Q3Ffi5lgGg+S6U+0x BNsl65g/cBi52Mx3sg== ) 86400 DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; key id = 48381 86400 RRSIG DNSKEY 8 2 86400 20120923132137 ( 20120824132137 48381 example.sec. vMI5/h3OOEYXPyz2EuTd1UTuOXArx80fDXR3 aqAg0VXxuDj5aCNNtrumGac8VQJSbcOFS6en zavsQbdF4GynuqVouq0+Cg+AKqbkf91mwoRo 9FfYjD+FiCH3AsTgY1sivgx96jxbUJrwlheV Aq0sRNt25oejEnytF7zkxg4gfAmwszym2iy9 eYUCo5J7lMd5PGWOeTaWM6B1dhTu3db70GNg s994rEqv9OM87d4XS9U+CrCbwQbj8VtHjUWv ne5eSVqIh0RgMkPaLISYE2MUG2JNcs6eqYuq z4LgGJAK3EE4QzsMGs5tmIK7rLbdIwUpLhlH gwW2y4E10Hz7KLOjAA== ) 0 NSEC3PARAM 1 0 1 94CD 0 RRSIG NSEC3PARAM 8 2 0 20120923132137 ( 20120824132137 48381 example.sec. TMvS8oUX2NkG/VZ1/LFh5NzGNgmuj1KORpjQ 6xLuuZ5EFvV97L5lG/QIeqDYBaeYbbxx6PuO q35aV3BRxcGkoDlWRC2cFyR3RNzeTjj1q50n o3RgqtMkvJE/gyl1/oXL4IjSnlw5xYdYGa7n G2mGQdc/0vh/De8VMh/n0Dq2WbuJ6vqsv3+i M3oiMrapG91EYnAcFB4ymBbkbuBqTwu4Gwkf dkweQRkufWI/d0WP8ziP6g3pX6uqJjwvDd4h wcLgQgajZ7wOzfnsqS/v+CMc1Hu4B44PN7BB 50IKaviAkYCftfyTIy1FSYnAt4MHFrrQBKzX c9ymqDL681D6zTNQtg== ) test.sub.example.sec. 86400 IN A 127.0.0.1 ns1.sub2.example.sec. 86400 IN A 1.2.3.4 sub.example.sec. 86400 IN NS ns1.example.net. sub2.example.sec. 86400 IN NS ns1.sub2.example.sec. VT6TVPSQUE085J73EUKCPVB32N894AUB.example.sec. 604800 IN NSEC3 1 0 1 94CD ANUH4A3TCIVO884LMD5SA3S1563VKCOG NS 604800 RRSIG NSEC3 8 3 604800 20120923132137 ( 20120824132137 48381 example.sec. eaQxYQX+q0DDG03cLYyG9L+WmleExeZWQLb4 rBCuJO1rRkzxtC3SAD6MLQ2NVpiv9c0IbbNQ EUCDXaA4/McY+CemogZV0pumI/xhzJ5Pd5k8 s8jxY0JNaaQ5cHDpUjyu6sWOTn4BwcZJaPtn fBESTP7cy6uVQWRXiT5TJ33bBk2CeFCgMxD9 x5yvl5fWH+ZBl7AVYXamh4TsU5l8kL+HD19v vauj4kQVEapBaaUEN3oS7S5lkUJ01ANHf39L D36sRF6cZ2BEjiv3axl5IW4uQVnmo46XSP9Y dX+0gjLFwfzUnt6bKO59pfZ1kAQnkpjvXC/h DFcnQ1TZMn+MjSimNg== ) L2BLRUARIR23VEOTUN998OLLATNAI6EE.example.sec. 604800 IN NSEC3 1 0 1 94CD VT6TVPSQUE085J73EUKCPVB32N894AUB NS 604800 RRSIG NSEC3 8 3 604800 20120923132137 ( 20120824132137 48381 example.sec. AU3924oCXsSm2yxkSzikdMHrKBgOCnTPQ8QQ Cv/+ROYGWedvkf5jivUuqRi4wqsx+dK6UAPB cmxb3zmebGfbzZtO1FI51z9tGSFPvahvTVcK LkMlbzDmdcNFUpl/npagQLz5FTumi8gD2Ozl dCdPATDlpoL1Won8t2rBIqPGaClahCHeub+2 FwAuWzjiNMsSAqUpIwHbUrf03AEYafVsacnI 1t6qELwFMIa2UUDXGsFSR4BIfAvDK3wFq/Pb i4nzKyINGmCPTaUphh2+uLQ8CIUAArVtgAj3 WcIGO8p8fHE3R9CneWANo6jPEjURzMxFLUjA RD31yV95Xj5SLwAGSg== ) ANUH4A3TCIVO884LMD5SA3S1563VKCOG.example.sec. 604800 IN NSEC3 1 0 1 94CD L2BLRUARIR23VEOTUN998OLLATNAI6EE NS SOA RRSIG DNSKEY NSEC3PARAM 604800 RRSIG NSEC3 8 3 604800 20120923132137 ( 20120824132137 48381 example.sec. kTRt2QfhcT+N+2MyDWz1kFpu0fpqa8AyXH7l GDgMUjILF6dSwSTH6OCYYk9HIrdleNwq352I LerDlaOOszwVrdyGnSFnyT0MYhXFEFUVDibl svZlpePqbHnMkCEWMGmZHa9k10xNa8e6lUd+ 8lpUhuNSdi7GihEmYo0ZNlDv3913cz7iqNmg 0dZk1Vs5GFZGZp5R5y36zBgS8TS+OiYNXL+9 YSsJukXnW93WcEUSvT5saUoxWD24rP41w6ro 9n9J5XUgNmfaLMFj0AiaAtlVz30q3Nbv5v2T w18A7ybrH2AiuSoRvL8ISQyIrA8P0pDIyftA 5e4wKXX9LZ/1E9laWw== ) validns-0.7/t/issues/26-spurios-glue/example.sec000644 001751 000024 00000001467 12072772032 022104 0ustar00tobezstaff000000 000000 $TTL 1d $INCLUDE Kexample.sec.+008+48381.key @ IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL IN NS ns1.example.net. sub IN NS ns1.example.net. test.sub IN A 127.0.0.1 sub2 IN NS ns1.sub2 ns1.sub2 IN A 1.2.3.4 spurious.glue.optout IN A 5.5.5.5 spurious.glue.optout IN NS ns1.somewhere.else. spurious.glue.optout IN NS ns2.somewhere.else. glue.optout IN A 5.5.5.5 ns2.real.glue.optout IN A 6.6.6.6 real.glue.optout IN NS glue.optout real.glue.optout IN NS ns2.real.glue.optout validns-0.7/t/issues/26-spurios-glue/Kexample.sec.+008+48381.private000644 001751 000024 00000003247 12072772032 024732 0ustar00tobezstaff000000 000000 Private-key-format: v1.2 Algorithm: 8 (RSASHA256) Modulus: 1k6+cu1N1CN90iqofey1vu8jpsmWDbvdOnihGmeaeaCLMMW0tCGci/UyvcC7BJZUgN5q+6LJYgC1+/DLR/cRgi/xizmQOIqzw8TWT3TJDB8LneHHIfXQbMacDHhK62t2SHXDgczWcwF2VMxrSD3LGMnS+b9PuofOP7d1NSLzizwO7aZ8wPqejL6V5nYi5fuUVxrxLMM2aFQ9ORe4WsH9BS6hjYXJOF+J1P6eE5CnN+1W0ty1rQTRS/c9xUOnV3u8FewARgYevniva9vd5d05OagXKH9vJ6FSU+rWAMQfSYFGVZtQepsacrKiXPR1HTW7xIlg/pQvDHSZnSnkGagwfw== PublicExponent: AQAB PrivateExponent: LOxwy9Km3/NYqre6fjsilhW3GX1kcRiSdXFYBBr3rMtUojKvgJsTH9uUeWZvTbTdne4B6yHiqSKRA3Eki79k8i9uqMq2SsP4ju8yJZHLmzjezIfJoHrQ6BxyFcMZoWPzdZkKFKmFwrHpxjjbvFcHvfiAu025Pta9C2o/rZXYC7V3BWQowqYBfukdpZkCEhzFzEtC1ROXN4jPJBwNIma52QTLH6jK5BOfOJ5DhS1SF+r/EkuvXnylApVfjPfUIC8ocVvpn5WLoabWL+eURIi6MvVT59ppzc6WRUT2PxDskT2WUWfw3zq5B7JCM8/qfYIDUHvt1h6JcJHTAOz9Hr2f4Q== Prime1: 8UNey2U7voMhZmVUMpH5C8q7+hp6PQ6dUYd+hjaQVnsDOLPBT+zZf8R3str7pY/xlOOHy+DxYmZ0e17OumSOXTeQR4VSdsr/tpWc/qd2jd1I5N58R4G/yZHgTm8pm6VRb7NwZ7Eg6o2z0G2UEykFeberyg4U6SHBDP6DZNvGrQk= Prime2: 42XeoQUBshFkTYekdeqPfGqC1YXsK0URLGAbPbk8HlOiG7ueVmUnsAS47lyuEJPzIUgqqBbDM+CCdW8AvPJFDXa09l4akfCrLRyAdkreGj3bgmUs5wUFbDZyOHvRFSxdUI8LOcAhXthy86l+wErKwm6sWfd1oPGvMmC1qiSsW0c= Exponent1: JpdjK1+3DcNF7W4Z6LjmwFceeGQR14Bl86ubtnY14k9s9X3zVwiIxeI0T1yt0g7TUsCOcTM7CUVgLne8053QE+MWZgpSZYQVISyPX0CEOy8BQPLBqGJ9vg1idslbO3VXMGngegWgQUSHVbihbesq4AxcI0bbW2s1yRFRDSoGfpk= Exponent2: NbR7bd/21I1S+RSN/ONW2/VzzOYCLv3y3l4cUOmMj0UFRjN7Y8AkLWgQHQt6eKPYigW3PVeS5o+hgAalT/qP4GwmtQDomYsTgmX22Pk5l00AqL0oa6895p69PyXO7Yc6yqnd5te/idzo2S8wpk2DsYPd5KmS+F3cGLPKc9KRekU= Coefficient: ev+8Aj3u6mICRe6Y0NqYTGrXSBMDXf92dI4+CZtwy43cyTvvZSABWvlLTTXf8XAlnnPxszSpG7+e8bQk4A7ZIagcDFSUjzwtVoLqKqbyLPMNjJKqvGW2iTwfpXAHTadd9EmvTPsEVCJnZAvkyn9XQ49phL9IkFzj9kmSrGqnN4Q= validns-0.7/t/issues/26-spurios-glue/dsset-example.sec.000644 001751 000024 00000000247 12072772032 023275 0ustar00tobezstaff000000 000000 example.sec. IN DS 48381 8 1 99477B577BF885AB2512B8DCA052D7B71DD968BA example.sec. IN DS 48381 8 2 E5411AAE0758711B164730F9069CCFA3CAB00391FDD76D04EB3E8610 CAA09E93 validns-0.7/t/issues/26-spurios-glue/Kexample.sec.+008+48381.key000644 001751 000024 00000000602 12072772032 024040 0ustar00tobezstaff000000 000000 example.sec. IN DNSKEY 256 3 8 AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg273Tp4oRpnmnmgizDFtLQh nIv1Mr3AuwSWVIDeavuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90yQwf C53hxyH10GzGnAx4Sutrdkh1w4HM1nMBdlTMa0g9yxjJ0vm/T7qHzj+3 dTUi84s8Du2mfMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB/QUuoY2F yThfidT+nhOQpzftVtLcta0E0Uv3PcVDp1d7vBXsAEYGHr54r2vb3eXd OTmoFyh/byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01u8SJYP6ULwx0 mZ0p5BmoMH8= validns-0.7/t/issues/26-spurios-glue/example.sec.signed.no-optout000644 001751 000024 00000017571 12072772032 025322 0ustar00tobezstaff000000 000000 ; File written on Thu Oct 4 15:32:03 2012 ; dnssec_signzone version 9.8.3-P2 example.sec. 86400 IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 8 2 86400 20121103123203 ( 20121004123203 48381 example.sec. P7sNgb7duV7fy3Fe8e/8F4SivSNyUEjuEIc6 5ZmS6evSHGuqYW97qUAMnSNZGMeEzFTMX2Cv Gy3Zt84kHWo0mejuSBVqRhOLpA2WqZLBN7B2 u4hV9c/S/joi7Br9EsgXbIxyZ5DVx7BvDWGK zhCni3jYbWKrgqB12Or0sGaARAsk5ZmbYwdx 1iGmIchkPBafHvx9Y53GDoBfaSlFk5/lESqy FneiwOheVl1iVoORCjfhoPuQb2Ot4GHZW8am xBRzEO0aWOWg08Y52rossU1qEPrR8c6ef5AV C1B71i4kku/+RDbyNyV40q8RbO0WGiOLMR8z JmzPqoibmc6zEYed1g== ) 86400 NS ns1.example.net. 86400 RRSIG NS 8 2 86400 20121103123203 ( 20121004123203 48381 example.sec. OHcOzztD6b+FsImevSTkviScJMtf5FQ76Upu +o8dbdiEl04rtHmhYuIpZttWkJyNeZafBRMh Se1MfCnJsy5Jw1sGVSR99M8XDiJUELRPn69A DCycw/x0dVmDsqlyZYSPdQmHoipmPrvhBpDt MghbiDPMuCEx6fmtymGghgkaYr1Dvy3IfEVc vjNuCczsZ29LDQDmeG/vpS08GkfMEzA0RrJV u4qdNcuJQc2RwtEAg/pMQ0b1LN+dp5+f6zem eRul5bjmindkPwvmo7nYRrlj3YMyvilQkUmR xH7xwiWHxhiw2IsdR6lWKYYQMGYcmn2idR3f FGcEgSnqQu5aT+Pg0w== ) 86400 DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; key id = 48381 86400 RRSIG DNSKEY 8 2 86400 20121103123203 ( 20121004123203 48381 example.sec. aTLyK5dtPgmLkdo5aujXbWPtaPqvieMX0U60 FhGr9xAqeTkyguyyA+iUHXuGtmzstjkODMwE vDTNeYGzbu8Ep9et7GKexS/DrrmVLXDacveu 3mgjIr9HmlCD80NRo5YJh6NN/vGq/ue0J0z/ oD46JTe31wAlXhqk7xyEewG3FzMD65bVzCaw KqiB3WQWzItVVXfwb27rW+HjwysaqJQRoLqX bBqB2mt45xPHOFJl/5TMziHgWWUFULjK7nov J2A8OhAEMezjqJINRLHjn6Oi0DjflHrhCzyM 06aMrCHwffgXYBLM9qkDOG+nDlYqdOghuHDJ R7uU8fr8EMElsORKgg== ) 0 NSEC3PARAM 1 0 1 94CD 0 RRSIG NSEC3PARAM 8 2 0 20121103123203 ( 20121004123203 48381 example.sec. F+Qa4worI07Cv6mDGOuK45+mzFOZ65DTzSMY EYOWqNwIVgEZFUD120/c5cYkkMpgFICpImM9 aFgg0XPyhkIzevXeoxqn8s8eACDQc/O0m6PA dcvB+jckO8YeEiJuDK6FbEwOMRmL81EzJ8Q4 UoUxOq3Uwq/8FcqGNVgJdodkWJyU++IlPz37 p2dplxOqbwV6sN+91SUs0mNFW5tDz7O72EK1 Zk7cXyU+qZs0O5lMf8S045LZJ6UMcP9Ccdu9 EOP3zRRWNDmRGJFVfKns8UDz+4ViwOORrhP3 SFPr9hVzX9PBegYtsDED0HYh2hsbEnkZzmEr Q4o6RpCjxyfu0ARIEQ== ) ns2.real.glue.optout.example.sec. 86400 IN A 6.6.6.6 spurious.glue.optout.example.sec. 86400 IN NS ns1.somewhere.else. 86400 IN NS ns2.somewhere.else. 86400 A 5.5.5.5 test.sub.example.sec. 86400 IN A 127.0.0.1 sub.example.sec. 86400 IN NS ns1.example.net. ns1.sub2.example.sec. 86400 IN A 1.2.3.4 sub2.example.sec. 86400 IN NS ns1.sub2.example.sec. 5RORN4V6I2EUE59S86LSVBHNQNFH97BN.example.sec. 604800 IN NSEC3 1 0 1 94CD ANUH4A3TCIVO884LMD5SA3S1563VKCOG A RRSIG 604800 RRSIG NSEC3 8 3 604800 20121103123203 ( 20121004123203 48381 example.sec. X93YGUwDjl2i02qXZxJFL778dX0zjtn80Esd 1CJJx9FYUf7RNsUfD38A23C7SZQ3URCggx6t waizI4Ktax8sXoxtHuMtH+3hZ4asBcGuWYOn V3i4Zb4Z7LkqJg96gbC1Cn6R0JhTRcCfvfYI tjav2vEhvu8dNi/UObZXSGrpWOeVq2Fc5jpy eE4KkzHrlYwamdoucqjAdjWk3Icp5C05wWMU dmt+FUmN3qnq2FYYW/Z5007uFAG5M7uLk96r vqDyRXXMbz8NOOgLycM6qRVDfDvtuck4gJ/K ex8DDGeJsQlRTcmixf+JCBytZYOYN5HOrsGt NwBpiwuBZ6GepD4JzQ== ) ANUH4A3TCIVO884LMD5SA3S1563VKCOG.example.sec. 604800 IN NSEC3 1 0 1 94CD APFMIN8EJ96AD54VGTECHRPKHBR336EQ NS SOA RRSIG DNSKEY NSEC3PARAM 604800 RRSIG NSEC3 8 3 604800 20121103123203 ( 20121004123203 48381 example.sec. S2Ap4xcQkfIrgV4vCHD5DWlZjbhm/dI5vRpM V9eRKVOEMb2Z+dWibFeP92P0MPFu4eCl57+J qEoYlv3LX/o73oTEyZu6Kr3rs7S+qlwHtQ9a 0XPuIC4qvywYsrCHb3ROakqT6ORiIDrvxCKe 4aqZEvurYLLzTVynNsKjjGVSoBUHLW1iwlD0 Zs1l+CEh1ZrRfkRprliWeEfsJGsR/u2Ib1Sx vvx09zow5ENcNZpW7+2cQSmv4aRrVjWkOcuk 3aTaGZ5+5k2Go4NAMSkM0p2ww2J8T9GPIzPl Msdp6T4xNEjfS+tVxJe2PsgWmpNduPwbcYui SSUR+0UQvnSPqLtYcA== ) glue.optout.example.sec. 86400 IN A 5.5.5.5 86400 RRSIG A 8 4 86400 20121103123203 ( 20121004123203 48381 example.sec. zxAtBQAmpGGPBA9oV/LXhBuyU7lhnb9exQwk mP0nnP2a7+lLXXv6CZXeY6Jo0aOEuAmSNzVn bOEG4YMVap54sFQXuFpRDe/DqZbOIGRkmM17 YurbyHrYMADIrYbLcx/4jS9pZf5PMPK2Cf6f rOJAT1fEeOI+fv9qohKLK4YpB/+8as/vFtEx yquwJIsTFTTrcfempRixov01QTAVU1xAA6W+ a4xRjdycWdExHzIeclNs6fSCnYZWbIsy+oh+ unjIrLDeaoXDHROGIrPVRQcWLz+BiomkEAF5 AcBGmHh3qeTG/p1Sg6lroVscKUP8uXcAZB2w Q3wA4VSXWaNEvdQXeA== ) APFMIN8EJ96AD54VGTECHRPKHBR336EQ.example.sec. 604800 IN NSEC3 1 0 1 94CD CVL763SGK0IM3JISN2KLQBK8I5TLP0U7 604800 RRSIG NSEC3 8 3 604800 20121103123203 ( 20121004123203 48381 example.sec. Hla9zHjP0LnuI3iz7kqsJODjh2OW9SKgDKEx V/oFmIt2iOnuhhKaMF2pLMcHsjQDH3EZ2PyG Yn8om+d3J5pZbRPq8gIT5oa5P8IZwhGLZ85Q O7B6b87ZGbQic6Sd160f/N2AGWrV/3zqZjKg tSmWVHDORBRqW1zk3SVfSBFhwVUolGLTJT1y umZ+Q0573h53hmDcCrJplQ0Sdqj+OjzRcQ1R djyW+aFfFk64/U8/v5BOwdBE0VdvRCf0/U8S FTIJezTh5Gm/xVRJK3YIjjhy18mhBkBGN9hU FtWmtFIgeoSya8ptnXlOqEWe21YyreZsTEvz jcilieFLC++F7ZV8fQ== ) CVL763SGK0IM3JISN2KLQBK8I5TLP0U7.example.sec. 604800 IN NSEC3 1 0 1 94CD L2BLRUARIR23VEOTUN998OLLATNAI6EE NS 604800 RRSIG NSEC3 8 3 604800 20121103123203 ( 20121004123203 48381 example.sec. ZauqBlEOHvFQxV5Cu6ViTN7AtKrnBdh7AOnd DPUjkcJ81sIhsx7VHr0OXwUGkV0f95pzKX16 RjyaIQb0uuPyNQA8UrC/YtFdVP8xAWEMlVF0 hHDZbbo9/MA/I6s9A8m7TplJfdzmFY399ldo IwkyEXsbiV5A8LyGBJaTB41+S/HT02Z4jvc2 4NhLBnBQwvUwm7IifMepi+ICwgxxjNdz6iFy 8ppDV8zN4mqIiNIPCp2DTrS/ShNlvVe4BnBt S+bL/C2QahJucqBa7yD3tB+cDXhmvB/vYZ/d F9WR4c7v9u4azBvKR9eIYaX14TOsuJjsAl2m uONcluxWl/nQxqLSGw== ) L2BLRUARIR23VEOTUN998OLLATNAI6EE.example.sec. 604800 IN NSEC3 1 0 1 94CD NHPEGCSN6DFGI1PTTF76JD8LO1UTM457 NS 604800 RRSIG NSEC3 8 3 604800 20121103123203 ( 20121004123203 48381 example.sec. r5vQV2X8d7SFXUWEmU2xyj8R0QhJsUEkGMCb YkwbKWrHDzO2u1tcN/t3Q5Ku+6hwF/iU0wrR 2KGL49B3NEix6qoU4CqmrJIE/UNhXWv2yywB qtqKz+TOi5hefAGYl5AaQoBauXk8TF6f/3fs 4lvriiIhXN6AWBPPC5+HojLQOegXOhD50AG0 M0ME50BkcRTnDZdBFXr6FVDZrq5i7lp0Y2EC v0vpjZI+meSdRIVJKWqN0usTDQWzZfhGN7PP W8/hKmTcKCnXoYeardkqHDTQxRWKfl6ufKW8 AfL2fviA/LnDNhUpC+18C9w+60p4OIMG/W5B fak1/AxWGKxtCs/iyw== ) real.glue.optout.example.sec. 86400 IN NS ns2.real.glue.optout.example.sec. 86400 IN NS glue.optout.example.sec. NHPEGCSN6DFGI1PTTF76JD8LO1UTM457.example.sec. 604800 IN NSEC3 1 0 1 94CD VT6TVPSQUE085J73EUKCPVB32N894AUB NS 604800 RRSIG NSEC3 8 3 604800 20121103123203 ( 20121004123203 48381 example.sec. hmn39+fFO2mUMT1THTg2R8NivZQQDQ+Fi4qM 2G2z1bDKWbQrvALTMsW8rqiOnT3OX1kac+an ieTIILFRCMUVGl3o9ovYNmv5L1dANd8z/GTi TGdxMj8Y2Y/ws2AHrtJgHN7Osyw3/XYlU95Z MXlxdhmFHAV/KqGP3dlUco1No9fKHD0yAkP3 NOodY+v/36j8htvcwlkYiaQ+7rvR7+kqpE0m IxVL/lM96q9h+iiNC9/TfcMNQK80khLAYIxC aNYgajETpcNVEoTkBg2tAIv1ksUNazjEAebS ZIzHBDYqb14vwZS+mw44j4BU9Q3/9edQPTdN JjLxIM15ZzLR8tjcoQ== ) VT6TVPSQUE085J73EUKCPVB32N894AUB.example.sec. 604800 IN NSEC3 1 0 1 94CD 5RORN4V6I2EUE59S86LSVBHNQNFH97BN NS 604800 RRSIG NSEC3 8 3 604800 20121103123203 ( 20121004123203 48381 example.sec. FmzSC680qWWTQEvrlcTYt0uXccc6teAwYMCY 93MVf5eorAwJ9ijqH38A/O6bygfZu6ptTG1q SA/yJ3XPMuRIhE7io8xdj9nWCh2+liNG+CBW NpYdb2pXaoO/wVVxR2QYCsSx7BtFsyuYK/mG 7Fuz+1464uHHK88j7u0icFZ3YlpPIG8Qu2CS 2lzFxz3cPXF+fzTVJHwkqh7MIvcwMRoGGLDj ceHTqxukg4a/0ebA/sz3yzUFpTOrh8PmFiU7 ari44J9QXlDwjhPWz1hpdz+YFnSxpPHjpmva UIsn6kUYrSMHPfsYoEebyAj5NYLUaU1mHN1G FuINGo4eUd8Sg9StWQ== ) validns-0.7/t/issues/26-spurios-glue/example.sec.signed.nsec000644 001751 000024 00000014647 12072772032 024307 0ustar00tobezstaff000000 000000 ; File written on Thu Oct 4 15:35:51 2012 ; dnssec_signzone version 9.8.3-P2 example.sec. 86400 IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 8 2 86400 20121103123551 ( 20121004123551 48381 example.sec. ZIjIFvlb+zoh+E7I63N+n2OBwyia/aR5K1FI FSNfvkCQ2vYOqEZLZYirGyAAnkx7iymnkz4x yLOK0R7wONt+nhJip3urYicYBzmF1NajyKSN k5rKk+04ShtAiQzc0oq9ujoONxYfZMauHUeD TzKiG/tJaOo6V89RCfx9PYa831nyxm8JdGe1 xlncxyTCzut+em3qFTzuYS5mAIOZ25SktQen 8s+hWfI08oz/zY37wiASOwcDST6t7zG6x9wm gWj9srFTx1Kh632ToDWgUzu9JDodzxgAP80/ xU2qCptj8dnQQ/5B/KpR47kxfKr+1WXxQ1Rh Qx8Qj+9sRahzJ1NPcg== ) 86400 NS ns1.example.net. 86400 RRSIG NS 8 2 86400 20121103123551 ( 20121004123551 48381 example.sec. EbM06z3JKpv1rRXMdkKE7QSaRMgek0zTFHoI qDLl+GLswmlf8QuPWjJ8HOuahWQEY610a+96 0zhRX+aL3IIH06iFEI8AGnQqOphkqwYsL+xo 1iFpmzL/nflflHUlm2c3I8SyrponMHHMYNOk 4ohu20gnVtwaHekB7t55BhvZJ6OpWXiRHCTk ToM5oNc1zrBz3Sv2XLhlU5n52XYcMt9iwBLq KRdKlmWaSAkwx7BtkRUMarqw+atrR+E4ruLd V3efgpfoAe0/wJuUxkzO/LsSLCNXHz2bro2z a5gIi2QCzwNdzhnUo6YOMqkSwKxPcm3TViZd 9Hski6lx7DGdbP8+XA== ) 604800 NSEC glue.optout.example.sec. NS SOA RRSIG NSEC DNSKEY 604800 RRSIG NSEC 8 2 604800 20121103123551 ( 20121004123551 48381 example.sec. GrJ/6KZrpX6Ms4v1Lc0EDiskWLFLQpdz73Ap rEI4aYix72peHobI40RJhb6qN2R7KtH0E/YZ zUmzVdC/OSlhZmadtzdpaEIyORETkCLLU3Hi O2wHoghgcxe/jvkjM46OTQ8+1UEwaESOIwoA 9p6i3jDK138J+q5jTjKqD6IWAUyTZoogZrD9 wlYYNMZJatdXfz5G565Ix6/MpkRDz9Djsmbd E5R4LEL0x5iBA12aBzxxDwqSkg7j4L3O7Ynk 92M+28nr2RPb4bSaEAWal7AJzjoLMwGVW97Y 9T2nMyFz9qAgeFdVwUEtEg4iUuZMj9SSkOi0 68e25IT8bg1caC5NNg== ) 86400 DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; key id = 48381 86400 RRSIG DNSKEY 8 2 86400 20121103123551 ( 20121004123551 48381 example.sec. 08rV3sRhOjAzGTa7QIFeRrF59oYdQwt78UC0 0nuM6yn1fIoA7lPsbTs3UzUoRgKfV95G90n/ t3LD4DoOlVHtMoFVYakSGjnftg0TtUctW3GE g7tK4gnvpokJblUxKZUsdDAvKsTJA+WSE2fS n459KoeLv+6rc+dJZORrSyIXvHtDuLhqPc0B 3J09KPMN6ePd/MpQn7mEZ4/UgxlIiT3DOifO 9YoLiWxYr1kFDdAwBCtspgF85EUPY0TlfOrQ 9zR3XxL+Dno/c/sdAW2cmwguN/TqeFNgPsy0 jpoR1pr3wm4GCNHZwLs9VJyaSul3ySdOAWNT FWiVuAIrT1aXk0AXdA== ) ns2.real.glue.optout.example.sec. 86400 IN A 6.6.6.6 spurious.glue.optout.example.sec. 86400 IN NS ns1.somewhere.else. 86400 IN NS ns2.somewhere.else. 86400 A 5.5.5.5 604800 NSEC sub.example.sec. NS RRSIG NSEC 604800 RRSIG NSEC 8 5 604800 20121103123551 ( 20121004123551 48381 example.sec. mfcjfqL7qTfGt2jki5Ye8QXkcmDrPGEu+0cE 1KQgFQnaw3lzty/MRPeA0EbUfj1latxT1+d2 DHoouDMhmrV1jm4mMB9WQ9QIc0vo/0EgwVUH s1H0+P8i6iHjCRk5WTuBiAwHfsnlSgzCnWgs 9zGK6CLyE5ijZ/Ar7w9lLzIallRce7UyNVui OKWOtE4PG34SarmgvR9dhKIYvnlpYRPr4w+n z9t5tJTJCpQY4dl8G6VI1HOOFajP+gobZbU3 WenNsvKfmjHClMuNw/lLPVIakMKC5SvO7rOb Eo0x1OWcorLU7JXs8CZsX7TV0/tU1/lmpPoa iqbLGD64gNvy5G3lTw== ) test.sub.example.sec. 86400 IN A 127.0.0.1 sub.example.sec. 86400 IN NS ns1.example.net. 604800 NSEC sub2.example.sec. NS RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20121103123551 ( 20121004123551 48381 example.sec. iXx7cENoookUmrYIZeEhQ2ke1nkIDKGpETvr ZfYb5g3oFEa4Mu2LtjolwMs30sMvxgidYxEi cBCzI8ub8W1mWHz4K4poXKUxbkmTKx4M/ThA 223dOMCw7gePN7jzJfpoL/t3X+aeTv8VNY4y qNyQxE23zaas4CqbN3WSFB0K1GVqGraor+2L aA1SLHurwUav6qmjWdv5Qc27+9lPzAzddUEh wCCSD+y0D19XX1XM4LqPnO5UDcEzC0wmyzKD rwkrgcIhkPLOCSWpBEHZtDdXAX2cKAhYG9QA wIZ3i3qME5gqxWlwPjSbAR9tuOSL8+qDpQu5 b6KfRdZ/d1c9AjjiAA== ) ns1.sub2.example.sec. 86400 IN A 1.2.3.4 sub2.example.sec. 86400 IN NS ns1.sub2.example.sec. 604800 NSEC example.sec. NS RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20121103123551 ( 20121004123551 48381 example.sec. qBjgWN8txVSPwGky9zkhie5oysTzIR/8sjP0 ia2NmlskjQe2n2wMJixOpydqtq1VY4Behlf/ IO9k8ANJLLVN1EywN/fTgD5IVItyphd1tCwQ IGOue/0sbjDpVW6Fzp2RyGHmhnCEax6BOr69 DgdXGyBm+vZ92C2vYgTTjyJjKnrigxA0F4e9 PJb9EJMMC+nApnw9Ul5l1MX42av05xAVQWVL oo3yUt6Eh7psbJM8EnyXAy5OzlEtuVUiFfJ+ XA0y5V6aYTO/XZ/9xabi/a4mLHu5GAOK2nlD cGXxlYwY5zuKTq8F0DPRMR5ogIX9gNzceNFW YLCBfpyztA8oxkuwHg== ) glue.optout.example.sec. 86400 IN A 5.5.5.5 86400 RRSIG A 8 4 86400 20121103123551 ( 20121004123551 48381 example.sec. zDX0ZutqbHE/W9KhlxEcVdM8HMk8OtLktbSe S+csQ4EGk9O7vrO0rcTQ9xLIwTpDsOhdXdmw g/m522a3qpDBxeAS1DKvmYqutsSQSqWWKL6p ylAjGv4DxAynw7zQARvTFx+1WiIDXFrUZKWK 7U0g7qMmxMxxgFCa9BSAouXW1WIuLFlYGsKs Zu8frV2OizIjTMHoh8gapur+gyGgCzExhOj+ shIoWz66E60ZMpA9z7gyc7q4BxfBfB5OhSlQ q2UzzUnWTamqmZhzOFP+wnGbNxPsJ0RYZ5qD 5MtxTZ3wM5I4z3r0N+t+zk1BI6182u8BqQ4E pCUyhuojyQjWdiZSFQ== ) 604800 NSEC real.glue.optout.example.sec. A RRSIG NSEC 604800 RRSIG NSEC 8 4 604800 20121103123551 ( 20121004123551 48381 example.sec. pgKlHxSe/WOYKKrDfb1FkKbxPkfW6R+G+zAC drB9rTcfj3dFBC4uZEl0PPlOBD7EJ5Ntvk0X 1BJlYg9EP9wmcRpQXaNZBgy4IzEe40HrEHpG 8lsOlif9YIJ5uE8szYrVBRvyYwrqr/PtSsqe iFw7xuE5s1esucz8xGNL0Ut/z8lTLYWMO+jD k5DvbFqVOihtgSZScgqgNbzdheTTI/sfEGVG e8+N2osTBwA8FWMIsbUyVraEklI82+bLzDLY l3xRcMhpY7e7m2M72nKIrm5StYXmwMTnAWRQ 9U9H+2hAxDTGRQmcb9G5gUhRvb8CecyRQtbW 6pbkGulBb9HKaca1Fg== ) real.glue.optout.example.sec. 86400 IN NS ns2.real.glue.optout.example.sec. 86400 IN NS glue.optout.example.sec. 604800 NSEC spurious.glue.optout.example.sec. NS RRSIG NSEC 604800 RRSIG NSEC 8 5 604800 20121103123551 ( 20121004123551 48381 example.sec. ii1CgKo6PP5Pv+mRyL1icoUaS0gQGa81CxeS LSs3Cd9l1J8qYmxVZllajqe7EPrVeqiTSZnj iQ40Ser1EDcoe08qNOkcSQvlI+cS/tD3YrGw CeVVREXz76L6L2PSJklR1iK9awxTHi/dQDxf 4b0NyBLFNE1/NtrZFzUeqEVnD9HFaiAQP3OD P0MJFSorJM+2NpiTGCcrp/j+fj0pvpuRjWYu BBdvyWR7zAInSV5ihA++nCszIkowhsA0GtAI H8basuZRBbni6WwflxCx12mqhNA8cNOm3Bvu 10vep76LtKQt85gw9LNYZWHrTiBjXg/rH3Ed c0keKnVXlTTdqmQbOQ== ) validns-0.7/t/issues/26-spurios-glue/example.sec.signed.optout000644 001751 000024 00000013011 12072772032 024671 0ustar00tobezstaff000000 000000 ; File written on Thu Oct 4 15:18:53 2012 ; dnssec_signzone version 9.8.3-P2 example.sec. 86400 IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 8 2 86400 20121103121853 ( 20121004121853 48381 example.sec. Ulm/liwXxmglgip/GZchcOR8cAbZhXRnQQyv OavM3mVc+EtL+APaoQTMlhi1Sl09ft8zCxFq 9QN0Z3MXCYYWpkJ5yvOgso+Da5kabYslGTLm bTo2CsW1AFzJJi9sGheT+45otO+JQ5u0kxjC QdebeYcMkdVs8I7tfMklyfgeC7LfNZE4/Ipw 6F4x1HZe+Dqq6KU4VG4wxsiinQehXXGQZQyg C+vQHjs/EATrm5xymihPqRmeFchYUeQ4r1bq is1iVvcfezVRRnKjWZm0siv6WIMWu+asORnV 2GcBLmtvvlOCFc21zUx28dHMFXHFua4DWKB8 cgdYpt43xZ68GVxMPA== ) 86400 NS ns1.example.net. 86400 RRSIG NS 8 2 86400 20121103121853 ( 20121004121853 48381 example.sec. ikpkmIGlWyzehB7usRLodt80omtP0yP37Uf6 Suixfz94dQFXOZRccsJjvmwxK+SWCuODJvD6 4d4sb8dwsxPdrFpfdSELCGZqyCECTb6GvKzy fD1JnU1PujbqimNo+A2TBZAzKyolvh/9IfrN 5J4kXvjCAmssz2yF45hXRblJg3nkNs8nbD4U VbKWzKGWsoV7oDx81hISVjFaOeMJoBMOTQNY LHN9+EJDS7qo20sq6cYcSwCQ5FwpAxX3k8Ef rHCtBz4A6637jmYuSKGWcdwdzCZ/a5Dm7x73 OtLg3bMft2bZSeiCQW6NpmPjIWCsdbACJXnm 984YFW/pTqapEPTpsQ== ) 86400 DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; key id = 48381 86400 RRSIG DNSKEY 8 2 86400 20121103121853 ( 20121004121853 48381 example.sec. si+yguBDcwzghrH0h6R9cPIauscNjlA8j/sl 9VWDkeBi3yVdw1aX7BaE32sQdf2k0FN4A/+Y 00gJAwaMHem1L9wlOKg/cRGqsaz6+VACqAtK 3uvG2RbDAS83VZxU5650CupN/sivmtSj/YWO Utp1HEc8jZCw8LsFudmRTa2p9ps+kHzeC6BO Uy3SolmGnZdESoBqnUAWTrNFaTIwCyLGIIvK TcEIzP3SN1mw1Nt+GIL/ActgPTk0OpUPXvj7 KUoekBMAZcgAebVXuPPSkZq75cC6P2+08+di LK2Fs8wpf31+TBn3daAx7xvRF++nC0EA0GAp omMLBYDUAsDLsWMDUQ== ) 0 NSEC3PARAM 1 0 1 94CD 0 RRSIG NSEC3PARAM 8 2 0 20121103121853 ( 20121004121853 48381 example.sec. YHWYvmnPOvcuBXO7qz75IdG/Ceb+MsyizLAv z9A6QgfUI4x6z4ADbdQblhuZi5mMsnFaNtqV IYRcBEbx754hTEagLNXI/TEN+REF0P5Nhba3 cZm1vY+Dhnfz0ZOVIUuNDEk8S63F2TBaNm4j ezias9Az5E/De2oYaOxRciP2kYoYncUaBMhi HPjStz1jzrC+7YOah6uWfIAcdl3g8qqL2hjd YJdMbEuY90JVhRWzEjBftqxv7w9sgA86ERai 2TGBIpBxAfamCfKra1aQR4Wl2x3NF/RYYfZr lS4/Up0ouPI3TJXM2SGr2eHDQAhA+sGiUhm4 Y4mySTWd7MreJ53tAQ== ) real.glue.optout.example.sec. 86400 IN NS ns2.real.glue.optout.example.sec. 86400 IN NS glue.optout.example.sec. ns2.real.glue.optout.example.sec. 86400 IN A 6.6.6.6 spurious.glue.optout.example.sec. 86400 IN NS ns1.somewhere.else. 86400 IN NS ns2.somewhere.else. 86400 A 5.5.5.5 sub.example.sec. 86400 IN NS ns1.example.net. test.sub.example.sec. 86400 IN A 127.0.0.1 sub2.example.sec. 86400 IN NS ns1.sub2.example.sec. ns1.sub2.example.sec. 86400 IN A 1.2.3.4 5RORN4V6I2EUE59S86LSVBHNQNFH97BN.example.sec. 604800 IN NSEC3 1 1 1 94CD ANUH4A3TCIVO884LMD5SA3S1563VKCOG A RRSIG 604800 RRSIG NSEC3 8 3 604800 20121103121853 ( 20121004121853 48381 example.sec. N1v+1lsRMwY3WJtdMl8Eh9vOV3bdwKwTbnRQ kFtdKpLuvyc3256nlH6SKvWMBGPNxOyd1Qb1 WUdCmT4sLvY2UDzmTsvI6ETszQyntSMsORah osfWPG+0zAA6DnNkUVNDPvoSiimcl4ibuzCX 717pCz7ubTJEX0G2X3cVGZ6/qIQ2SrNWbtED LqBgJtu30w3A7APtxKTG2bAHOejrzSAVy3ms V4iTItdglAMrscloJNCveWTdPPXDlHrQmD3D nRPqA3gIKQzm0Y+ZI3Qzyw9bw9AiCYpMBehg 5gFt/jLTknaG5MCMYGJEXNFO0VbuHKgxAqsz KHpKK/ifUkn7MsJzeg== ) ANUH4A3TCIVO884LMD5SA3S1563VKCOG.example.sec. 604800 IN NSEC3 1 1 1 94CD APFMIN8EJ96AD54VGTECHRPKHBR336EQ NS SOA RRSIG DNSKEY NSEC3PARAM 604800 RRSIG NSEC3 8 3 604800 20121103121853 ( 20121004121853 48381 example.sec. od/Sqj/uWHgRTRs/zJaqqFrtItCSO2feO2XZ z2oTtpyri7PoeppBkfHI7RLU+S3erNsFovxF wCtrf0fyTqlp67uSyp9pDgNUKhpuKSKG+4q0 BcuLBXtQaKdeBD0goq9I1CyUGzvshIb51eBG aREsZjYQNoVRwbNIGgu7g+xnXexQmZPaSCW4 Q/TeJBaHX2HHV8iDwKK3XZepP0E07dpNECSE rKJpok52AeYg7PrNYwEuxA7LTJmrSmS7qCl9 KhU0m0CffxWDnEXkYKX3af3eahWeOZyGOhOP dxIIIQ7c82n/jcqMD4Sh8d3rerPF2U1gCz9u HCdKafHujj9rGn/M6Q== ) glue.optout.example.sec. 86400 IN A 5.5.5.5 86400 RRSIG A 8 4 86400 20121103121853 ( 20121004121853 48381 example.sec. QwYR1fW0291qEsM/oRaB3afMe+6gKpNvd2q9 RRA1y8jbS1X8xpvzJayxSBki/XEbAt5+/ruw z15HPcGBRo5a0To2iJ7rJiSFvUdKHfv1jdNx uRSVx9+RT8RgX2kXEk6SZOzl52fOtmF4KM3y inKh7REsL41ECQLM6ZYqFjDXOkzOjTR/s8V7 8xxAwZScRCa+DXlc2xVPcEMExMTEx+22L5fV HNRYXlJA2O+hsCiBUbiTBp0+rFDGTpG86MWR dgnOwX+brkiwD8AiFw23YfSp9F8y3ft8tAqv f9nXbHa3F9SCR5i1yzkUeVWKEn+by3LS4BLz VpIfeb99nocNo/7Mgg== ) APFMIN8EJ96AD54VGTECHRPKHBR336EQ.example.sec. 604800 IN NSEC3 1 1 1 94CD 5RORN4V6I2EUE59S86LSVBHNQNFH97BN 604800 RRSIG NSEC3 8 3 604800 20121103121853 ( 20121004121853 48381 example.sec. rbDtCPCS5QEJ5ESQimgn8318GRADUtZvCeqv I3hDGB0w9HXpLRkyZ1McyLVIZskK4yXB1Wgg ikfjG/ENVqiZ13XcXE6nZrdBJvMqZpkTmV10 1emVkS9q0x7wVKz9fBrVuznZij4PSZinEv0v leOFmgBe2yMuBWWV9t5o/KxG/2zgW1HU4PZC ue3c/iL1iEKTFaBQ856lvFyY5cqO191G26tn kCW8G8x4FrUiNyB3UgoGt/9jFbqDMHMFrSOg xLPNxPqBcT429qpbP7+d+QnmI7LR6usWus0A UU5w6Xzq+HVD2RSBpZX8ryUKEqXa92EDcfqB xYijmFAKbe24i+b1wQ== ) validns-0.7/t/zones/ipseckey-errors000644 001751 000024 00000002072 12033062713 017752 0ustar00tobezstaff000000 000000 $ORIGIN example.sec. $TTL 5M @ SOA ns1 hostmaster 42 1H 30M 1W 5M NS ns1 NS ns2 ns1 A 1.2.3.4 ns2 A 5.6.7.8 bad-precedence IPSECKEY ( xyz 0 0 . ) bad-precedence IPSECKEY ( 256 0 0 . ) bad-gw-type IPSECKEY ( 10 xyz 0 . ) bad-gw-type IPSECKEY ( 10 4 0 . ) bad-algo IPSECKEY ( 10 0 xyz . ) bad-algo IPSECKEY ( 10 0 3 . ) gw-not-dot IPSECKEY ( 10 0 0 some.name. ) bad-ip4 IPSECKEY ( 10 1 0 192.168.1 ) bad-ip4 IPSECKEY ( 10 1 0 moocow ) bad-ip4 IPSECKEY ( 10 1 0 2001:2010:1::20 ) bad-ip6 IPSECKEY ( 10 2 0 192.168.1.20 ) bad-ip6 IPSECKEY ( 10 2 0 moocow ) bad-ip6 IPSECKEY ( 10 2 0 2001:2010:1::::20 ) bad-ip6 IPSECKEY ( 10 2 0 2001:2010:1:20 ) garbage-key IPSECKEY ( 10 0 0 . AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) validns-0.7/t/zones/Kexample.sec.+005+00516.key000644 001751 000024 00000000323 11542617353 020766 0ustar00tobezstaff000000 000000 example.sec. IN DNSKEY 256 3 5 AwEAAbqjCxtmin71unORku1IrrQx2S49KTmw45jnlNdreCH40YmhDZo2 6CMiVXbq29rvUDW+ZEJqVT5fd5GrA1wEEGbrudd2LDr5AedBK7fYTsZf /LEm32/Bu//KzynrJqyB4HSN3GIPbp3KYyY/Hl7HawOvWAd+tUHgUtes 4trE/4pr validns-0.7/t/zones/Kexample.sec.+005+00516.private000644 001751 000024 00000001651 11542617353 021655 0ustar00tobezstaff000000 000000 Private-key-format: v1.2 Algorithm: 5 (RSASHA1) Modulus: uqMLG2aKfvW6c5GS7UiutDHZLj0pObDjmOeU12t4IfjRiaENmjboIyJVdurb2u9QNb5kQmpVPl93kasDXAQQZuu513YsOvkB50Ert9hOxl/8sSbfb8G7/8rPKesmrIHgdI3cYg9uncpjJj8eXsdrA69YB361QeBS16zi2sT/ims= PublicExponent: AQAB PrivateExponent: dCr3xt5UZiHdJAIASeFrnI1KeRVoi5gmkg3S/yLNa5fMFLZCGTMD2pqMR7B3mBZM/qa7EPvOgzw42FpxhNyit9y4K8QWkAzr3blNVXnK2OenAqNSn2zManKtaNXo6GCyUqdr0BouHA8c/Ef1rF2dG77t4AxImnvbzzz37O92h8E= Prime1: 4/Rh6A3I3ArSMN1twF3W5Y1Gsth64sJCMcZghELXQshmx9ULOElq7oB8SQwOOlxC24IRroRPc2A7DSTOKp8DfQ== Prime2: 0ZlTPN8Ce8eSJPiyLQaOqmHlZJS4hvDCLBafG5H1N7Jdo+X0jMBYlLyv2r9MD+KQQMXAB3a9rm1Lr+n3q8baBw== Exponent1: XFV2+vnqbEbt0OFAPXVFQIIzKupJDGTHT0YdfjVc4C4wg60l+Ey0xZrBvQznDniklClhZCEv1XobMT3BTL5QOQ== Exponent2: k3BsqjQh1hqkBlffVmb3colcyS0IxPuVS1g6YjWBLsXMsx9usJgZd79nYNQSWFZCrR2uIFH5yjpd9If7zh0afw== Coefficient: qFgbd33HSz3xZa+lgvNYBqnsybf6C/wDWO2RZSSxHtE8C/21VOZhr95VU0NSyWrifa0RueMOYJ59g1tk24uipA== validns-0.7/t/zones/Kexample.sec.+005+44427.key000644 001751 000024 00000000602 11542617353 020777 0ustar00tobezstaff000000 000000 example.sec. IN DNSKEY 256 3 5 AwEAAeluubFtl7Qtw4TpuZl85abGI+HXO4agqzv1kSLQ5tkYFGdpZyZw QcBU2znMrdw03o6dGOEQi+FeSymycLZmtsKiODsHNwgb6qdxnYm7+n3Z iPwVhMX3gxIG64FORibWcHAyBe5AAhQAZIqveqjnY4gwdKZJSmo9ihXB kKS4yJ6UlopkkSxL1Iq9oXvWrd1ZqjQiSmLF/3juvBGjHVP4CbPiXZ70 UDay6Ysa1to1tHZSQshkRTClB+Dct8er3cZ1y62yOSbPK0SlouSRplbz +ezNyqD3c5zvz6F2AcZ4NqaTZOMWZbOowujQj3FxElaZS+/ughQZKq3O tMN8bqc0tZ0= validns-0.7/t/zones/Kexample.sec.+005+44427.private000644 001751 000024 00000003245 11542617353 021667 0ustar00tobezstaff000000 000000 Private-key-format: v1.2 Algorithm: 5 (RSASHA1) Modulus: 6W65sW2XtC3DhOm5mXzlpsYj4dc7hqCrO/WRItDm2RgUZ2lnJnBBwFTbOcyt3DTejp0Y4RCL4V5LKbJwtma2wqI4Owc3CBvqp3Gdibv6fdmI/BWExfeDEgbrgU5GJtZwcDIF7kACFABkiq96qOdjiDB0pklKaj2KFcGQpLjInpSWimSRLEvUir2he9at3VmqNCJKYsX/eO68EaMdU/gJs+JdnvRQNrLpixrW2jW0dlJCyGRFMKUH4Ny3x6vdxnXLrbI5Js8rRKWi5JGmVvP57M3KoPdznO/PoXYBxng2ppNk4xZls6jC6NCPcXESVplL7+6CFBkqrc60w3xupzS1nQ== PublicExponent: AQAB PrivateExponent: IG46rDTOm8Cz5jZWi8V3XmkuuQSfB4Aw6f6e8FhXihe3Vfql0whLij3/yxLtoKdTuDqJJ1OWK3RfOubIk/7HK1lAOKsy8RR30FWPjoAoN+3OAz+2F47gjdOaSnemdWTbcCry+fu4jjDTxxTEFM043cXlnuiVxxbPpWAkCU6GyMkWB8i+VsDsuV8Yd/QF8XdobXdAcIZI/clzcy2X1duruF2L6AosZiupLcCL+lLkENCLLN8Fi45soa2IPqGFluk3APNP8mV4DeElNRAV0yD9cNxM87oJZ65/3uOQNwgZVtM+x3DcYVP+wgmzvtJqcnHg3wGFcG+Csb8q0NcQb1Oq/Q== Prime1: 9kXCiZIWsh6eyjJEvW0YEzw5wiBuK1z/C7EQvB15XJxTmjdKS/oH3mZQN+nbj3twMmoegfIMWMO/1OHYvTHD0izHy3P085HUWPUSE9PRLBaWgPFmf3lWwSykeglNHi0qadCCaYENyauh1lV4ygHvnA5noPf2gqCfdtFxTnU8auM= Prime2: 8qchj/P50tEB24DjrTLIqfqIPHas7CWKJ2eLIBUicCJ1l2oUc/ZDT+7YAwl2ule8BdAcQEpD/fo3O8wa0WSQvlBZjCgrqH3lliAMEr7GrbtmccA9VOx22fO5SnwR68Vy1ScALqIawqLPeILX4oZrdN4rhD4Z9v7Dw+RTdioJxX8= Exponent1: WjCoEvu2ZhsCqigItpq6Y2j9+hMoZacUHHMHHu1oYbs6ftLa2cJCmXc8z41MhFp/d2cXrx022lct7MedOYR9I36U2PSpc34nl0CBE1PSWeQX0DcYA30rgWlY/vxjCrcdvkzHRd4mb4H0rer1Zn2ZA7zexLuqwqISZFBFv6b9rmM= Exponent2: lXTXuUC+yViu2jJjCZTT/84uB3/ZNoJQu8CM8q/RzFuNLjvKaTpvb1Zfek9j75aGWtY58GdNxatOReiLRBm7BV2cKjW73kXdGUCX7xvOZ8eba8jKffo/ojL6F6SfrSaqehtRg2eZL/Tz8Pg2XHIK0areBs/xUi7NCWUi+w8dgaU= Coefficient: f9P8enqYy66oBCP06d3+meB0C6i6oMUKiya8FAj3g2rfTFzI07MrBcqDHzuOx0tGHM3EGDzYSwVYFXGvk7Pn8Wm8N1KpfYDQT4VnenKwV3Bo+7142Y4bsZLhTEpewgZUgkBBrFN5Ab22XudONPPXe6OqvY1aRHYVluWcJHjtyPQ= validns-0.7/t/zones/Kexample.sec.+008+48381.key000644 001751 000024 00000000602 11542617353 021005 0ustar00tobezstaff000000 000000 example.sec. IN DNSKEY 256 3 8 AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg273Tp4oRpnmnmgizDFtLQh nIv1Mr3AuwSWVIDeavuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90yQwf C53hxyH10GzGnAx4Sutrdkh1w4HM1nMBdlTMa0g9yxjJ0vm/T7qHzj+3 dTUi84s8Du2mfMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB/QUuoY2F yThfidT+nhOQpzftVtLcta0E0Uv3PcVDp1d7vBXsAEYGHr54r2vb3eXd OTmoFyh/byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01u8SJYP6ULwx0 mZ0p5BmoMH8= validns-0.7/t/zones/Kexample.sec.+008+48381.private000644 001751 000024 00000003247 11542617353 021677 0ustar00tobezstaff000000 000000 Private-key-format: v1.2 Algorithm: 8 (RSASHA256) Modulus: 1k6+cu1N1CN90iqofey1vu8jpsmWDbvdOnihGmeaeaCLMMW0tCGci/UyvcC7BJZUgN5q+6LJYgC1+/DLR/cRgi/xizmQOIqzw8TWT3TJDB8LneHHIfXQbMacDHhK62t2SHXDgczWcwF2VMxrSD3LGMnS+b9PuofOP7d1NSLzizwO7aZ8wPqejL6V5nYi5fuUVxrxLMM2aFQ9ORe4WsH9BS6hjYXJOF+J1P6eE5CnN+1W0ty1rQTRS/c9xUOnV3u8FewARgYevniva9vd5d05OagXKH9vJ6FSU+rWAMQfSYFGVZtQepsacrKiXPR1HTW7xIlg/pQvDHSZnSnkGagwfw== PublicExponent: AQAB PrivateExponent: LOxwy9Km3/NYqre6fjsilhW3GX1kcRiSdXFYBBr3rMtUojKvgJsTH9uUeWZvTbTdne4B6yHiqSKRA3Eki79k8i9uqMq2SsP4ju8yJZHLmzjezIfJoHrQ6BxyFcMZoWPzdZkKFKmFwrHpxjjbvFcHvfiAu025Pta9C2o/rZXYC7V3BWQowqYBfukdpZkCEhzFzEtC1ROXN4jPJBwNIma52QTLH6jK5BOfOJ5DhS1SF+r/EkuvXnylApVfjPfUIC8ocVvpn5WLoabWL+eURIi6MvVT59ppzc6WRUT2PxDskT2WUWfw3zq5B7JCM8/qfYIDUHvt1h6JcJHTAOz9Hr2f4Q== Prime1: 8UNey2U7voMhZmVUMpH5C8q7+hp6PQ6dUYd+hjaQVnsDOLPBT+zZf8R3str7pY/xlOOHy+DxYmZ0e17OumSOXTeQR4VSdsr/tpWc/qd2jd1I5N58R4G/yZHgTm8pm6VRb7NwZ7Eg6o2z0G2UEykFeberyg4U6SHBDP6DZNvGrQk= Prime2: 42XeoQUBshFkTYekdeqPfGqC1YXsK0URLGAbPbk8HlOiG7ueVmUnsAS47lyuEJPzIUgqqBbDM+CCdW8AvPJFDXa09l4akfCrLRyAdkreGj3bgmUs5wUFbDZyOHvRFSxdUI8LOcAhXthy86l+wErKwm6sWfd1oPGvMmC1qiSsW0c= Exponent1: JpdjK1+3DcNF7W4Z6LjmwFceeGQR14Bl86ubtnY14k9s9X3zVwiIxeI0T1yt0g7TUsCOcTM7CUVgLne8053QE+MWZgpSZYQVISyPX0CEOy8BQPLBqGJ9vg1idslbO3VXMGngegWgQUSHVbihbesq4AxcI0bbW2s1yRFRDSoGfpk= Exponent2: NbR7bd/21I1S+RSN/ONW2/VzzOYCLv3y3l4cUOmMj0UFRjN7Y8AkLWgQHQt6eKPYigW3PVeS5o+hgAalT/qP4GwmtQDomYsTgmX22Pk5l00AqL0oa6895p69PyXO7Yc6yqnd5te/idzo2S8wpk2DsYPd5KmS+F3cGLPKc9KRekU= Coefficient: ev+8Aj3u6mICRe6Y0NqYTGrXSBMDXf92dI4+CZtwy43cyTvvZSABWvlLTTXf8XAlnnPxszSpG7+e8bQk4A7ZIagcDFSUjzwtVoLqKqbyLPMNjJKqvGW2iTwfpXAHTadd9EmvTPsEVCJnZAvkyn9XQ49phL9IkFzj9kmSrGqnN4Q= validns-0.7/t/zones/Kexample.sec.+010+01862.key000644 001751 000024 00000000603 11542617353 020770 0ustar00tobezstaff000000 000000 example.sec. IN DNSKEY 256 3 10 AwEAAcZdPacjnWNuQKCF8CPmUW1/NUxI/G7xdbwrU9lOuAD3sw14rLw2 NTzpbC/bubt2aHQ0nc1duoK0x3DjhAURWki/1O1Yvr2ffQRVpWS+WjRK CqTjuPrrdImeKdWEdnDl3l5kQpsxx++EIHrDnqiVhBHJdVB70A/I7i5/ HiD8HgVooR3IXVyxbT4walrarrhHWEBcXcNbvadg2rc492wS86zbSmK8 iV1e7t6U5iBYmsQjc7TVhBT7xqarknECGC8L/9o/R1zfSzSN+ay+dI45 t+jOOLgWp5gmjsI/mXhoO6GqX8rbZoV7/DQyAR5rATJHW1eausJhOgE2 wBJgl6V0XbM= validns-0.7/t/zones/Kexample.sec.+010+01862.private000644 001751 000024 00000003250 11542617353 021653 0ustar00tobezstaff000000 000000 Private-key-format: v1.2 Algorithm: 10 (RSASHA512) Modulus: xl09pyOdY25AoIXwI+ZRbX81TEj8bvF1vCtT2U64APezDXisvDY1POlsL9u5u3ZodDSdzV26grTHcOOEBRFaSL/U7Vi+vZ99BFWlZL5aNEoKpOO4+ut0iZ4p1YR2cOXeXmRCmzHH74QgesOeqJWEEcl1UHvQD8juLn8eIPweBWihHchdXLFtPjBqWtquuEdYQFxdw1u9p2Datzj3bBLzrNtKYryJXV7u3pTmIFiaxCNztNWEFPvGpquScQIYLwv/2j9HXN9LNI35rL50jjm36M44uBanmCaOwj+ZeGg7oapfyttmhXv8NDIBHmsBMkdbV5q6wmE6ATbAEmCXpXRdsw== PublicExponent: AQAB PrivateExponent: Su1fY2nVgoBb0wakrbrK2TRqunT7PSDh2wD2vCe640qtDJKflLxZIbf+EJnLr17Ll9FkJfWYhNSqXR7jeFKUqtQjJsAV1GSRAXkkb0hjpEqveJc4ATe9Hlpq7OcLIhwCAd+XNS35mqRq7FRF8uH/MATL1mneLog0R8XmaIkzAdFYf8Sz/8v9F719QuUI7554HVbQ4tnzyfu5EannQ5fgvJAOxR6K1j3lWgIddPfXK5XBjRIN+NbQgWtQb9dTRjFpiEUMs1Wv/CcuL26NHc3HxvadVWN1X8nd5389w9kgQr7B/2rk78XLPpkxl624nb8LRlnCef3d/wcPWb5vHO7SqQ== Prime1: 5MYz2oYsBaoOgpz9rhOOMGKyflhpWxWwT5VzW1m8zPPhH89mayRZKXFJM7VkBIAF6hqJoaPmaiU336t/CedpXObYU3zlz9BnvyY0EPUNcEs/eRAlS4rEi7rVlu4gHPZHySv4vlWEH1cWUyGz2kyqrHclUa0zh3DRe39JDQjv0XU= Prime2: 3fiSdJ+xAT5VqeV8/sZ2f4gMXIKWu8DnJS7VVEmG3a1VwZP5bdUosBKzX9yqcCdgpsRhIrQ2GTZNoiF1lG7H0QZXa5UUGOmHwRygk28Idi9oa6ng+JOJ5CgCLht5r0tlhILZ4kSPhLXD3oqF50WqfRRCEUblaWEikpd6mkj7JYc= Exponent1: 5GE4wp3OtJjfg2RVmsHK4GKm7Zo1EsjECa6YSkl7QN71jlvtUmgm2khNW2FpR1TGkr2LR+Hm02/0J0V8vNZXSHbq3e2BPcQ+zYPF1mfL0p5L7v8/O/p720HYl6OAS2lQoHNVDi0wiFjX4IV0liiS+Ti3+KF/H2ZwuWiH9ItHXUE= Exponent2: mfX9F5lgO72Ry2sa/NiJfsHN2SjXBlmxue+3FmR9gCrnTYKmwpDUTPRbqIU1Tt9xQZr6yQh4cZph1LAijxcbz5b3ce6QZwssFz0U/85G7zrI0cyd96zWOwOpJ3P1PiosuvHL0Q6/AUzWE/i/EgAXVfSEMtma7DHsugMJjhRK5uc= Coefficient: COuG9MOOzI/18yIY4sNYvz/9G7GCwrMa48PQKtjj/NOTPb1+z3cuZCM57NYGYOBlEsj7rADSrQ8b/0lJph4qUSEefiDxyk0wGgmvh+QGPxNjMouqgy22Kf65k2NwbunBSo/ZrKpN0N6Pb06BRrKuhVLEw/Tvsfx/IrbhYFILLHQ= validns-0.7/t/zones/dsset-example.sec.000644 001751 000024 00000001230 12033057146 020225 0ustar00tobezstaff000000 000000 example.sec. IN DS 516 5 1 E9EAC4E17B2C685DCBF22768F88F53FEACC9E6C7 example.sec. IN DS 516 5 2 C4829C804FA64A94CDAA4DF4B518BC04EBA481F8E9D942BCF6D16C7C 990CDD7A example.sec. IN DS 1862 10 1 79ABD351E694950578C959D64EE5BE8987A5C33B example.sec. IN DS 1862 10 2 9BDEA651EFD16EF8F24F281A2D179B74D63F53FE943A117F7E5BEFE6 BBDEE179 example.sec. IN DS 44427 5 1 5A3DC3A2174039C0879C28713CC99D3939448A53 example.sec. IN DS 44427 5 2 2D6952FA00E1478E3DFF55FF699ABE3E1A27555194375CA1EDB756C3 BD1EB462 example.sec. IN DS 48381 8 1 99477B577BF885AB2512B8DCA052D7B71DD968BA example.sec. IN DS 48381 8 2 E5411AAE0758711B164730F9069CCFA3CAB00391FDD76D04EB3E8610 CAA09E93 validns-0.7/t/zones/example.sec000644 001751 000024 00000016003 12033056355 017034 0ustar00tobezstaff000000 000000 $ORIGIN example.sec. $TTL 5M @ SOA ns1 hostmaster 42 1H 30M 1W 5M $INCLUDE Kexample.sec.+005+00516.key $INCLUDE Kexample.sec.+005+44427.key $INCLUDE Kexample.sec.+008+48381.key $INCLUDE Kexample.sec.+010+01862.key NS ns1 NS ns2 MX 5 mail SPF "v=spf1 a:mail.example.sec -all" A 3.4.5.6 RP some.mail.box @ TXT "Responsible person" ns1 A 1.2.3.4 ns2 A 5.6.7.8 mail A 2.3.4.5 www CNAME example.sec. _443._tcp.www IN TLSA ( 0 0 1 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e971 ) _8443._tcp.www.example.sec. IN TLSA ( 1 1 2 92003ba34942dc74152e2f2c408d29ec a5a520e7f2e06bb944f4dca346baf63c 1b177615d466f6c4b71c216a50292bd5 8c9ebdd2f74e38fe51ffd48c43326cbc ) _25._tcp.mail IN TLSA ( 3 0 0 30820307308201efa003020102020123 ) delegation NS ns1 delegation NS ns2 delegation DS 60485 5 1 ( 2BB183AF5F22588179A53B0A 98631FAD1A292118 ) ghost NS ns1 ghost NS ns2 ghost DS 50458 12 3 2e40b2a6ccd2760ec70af69d1c144064c8931e53a6b3eee78bdb9e0bafbb9c02 ; xerig-bosep-kufot-datib-vucob-petin-toluc-gubuk-gidyn-faleh-fenor-ferav-lydat-rolib-rirur-rulab-daxux ; and let's have some glue delegation2 NS a.ns.delegation2.example.sec. a.ns.delegation2.example.sec. A 8.8.1.1 ; more glue bugs to catch delegation3 NS delegation3 delegation3 A 1.2.9.253 ; more glue bugs to catch delegation4 NS delegation4 delegation4 AAAA 2001:2010:1::feef public HINFO "i386" "FreeBSD" LOC 55 40 15.258 N 12 41 56.378 E 9.57m 10.00m 10000.00m 10.00m lets.introduce.some.empty.terminals CNAME example.sec. jumphost SSHFP 2 1 123456789abcdef67890123456789abcdef67890 cert CERT URI 0 0 V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBtYXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBpbiBnZW5lcmFsLg== alias DNAME anotherone.sec. ;; XXX BIND does not have those yet| host1 IN NID 10 0014:4fff:ff20:ee64 ;; XXX BIND does not have those yet| host1 IN NID 20 0015:5fff:ff21:ee65 ;; XXX BIND does not have those yet| host2 IN NID 10 0016:6fff:ff22:ee66 ;; XXX BIND does not have those yet| ;; XXX BIND does not have those yet| host1 IN L32 10 10.1.02.0 ;; XXX BIND does not have those yet| host1 IN L32 20 10.1.04.0 ;; XXX BIND does not have those yet| host2 IN L32 10 10.1.08.0 ;; XXX BIND does not have those yet| ;; XXX BIND does not have those yet| host1 IN L64 10 2001:0DB8:1140:1000 ;; XXX BIND does not have those yet| host1 IN L64 20 2001:0DB8:2140:2000 ;; XXX BIND does not have those yet| host2 IN L64 10 2001:0DB8:4140:4000 ;; XXX BIND does not have those yet| ;; XXX BIND does not have those yet| host1 IN LP 10 l64-subnet1.example.com. ;; XXX BIND does not have those yet| host1 IN LP 10 l64-subnet2.example.com. ;; XXX BIND does not have those yet| host1 IN LP 20 l32-subnet1.example.com. sec-00 IPSECKEY ( 10 0 0 . ) sec-01 IPSECKEY ( 10 0 1 . AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) sec-02 IPSECKEY ( 10 0 2 . AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) sec-10 IPSECKEY ( 10 1 0 192.168.1.10 ) sec-11 IPSECKEY ( 10 1 1 192.168.1.11 AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) sec-12 IPSECKEY ( 10 1 2 192.168.1.12 AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) sec-20 IPSECKEY ( 10 2 0 2001:2010:1::20 ) sec-21 IPSECKEY ( 10 2 1 2001:2010:1::21 AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) sec-22 IPSECKEY ( 10 2 2 2001:2010:1::22 AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) sec-30 IPSECKEY ( 10 3 0 some.name. ) sec-31 IPSECKEY ( 10 3 1 some.name. AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) sec-32 IPSECKEY ( 10 3 2 some.name. AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) sec-mixed-30 IPSECKEY ( 10 3 0 sOme.naMe. ) sec-mixed-31 IPSECKEY ( 10 3 1 Some.namE. AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) sec-mixed-32 IPSECKEY ( 10 3 2 soMe.NAme. AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) validns-0.7/t/zones/example.sec.signed000644 001751 000024 00000304062 12033057146 020310 0ustar00tobezstaff000000 000000 ; File written on Wed Oct 3 17:48:54 2012 ; dnssec_signzone version 9.8.3-P2 example.sec. 300 IN SOA ns1.example.sec. hostmaster.example.sec. ( 42 ; serial 3600 ; refresh (1 hour) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 300 ; minimum (5 minutes) ) 300 RRSIG SOA 5 2 300 20131212121212 ( 20111010101010 516 example.sec. d6r2aWysTHPUDSPumNgQFLx3OQYXZ+2AIr9j 0c/ZuDkpHBICcTorBwLeMlyh/OpMMT+WgCH0 EHw3ZXeQasOJGLGM5tML9uy2S6y5EzMak9p+ +7ELmZKT4CscbWbKTsTgo48hr1FqSnkdh1eM fYf/N7gMQvLhEQ9qT5YkoZWsG+o= ) 300 RRSIG SOA 5 2 300 20131212121212 ( 20111010101010 44427 example.sec. 2mThr6lTDEmr8SJV7zf0tmhZg6Pmt4qZfps3 aLEt+dil4jTMwP5Ef3ECZ7qqp6t1lZsQIhuC 7i1Cdtdh2oehv9/avJ6YdpeUKPXPtqNRLOWF CvDYC7uFxrNz9SVvgqF5rX4WCmDoKotrMTzx xkf82pul4AC+yOHRakn9xSa25K/um6Plym+K n42f6+nyOBnJYkLMPkqSYZGkPrDe3Hb5TtJb kq2OPVWEeIZZ+6xA0XXsNfdBlXCxg5GQKviK fX5Mb/ycdbWrW/Z8fcoqMXgJTBxQUHZrPBiU 81sdPQOEd+EezvS7xU8pJ2PBAAvJnQKinukr AlmFE79S+nHGH9/oxg== ) 300 RRSIG SOA 8 2 300 20131212121212 ( 20111010101010 48381 example.sec. Z/426gLAgDaJrlBaZa/UcxGr8pZfNe3Fx0Jc xqH4LbaV5CCj4Ifj2o/CKSJvb1X1pbmg/5Mb 426yb/JHvMkjoX8xf2gslK6ZGbV0kmxdJCX2 R9bKaJcpTQqhhHBCv61QjpHfOVUolay7t90i XWFiFbbMGnLPQ3iwRNQJOgvyPQvN8lTaQLZQ J1/O9JJ8SZbWns3y3t8eZgX5nTcpTflf4geW gFu/tjbP/5FFMjVCXp7Sl3ZEtmZJ0Y6/k77b HIPpPyPuBUrLy3nx+VAxr1Xla8TKmHKCwz3y 5uRnnzsccTPGxCnD559WOdvGW4+HstGB6uUr T/GFk7D+UbZ+sKZBjg== ) 300 NS ns1.example.sec. 300 NS ns2.example.sec. 300 RRSIG NS 5 2 300 20131212121212 ( 20111010101010 516 example.sec. mk5qAzNKZGi50ifn2yzaKgQmBmLfgEFThjX/ zUnRYbZQpeq7m+CEe1PeErtgyWhc/okLsEjS DrYGaOYaw5231Piy/auWsnnpP7Psk5mwHBOB gc/j/IGExYzDcpij5X+mjybYrD1QGDYkreUH Ef1aC3mo+ukS5kj3925RUbRmKnk= ) 300 RRSIG NS 5 2 300 20131212121212 ( 20111010101010 44427 example.sec. sjac4ozZ1xMIxxuIG2UkuBjwyNYhquV54tAW Ym4PhMEv5ledvrwKI8iDbiokQIm9CaJQFGeT Ld417eshOP+yTq7rhlpEx6i0FgHWmLQsaQ5c +e2o2i+Xscpeji72jX+ma/XS5sAsICFkBYSA D2T66r6h7fI4oZA35TRLjYKTNJ6q6rShFtYW QT3eAtAje04r2tUIw66BWpx+Fza7J0Ke19Lt NZ2jvTXzt2Av5slpfttN7EHFjX77TmThK2bm 5NnNRGiZgh99kAGkq2vFASHg7dBqJjSgOND6 oS3P3z/4I2ktvmEED9sS51HZo3ymTsoUteY/ V8KD2EksnsB7tikiGQ== ) 300 RRSIG NS 8 2 300 20131212121212 ( 20111010101010 48381 example.sec. HV3d5x2rjUyVauEuXSi/I4x92S6BhtEWEoCp Qy6hQOGGvP3Ifor44N/JR/ABde79mBruoBct bt4xnkfPZA33a0jQDaDSN2BN4ZXuDv0AJCPZ lB49YHrIttalqJFvpBoADvSCw+aFy5J0gIF1 viuPnhcUzNUdwlwEClT6YytTF/sgjJ/84xBB gFO6ea6yxgnijBBdR1k2qG0RCVSdt/2JmH9V PTOr1lyWscZlm3kDIr/2NTTqQWW8yHVy4qs9 T1naUjLudTdUHH1duRrZTF/4fuTM3qfTxZnY FYy5yUpCKWr76yEPwbPMJZrex7xXEBFVkXbA I8MW0oDixwLkJQXU4Q== ) 300 A 3.4.5.6 300 RRSIG A 5 2 300 20131212121212 ( 20111010101010 516 example.sec. A7Gx+qjWA6UHHbdaO/G/ktpmWdDaD04T2z0G EEbK+AHavkzsTVb5REycVTiqObf1czkP2p0I hVqg1ByKIxwtibKFLZYNUdZpbD/x01y61mZz GTMIpxicVAf9j1rGCq5xXzFtMecXzjXekL1m MgZFNAtyFjNIqe/snjLTdDtmRuE= ) 300 RRSIG A 5 2 300 20131212121212 ( 20111010101010 44427 example.sec. 5hM+WcceCLFLG7od/oHpxOeTOgelhLi/6LcR 2XnHcUXPoTTKrXt7u6qz3JGNW42pwnMkjLXb keN3leLBOSsr2zDlm3yqS3WIk5qGi1yUZi47 qQjlkVonhKtk+uuQsOMFc9tZwa1MRDTAevbM vhwLNhUNxbBaEyv+/eYGYE8poG70n6wLXlIF WTj6RcZn19lAX43oo1C66RZS/Df1RCCGHsRW t1RZFxaP1ca6HoZcajbRC4GoSTHdJcKYKnsU XIWeTu4JQV04QpXEkwvvs4MGmgFgcN3eb4DN CaeMjP47e6y5jgZ4dclLIQjusZKuml5XlY4L aCaZ4cailpRi2yxs/g== ) 300 RRSIG A 8 2 300 20131212121212 ( 20111010101010 48381 example.sec. PEwikVheEJgk4P8LlMnVIAJrps+r1tYv5kCo Xco+Kvl5zWWfMf1zPO++dzfPiTRLKi5zLGxN yQ2gwqsrkT69LMPuXCkHLmEU7jutFdvp0Ijr 5/EAAgAkHzztZ+hnHhocyz/5m6mOFVHjeMWO h42BgEJtyVKviRyQnFqpQXe6toD8iyIVYvxB WhIYsJXVHCrSOdVN4mnHtQGGZvghEw3BkuAU GBJaKwFntydvIEzMbT7V4NLa75IIcoVkwBN2 IV89tpNpkfBGeowwUOEeHDpssGleGlxz0PMh Sz/emaAVpVflNk/e6xPBukuNkNZPSG7/3CMR a5wjpVWrKL2gqBwUZA== ) 300 MX 5 mail.example.sec. 300 RRSIG MX 5 2 300 20131212121212 ( 20111010101010 516 example.sec. PzMCSLN/6izcWSw6OiWHnKr2mepXhdbu9axc k7jcjtoapYpSHsH7WZulS3vYer23/6i+3wJ9 4va2Qp6//T8nCVeRqCM77l06TUqJE1nWrd6i +TihyYF/PkVHRVa5P/jM1N4lUUL8vmH8RQm/ ZRqyUxsloKED4jC9BftBXV08ovs= ) 300 RRSIG MX 5 2 300 20131212121212 ( 20111010101010 44427 example.sec. lQ78l1vHHsvXK2L6SkKTF4qLTCd1ocHfi3xa OhaBPq49Ne9GfgHaVJJ05IZ82Jkk0Me8jhg2 Yuimu4VsPhBDsnzTPbltCRqact9VEYALVfnC 48QQ8oH8MxA/wqsn1ZYOV2jIY2Kn7WHlLvA5 dEwVi046muQtXjs6+dfdFX1DmIJJdQfziUNc X85yfRuDEOLT1/nq8lLhCnH96nJDnlBweoZe ReGoOy6PibyxsJwgikY4BvwGTnEYxy+3hOJ3 fXyz/uwNFj0tpUIrwU2TAIF4Qf9W3a/ITVX0 4DNicEJS/LshP0LZSbWbPFK1MK8UXQiFcP2Z p8FiScX8P8DELNnOcg== ) 300 RRSIG MX 8 2 300 20131212121212 ( 20111010101010 48381 example.sec. Lig+ydtxspyHq+WKajnctd1xlaU2Pq2p3003 y9ObehgcGNIQ/a4beo9LpwTRFEeY13FpEoun q3YLa7iGKaXGw0SUWaVFszqs36cn42i63iWI Gbu8UKq3lgpSDI9D8c4vMcJILkXHdNVP8gav cymWW6ADYhrAPsx1EdGiNAg9MeAjxjFSXEE5 ePZuI+Ti2dsT7FU9ywjSLg3m3mZdANlhKgeV EoXuqWQZUg6E0+OO/njWIQ9wIdnevG1evY8a VAO56h0VKszhaSfVH0J96QaD5ht5eo+nuDfz N7XmN8PUorC50oAii4jG5Z8xHIYJx+mim2Oy J25AHo3GwqXfpnqchQ== ) 300 TXT "Responsible person" 300 RRSIG TXT 5 2 300 20131212121212 ( 20111010101010 516 example.sec. uL9OpvHq2LolmTxs4VJtA5ACOJC6djay8Esw QBFSi8F8nU9YP4uGZs+sfFYiT2eyk5OHtc/Q 6NtUnV/2bawFxcMO/odJflG9AYMJ655ZyCq3 VPJZYbdk31vaC85QJ51znhEUACgAZqjJ3mLu zpqyYCQKLwksTnfUyyLAnbFrzU4= ) 300 RRSIG TXT 5 2 300 20131212121212 ( 20111010101010 44427 example.sec. CvHLm1X9LFKGDPab7nOIR828USwD96Zz/Euq z9lStbPMBYeO1S6NWQQNwpYhRwOxzKs8djk3 1O7Rc7iSNfCt6O4Y1tfwWymmHDvAGhnH+7tB +euwliCaUS/PkDqswQ4aL38sQnMOM9fHaDJ0 U9lzEMtrXaJj/GrOOak+6YQJVkvPpDGZBfCB +97SyH0GFSF+aeseWP5tF/4hCatoO7HgNyfl dv7HjxOrbbxfnfbz/jtHaqjy/b0Kn1tuQzba B6Mmkb9ShqKk6HTLbIvIoGggiwwYp2Ctae3l 1vj85EqzxqOJKgAzhbZUdPJQxqMTa33muFv9 szoYbP9eAtKR2g3LUQ== ) 300 RRSIG TXT 8 2 300 20131212121212 ( 20111010101010 48381 example.sec. kj4tf29cK7O98Et+3ZGjH1M3kB0p2GQfrLCh xm8073ZUHR/YGCkK4FwD9auEXnxI3jdcE8Ig sm1bsudUVsQoGkr6yj0cDQleiIjYFdgMzPVN 6RYeAzp0pmkswWek/owknU+zGgh3CT1HjMVW tJMdoKbu50Ddpp0Sypv9aSVGEz5TLx3fZHQ8 KXBmKejnJUYNVP5bp4YRl3fU7sVoNsbbEzBC 4RKJBrbMR1KTN6sYj8K2S33gX2YsVWrYf0JY NZrT7Jv1R8uUr1Y96YiKheZ/YythFVRfg0YY IHuJhsRLPk690gzc3N0qKJtL4D8sVDM0yhiL gQA8SWga0dpAdv9DaQ== ) 300 RP some.mail.box.example.sec. example.sec. 300 RRSIG RP 5 2 300 20131212121212 ( 20111010101010 516 example.sec. Euzi+ZM74PmyGGLmEfxKy7ZRPstTg9i+CQzE KuSeU//cH5MwHT09cApD0wtn1TzqGKxjHyHb A0GJaTh+CZyTIdcwEUFIQYWvZhaBCGgxE2kt FnYPGFVhlJK0iLZsI8u1xd0otGH9FFiZClud eS5BLYcj+FEJQZ0xHqJvm6cmO3Y= ) 300 RRSIG RP 5 2 300 20131212121212 ( 20111010101010 44427 example.sec. xlG494RbYI3nnLeicihrjsfGM6YrgZL90cpj i4YC74Ht4n7cNIyNWtjtoI34IRH+Hmq8VIpP RK/sg4AsZckowGk305hx4SQaCq5PF/Kivtuz IrCl+4IBWmW790nikgGpLH8lhnMvxL2WVAIP DttIyuoXaKyLDs/YwQCYUHFZzzgquj4Y7KPp M59WPwSbFm3Ogy27WCV6b9GRGUvw5dRHQVEu XiA1A6x+QCEvXkUYa4zpPGcEeTI6xsy0WopF hL7IcVcYvgZPfcqIAbzQIwdahTxm9Enr5AbE wtEhEqMQzFyD9KhAJqUD5lSBx0N3SLvN0fg/ iow7ittEfBPPGdrjsw== ) 300 RRSIG RP 8 2 300 20131212121212 ( 20111010101010 48381 example.sec. 1PuUTY033gNk9vpHYK5sQJ9XgRnxSAvT9yLs ZNxQaJOSbTh9kroRlcgwpsortYQoJ+djkEQR 5cpww4ogJDd4JVaAkLgWc8ysaZ0OCZW4uWw9 1uS02+JAwmmwV8BixLsdwZRERtBO4ZMv44U0 O1FFvQuki7nope+J3T5i/Oq41VNBmTlf5+O7 SbZrgcBrxhV2R29zzUrSfb9cNjFDlK1rHLz7 0qj3tMQ7egnF52BfWp6bNSNKO/TzRdMRTQdr xACu5DrvNAtn+KfcHJbOnxi/J1CYUxldlsj+ 8uaZXOp0E1n91VJOxsmITvqIjnQNnTOowR4I TPeXasEM/YgEV2s7rA== ) 300 NSEC alias.example.sec. A NS SOA MX TXT RP RRSIG NSEC DNSKEY SPF 300 RRSIG NSEC 5 2 300 20131212121212 ( 20111010101010 516 example.sec. QMOqzhE51+Qu/kdohzlVLJecL5Y3tsZO7R2P VtATsARKjvQm9K0yk6WGmPzD5QWzCG6N0qs7 nLds2au9p2JLk6UP1n4Ntzzfhz7+SSFFk5eq aK3KZnqRgnliDbG8acL8yegu9Pj4Yf8Z7UFm xesLGDyxRlKwdY18yK7Y0XHDkb0= ) 300 RRSIG NSEC 5 2 300 20131212121212 ( 20111010101010 44427 example.sec. SdBOjlTd+JdgOfPQMZau4D3wzimF+5RuGYS5 UxcU+B/5XZ82s+vZZwt9MhMynSnSU9mC4sLb B2dB4/OcmHkupLMnXlA2OR1HI+WB7DnyoSEq 7lHxC1CeCyQy2MlQdhIf1+KF2PM5OBOlCzPt B8tGVNsdmOUSmDkke2dA3Z3jnCpJLdK87mHJ CS5XFkYx5yAeWNGpH+ss1AD+OCykMSEzE0YS bOiF8XjOfZbDMhQ5QpfmG/59PWiYUe48V74l GOc/rbYeFIqK/OwOH06SVp3xWUz3hTqYfHfS g/+tLYTR2wSOIYtUJS2inPj1Nk1LZBFv4eQs dqxCHypwcHecSU4xyQ== ) 300 RRSIG NSEC 8 2 300 20131212121212 ( 20111010101010 48381 example.sec. I9fOKsbao2AJvPX5/Z0yA6/Z7nLbGxXKv9e3 dWDoTOiLQFxb/MGalcb3SlrX3eFPpimI9a0a 3zDriw7qI6dAFB8QAo6Df8d064qTjYn+CLfm LKxYqiM8qgoaCjuHl1DfAhOTRukER9lNFIRF GgKECf5g/w1x43QHtiDafbDM5chvMeEWrubD fuWQHKa7NrTbYlZcsS0oIyO7s3zff7ye8B00 FJwzDc5HsuxuOR19oQLwHwReoia3u5Sbd7v9 d8WtZjQzPOsBtkCOpdjl2KoKZEWsmXq5lVqN Nw4JWws0J//AzFS/7NR4chuvZOQakwXBQTa9 b0+5VH7K1fJ+3hHeNg== ) 300 DNSKEY 256 3 5 ( AwEAAbqjCxtmin71unORku1IrrQx2S49KTmw 45jnlNdreCH40YmhDZo26CMiVXbq29rvUDW+ ZEJqVT5fd5GrA1wEEGbrudd2LDr5AedBK7fY TsZf/LEm32/Bu//KzynrJqyB4HSN3GIPbp3K YyY/Hl7HawOvWAd+tUHgUtes4trE/4pr ) ; key id = 516 300 DNSKEY 256 3 5 ( AwEAAeluubFtl7Qtw4TpuZl85abGI+HXO4ag qzv1kSLQ5tkYFGdpZyZwQcBU2znMrdw03o6d GOEQi+FeSymycLZmtsKiODsHNwgb6qdxnYm7 +n3ZiPwVhMX3gxIG64FORibWcHAyBe5AAhQA ZIqveqjnY4gwdKZJSmo9ihXBkKS4yJ6Ulopk kSxL1Iq9oXvWrd1ZqjQiSmLF/3juvBGjHVP4 CbPiXZ70UDay6Ysa1to1tHZSQshkRTClB+Dc t8er3cZ1y62yOSbPK0SlouSRplbz+ezNyqD3 c5zvz6F2AcZ4NqaTZOMWZbOowujQj3FxElaZ S+/ughQZKq3OtMN8bqc0tZ0= ) ; key id = 44427 300 DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; key id = 48381 300 DNSKEY 256 3 10 ( AwEAAcZdPacjnWNuQKCF8CPmUW1/NUxI/G7x dbwrU9lOuAD3sw14rLw2NTzpbC/bubt2aHQ0 nc1duoK0x3DjhAURWki/1O1Yvr2ffQRVpWS+ WjRKCqTjuPrrdImeKdWEdnDl3l5kQpsxx++E IHrDnqiVhBHJdVB70A/I7i5/HiD8HgVooR3I XVyxbT4walrarrhHWEBcXcNbvadg2rc492wS 86zbSmK8iV1e7t6U5iBYmsQjc7TVhBT7xqar knECGC8L/9o/R1zfSzSN+ay+dI45t+jOOLgW p5gmjsI/mXhoO6GqX8rbZoV7/DQyAR5rATJH W1eausJhOgE2wBJgl6V0XbM= ) ; key id = 1862 300 RRSIG DNSKEY 5 2 300 20131212121212 ( 20111010101010 516 example.sec. JuZ29x3y5ESlDUveCcGlF1ki7x8G76Q73J+b Lpver1oFKaXb2sTGT2lCpSEXLZOvfzcRbiLs ltnRQVFxCHLCq9E7UyqtV2v+XPiG1sffxlIF MW5sImAVHUtA8B5YQUaXlaZfu72IybSBjTRc LlNzluvt+2izYodMmPHwU93zAO8= ) 300 RRSIG DNSKEY 5 2 300 20131212121212 ( 20111010101010 44427 example.sec. MEqXuKV/C3qhyFnTqEL156mdXrvwdHLtIMr8 q7wmtbqz1Sj3YA+lLtiaOUAJOOmsEmyuFuKs WPXpQm3E+ZHaRjGJJIQbF+96VIDFGW1/dVbQ NjZcJ5mnx9g7iRON01lBRdklo6AhrMUR6WAN xGD5NKutLCWw63x8afmvuKxVmuj8e5EAnTJa vAGyo3eYjQfsfxx5WfBmoOS6qJzvKVQSI39w UxJD+7IIkkeJUhw7mZX96R2QpEwAmFez5AaL dTY4r0ZWz/MV04BmlD2L60Kx6AwmeCBFSViE CQ+d6L0DIIZrI22W8QU/JuRoxmabAVl/krdx L1MDfYrAdHTd02ihww== ) 300 RRSIG DNSKEY 8 2 300 20131212121212 ( 20111010101010 48381 example.sec. ChJ4Dg/qFpmwnL0jRPMA2j8eF/RQwkqcT47+ w2+Gz7+MMx8VNrDBPhrESnhHhZCfzaXD1LeG js+E6aH9hWBqq+xMUMfmg4E7xpfvah5I0bmV MUl6UjMJxvAwbF0arJqMQV9xCNehiWVLvoUb Jg0uutNnG4Ibh1GLO1ZvSmvAH8O2ZqKoFM7P WEVuH7dZk5ag0ntnMbXFJIGXFxHuH4tCyvKX HrXECNXSYNqCF4jYA/Rhgyp51pHDkBd0fWkG mm1QuTI6480UpbtQrEWILfWhqUeDvr1hVkZp X7+csS4XoNsDw+HTz6xINZ267BkuQNCj3QUz spXLn5u7VmW9zKy2BQ== ) 300 SPF "v=spf1 a:mail.example.sec -all" 300 RRSIG SPF 5 2 300 20131212121212 ( 20111010101010 516 example.sec. B1xz1/k7fnqz+QKm815A4OlcDZNrzwp7th2l kBz/d/93+deCcLQ42M23E+0hKyvngUNXwW9A jKiu2bHXkXMCeI/GnMYhc+1Ix1+bATs+EUlG NMWLa7U397LDz0zKGz/JYVGRkcmByegwcNpU d6OJy5b5e+h1yrUe3Aoq8duvqqc= ) 300 RRSIG SPF 5 2 300 20131212121212 ( 20111010101010 44427 example.sec. 3zwigYAHYhAZ3rZMFPuAaqcYNhGk/NCFWh9r ql61/6VXVDpsv+d86aZ3QTSJsR5/L45LOPFH jEXJisVbJurduDwYY4kY3PYEO2JEsCUjlAgv /goy07OD32s9Q1pBg5Oy/Zy7iW6avl8XBt+z jIPJTr/RC4/gVd9enWGyF7prIRGXeDkEodRN EIQT6KTXkZlQtVDEkHZ8B0u6cnRKLOimI5YR Oc4vgYL5JkBxB9byoiGx1qnMZUHL3/XaAzbp 5IooLYdZ5GVXc2qB7+s96ZE/ajjfcgGHZ9Cs BuY63iC/CgHy3WnTlgsk3yk0RKNIyihJmO/1 ZqXwzcA8yKAePugzrg== ) 300 RRSIG SPF 8 2 300 20131212121212 ( 20111010101010 48381 example.sec. DLZEn+Zmx5mVgzI+eXQqXmLAM2L9NY3HgT7Y YAU7X+CNwPRgnq+8YgidqxMWYGkXPtYxUK8w DGed9wJ04MVkXMDBbBeVhNrv5W8S7qLR3p4E QqoHJ/Wn4DExyvKdHNar3Iy0y6cemFqBkDDF Jlr1k3dqcplp87exD3HHf12A4J3pMx+UrmiB u6MRLy4digMLtOczMCh35hLb3fGZfgGWCn94 +9LDhrZ/grIKAjTdA/knG55u530JNNECI4Fs jH8jJnIYKRmoIf708cKgRj6lQBBGxEAA2cC6 sBiLvAQVd4Hd9HOSNslI1CoorluqoP4+MPmB UUmufnQe9L5IQKgNAg== ) a.ns.delegation2.example.sec. 300 IN A 8.8.1.1 delegation3.example.sec. 300 IN NS delegation3.example.sec. 300 A 1.2.9.253 300 NSEC delegation4.example.sec. NS RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. Rlk8xSmdS2uySRkdoMabDVGTMUUp1OmR3dvD 6iUjGSTr2d2uPd2QFiC9vAqpAWSHuSMViTqR efUEID9kN4+fxhNLO5KWgKEVlAHdXDSZEuxR Nvu2Fmm+c5l2qtgkAUQTSnOGYfBO5GzJDdfI Jx+rGR5HeN5hVVGg6lv7Ov9f5vM= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. XvtvXlQUosaTUVQSILLs8B4jYUJeZTbw1YcE BzZfgpDX1L1E5xiX3l4NufSoT0dRSjklgZBb OT+I1VCW1VSpNdeCnW8p8DFoGtPOKVVPzf+j l6Ri+CSkEPh/RHVs54Gqa0ryyZ/cAiBPcfMb FVtF9nA3WFeNl70GTEzS9Awf9HYVOVQYMUMs x8EJ4CRFGoFfZ6i7DCyvDjCoWEMn2j4NQIxQ lBTwwNa0OWvETUrHXPoqBJUOk977caY4v6kF VcWZ2CPz3M2xPhC0KAeg0w6MFSjJ9QFl8I9v ihqkwwqK6CagnUim2ogkHpvT2FxzSMOFbjhU z6qsPkQhKTR0xFb7mg== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. sCgJzKiKChScy111zSOqwc8e61ueCEJj9kwQ GtSVRuawoSEbhCeqEm57UIiLLLJgS6Anc1FO pi3jJZLN+31NyYL37KWfhVMcVPsX4pDNpcWC yGH97fCjVxahRkl27z+PnY7Djhw0gNTh1uu0 kI/IS+gNEJyBjJrcuTZJz2uGg9oPWJ7pDO5Q mRSSH9QtBoXJpSOQdLVgNSwPJEpdjtTxyX2u uo4bj4+ZUp0vWhui/TxbFVqT6e+SSpf1uPD3 l4szdMOeRKShR9FOmiLagWaUifvYzK8CJyMe uMUgxGpThQSR3Gowz1Zy42y/GhYL9oSF8l9A srhegBGsU8fsvtdCGA== ) delegation4.example.sec. 300 IN NS delegation4.example.sec. 300 AAAA 2001:2010:1::feef 300 NSEC ghost.example.sec. NS RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. BTzE6km4v/GvWReP4VyJu6JniJ8xD6bhRs3w 1olYQgMVFTFiJIe/SAahIVAwDTkaetdCDNlg PchxgsMz2aXjUN46+G0nfCUUJRjqpTCo7eL+ o8PymQGDko1HGVhDnSnQc9N6tPeYuoPzQmdv CmAyeZEDj21/kQLp65SXVApuBcs= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. GKYRaMUL/c+516193mJmN/MXvDPC1e9yz7Nq moPOaQ5ufnO2Q5Qi4pJ14Y4+AtINCcJ5crW/ +wpLj9gU2EkUW1F6dLMpVCVESt02FGR7Eudt jSmzb6DnS8KA7xuTZ3o8zUR2R5IRfZ3ybLqL YXgKBRQ1wg/ghgqSgclO9fEgnYQN2XRkUyjI tsJT+PhrJeln3WVgHLgu2bTk7K9L/fOzlLgN 85YXduMwQ1QClYSmFJxFnOo/vQRC1WWatEdJ DEYhJUt/FxSaJHQnm9CgSh0F5TnK7dH0Xh7W 0tX7An2e3Inp8+x81bWZhzcyHF8eVreVn5Qb lt26wi1KzmtxVcVjgQ== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. lZhiAVNAi6a6W/z52IRv8tZOhBVejp/kt2Ja 3jUuy2rkXwfPTqkn/+HwUhjcd5SY3Xv0denD 0RGUPlr9UzxUGHt+Gek1UtFOdqIoUa31W7HT jvKJ53uUU62eXDzvBulVcAJ50HRN32AwuDRG CcJBjGBmdHQ4MzozKcjrheL8rQWI8tRFpf+C ZNdztXFlIX9gfmSqxroB/nlyWQpCpdH6cUMf XFMP9f5ya57nNsLjSzM5M5BOLH1oErSfpx+u gp7/lHi6ZbFeyvuPmv+L97NJJFEI1qKtsJgW bc8nDeUlhekc2drXx1g5PE2ebL9pZfZlcM/e kpUnN4+UGzuT9W5dvA== ) sec-10.example.sec. 300 IN IPSECKEY ( 10 1 0 192.168.1.10 ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 516 example.sec. KpSlwEIpKgLAMdK9Pys9YAI4OPPn00cfkGkx 9p6qMAKqE+XEFXL4D6TSEtLD41bzwRT0gLvA v5F3EyLS3HsBu8GdlIU6BBmdB1yjczZZ//If Fkost91G1fKiSu+8ho96+24b+vjPvFjV2vUF JO3msgT8dTpWqJzOLz7I6+jNwwM= ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. dJOh9zob/uH8nuSoOo8mPUjn/uZYQiNZJYaq pJnSPzukY7iMj7x3nwh5WeH+LeM5DmHL1NJB FAcTfff0sebc2yij8wANB8y3GiSqrhyZ0M5M 8Y55fltEkKxqOWWVxmqs2Y55YbraqU8ZgDZM Aa1q9PqryqFTglBFOGIgg1pj9RuAmFAdc4VL Nh6YX1NY82bZ33hXixDVIrVEDWC0vHsNlOlw oQOdHJ7nYAVraRgO+9xsADIw1E2DWRhqnFYv VwN03mA/uxzZN/SLlb1Oj2iBxmjdlygvpoxg P39ZuXibaafy91GUW3joqFeqF0Hzy9pnZWq7 UdFRcWVkV+sSj1rhLg== ) 300 RRSIG IPSECKEY 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. ZWm8NKCjhGHqDunPvpUaj9SN1oyDsmWNGYzg WzGo9N39n/RNZer7DBjMw4l8wH+FEhY4t5S7 fTwo7XTZsJN5m3XNUEwxAkvfgCgUM9vkXRPN 716Z3bzstPGtIw/OgeE/TRAw5AT8vMGux23v HLCXSnJNnczUuctCkdGo8lu9q6W8KQhX7+Jr qU0l8aG9NVMeBu2aWXgXYQip3eYTWrSyZ8Wg FUs7DXE3DBmRq58XoXh0MgIzR3pukf5rc5GD kuEObzDJPxC75qK1cRL/eSbp6ElFUr2oSvvB yds3b0XRZI7BAUVN8ltnADQW9ry3lrpgPKo8 gE20yxHE3gUEJmRFpw== ) 300 NSEC sec-11.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. GzCubAHFJNNietrSwG8jX2cc0496l2aJqpgJ iSeJORdmD+gQeA/V2PEFTRLr3Nsm5ioZUjy7 jpzDA4rOeYr+1MSGFVshbwkU9t0cFJDjupdv 7SK7jUiZP2nA+DW7WbkBdLkiQbyygRHs9dxF SR7s4nxwtI3AABuA5enkNdxikXA= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. Qh2siJ25dalVEUvBuGpEIeUtwWEBiDKU7Aan a1k0WIQYHTuxz7ZfykdOvzpskOnpx0oW3+fc sOc9FQI6WkHOm2KGItplPGDduriVu94X3/Sp hmcbKlYAjr8GfiaByX3NchFeM19WPIDJJweQ zNwlG11QjyHYtJ+WeIUBVHkUEMsnGjOf0qUs 6Aoj2sQHPBHCQM1pdhdPbLXbhNQAGMeZQ1E7 ibvzz1yvq3UHTVHuJ4DN/v6/OLLVlKo5sfrh +ouT3T4gD66XGBSVw/l8Ko96qb1vIuD6OnPU rgkvM0zf+AZTQ+X/UJpUlJH4/V0sNXE5MHNk bD5mxMTn5hFquFrkBw== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. OFnEW/+sVpTe9BjkTFAA/Tm41AMWpPRfbuQ0 rvQqNrDpbjTz/6h3zuK5AipTpsMSiBAulcXN 1J9931gvPzbQchshK+sdW1AFZxKzXqCQBNBM fHSXXibdA9Vxwl5RSM9jPbXbs3D1JUOzp4Wo vKmiykKfhpzpwHOUgyUNe0zPU8djmU+f13DK CY3GPChlFegKlP4ny3gDWv83DInzWhcHlEDQ j01CaqfcG00U8Wy2iwCg2yJ9Fe1G/rPlbFpB 3MPkqTe/BzdRDMI5CUSo18F8SOGiopnybSBQ 2gXj9Aza0yqzEkkrG9fPe2/+LloV5wIB2ZLw +DVxQs5oAgXc3YkitQ== ) cert.example.sec. 300 IN CERT URI 0 0 ( V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBt YXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0 aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBp biBnZW5lcmFsLg== ) 300 RRSIG CERT 5 3 300 20131212121212 ( 20111010101010 516 example.sec. pt6evtXXk5w57PADksQ9IQL6sB9ArHM4WiRM c0N5vqhvINsI8liUu0kK5bJNoi4NYWWP2LBz Ia7qwXAF+8MXIQo//msuyxmvT+m9PkU7cJO0 xf+ucjUPvRrQyFG4Ms3PkCUpGMLMVPU0Cuny gso0ZUII1+zyAys8/JVcya2/Cao= ) 300 RRSIG CERT 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. T2vPd8Emq+GLV2Z+YXv0K+616GalC4e2WCMo zhgegfAp2PSP6YBV7p0CqJuT8DRQS28QeUHF 7oSx5ru7mworccMz2e+ub1LU1b/A82AjK93u B6dJLuDs05Ry7m2N4ITeEpg+SJQY6XM6cMH7 Hc8kdKDs/gQaFvE5GGvxrf44Cwy55nEKTc3N +FS6v9DLvOv9sqWb7or2n8KUQ+T49i196Xym X9A+PjjbpJnYYyyjirTy5bf+yiPEaaw5C5Ra 27D+U5Xc3zHUQ1fdfzdwneS9grN5W3cubDcT q4CNUJw1CW2fZTiy7Pl8q8VWt2BFUhNkMBMY wm8Q9JaEWq6nJKA8pg== ) 300 RRSIG CERT 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. YAON8xcwfnv1YZJz3D2E4LxUHzzMXaviffHI ssGgmTu2ilhW/kEzAyA1W/tneXxeSbo34eF2 5cShVVtyf1rGkPARr12X6fcMoyvKgajchbnX kELM7p9GoSByZ0Wvtt9c9INrwEAUZ7ueQ18F 0nrmmbQZ85CWcoQSTjXivz0OB4Hv/AO3uc/O Pd6atsTME/NbZp3ef6BrsvK3Dwd34SvAZ4rB PGIow/34OQxn6X9xsl/ZcuHsJqAVeClwunnS ubzCypq7Xw8LPmeNhqs3cY8UADwolW2AzTja JzqUoNgghvvIRKOkQDnqIVctiM1Hz9aaEylm vTXPt95jZbE1U6zrRg== ) 300 NSEC delegation.example.sec. CERT RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. pjA52T/DRPMrLJCGqEzyLCO/SaeBRwUpg4sH ARxShCg4tG+EKir9yxWpyWWOGELtJ9KASv8y fX1GL1HJk4ahrDy28RnCPyyg+VNWBJ/VeNsO h6GapulUaQr2X9yjzgMdSQxrIjQuplKo+N8Q vERCk2ZruiBtIRJjlqrVqyFFsTQ= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. IYABQOLPC+Vc3vZnmCay+z+gSpURLJ1/KQZF 2UYNen+WGnKw26nFqUK14hpHQrIPjr7/Jdrk YIOaKzPXGN9ukFwvqN7tJdWgFSfAeWTD+xTt qEqCbl2BSwwj7E5B55A9Qf0oroGQPFjNFaCN tMxU5zGrnBTPI3V9YYRP5Z0mjVXuK8rk0UvB v0hz/yf6Syd6CN8XwwFKeSnNw1+7T2aVqUwy BE6N0YoNC7rIqecRH/D+LOV//y1a5z+PhZKg vnmGIX0GIR/88AMiyFTfiHcz0yhrp3kut9rY H5ttj7a1zzDodNVh+SxBcypXvXTPi6I86eZ9 QIheYpshZwZKDtnckQ== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. MhQocbBY2RpvUwxF4usqK8LQOnIO6dsg69aC lmlfDk8GaFra0v1JfhK8rNkbFs2Kcn40lAvW PZoZcqyFNkINnFb2jIAmqviXpq3GCiZ1aqjc yi1OF397q5tyPObD+GTUA5o8y2V0Lv3dyN05 0F55zKfJWHdDATAcKFeUVw0dwJ3bmyK9pJqo klFPmSUv1UYSWmNH8U8nAsSpD1PqsKt5TBdJ IegAdniWHh8nA4E7+kFnTzZR9hEKM1SpnNve u2WaaVhoj9oz4O5099MiDQbACpty1GIbmeu4 kvxLLBjMupCQ16ZPxyiMZyJ7ffkCA2xuk+K5 Teplxxmvi6xOSqjmPQ== ) ns2.example.sec. 300 IN A 5.6.7.8 300 RRSIG A 5 3 300 20131212121212 ( 20111010101010 516 example.sec. ICMMOdVpRiLFnHpQTp0aUCnozIy5/sol2coj 7rG9WGfuYkTdKKerts4RGeOM6/abFjNt3WNu y5nx2SXks/8hIpCmlds5rzoyAyuY/b5lUIHm uvw3SaXJDzHUIvhGc1/wxALr1AWeNaZ1vy8p nSULfblg5I3V6AZRfaogxB/vMds= ) 300 RRSIG A 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. lb2/hEl8HJWPyX96Z+H5l7r0IeaUByRweOgu 2pbKuYh2S7Vdcv1q2Bv5zsfevI9WViyMSLSU k+efrDgR5ufbgUY3Le5PBHuLtiDRO5xS4fCH LydIvmnakwjEPWvOwW+1f9mCHLNQTDwq0Wi0 v6i8R1dQoG3Op/BSEm4FdGot4XTCb2yRBsMO JeMIJPyBqz4c+bT8iyIs918TmX3PP+X2Pvsl Zj7stKaoMF2Q1o7lPqenP0T8Lgcv6qi9dprg MKBlnJF5cdmLxd2wcZxOQ8ww9kuFyvjmgc86 50D/6j+A5n8vAb6mNILOOyadZpuMZcrMTF8k acAbaHMTNor2Qr8qzQ== ) 300 RRSIG A 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. KrYCIB8ggOh5gtKPX2evHxF4NB2KiNmyi4ED 85lENFiELYKzjmNWL5102fuzNYrRv5SxD8LQ GOVYuVr5UJCZi5+Yd7xFkH+PwQph66qzFDmE QY46RQutcGfQWMv56i5DbWkzGeVtkcjz/tCR TR0V5zmKLeTSGLcj+h5is6i9DotVuIUdGAKy 78Evw/vI1/fziFEzmu6mezKOmP1OGL5t5vef UzwsKrzjJ/CcmUDa0bvdqC8g9lFQonyWjZ5+ jNool3BlOagenp3sf/Wqi/ynz9ceyjdIPp2w ri1d63h9glRO8rjSI9uZc62V7zQBVaxTf41B mWWRxwvlH/0uGeaSjg== ) 300 NSEC public.example.sec. A RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. ZAsEjaw6lKdmJ9NbA0NMu5t6WpKgVHNxiv6C 5MyZWFoz4YM9b1W4SSiE0vLTIA8b8rN5ZSKt C+p0He0JHemfvVTqOVzG09tMn4mbcGkVtR0q U2NrWhv4fsd8U/A4JYCj/6Fu4LlCibs+OiFl D9jqzVZnXDiOkLF1YRdYq9+I7eY= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. PH4HOgBoQ09HNTJC/hy3UXF5JTqvZvsRHMWM KKswm6DqXseYwIqitkphpPesITgvJ6n2qZ7L zCUZsP+jqwdTgovdnEKy48CwBkoOl5JkfbMe T4hCXKkAjhpTiRDsx/r06cmhuhrRYmFcg9lL JNuafIRcRs6FTRxUZ2vNIszr6Z2BF99TUZt/ 2m0qNsNgUAwVLsjZfZ73c7xj59PsnpoNQYIG xJHeLKHzqJrknjMNyxccVaxwbXGrnFwr9PMR jY4POByMEETSbqnbFIXXkd/9kuR/hfPDrq5x /pJN9ANvKdvn9Qjv1RhaV8udDrrbo2RfpVcw hxnz8/HbF0e8Sm0JvA== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. clHfGPRzGw/xRBY+DQvhN7O+P2+RPoIh6RWu vOKwOdlWA8UqNezcCkXl8qaQtkymnYF2GT45 WHzZtIFze5Gp9cqZBAsvP+jCH4SKLFjiKlqp JslDZ/pzczHH1kGBjQYI6J33ra+NcLNTLCmB BhTxjaQEEsz6MwovO/hTJwSOW7Vyn8MIehXq vTLd28+C6utSo7K5ZHuAzHt9IRbDsU9YAvvR PBAcxlCAEfGAyDkQnb9iO0hBoliBYk1gA46D DtGGnLD56Foq9fsDyd/utpJCVnm4hcMxpYZL oixqj+yuJsE9lCvJ8Iq/sRNXoncVMaHKytQZ op68nSl4wjGVTaynkA== ) jumphost.example.sec. 300 IN SSHFP 2 1 ( 123456789ABCDEF67890123456789ABCDEF6 7890 ) 300 RRSIG SSHFP 5 3 300 20131212121212 ( 20111010101010 516 example.sec. QYsD6dLwQr/nNueJk2KCASuS3eoznCwzDx6y KO0V4u4todCLePjATKK1cnBK7MmromFYsXJm Yc+dhxuCePEfGuLhNTK19BOsxCrE40tFbQwi CUXiaLDGcBDP272ZblupMBOZwSW3zSOOPBRy OdQ3XZmW99zW1EU7h9N6L1gTkr4= ) 300 RRSIG SSHFP 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. tIyrKKO7BUv/2ZDPDVygnEAORmjXFdJ5Bx0Z l9Cy9L3bPO98nKqfY6Y/H+KiMP5INZiVVraU SlvrUilRtqS+378Cz9+W6j+h0Ks9MsnLKjjl bNjq8vyyHlF6ePvX1e6TknOmGbY4dRChGNYQ o4sMti+kgSGBfMlJxeac9G/wNItIE97RQZJZ FNln7Y8X15uAykkS+suj9dcjp/4hmRP+sFdu gIw+mhkTpEL6UiCWCUKspuvZ3gMqUZ//eHo5 6GEm4MP3J5/qxAU6jgS9gdUTqsHHEkkG0j4I HSJ0/UBjScFEcbrzVTN34GZOalOMzKSajWrN KhcO20QJ3EZX4KOb0w== ) 300 RRSIG SSHFP 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. hFLpGg+kZcu4KmBBu+3XxMhIEVMJcpT83hLn rvuCY7t5KjSVAL6aNz9pXNBky/NwrrZnMvHC eVaUpPScQd5KQgWk6J+v5MkXXebwI9OHijoz tQuOsZ2ichXImg3gGV1UlNIJl3kVupFl6ksd v0KugP2Zy3j0invp1i6fBKkmTzRcQeK25D3X C7nlOQE+MSaWbmZUA0fNP7CN7VEA1mERG7IU aPFD2J440+UcFqdBjptaHe6QPfQEhGCQVFJz zlmiTTFqKD13W49mxG7WiXwAI2lokSEBdGuL kNtZ8TzSnTa5pxcmwdL7Vm+loWMtcLX6yevE bjNdri/7I63cdjNLKw== ) 300 NSEC mail.example.sec. SSHFP RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. mDFUVHLN2In9NMujWNSQmCj89ZvjeAq1XB0E RLxM31u5tKBiHoli3ERvnzyipRCoAJEZUdBD tvUn6pViKDVauzz07udN1aRb8q2YtpLL0voQ nmOjDt12V6F88noJ0e/mKWkPTLXUWdyQdfSF h9r67j71m1TKvJpANhOVGxQJjBE= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. 2vdtMDxoH7jVye9QI1q90PLTJei+eGthS5c4 kY0ugVyAjXt9RxP9fOEEJ++68i06AxSA8Req fC96a4zmXF1rS7HMgEvZPLm7tbpGGgbPBQzl 6kZDo0+GFTxGip/+/JPpaPZ/57Y8fE4i5huV V1RA8zK8qk+3YUlA2ZhKRYCHSiluw8ZW6yGc tbc6aGTsyUVJeOz35NMTjHzzzR5PFBnpBrFb H2Z0Ki8FLmlzabSiFU9frB3KcywEYb6GMUh8 Mx8fKqDtuN5bFaMkXCq6ErVL+fqOIgbiP3zN dxoApQDgVfCNzLyYjIV8qbbwKt9wyCFF327Q oV7HwBi9S2Zc50FOCw== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. pH+Jpizxt2muvutav4peNtbvZ6Yc3rlY5JWv Q/iWWkGPckNdTVpVKVagpConJ6A+HIPDIloA L7xlqGt9yNstVTpdiH38kPDGnLh3XajpzGYr I8SULlm5J0TqhfRL21/DGGKrIplvYeKmhjSF w3/5Zy9jKApUNnaCbhc1vKHD3YUdcBtVLsTC 3gmsxYFlzDa9kkxWe8QCBLAQk8rV1l8eyDM4 Rs+2cu2rPCn38WgJ0BZjLZ9PKEdJj5HkBxlg Vjxhe0AkkC0wt4YKUuPsdXD6m6xe4/uNlDHO I74/mJv5/QtvV4l9nnOQHO8TjQBX0tULJbv4 XT9vqgnmOS+6E53Law== ) public.example.sec. 300 IN HINFO "i386" "FreeBSD" 300 RRSIG HINFO 5 3 300 20131212121212 ( 20111010101010 516 example.sec. I2L1GMz/QdXunU5X/NlLYjJUAhuSf/exz3Up tZjhRpa0DCVjln5lB2mNaEZgtFRf+Swliwd5 39MmFekS+EmGkAMm7BXs7rFQmZX0ZqmqWWEB DuogWsz/UYyjbiqTOss9imEVSLToJRQuhT3g 2IOdXXLYlxBqJAmzmfXIjIAE4B8= ) 300 RRSIG HINFO 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. r0uQ6pN8lGukI4BbMiO+o/AFrfZz7hHmd1Gl IpzoEkHYFrfBd+YY+5EopEXuMOjNZdDpV+w9 GSphd4apy7+4sElO/GkojFoVJB3blaKHPGV2 HtOfd/KUbbL5MnX2Q43Yr5oyT4c8pa61FS2I C6jXgK4dH1sGmFRIeDRXJf8Z4PEfKzbeKBWn 2dEoi3+RqW1VCwWjJKgsxzGtdiTtpycGBeW8 LWi8BkODK8bWUACPXYL3GKFF1P1W7DINem+k 6c2cg+jv4Y/eP6zcSNW8JaYC9qOHsbsdgzOD TgZDy1Yb32fT7MKNlGQM4Bnso7GyFrFO8UKx vk+TTghWJ6BBO7VpQg== ) 300 RRSIG HINFO 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. YoUwsovNaWepZkb5ZZqOD3dAg324vE3RsiFt ADNN5e3ncGdndPOZgZkfBP35+gOSjzwerV4I wuQr0hiNEq4V4fkTrRLt9YOi/IJIAtTBdsoo S2nWV4AvWgFPMnHOuLI8PnyhwV84XKVneuhL qwaMvL7X+2hXQAaTDTGRv1AhYa+fMW5KS0gy 0usgiXymO0lSsBBk/RUy7zSwNHwFRcLR62dg IiTx4Lr8n8WRwKiW+DXTukh7jmV3Qw+Og0nA d+weT5bfDWFJPk6nviqv/QaTgxLFyxvfS2wZ SqqIHnFaLjUZ1xr0F/t758jvgj88k2/0Vwn7 JVpQNqKvLySs1yOyNw== ) 300 LOC 55 40 15.258 N 12 41 56.378 E 9.57m 10m 10000m 10m 300 RRSIG LOC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. MJOPY3fLg2RnQv9gJO/rNJl5xaUmbmTICaiR qS6pxxaq+aLls4wjON0hGsGlC6jNg6wB196t Rlsn8kWLpAqn4275Tje2ktZh2zlpu1xasqXS OWfU7wk257ILPA6fgjpYxl6X0cztIG8xx0gm eg/NTrtKyLapsK4kI4Aqs88Q7yg= ) 300 RRSIG LOC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. ubAmz3IkN1ix2d3ZME3j3+H4kJzy4hO0+EwC ovftuwHEK6sKPCeLjQpY52kcOIqirP6uriK7 RJCi67LQbUWv2cgqD5OGMTaY+uBlUBpwS+VU W4HpB3XdpU4Xk3Z8g21SdJjjnI0gb0+4QVPT TIo3VVxbDX0IoKllrmWFrJ3kHP9sQ9mYkzNn azFZZY1SHyxfAhfJIBmQQWS+9fMDb94lgKl4 iGX6b1tE8Dsx3JFem0H50q0g6l9BCQM81cEu Nd4MviGLBjxCwdlx5qwaWQCAuIsM/cHvZUys KQcjXYtv6w/IE9O5VfHDSAmQjC8B9due3Ovu BVoRK9OhkMT3B7ivxw== ) 300 RRSIG LOC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. LELkG9RiZ1djrhBb+a22csXg2Fe8KrJ6aHxt zMZIgMGak4d28fw5lPHqT6OI4wpbdvZ14BJr tyWQkFFL8MG4pN5zYm9M6xvarGDhPOh/RJkI fa80OkjVZRPNESoEr9Ey3Ete5Nqmy+GS9q70 nbMnRahzvbaKN5+xhGJLHmwrhLCmVjkJlZ+r P7ouSVX+jM0bk5ETPGD8wR0KCug5RSnU7CmR o93b62uOsdj0LPQ5L4li0Ab8FLDAepqteXMM 2/EU96zhPqU+tS2AUtUV0oUEHMIxF1XABPYL IRaYh87OmYUTxSnSk2GhEt/VjhmIirSM54on DZTNl9ARvl9rnNUS7w== ) 300 NSEC sec-00.example.sec. HINFO LOC RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. cNvVveIdAIk6aX4cdyIB17xFY5I7dDV772N9 qTZXgY9gxGP9wuBHWWg2QoWY2BUijbfCNkZO m7M6/JPqlM8w9Dorj8izswb1MApyb1nui0TW XB4gjQ/2njpYpyILLTj/zSmUOzMR20imIbDk yBC5KGOdg5BnVZdSrMLOhGoaSVY= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. Jy3NTHJv9hVKHCdNQRgDVaj3SxNRS4gPhhSA Xmr+qsepchfKDbymd6mKKyTZV+PLRTTzpmI/ w1BqbBQaa3tbKen8nvyr6QCCcz1zj6jzzlmu lH4DwwtuTgPJdx1qvEmxkc9sUWhxD830P/8C LAaa/LUz7x1alb+6z/BcSuQBzXh8V6wKFq04 rQF9k6cBvhRO7vQF4Neng2X4oFzOyr3AgghB xzDWjxSfiWVBirtHtRXvsxzt1I6TQHTAhLHo dZ9pq+DjqUuG4Gq0y9GNFWLD1fOwkAS8a4p/ utLEbZcaKQnT4+FplBbEjTzhg+GezlHfXD9T 0ldcHBWHhOD3rAgdYw== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. WnpXDO61t6Yp6ImlekWuAUaxPtY9/qfHV/oR 0TQoSYfLDB/wvl2XKls3x4pk2eoiLxSabW3f vt31is7/XEoGX8qe6/WFjuO05GPDEA651oZw mF0MfWlRwIC5awKuKts00RyUeARZRFIadBjl Cfw7ooNmjYt7vtLlZEHI0Z4q7mkftNVCbe1f /UprzuiFcUNgUmMRwkdXoJzA5K0SzQRYUX2L C3J0kfUKX2tcYVPBnVeISnHYk2NnPDMQ1rQp bEXMBAs7vUCILMy+a9B529dbnqP789WRvjXH 5cm3t7HKGHCYOZFjboFQdikOB/ZxxzyGEjHq esDyGuDRhZ0TZg55jg== ) delegation2.example.sec. 300 IN NS a.ns.delegation2.example.sec. 300 NSEC delegation3.example.sec. NS RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. gJBgIVAcarMASDLX9Y+rKs9DgplfQ4aNk84v VeA6m5euYoydOcdFukQjI8YWnBNH8iyhWigK ECQUcXepshv8fvJmgOT53ViYKl6TqQbb3lxB kKRUC1YSEXgfaNgTDQb0u+jhpRdAM1rQT8yl wHrymc7ai12VcE1BlDkycpEmMPA= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. rpPeTadaekGEK6n6JQ8AYGPK3TQUq/b4YAGV EhYkm8/PvIDJ+WW6K1q0KaWYShcqaQx3+KIl WPa+8qrAxuDnq5GUor2swBGbcREE6/0HtqN5 4Zt6prOPbtkHqS5JuD5qcWtGr90L8YlQBPCH yA2oFIYVrk8Y+2Y7QWDvZ4QF1y30UEJbDNmB z1jvJXVP2usxpnV3GZ386GbcVMlwy4Y/oMsC e44QYbJiFOIi+SbU9YyyV4gCpa1jk68Uis5H oPGNpPY+Ous/aPwmSvSqihYewdkOo7ZQ2Q1R 1AfrtStZkRIAuJs8yNkU7OI9p4+ALlSjuuS+ 80keYukeFWA3MVQDkg== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. QbsliG3ruCaggwt3mbqPz2zBIV6ByfeU+bF6 XJMkOYQ1lmW4cpWKZl31/8p4V1uz1AZVQrhn AwDzeB3i7jCLXQy2qfbWF48cQ1SFGThb8wlk yXA6H4epsJsbD5mgUQq2iZrCh1kGwchjZeG4 oAunbST/ySe8H67eDaM2/Px6A+yDBJOPsq7W zIomwqWZY4t3P0YsNBMB8aYpy/bUq2EuCUUY nBxIw4YePP6afUscMmXE5H9dKGD+bqotTDzQ 0P2BMX5u1eaMaHSV6KNz4qi8pHs92wpCeuId TExOtqiYY5PoSFkZPqtN84TCM8Dl/KwN2Axj fWeiSTuQQDEk96ACsg== ) sec-21.example.sec. 300 IN IPSECKEY ( 10 2 1 2001:2010:1::21 AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt 3y6xImvMjRqcobreI351nbop04aBtP7o+r0z rNQmy6FqkPiI657FMEdF1cWJ2Q4lA0Pymgq/ BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vc L17OvU1ksLs9/9hhAbYYedmbAAGmAqfICiLB dOPCbhsCUyq8dTa0FaEinyHCJSHJWVZ8dBpb br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 516 example.sec. fSYjY7pBKs3R/VAygd2cpi2WBJ0Oy1B3FuoQ neFUtdTzNzMNu9VkO23ppcHJxAkDtnt3sYFD m1rVZRmoKNOGeAOBH7sX0DrZwdLLuaa0e1we ZBA21vl3lQoi2FIjzF+8FNv359J/fYMFXXWp fh23H/iiL+AWaex/ODb20B5gizs= ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. a5rz9sETWXTjvScdN0VeNcfvlnj523wUBWI1 8KyfbYbH2Qaeg6r773VW90zDSe/dUvJdSE4x PQ5gJ6QWrTiBTrOrmg5xSkNroJZxrso5fqyC 42bHtwRK0CyMNF83k0T3ruY9rGmRm/EpDk45 /hdh55Q115OanjBwXSDtCbSwYjdivM4Nm5S8 MGWGMOQ1RV3hX5p8KvEX5CQxgV31bcCXcACf OV16ZeN3T4/xH2fMAQVcA+i/6snv9on4bbCz rOg+2v5LVrcnHEA3yNCN0GDEQ4z4IutTayWK Et7EyeCB7ciscUEeByZ55D5T2pjSYyM5qr6a 5a3SldG8Fc8Geiy1xA== ) 300 RRSIG IPSECKEY 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. g+tp0dR1FQiVo3uwDSJyr3EZ/UG8akT4V0cP V+5HEKiJoG396poqG2g/gtU+Vub+K2/SjR6r q8uEiF2rKRHN7+Rm0H/OV44gqBjzMpMPe1Ls UDJC51GUTw+qfaJBNe9A0WooF+Icolh8rxwH UbAoyviYmYZ4R5oV/W4NHTaT5+5FP+szh2pj lpmh4mkYXivT+43tVDBBB0RFjDGaD0Y32eNg PWYjURwb9NmbZHGMig8KP4X9xblaRCjYiB17 mhFMwQTtO1zxczp9q9JAHj20O8oP1JhwrEtM u+VlDmkUZpOCIg/tKW1z8JMtyP8CrEFF+c6i +WcO0OU6hJRwXLLDDg== ) 300 NSEC sec-22.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. toAr69FNO2wW86fa8yywBWwoeQBF7PCkXMb+ HUMGcB5wTccu053XytNLIouSMM2KN/u6zbN7 jliUMnp4ePzk7e3Hm0Fubdlu8CHZL+IO2eZI cT2FrYhwj88X5bNPSDGRrOTpJHhLLCuaZHL4 U2oKYP1CUkhHY1Q+4Zq5C+jqfbA= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. Ni3BrdYv0atoIJZbIeWewzn+CIvEKvbP+0ey DiSwyW8JVCr14ccwjEumJRrASEBeRlEAhFrh pBnSRG3ALzWcJ8A4t4goMcU/J84CmDXJ4kGP lr15x6h9PF/IEu5q3XXyXBzuKz/wBy5Dqpax ampLzuV8cLJnqjfI2PCzpyBHp1Byg4OstdEz teab8lGH6xF1wjZOVw65LfvaaHJ+RumbeQGG 1pseOtECrEH34d4bUaJckjwF7zEECdDXww0k uPufcQiwKWITSJX12tDxT4uWFjKL49dfhvK3 W03ikUgWF/8ysgmM+ZEV3PALDjYj9RQD8WW3 nIbOnsuwoHn3LA/oLA== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. GLQu8TEo28FtoQC7se23voxTm9KisgW6DlWI tl9/yZWG3xkZDUirxCer3V6A9a8PNuGxqqWZ /NTnkW34KE+zrgn7ace9JuNOHsIBC6PLKTn2 bVnT09VbHZg5USwcCNshkUVon1OMFYaTWmiG 2yVeaquIIsptRZETiwO+aU56gfKFlBKOi4lV bwclYWsGCnXGlGrUHzzRAJYn6rn8KEwThuwD PSAL4YNGse7x99s6UIe+U1bILjXTbn5p0ShB K3D8eLzCFn/pyJdsRRRL98LfPv6Ayj06ew0i keePh6vtLBZsuhzHWfNnmFyjDXyUlKWWXM8U knVgoetcbsQlwx9SpQ== ) sec-22.example.sec. 300 IN IPSECKEY ( 10 2 2 2001:2010:1::22 AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt 3y6xImvMjRqcobreI351nbop04aBtP7o+r0z rNQmy6FqkPiI657FMEdF1cWJ2Q4lA0Pymgq/ BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vc L17OvU1ksLs9/9hhAbYYedmbAAGmAqfICiLB dOPCbhsCUyq8dTa0FaEinyHCJSHJWVZ8dBpb br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 516 example.sec. DPBznrHp9OjYamMc4IRLArzICp68KGooMaeY ykqUmoRsjxenUghsUx5JD4+B0jiIurRdg1CO G2geQE7OqNRJCafkpOAgFnbnJUkQ+ywANNHX Fh+bB6FKANReSVAZTOF50EOnIvaUZrCHFjv1 LzwZQ2isvmnJH9O2aRvyALzq3bw= ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. M/1XU1OsODHwLoiShownZwpHaY4TjVFJGqIt B4//pdVXEAEi6HxEduTD4G4RpliD6uDJp1fb iaRK1ge0pLm7RKfX3/1LXq+rMDICjrn0K2Dx c9VD2eJE5iTw3Y38O/jygrPJfx3bIQZ+kIHS 9ihkv24x8oEZeQdeFv01Vsi6ltI1Hsk79fU7 ABrmgukCSWcgPLHy4NIaWN8k94WzXP1YpqMc tdEPVUomubmiRiIoeJ7qElh3QCaB7T+Jm2J4 BSbqogKP7OT7xeG/kUY5C2Pz9bblIcEHvxmn 6uylHxstrY+UCGAE1kblo08JTIF7+929TzrA 9+pVbyHOARHK1QaQfQ== ) 300 RRSIG IPSECKEY 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. uK3g6csiLlUJVFJh+6E8Z4uoU4MDdN8JJDXB hM1/w311P9p2XjZ2YxxHhVrJFHBOd24YlHH3 ax5DgbafCb64V5jT74mWoUwP4eIwPSnhrrPP zY8EtD2RZvXNKeV2ewH4X7jeQJGkYIhZ6fjl Fo1hGDiK0pkfhXnRWjy1DdeQRmXCXz8Gl6K/ ooM5M96F1epHkII7mgfgzEhP8jeyB2iObQcT qXg+1FNYMy8Xi/QHijoA/i4Ghl6uU78woWSn G3p5xWlE/LXAZC3p6snMooszsnHsZGqftOCA 3pLpWBNpB2jjferTk1uBUMbXvDJ4rK8iyCDo 0JghiX2cjL5hRZWgsQ== ) 300 NSEC sec-30.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. CCMG8j/Zn8WRlpLpIzvD0rRnzmyA3MtWRIIZ zMAfZT3Xz3VilCNqfIFCYrlTeqgWc0SuoA7K RXWQt6QRqbom9J6PNjp37ox66alH36HVhSrx abXHBZiebub+NXCdPCj/V9qURu67ahkCCe9o Y7YeMDjXBaMTFaXeaS0ItTf0Drs= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. TPqr8d4RgEYJM3fRTYA9O/1G7h92ncAu3GY9 2ng97HYkCvMH0t5/EHw9aD8rG2/lIpFX/z4R HQjGacdD/pyjtA3XXncA3fZgNrOawbn5Mr4M i1GUCWHRTe7ICODJhyQ2LZNUcUOZDArCX2GG FyhR8ji7nFftK6Fmd1tZYbx+gfSkPOBQdkzV 9ReDwGcvyyaWaI9TVnMfBpz8SLWVVyE712hN TveJtnTzLKveIt/j+YK4rDqjPLDrfHhzV1px ieReBnmfySY0BlhEeIaIgr0AVBU44YQM2+zN 2Bmg+EU3gF2Lo+uRWpOxb4KwjJ+O2Bl8Zn8k uFyVTUuzzaPyRcWuZA== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. mAq+NKB1pZIGIa+om0ten+q8Dfgju6btq8iZ tZ/Dy7sGLB1EiswzxhQv3VAHM6r2RBo2NHOT voi7/YpL2sYeGQQWo8VXcDUe10U0z4pNX5Ir mo14XqBOaSi6sF5o42Et/UpWbOJYtAOnLC0m onNIg+01yiC4ydmx+TfoX7nDU84EFY8tv3Wu eTzoQKfQjAGAPj76ZFrYhcnL2WLsDOZ9jBMA 0MF58GjuvuCSvRo9YBKsKOidD4rOGXZ7nAGr VL1654pFWfiWJOaX5r9SckECPd11CmKfs8hV bZ4GlvaGUQ0z0WP+ziNPz78whf/LK5bJbAvh /r7PmVJp+7UPj5Yo5w== ) sec-20.example.sec. 300 IN IPSECKEY ( 10 2 0 2001:2010:1::20 ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 516 example.sec. NiBvh01OkO3NWlhsIaIWsWKynFp/LBz3a2Q/ LKcY5WmoDCHlrfja/EugCfz7WceNJMWi0hpC za9g30ScTl9pu3kpTGux0CBgl+zp8yTeRkKc pm+lWmIrsdtSLQ24iU7j++aJCze8XmaiuyUy M0OuV7/aCzu5nFsrGHbXekc+vkQ= ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. uJzUXDXm03MnakaOxr4w95bkIXHRkc7gFT0x nX2QCg0aLCx1QzQLkEDwWXMBv9pO/1ghlXfA Jo8lDD2znk9BBeZPGDHjue0af42aqVvvkkt+ IW+xkfv9sicN5OJniOEhjAbn4ktV2xaR4p6p qPke5iq82xZN/VOEaiZ19X963pvIxsN+xKZ6 MG0o2pFWC0stmTn301Uc+XiXxDRV9KwYxGAz WZxKcVdSe9IiEvjF7jL1LhtP6hGMqWiW1u0w qb1IDYxWZ05Zdd43On4RVinRH3I1nEB70pt7 N6MU5Nu2HgkMg8vxIXVa7SSsOZA4hOVWa4PG 15ZZdF6tblMV9L9UyA== ) 300 RRSIG IPSECKEY 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. TusajDCJ/EXEV2jPq74PBTZc8y9y0+9U4AVr tVRuOmUgipxnMyGXKXltP3TUZsma+vNGtYDa 3/VEGHXpJmEtV36JvHwt7+ryqRK0epCNAZii KErK67EFX12ryC7UHuuiaMabj4XNMKACs5RH e/Qd4+7ZbDWhGXNQpuPD1xTbLDHTYLzwuok3 m9KuNXAldWxlsIhGral36tlub6kqZPeUcwnp EUysLoTWORPWvMjhDFpTRJdC31mkVCX0xx0s nsMy/CofukE8bMHDlEbJbmVRb5l304U2Vesd ojSftzBxmfqgB8owQpnnwHWBDSgzdl3e0o1g Tz6zuJixEyyCLW5uog== ) 300 NSEC sec-21.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. OXcYEKbYrcS1F3wP/tSLmeEwMlVkJUGm7/VS 6bQmCIEpDao0wIk7rDoLmnyJTPFXpB2ttxQj Zp+/1YZytrt3zM/TA6z9R6kcU4mm6wH+vOVK QiPA+dinX9uQVuR3TnghDFXLyXPVczlLMKGh LxXRXItQIo+4wpNswa8jKOjFmYE= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. LLf2mxNO9nlrxH+I4rI7MzdqwhrquqMGOCZm rpFHrvZkjyuStc83FPJuMzAxIBk3KYfNvrHu z3fa9MJcbZKzUdFpnt8gXx49CyDm8E7kRAYt bU589O98nrSkuqaSj6Pd+0DtLgfAFpaFjz7o gxCIT/ExKkSlQ4tTOiKjjpcXherJZvdViI3F yatWysvwf9XySKmFAykqcox94lsIoSOReiiM w7geqNLyU49BCbHURcdLPh3ewVa0H6210iWw 5Rf447OX3sBThELby7TenANpuYpfU3et/m7x xW9U8tEJifzmy5RYSlIl0U5zgV0B13jw/VvP 1CLSw/ArABl9N5Ozxw== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. ljM3aLFW80OYHJKwBYMl09R7IrWPukvi4jl+ wOx0050ze/52GX5OYMjEhUKn6A+SPKr6pqKo QzlFX/1i3aF+daSvPsKtwzJCONFPcHbOn08O 3V2btxalDiUrXhd2D39S+CcJP/KI95Xx1nHt N+4/PGhfH0Ss2GqbKtowM53jeR63eKuAfJZ7 RWrbhH8B9mLTyjkMkXYuFlNZ783PKbQyEucu mxdfZluUaEOqBQl9MUDKwhTtWKN2YHWqIZyH Gqd8mZ3EnsnqFeJOPqtx045Fh/hykxyO/ljK vY702K4ujm1q1fqQ1sUyzoJKyjXVdZnv4lJy YLeBOgdcz/s8cee5IA== ) _25._tcp.mail.example.sec. 300 IN NSEC ns1.example.sec. RRSIG NSEC TLSA 300 RRSIG NSEC 5 5 300 20131212121212 ( 20111010101010 516 example.sec. i68LKKGIOCm7JYIXgmYNL74NCICRe2D4/FGX +3vT32SLLB/nTal9h6Fsrj7P63VzUeCiaiwZ t72p5zeyBb+55lJnLLUSDWRw6JYeWWtp34P2 UxFS2BSA3GSrRMy+ooZ7oB9F4dLh4kQDP4HA Hk1fKQlg4TIeVcVzE2Emt0jrYtQ= ) 300 RRSIG NSEC 5 5 300 20131212121212 ( 20111010101010 44427 example.sec. sidf2QiHP1ZFfdYjT2UbEtA05aVtQ69G4KoC 8ALU9FNzzY6Na814bclqSrzjKY4lJ753k+BW sEAhX8zwOfgAak8rGSiTL2/RE61CDQQFHxM8 R0aPLmW654TYzKERW8qGQY3LP5Y/GbR7IPQv a0UdOzRhhDMfogfVFlfKxH8T0Oc52CMQ2CsB cqz1pMAhwL1cD1ei0UgzawMyy4NPeBDpCcbW Dzt9gYw+HbE6JcU6MqpW1enR5j138zWPQKPt 9KbRCllfO8N8NjGtFhfTevAvr3iYhy1fDLUl YAfNtsiRdRGFBqQoZXfE1/uhr+n2eSVV0G/2 5Wj1WxTGmgww+pAoRg== ) 300 RRSIG NSEC 8 5 300 20131212121212 ( 20111010101010 48381 example.sec. lens8Ga02siGhwd4SnGHgjxorZM/Mpz2y/Nj v9AARxXOHNxQvaymeK7A3bO9B7FxKeYNPo5w 4Y4gAXus3sGAJ+SNkazMcFdzKeGLLWFA76vC 572JSQ3hdaxhVWNGDtpoKa/sehVuoZ9oYStb vqIrE3pXbvI7D/fv4ZJy4Ns4NwOZJTjesKxM B5E0LigJjl5xEzb84ufV72eFWpLXJpaihSdM tRnWFSqorfJNJXLW7RXthnWKI+JyI0Y804nm f6uiFMI7y48e1Va0FFwnlnHN6wrrVjG5TMJW cCMG2pAa66iJCQYcw5x4pColevY9qMWV4HV0 KonkVA/eF6ANTwfD+g== ) 300 TLSA 3 0 0 ( 30820307308201EFA003020102020123 ) 300 RRSIG TLSA 5 5 300 20131212121212 ( 20111010101010 516 example.sec. TTT4Cw6OpvEcy1EjrevuZsXoIkLAvXMouoYv izjXAe9aWklYTTYS3bxqSoh7zlZ5uUZ1C2NC OkqTnZxNHTltFM9APoJjje0pdGwOXHDe+mf9 UoZxg3rYrlMUChsPZxB3dlvmSM4PFxqp2ikz 2hobxC5ApODPiRJmpICJO4rNHC8= ) 300 RRSIG TLSA 5 5 300 20131212121212 ( 20111010101010 44427 example.sec. ROwvgqMMP5k6fDNuPMiOIwMVFbEGAjLFAN6Y W/XUjq2f6BK8ECc7WFtLg7toUnOsuIixklNc Qfyg9jzZKiyWb0WHHmNr4C5ulpfMhncWBwPU Lpchy2UP7j++tio4Rq2atHYSb4ixggdOGWwR EzzQPu+4/mpvlMbArkh9IHEvaI7syxrG+Yip XLNcqC3MHnkNHqliKentMbR81nnXop59pR3J B044zQmAi5CZvP6EDBYKFbJyqu6fv/XBTjvk IAZg00bII9SQBli6XQ3xkb533/AhWs5Izpkr s7nHTDXRVUuDdWyJttgD8gh8yeO3GB5ZuQ6I c+Ylmf+64HYg79DQxA== ) 300 RRSIG TLSA 8 5 300 20131212121212 ( 20111010101010 48381 example.sec. fgComVUMBbQOBtVazMvACt2Jeadpuu0lW3Ll MGm7IwUW+rT397F9WQs2KQxNzeP181GJEuN3 GTygAo16+/23j3iwP484QhEQoDSNjOjxCdkT jKeEu3Lrfei0Grl8OWPeYZ86iYwsKsoupYhR KLrehCpOlcPFedSVkfGbKbjBpxyjCKMaZaXg PudZxAM87AUGKr84KD6AkK2PhRhUy13pCnpf 5fJJIbsmvfs5ZAxO7vJp8sS0c8Hikf2H4z3c HOHuLcJbm++qU8BKaizyIkgutGJ4blGpZ7/x X7BP/gvaADTdac4/BRDUXAfW9r8on7gBtulu eP1h2UUPJiRYgOSDBA== ) sec-01.example.sec. 300 IN IPSECKEY ( 10 0 1 . AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt 3y6xImvMjRqcobreI351nbop04aBtP7o+r0z rNQmy6FqkPiI657FMEdF1cWJ2Q4lA0Pymgq/ BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vc L17OvU1ksLs9/9hhAbYYedmbAAGmAqfICiLB dOPCbhsCUyq8dTa0FaEinyHCJSHJWVZ8dBpb br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 516 example.sec. BM8SsNPpbMFuCOj4SqjBGuDPfw03fu0uB6NB 604HoG6JC6K8M0Ghkz77wNFuRL43QBz6SlM+ cnXMImKpw+dc+lknuKeZ2W7TwuEuY3AEJ+x1 qxcXnxOG22VJh/ZdQxHexPzdGYhxbslynW4Y wQfBOVK7WloeJ9oMOCIGrTVIan0= ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. ReuxIFawcqlDRnPmkALSh8J/fis/9+sR8cFc aU1rgfzkuy1eIcwldmOLIvUpu/cNa2y9pwuR +Dpo/lnBW6VB0RHMRkonnI1KCqiXs7mK8bYT WP0mObVfkL+DbIuUf4KwxwG9vdCNusmGTh/v z4pglIifgBSyM67xu7JuEdMGag7GHiaCt3T1 TiRj8GDOBJyEIEGL4+y7Lm7V5cOX2lqYvjPv XTK3iK+H+S/UvEV4/KSiMT3POw2rbyF5yz3z uBuK21p5ytF8WuFZcNiMvkX1CdOD7hjRyIzx JacSBCIAh0pCalBT59ICSoSpSKm7nPPFjeL/ 72pR7Y/T09jG0aQI/Q== ) 300 RRSIG IPSECKEY 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. DK4JsZq7BGI7qOi1zcK2gTz6jDl3Ud31ZfBP pqi4o6AePEhHGCkm7SSTxSt0SH3TZW/+XEjy j3Uql9AfAMql4iJyS/6aPYcGUKusUaA7Qk2B FfhUXW5jnj9N9Yx11Jk3lXQocJQw0GtclTUT 2jlqkcLF5wKO3rQret3jsCI9ULAFml7K/0W+ 1+9/tC92sHPMA7xrNey7i/gOiJm0JF/EmwiC stLjG78fO/8Hhb4oRTuRgJMBuBwq1wuDM+9Z UFXHXzOr8itzGjIB65uTNaZEBwrpt1uCLlx1 lW/ysaQ9z4OM9ieyn5anBqytXQp860Hf54Vp TFjfQMQZn5m5TLaEzg== ) 300 NSEC sec-02.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. VuPLjHKdexoWx3EyviekasTPMvm6NZSYO8LC R1GU+xRKw2siYahMA5OWAX7w+AGh4kZ/xGdF NCK0nQkpikQyfXa5+P5kTq30/kANHJYJLwO3 uAXaBYJM15qGG7//RLtFabIGvLQbRH0Q7dP8 z3mEJyD6u2e/FlqrfPrCEmEhurI= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. wWdGOdqMkjj+mKNIxvRcgXQD7ciBv/t15j2Y ej5jJsAK/6OSlqvwZu0QijJDBwTdceylvwGo lZHx49ber7gQeqTq/HhrmR5XqV4Tqb13JNfB ATN+QnErb2pOaarOLwHt58vduaAveIdt2OL+ BEfbuFEtofswWM90Jqo1+4WQRosBRHYc/PhK jiEVXRm+L35mX1OjbUTi9wEnaHdpiMx7jZRu /eNCizIdsgcDX55/BgZsDO5WPV9YkNdgomH7 wUa1wQJIXeCDWNDj52rlS4B2ISi7upxR9EO+ qYex9ww/7wcVKR8Hnz3yc8nHYKVKaHzpGNA2 74SPzNcecUOBM1ETrw== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. pJsR0bXPh4GCOPcs52kXQg0YiM9VrMWqM4x5 I+HuHKz81XvLC3JLKxQWIvDrpRw0XuhuFfR7 qOUkIAIsVbzD6Rmi2x1RWfdVQbfxe7PPA/xZ 7zr24H2DBX3ZVdp5MDFWsT2TsgoD+iiJIsnn eE2H4oRuF/NRoPzl28+6um5dP9mzFXjxMYXK dowCqM3RsL1l9tHj68nVLlQPc7OxKC21GRvu FpOAMubdbuyXCj6gi3lkUimGWGhW1+xoPxdg hyTK+7au5LTzHbOCgWoaxtooVBb20+FtoANO VUEJqqkNOUXUAfbw1zsjFjXuvhaibinRro3Y Cs+GDR8AdfcVBqwoow== ) alias.example.sec. 300 IN DNAME anotherone.sec. 300 RRSIG DNAME 5 3 300 20131212121212 ( 20111010101010 516 example.sec. aV5zoZFFCOSg2ADhZ6Fjc4+9616O8jHe+sro bII/+vqUeIoQhFkhYsPMq4GHHSdPhF91wrYr hmYSIVsBXsVtwZ7HSfEQVhesqVwmgo7vzgPI 5u4PCoScru7WoG+TYKImNY/AZlmeHXmZ8279 F+RKVIjF6ulIsNyntGt4RY7VmsU= ) 300 RRSIG DNAME 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. sinPZzzDAhB96XVl5oAYaWtKF4SoYwCXqjF+ 3UClf4WXC5muktcnt5xqTga7YXEonxbwVHO/ jdytL39TQ0A3RA4focI+4xrZhc1AIAKfF2r3 b1NWzTCd52U9tVofd9Kp2M5esTjOZ/2tcX3j V/3WkipZZZaduC5POLP2i3vAYE5Nn2zXZqDn b4x4yDM9OgYvtRX/k2dPuXkepfj1TeDZhnN0 9EFmbItJBvwHX2GdB3FzlZunIEKmwNjlxs0o pRBPhExhw7SFtLRfD7dX2H5g7ZCKTc5hulCA 7iTKw+ZqZxEOHc/0gFqhFpv1GTRlJk8M13as RlhONd04ArT1tyEg6w== ) 300 RRSIG DNAME 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. WDRIuwYxuoUgzDfX1M6P14+k76qB4AC4fmng V9IK1eS8DjxXREolTHsRkvykqHVbyybclznr pkxIYFRs8MZDrxfkU20crtJni4aOOBC5z8Cl rRffqo0w0WlRIc4jPlStt2oeOcuM8KjNYCyK vKfgtrA4Wqoc1Q09nKuvkhEX9yBCnTSR+wnA 5yZs1esEzPS4b2TwVfFv9nv9sLfJ9hSdw4Oz 7mRwYIp2t3Rf5ee/bOF0GZ0D/0sc0g8TbDYe Hfyb2qcI4/LOJ6K5KJtL2zXZ/dfj7z2SKDa0 WQFCrzT+laGyLIQhUJQ2+brtpZwPtIMvIibZ k1NhWen8CuPLNG/m5Q== ) 300 NSEC cert.example.sec. DNAME RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. EUHYdG0aqefXqpVd3VJlS7P10rZY7G18huIJ YzAajvb5W2PuWbcz37G5uuId/YxIwSxtqUh4 iHUkqcTPKbmsv5c6vTBYrcwupkDg/DuF/3Sc uvVt33lcZ0+uhLtPZa5sPCnPeTyRpmMczw97 nogg3h4BYmlYfrJbL80xkU9lsdc= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. kTMPBVb6UN6Y35x6FVHdSdyF3u4bN7eWEqWb RXVtVtrcznkCy9dFfxibpNqJ/1DgNT8ElKRB XNjSYHVDUPOFed7I6xVm9EdFwCCeQgjfIYwi NxKGup0iPJgPK0rErx2uO7cdGAytb3dWE0E8 6LmfCpHmXh02CtIvkfIuBu2k+tPU5v+8UOL3 qdIoI1VV0y9xb/zN1KTYvKk/xrPCqfZUMHHP Y3WN9KDfwStjwlBCtfLzbpQnbNbAI81niV3E w/fr1yM1xiwZqJ6TcjQslkqupuWaZ0Q/g6bd 4L5A13YcoV43CQoBe+SxIFOSe2fekebaxUjX fLO8qSJ3OhAA1TMxMg== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. L+QJGDd5D6ynm0KKBi8SO8SqCf+c+m6AvZaW Os4VX2gbTUoJ3Q6Q0a8HP1PMNxvRmMhgmnvd 9r0JgoEr3PGOyz8SUUGLBLG1+GRZuQYYNxkM loIRFsjDaDENDBLQhIpbioBb4cnpXqJch+Lv iCDvUY9fmEFp6fMtTWIKluVTsfyY6nZYnsgB 3nQQSImv+wPxry2hsbykMHNJXo2WO2Zl8q/A B78PK2+VStjleQUDjiyD6zhalXvOyGgs47Cg UYAlKb23+wZI+5Llvu07JCx38hoAzIrUg2wV fBNCNBRnYO/mkEPomCZYAfF1ARCuE6e9xgDO /0qQrcV+UWeVS1qemQ== ) ghost.example.sec. 300 IN NS ns1.example.sec. 300 IN NS ns2.example.sec. 300 DS 50458 12 3 ( 2E40B2A6CCD2760EC70AF69D1C144064C893 1E53A6B3EEE78BDB9E0BAFBB9C02 ) 300 RRSIG DS 5 3 300 20131212121212 ( 20111010101010 516 example.sec. Efo/baDSDexrZS3TsMtmioL0tjvwSkOXvvjX tNLa8JT9baxxnHErcNLZaoffHsK7zwuvDOST rHIt0tku+EJR9HEAmmxUvddQGHWx8NAoIBYd OObYyuz5TDUBumC6v2qcahguqxNws/btfHB8 23j82XKFViGHmcccDH7IjlSUIz0= ) 300 RRSIG DS 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. mDSilZxjsG7Oudh9MtWCV94ijxRzX7GUomph K8pq7f3Jx2ZJSNdYNwfz9gGQujGaLJmDuUKT ZFE9+nX3IgT59HZqsWyHWgB9YCLzeZ+gW5/S ZZq/qrNsFkODJdROqbc7sRsDyv8Ad+DMPAc2 uyR3wRkbG/Yxq+qHpt6CYsZ0LjUzVIiCCmd7 jBQ299OrHctq6f4ZlG3RDKvEp7WN8N8pIbuo 6eZ/9yqbCSO3PdIJJrCmNhX6Gsw5Kve9ER8p Ka7lRgM7bgvpoJ0aDzX/3k221nClRhgAdnJI TkOQGpgf8S3o2pHK7YgfI1fM+6ZBmwMKlGWr u6v+Lb4M2GdG1JC6bA== ) 300 RRSIG DS 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. hu5rrD7/kH57amiNhu31b+1NYTPO+yAod43m dZAidpe/gYxdDJTV30ixwwcDpITpBcD/VWd4 adIQO/BIptjNW4GN7Xw8G8ZIJ9IHcMIHP1zG 9d+Vd359e1bvk71HXqDcwSOv7bEm+h5bp7JA rqy3deiks4Fwq8klmvG52yvHyaGaHt571nX1 JQEFVGs1rVJ17QCTzFU/mwmyKVG3ftrxbK6T 54AKOK51//2v/AEtOOp995Oi7TVNFC/pt/s6 YDfB4qfJ5487as96gl7vrumY1MmIhR2ZMRDX nu7jE76Rg4MdOcghBsHzb8XE2QA7QgTu2Jvo jYPPRKIGDO8n1F/xvg== ) 300 NSEC jumphost.example.sec. NS DS RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. KYelVHiyV/6BoqcDF8qNyoio0CaGwU3t77MJ Skoe9MFlK7oE2pXi4R+YogrWlbs2myxZAuvX THoZ0jiQWvHCGetGLkRcHqLqk7wYQI9OJQ/3 V+NMgJ2ukI770OqrVyLPkr24lPg+GUnB0YNK N71+zY1ApVj7kgyl8+5a+jVx1E0= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. zaj55BfvRE6rhryndAxsz14nA5lLbahqBzeg rqv5ShAoUP5SbV22JrxH5vaIP7wtdvt+3QD6 Ahh0s0t2TbwjMqMH8ix1jRXAxd33yPPx+vLX JKiJlMSBr4awBEOrUn3WGVaVYC2dm0ZtKr9p iVnCrALSJgpQlijjavG/kgp4qhV3kHmOqpCJ Ki+loKFkZlWjpkMQ+RZ//4GRFIB0+uy7zOW4 DW37nbF3m+cBTBPMqvdXLa21a/smWn+J9xnK qItMh0NeNboso0FBik1mzhxRwLVTvvgkQdPS CMzh8gR54q7YK0rFWsC6M4KKiE7A4wvkGeAp ZDPvLvy+z2ub27wJzA== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. rr+X2femErRvkmtKrfvHc2NwZSWYaJRPPhHP 1cngH5H38iqiz+nIUrgaqNkQoqsmmTkdwP33 Vm3uFeHqrDqN8JvNxvmP11IkycOX6oJDIyPS zyLRVVoKOZ2zH5doqpIAUWjx+IwHav/OpNZQ NYCXIQ7WBWJThFn9jnPlE6N9mxpfWTmtbcMl ogvGGNzJxfmsayaKLsKdaXIJdgp7FbrpAoPf egkcW8+soIWeXbjTpeTwWe69usURptRt7k5/ XoH93oK1OqWx+O9diRvhs/fLiXEDlRkP43nM EN5HExxzkvxhPJEDIEDkNq9QSNbCfmhieczM rwAb+YYwfYzSXe+Qkg== ) sec-00.example.sec. 300 IN IPSECKEY ( 10 0 0 . ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 516 example.sec. WFxRtw+LQVHuF2zooLk2a18ZFbdL0fxoJIBy h9jFDk8Am32cBDglbZj8v6tTcN+dNAOWDdIk F57PxpDAEWHcnXK4GHhTxjZBll3Ib7dE541F tWhb/JMCFUOJAr+cj5BLlSDMSmKVrP1uIoD0 d3s3MyjPlb600m/lFLP1A1DGmw0= ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. m0GgKCixHRXKvqA3piQ8xxj1QHCYluSBirv8 ftdrBAnYDx/d+xnAH/mF/bhuBxs1wIMLhgEC WdQCljP0VswwCl1xVMzWvg9Qyb3U2/44+o5w a5wnzRTVUR4rgS/o2e/3yNn0o6Cs/1fec0KU FEPz4msK1ZSpjB+L8HUaimbEBYilC8s48wQz Dku5UDllQ7hvoPO6R5Z+lA1cu0J9U7sUJBMo GfDqVI2wviKd8/PmaOcMEeNLPdfwSSyJ9YKu u+KGYUaqSQ+oVlLx3B9Ms/24n3/+yWvrW91F ncgJOyktNYa15KuwCl4K0zLrxugUkva0EiuA CALQWl957b2qUzFfgg== ) 300 RRSIG IPSECKEY 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. tsTD3rtJKJu6UnITLxRsALY9dTQ3/M7zbNCT +dhC7s+LegjJke6Y3FTW/mh3KNjsl9sbh+xw fiAkYSLeSOnYTc2X3TiTRX3rrHqRhi5p8CEr 9JB8O4a+CVASMBK+UcXjk0SzdesHyXCMFzUf VMChLRfC6zAJsOpCpkwdqwj2NQkVfUYz1mQR 7bnFosc8hbzJbKXFtLBESWn8YooWZ9X7kRew u7bN0IVcf9s2tRRG2NorRsgjVUBpaPyI8q9h olNW1AOQNwEPfMtj+FLQOY4GnZCHh8Gha9e7 lvnJBvKDEMxSuPu2e01/KNELTMus24sVN+Yw rQ5OsuWSRAnVEBdGQw== ) 300 NSEC sec-01.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. TPQrDHy6pVFndSRo6f8YsCjOBxQTaBU2fvUb BwyRE4oDf24fC3PlfLeIXhOz5ajSppcuQ/QP sID+KHLUutQKhC1e4yec0c/B9jG60rmyy0Yp 8lnXDyWQArummtommSPFw1I0aTHSAtMjYDKR S6KPl7s9PegM9hQoOyqMzQPYn0o= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. GLPcRi0X4fHLEK8ocMABgY15gICU58PLVDeM HujBDlN3ansASTKxKM5+EFB5R0ibxt55n0f+ GQ9fv7e74x/wD8S699E/jym8c990eIVji1E+ VBN3GLxKroaspLUjoblAoEmxyK3nWxQeIs1C /XCxr+GiydZI0IYSNd+edEVxxP/203TeRsJF E+fuPXjEoPS8Rl8WVR2NP94+5iHYUjDYPiXL VqFlW6fbWz5sKJKlMscc6G+C1nQE8bP0LiWS FVm5ptjeuzrW38VvaToGkt5WfhrU5DVp4t9W 6yHTecTWGqg7JFH7KYmUZK51JB2Gvi2clqSm cEDgAEolT2cR9egk2Q== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. hstAEjh2SiG8gbe9lnG1cPB3bVQ0VnQ0auNr Sc0g40ozgqaL4Atf7UpOhVSTHVgt5yUayYGD ADPTX1u3fOl1VKC2hFvfKOKUT+l78QCwQB31 glSi4RlED+KqmNZnlf7cWr6kj9iMmjKNof3E 6A4s1hklYwRLw0hjcjPUU18OUWhlJLEmfhoz uvT3PO3Nw1onMTpNdJQfoYSk7Si2bwA47aib QZaw3CaCXD5vrZl8Y05m6yQZrPItWwIzNtZ4 eQs/XAH+8grel9ljdm1r6x4y3cQB0zPAUIDa 4TOGab+i2Nf8Mk6SEw3pKeSqaRJA/sqr6xVI i/uI9+LDPhoyDtpjmg== ) sec-30.example.sec. 300 IN IPSECKEY ( 10 3 0 some.name. ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 516 example.sec. PAjYCs4tBCLexaS0O6XAPAgaWpE1zwUXgzBS HlJf8VjLystVWsTJxOC6wBSHtDI/kOTkTK/l W+aVvV+8I6CzYJZ1/ter9AUJyd9DoNU8VIJt WBeiEz9esySeB78qaC025hhN3Ij+nCqBctJL op5TGDeHGY6486zC8wfTk2plYCE= ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. x5MJ+z10rU5G9uMCIjcNr+xyyd6fexd4jYqK frNZMYjWCL3OMnf+c1s4neF5sV0KmAIwunri XIur+tqQ1aZ7xhP8VSF9CWepKrX0xfV6Gjng xKJuBHoTZ6lSnCr0VioSh0vgC9FQNL1Lv3q9 U+Gq/FDxCDVfzoujaZYQ5nm54Yah9JLipzZW KpN2AdKHPUoRLaw901MoYHLGmTRmQJLy9LxG iAvlkXGz358kgwyDmfL4S5B26knp4fBjH5j9 u3LZN8S2YNFOdbsuVaB6FE7MJZgKDihwxaY3 bqGTAjn9RIkjsNypfxHOfADUBoOhjL04UtGs yb7yw/WGJzc9Pp3v1A== ) 300 RRSIG IPSECKEY 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. FmiOai272UUljakJ6cOERp7JL44UmvkjJEPN p92kK22YSKT5fKLaF2GX/yoCJ/zws8QPgFcV OdCTmF+qlHhGqZLxKbKvNetD0VEDhaV5O47o Ywj3tN299C7U5QhOsC9PbPpyhR5xUO2FxgoF JWmJEk1U3cgxTSLCxvioD1jHXUnlW3PKfZbc YSBiu2bIqfRIAU2F87UJ9kSjEH70RE6ogsmY ot4CLfHB6dfATa/QkC7MNE2EdfgC0NgWjx60 oPZRSk0A9zRGSSVAvs3P9oN52Vdh9W1cg/Fk qp/jtqgZOVpaqIfEsbOG7rF0AtyVmlXgS+Xu /6FAtGpCCLAF0kd8/g== ) 300 NSEC sec-31.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. iJplhE//ZhsQ+da9v3V3vn81YIXJiPJNdy2o m4suGwe3hnW4HoDi0loO4Bg1X3a2325lXH74 gNZRpagdCoIK3EnmJ13NyJjhEyMQsQQrmmla bXvUW/qZ/FxoTyagycMRKosYmBd8eatggqzO fQuN664ajg+3R++5V7vm84FdWA8= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. wMtqAI9gl4fHfJVrl9a0/UOgh2TRX2AD9csx 49UdO4udAgmT75owAOuNyT9ycOT6A0YrWWO4 OQIckFunfMaz10r7AvptFV2iIXNovdK7zCP/ irkV9KqSqLrigfXb4Fw8AGKRObzZxOaGL94s pAdIXNLQkmej59YtY6jRKuI3VdJZnxkXrZ91 GHdXrZGNOZCsVlzDbfCuQ/FGnJ+o90fbZUdI 17arojKtQEVyiDBB1OBG44ogTS7UHhRj5j91 uhs7lGz8q3y7zbCKJJpUhGuigRYeqXA/Yp+8 ozz3sTIExHAsDWY/KJvxnHr7RZGn4GKRI8PP VlGaBb2yG/B/blfsMQ== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. poJ1l6xrejjylMmtZg73/BpVfev1ViFKXBLE B+2js9mjnx9kyGw+3nfU1wDQUooqHXMjJyRu EcTcPDZ5vEKXeLfeWAIzJK9v/bZ0WtfH2Qzl UygD2uIDevvv6T+6oCWeUwmKHsDfDGZH4rqO b9waysNMwFFf/l3xr2CbvH3mP5QTs+sB5x92 0DgC8GHX2wUSUfyfgPcS616jouHkux0aFYPH +plmrT5uLrcxRcBJ6f5VLgrX5B0iZ5wkDPM1 X4bKQZvS8De87UT2rQ0Pee3u05KcWYw/vAck WihT4bzPH3nEFRxXFwgY4FmjJfMVFeA4azUA wQ+/XtBoGT2yVjsC2g== ) sec-31.example.sec. 300 IN IPSECKEY ( 10 3 1 some.name. AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt 3y6xImvMjRqcobreI351nbop04aBtP7o+r0z rNQmy6FqkPiI657FMEdF1cWJ2Q4lA0Pymgq/ BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vc L17OvU1ksLs9/9hhAbYYedmbAAGmAqfICiLB dOPCbhsCUyq8dTa0FaEinyHCJSHJWVZ8dBpb br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 516 example.sec. su9Pe8QtJ4+eOu5SEWQhUvDgB22yMqr1JjuQ QgH+wYGoQZGBmkkB3S72dPImn//iDwLo0zjp d4hZffmRez1xlKPduyWZehXZ6t55NfSYlvzZ WWNPpxtfuvmjm/RiwE4Y2ZdTAiMBEMxmJZSu V1EUX2RKhwyQJQ63YGmDer9VXWE= ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. 0A/oDI1UIUcoqC+2JjRjDOjAI6VX0Xv132h3 hE2RDxKQbYw918ql9ve8j1K0xPXkTM3yQVkl Bc8puLjP6x0LERiIUYcTyXmpn7RySFaMeNhC OgSefCwPxo+fbgmsPUVC42rWps2LGNFU1Kz2 ZgP2oa96V1WEYeb9yhuIPOsL4pAvMmexa+5C 4iI/ZBvJjihhBjx8k6kz6gpj+SUD6eGPLdqf pbTc5I8zBu6fKsA8psba13qHPiMib1xnBwtj 5UblPLsHjeDM6HID44YKBdpkX1CVN1ryMnAr c0tBdDmQRJvGJJTQCOPtvzt7KosoJrYHmK+H ASv/RFncac6+UsniFQ== ) 300 RRSIG IPSECKEY 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. SKGhl6wtmcFEeF7dBpxHY6s5rPeXFRhvBoiT VlH3UIMg1gztYPoFlzqSML2bqldHncpmve+C wwZhWIr2O6lY3uL8DbKDZApGzDkXG+2D4b2B LRoT34T9clU9E69gL+qrqTAJVyOlMnPNEmkZ rOacG3RCPH3YiZhsP5POcnS3T2aL0xvnnL0W AOdUs3EvIa15yyfRQ1O15b9JTsuz4CJNCOs6 EvvYggQ0/uFGvLAPf2Vfz6LyhUxPAHKe12qG NRTJqoBi55UG6vOZbdfIah6jjgWaenf96abv k6lIErR5C1ZfsIxw2F/g2WlyHblJYn0QhyXl 6ZFkxylclDEDQMukOA== ) 300 NSEC sec-32.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. DecMP5k4+c75fXtYwqKGfb+3Oit4uNnzu3wh CZpWREVX3UVawjuvd5JHE5D1vxPQf9H9QkOt czkow3gvKi0MH/ISrBJCorPpZv/S5umPCNb7 9nXP4b2FAz+vgx1KerSN5p/fD0BfqpDhalGd nD4+sI5dp6gbnMpDs6fo/nMeTL0= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. AG9UupfnZ27NCV7MO2Umk3QPHfT9yYY9Xi9Y rpRsboxG8fLI+jAhrBXFOg642aonzGU3bRHI ObozIJUTSvKi0OTRENjD+NalYAcjyPzS21Lm y1QL0ajoJIGeIbm2qwdOBxSo5E1UROjEKaeO DMLRbx5A81VGUpXHTQAVsZ8Vo0DmtHuXpGeK x9hNIVUzrbhSXIC/HIsSe6R+qzmb4F6w301z fRs5wWh2xd0P7XfNVyt8apY9dZ73x94HxMMf euDgmmXUYlKOxyH7HyNgLY2j2AF1S3iK3Oy8 kAeLgqBv48/RqAxcmgOpx4NBOijt27pRTynf F1psZBNAmXfEdQLG+g== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. MN/mIrWb/IP1reGMXuB4JBclS2j6QWYeYeHI J1+3IxIcnkgVc7ilLTJep0e2mcaToICKzjJk 9pqsm74hYRKZuSXbzkGMHoC2TpZUJ42FASsc GY94E2pHaxDB965kc0ssPIFuXkX5RoNYOYHb GCXY7B7Aoi2E3Asqolfu2uqnj2X4wKWOJjBN 43Atsg+F/5iKuVWSw+XM44AAXoNC4hzES26e Z6oTHgiWuyMuCyINlqFzHBcndMafpn/qKVH6 e6J1IsDn3mTBaHOxVN0Lk/V1uqvx3DOznlXx e+hCyROYkcy2YWe/MlgHqU+eHJkgMCRTO+sH NVuJnaNsVYKaqrdrHA== ) sec-mixed-32.example.sec. 300 IN IPSECKEY ( 10 3 2 soMe.NAme. AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt 3y6xImvMjRqcobreI351nbop04aBtP7o+r0z rNQmy6FqkPiI657FMEdF1cWJ2Q4lA0Pymgq/ BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vc L17OvU1ksLs9/9hhAbYYedmbAAGmAqfICiLB dOPCbhsCUyq8dTa0FaEinyHCJSHJWVZ8dBpb br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 516 example.sec. KsrsNHfXRHbxeMVCpc73gi8Sc5HGvpbQS6g/ daYGuO/Zk0yhPaniogaxfa9fANoegFWJFrfN 2hOfNNuAX6r8NNRqGy7w4lJP/RaENHnEbDTS 6FwWlTIXjLn74CqiJOO/EXEUVFkVnHUwQyKK X3Gz97Sa/ozUy8rffoAfC3/QwxY= ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. J+bZrhpDJP/EUa1Gwh/cbi50u6SFzsoHRnhA O7mO5gmZnBl/3enab66Rqkeg2snFCuq95YV9 /gYgoMoCxeH0PH2BzLYNKXFIL4Z7IQ3lcvmo IPg02SqEqQVXk1Kzg5AqOQe4hosLGrAXbydS bkacPXMPz4eoV94ur4Npcf3CoZd2U4Ux41Os ZDwyKglARzc6Q9qFlnlUJcUgHKgV4hNBo6j0 m8Ifd0leoeuuGhUPlWf7wYmcFmjGs3ixHSiV jzQlJRl5VDGJ7DfmoOC/gMNhYr0uUwWvY25n 7iDM7I4gPjcY2SFtcz8H90Kx14/gar7g5vAM Wd+FP/VWIlvY5QSPbw== ) 300 RRSIG IPSECKEY 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. CbqNfBu+y5b+CErQjSl9TRvyuizcV5fI6A5F qKjCgzEpWI5AV6/KaS2kn48KeBo9rPODeaIn h8QXIlLnyTfpd4mz88OcA+b1OkmWqarJ0bZa L+QfFwM652swosE42IVxBQ/40HOqdnOmZL0X Oq35anhQyg80x0pYxWN6k+JMc1W/6PsK3UcT lIhk7NEwHw8Y3PtebBXgoJb+0TGZf4TIfUqt ftiVbaJYcKhxlz05yGZKeD6I3kcBX6CB6DhB 1wyW9z5dhI9DjqVMCXxP+SDynLwX4SkvoxM0 cqzGkut33g6dXZdNe8C3pQFMS/oZ4N4SV2Bn n0MHgwzpQp003BUEcQ== ) 300 NSEC lets.introduce.some.empty.terminals.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. BLpb9LuAiU6OLMvdsi4DGxxRLTMexmNQV2mh NrZFCXnlGAea+z7TveJgBY7KESnRY5jFIDp0 jbuKLrw7tl+HB1Zipo7kvHUTdrmXE+Mlt8ro Lob4bP62MfeDZmn+4UuATE0/Xml0+CCm5viY KHnoj8xhN24vUl2AMW1BE/sdNsc= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. MM77hWIgwa/wb+n9IJpT9poqIiUxGmLyzQz2 IZ03jnWulJkgOufjATSiRP7OG7qLsCg3K4gA jEFbY/CsEFLTzFDlEOPMjLxQ6IF5z2VJ3t56 CNMA+wkUCAAgsUrQyx6H97PUXxHvt3Yih2t6 0+DCPXA11lOV4r2rllT9v0PARxmzpZy2QXu2 52BFKksRcBLq7cVWpmBUEPmBQUtPToy3Kl2t ViBAGyhAtZXN55QuBumwb7WvWRkHn60ujflm INUOYCfWXgdIC2t8Mp7qrBWq+yCpSNwzZ7K0 Ym9RCjtimgoZgMMqfUSp9DasmXtUeH7kQfAO ow+43oV5YMjUEBtRIg== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. LfmNqOmqBkauV7RCyTOqDXoXKCdbU6Dc0TcF nVBqyUwfD2GlVQZyffdoV6dDObfnOn9Zj9oI vQY4o7dAHkCziY7W2/iyM4fh6oV9ZUPhbWP0 khExtw3F98oq6Dd26d7Qj2rge8AkomN1/g34 QWeR1joYK27F3ECRvOFCYXufngw+L4DBm18m uPv8KdmYMCfKzW3gztP4091G81fRMPSYf2SK IvUkw/f6zuI75NLvd3Xf4jU7JPnKTm/loXIt vOifLAPyjEgYsgm9r4g3zlVhcvnnCndh+D1/ Dig7EOuNOPCjjfLfz4lEkwUkUIqxFzNF/AdX ZTkVHepEmYNDKpq/uA== ) mail.example.sec. 300 IN A 2.3.4.5 300 RRSIG A 5 3 300 20131212121212 ( 20111010101010 516 example.sec. s2HwGfy0YZmNR8CQCVUgSdpwwmffGAXj1Gwd X/ofqctaui334o9YQp/SQ2iCrz2a+/ULDzHl //VWcJnK+bjIkGNHr9A7N0owpxwdQFDkX4kF 72Ec4Yr4n6uXTCy6p4V3dsRxxczIf3KbhtZf lMsdEOFaYk6FXfXm/CjZM97sWFg= ) 300 RRSIG A 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. HysrGaxvynejyiyU1duVS1pvaYw7c18oPzfY ZTHepH6WnUNHUzi0wqk3JuJYn4yoEhlhnV5M qbdxBeIjBBFYXnm9EOgUUgAv+d/kbPmSDtkB bBwi9ues8qM7jjJ1DpMjlwuKz2hjLV0Snwq6 HcSrKR3lKaYHwGvnRAWawjahj+fHp+vXF+dP 0+YnZEBTezJo1v8Xeji/R5IBQ7CWYotWkEeY ak2sYsVCPZOmy0+RpxzBgMELaPwFX5nCJwo8 XCnkSF12nz+6OlRhgqMxdWKAvUaJ+q1is5w6 kFwoXbUk1Bx85PqXSKF6b/GQpzRy6JGieTyJ a2lUTEUsTwJeTKIoPQ== ) 300 RRSIG A 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. aVJvGc9OT8cJDujdlN/ccaPAJqAUsyvmQTYf 397IG51uf+Qija5OgPvWUc4Nmp4hN8/jT1Sv cI2pDWVnZCLpigpkmiQDpeHOpbi0EFzxgsaL V07uW51l6eYRMudn/TKGcuiPDpB0JaZAz/9a /VdNUNMkQR+50niEBAqWr0DviqwGaWXsvkIk fifEQPXQHoDUrr+59kfZO2m6EeuFqPH8oZoO unCXmFycL8GvZjXHlqYAZuLYKNU8PeP55lST yUTEtj7dmsyEI/19YbR6aPnm/HQ65/l0+Ai0 RooO7J8MveNGt25SvnjbxfFler2tFyTL/d3j 4agpRlkjq01iWCGmKA== ) 300 NSEC _25._tcp.mail.example.sec. A RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. bEhYqXFDqPRKBl6Je80QCWoQuYalqjVYLbdm +i0CueSEwfuVgJfgivgunE5qXXgXSHJ7IJ3l q5nrkTLiBjv4GvM+3VL85k4r5YdFQXQS2NRe uPntlhJ7yYAND65uM1huaK/I2QNUzO6FeWh/ oCHlGXE5q1idbQsAxFPSHwXYWBw= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. St2R6/IUjGoOqLRam399HDd/vcHUNwHzZi1/ /apkfm9seuns/zTWWQgDMqixjKASmDENrmJi 38KzJUrXxVAErkDT80FMrmNDZx7IDW5KoX7W 2NF120xG6PJxeMiIdYwRx89Hg2wbun4zO217 lpUJ4QMtdvvii/bzy/UtkKBvK70PcZUHFS78 w+jFdXjA01DIy7KCrcKV5xF/U0dyQvheGjIY M76vp3SIlEk2m7Lljpv2ApD+CDp+J0pqAIrX R8Uwna21X+m9+9Tug3dQK7RFKdwbaO7cfUw7 aBUiMdNclZT1R+peLHo/DUb4eIwfmxSA1Lns ch9DP+naY6IoSGZx+g== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. cbpc6P8ff4I3X/0YGBY5MhwoZAekfpVlAp0Y BYZfALll50fOHzP3QwPrDy4RTv8VStKWLL88 Vm0YEIUj54vFJPY5sXgYi5Y12uH+pb0nJhdy 1s9XVpXNlhlcxhDEAbqw30JuMi5TtD3HTs7g JDnU8gKSFJdciwmTIcMEgljX1BkTc/xz3Tid yMIeJuODgwjJaN83CYjrPap0/3AYxaEp5vsR KFUHitlEqhjYEk78u6CNHV4ie5sPpZLatZIb MAhZTlaDPzH7bHMfg0ERD7KE1hoYiePlmAXl ChORpy38/HFj5XIO/y9MKZxMh1IMr4W2m6+9 OsJ1QGHOoQBvOPBqLQ== ) _443._tcp.www.example.sec. 300 IN NSEC _8443._tcp.www.example.sec. RRSIG NSEC TLSA 300 RRSIG NSEC 5 5 300 20131212121212 ( 20111010101010 516 example.sec. CXySnkjIPKSFi1BqbqDHMDelIL66hjQyxaX4 sotoCiZcwfPuGObR4DLDK9bvcYrFEi9pPMyf snzKHEpliPGZPWCWjKaJ1NZV/KDjdjAEDvj2 72Zaq2Rp7q5pyzhtzwnCreFyLcl00eHxq05z 4myIMF5hJvSWNpYOkSNLGVG0XGw= ) 300 RRSIG NSEC 5 5 300 20131212121212 ( 20111010101010 44427 example.sec. n0wOqEOW1QvRZxm+oC/fMWslZUwcxR8g3mas ahRltjiNeKFvjZt4s5xpJaE7K7yAr9AEgzp7 JWciYoQBlvs9rfkyZGAvs8U2ufSIL7RfNTFR STfXJpx21x9+eaf39Z0ILM9pfIUyZTHo0hYO rwKr6etfzS7mCsTCpv+iOWGkmVf70k7Iu3QB frN6uoQbFIhoNxxiq2dJr4G5Is9+5cdwBnoa ZAN3gNs8fm8U8pVyEHpN1vRCE6cse63aEaQN Nk8ntvPtkZQrnMU/3pdzMs5FLweA6DOYGN8C ZwdkXMZJb+8Gd/EGoC6Ji2Um1LsxnXeowdPa g9CX21kNpIdcwRTaDw== ) 300 RRSIG NSEC 8 5 300 20131212121212 ( 20111010101010 48381 example.sec. FN8YRNc5ThkpAas8uM0RZ+KifLMRaFS9LWTf w/GlyizfNliGrrGwFpViEoxqUfKdCV1E59ac EAjiFxx/7mRKAqdLPM0whloLtoDxr3txhxIv RS93MDSnXZ5bzzPP2zyxohLt/vM4J/i77xcF /hk4OgdOKX+XgjGvwLS9MGg/MHphbc1eR+se UR0XEQB02Ba3uaZdoAifOVA9jdOjKReprMD+ ZRA237jAtzDnrYkqJslYhSInlgPlF5vJWlup 4PWEzsvcrnVRssr9PgaOQpI9qanHBArjugpV ubvUl0WvQpESLU8iSD8Bh/Vk50vd5dA1bdCn QyYNHBTGqUGxNqT1Eg== ) 300 TLSA 0 0 1 ( D2ABDE240D7CD3EE6B4B28C54DF034B97983 A1D16E8A410E4561CB106618E971 ) 300 RRSIG TLSA 5 5 300 20131212121212 ( 20111010101010 516 example.sec. K2Uxb6vMhQUHEsBjmZNOsj0z6SA9UtdCvQ8z ovisICuY04d3G8EPpw0BNERkVnDAZXXorHku VK22nCzlvklir5RTuW1Cqbc4k1bpH4wZ+3fQ TQZKSzvPOjD10bciEfZts0vVPVaP+MjpZnRC rU6n4HdHAyY0zfx0t8O2StVzRk0= ) 300 RRSIG TLSA 5 5 300 20131212121212 ( 20111010101010 44427 example.sec. rFa+aKAQPO+yv904AKAt5mSCM8mMMn5pq9XD 7WYp/GKs6BpF72lLpWoLEn5VEIs05A0JaW+S IrLmxzf9ELdU7i8DMXDLt/a10cdSmPZPc4+O fCsRfOZ6PLZuv2lQ3DSUwaIh5ATIVEekYHjQ xAa4RRwskdCk1rR3M3YQUumRvV7/72LMVjgi 1ukVLQeKFryb83bd837y3AwzRAKlU3y/sjOc LBsSnM4zMZe/qW32k7YCsSnIakyes98Iliw4 ILyalaV2CAQ7L/SzgaJxAFwWkaAm/bx5Ob5T XIEo90mXkQ0YzwaY0Zi25utPTYbHaP7z67Xm IhPW3E1dm0ClqKexzg== ) 300 RRSIG TLSA 8 5 300 20131212121212 ( 20111010101010 48381 example.sec. CZ3rrK7PR+vlYGDA0yhrl1Fb7bjJBRvhq/H4 k+OCePjSastO8U2m8hgFXXIF260z6a6jNySi DF5CcjpPXaJN00MvvMPv9mWHgna3m4UIYFop SMHPWt6f/QYx3dlUf6o/ksFYGpnpLZIWHCBD vMbswMLjDHdk8xaN/9ae01DxcSYoQtTKUGqY 0EsACN9K0UVd9EZqszTL1ge26vxt6+7LL3PB 5g/R6JwY/bu7A8OEjhAHIW+ANQoGQa5AcgXj RAJKs/sZTZlPOYWupLLIl22tfPzKp1f/a3nY pBU0WGuFa8TjB7oekIVIYyFT2+yBDU0lTsPx CpPFgWhkGOBFL92Ouw== ) sec-mixed-30.example.sec. 300 IN IPSECKEY ( 10 3 0 sOme.naMe. ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 516 example.sec. G83ax9tcVwn/ftdQyJFMOsT14wiPuCjYQnAz tY3zMuikaf/3GHvUGjr2xMDWGZndzaN6eS5n IGEKeRLXG343OHOdiG+Nc6W1O17xK5+xU5tw YkAZOFTnZeTbz0NULCPPbZMBRpvOTlYj8++m BibGDyNx6uUyj5o/BE5IcRVPvxU= ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. c40fk1jgmaFnmyj62lINlD/PSrIcK+qPpmNq CSI+rU3kFGdUw2hFZ53fDQ+fKfL5gdel/Zk0 AuxETgrJJMIMdTNnC0VHOymiDYgMeTr7ZEaN 8K3DwgVwc5yvBsUkq9ZJvWyT3FfraO9tePTr RY4XfEyp1a5qzpYtNgEkvYmbaXQAYJYT91zW +O+Nu1aS9dMctqjp8b9mA13o3/uHapnJ3HRO MW0HxrPy+EDGWBrFHKRR18KKuduwPK2nes95 2NYV2whns05U5EfNxnc/QilhUXBcBp2S9ABK GT4S3MKYSjNnutskqCu1hUSgU2uqhShepgoR wdEI20B7dpKKppFBYg== ) 300 RRSIG IPSECKEY 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. EfkX8CiWkUIz768cRJWnyiZaCIZC6TJAiouf GCDV1e082N3KdUoe0lJkE90ojuvefuCb8nm+ l0xFXQaH68tlJV8ZGPptBw1w6M9qCS5r1pQr PSIGZY1//Zvg9ocW6l1GAL6Lv1O5Bo1oRrYX DvDV24chUSDB3LQ3O/A4UA2nBlbpA4EJZp0r XrBwPF1mIdrJeNJGCv8Yf7jW0neBZD7jRgp7 YLOs5EQ/670+U6vP75jybv9C2PfqWkmGqFqh fm3/nK830UoGA3K1I+JaZihL3q1zerAK9KQ+ lKGAQDqijQt1/fIwQRdX9+YDfgDXesVqCO0W p4uWlkI28ILQyg/GBg== ) 300 NSEC sec-mixed-31.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. BzsAXFt4oQFAz1zY4Yo+qntekoI9uzMRUGYC Jd4a79Xhx59e9xFwbeBG489JBQag5NPaLzK6 QfjgxF5+DEDZev0uNLdx3yHG7Q1pkAmXbqV/ V0gjwWBTgg7GH7qlqzdyLr0Jf8WiM2ZWeDW7 MnMgqtK2H7Wsla2EXnl943KLkg8= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. n1kjpsACmiLElnyUOZKBELb3UkjChLQWuoZW b5oY5yvAc4iOFkrAxxJ7s8L1P/9+20K2icDe jFGA732+zsk3vrdq4UciPoLDHQ9fgldfv+NH TqVJinO3t+aDzbA1XfK8yek/3TItKphYrC/w jsUqg7/xdW5oMgH220otWLPzPfH00ULguIRB 3/O0s3BjQSOAtsE4XruV/0gYEAQ+W1xb/jjc dC0q2cWKFVIE1QTf8RHAff1zoUcqZd0qRJQX JNggCGrZe+KhTePq0EMSdlqHQjO7oSpAJ3P9 9AvM/R0FPLM53i/bLKP9wWUK8kFpfROc8hrb +m4sBJldfl4zhhmrGg== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. KnSOYnpqn3CdKqX4In+w2JiOguFU9Zb01evA Y+mVBcKRzZsytZg14RPSqMk3/uV6cQ1ARoPc o5ifu5uZ1mNvjvKb9VaCQUlPkUVxXSrTDeE9 ukJ7ATHBH2lHevcdv/99Vd+ONV4wrMa8zsLd LtyOpYgvtlT1uMY2gLlcMMv6k/Zqm99aMdiM p7qjalokVz5DXvO5ljXYDodiZ2grEl0ehxoW mIbGyUleBqnAWM0irIHHZT1j672ZYEk0DNZz Yu6ePcY2y9Vff8xLHAiLtofuhWGwAYtXdk3S T9LsRUppX3g5EQ5MKZHKajaKawBuFh5hKA2T 6qYM6r18ChQus6bl5g== ) lets.introduce.some.empty.terminals.example.sec. 300 IN CNAME example.sec. 300 RRSIG CNAME 5 7 300 20131212121212 ( 20111010101010 516 example.sec. rm+SzlgooZzFRPAY561I4IWn+uNXo2kh12Qj irkcKXsMRBQagWXlWP6h8myfgzrpKxD67bXm cvPM1Lc1NEEIZUesv1fyrIxX4D1pp8Ig6Jgi ERBLBWKg7yXdVrmmqDB6KkZ9oo7dYjNyiGf2 BiC71BE4lOJucdTOKa0HFqZmdIY= ) 300 RRSIG CNAME 5 7 300 20131212121212 ( 20111010101010 44427 example.sec. YgnB2pKmyY8LK+HgTyjdfH+4fCfaoRvu6N2+ O9ePcxYjwXHORoFvudwAOlQGYKfQ272bm4g7 GqzuaWiQNTHA5GAbYbYF7BLlazV07ysCkEs6 4zvPZ93iUhqHnbJFJJURCwz0z78J96YRTnVJ uiNSJNPH6b/QrZUC+Tagap5K3HMhtyLgAglh BZ6AETzEhufPVHEZjALj7fRZGIqExoHhHZuY ktG66oZktk1jy4N6BZ4KnhvfMlUORS0ZcbOT BUJVX+T9WZdDyVsvodEzvSmh5+iSVi9DVjCm /TN3ZqimdtLkCiVcK02hlHqSS/DCnE662URS 0Ax0wS5xwDTI3Rcg/A== ) 300 RRSIG CNAME 8 7 300 20131212121212 ( 20111010101010 48381 example.sec. sCI6AhmTudUVW3ML0Qv0MgHEcAbraKMKgXS8 is6SQKJmp2Pa7aJQiU4wqnlyrXHTngKfCiRq WZjY0U0kJw7/AN1zt13vzXWGuGsr+rS6vMjB hYxS1h84PTFDqujHhPqMMWtvDLX+4OGcXRMi zm9mi/7OrVTqhcxV6RFv64PmKYGXAiHnE2m2 fHoF4ORUJOHVq2dxHSP8xxCD5xhDi+PhnT8q BpCo11cEtUj2R9QLuRTDRuRVXM0ldUtKqu8P dps1/+S678aqxp7LgPAAYVKqj790Xg+6ti/V IFT2w4VuxFsGIq75Q19FBpguF6cJxwhPArRO aFlapp32NXoFgLFrkQ== ) 300 NSEC www.example.sec. CNAME RRSIG NSEC 300 RRSIG NSEC 5 7 300 20131212121212 ( 20111010101010 516 example.sec. RSMsCnNNvIeKevGzx3zYip8Sdz4D2PczCf+h Sg1ydQpNgiCehQcXBOSNvyMbcGHqyyEd2J1T ebn7kaWWEid46pk4hmlRm6xvryju4Ods6kU0 vlwJ0zUePjyQMZfC+NDV27/x89j1mU0kG09l tPDmQ+kGImsJipbYyFaZdMmvNQc= ) 300 RRSIG NSEC 5 7 300 20131212121212 ( 20111010101010 44427 example.sec. zWuxSIVAjBKfkszI/Pf45kiJl8nrzYEt+kRj 5TAZkY67tyOXn0fNMMfnjMEhSviaf8rGYOhu HLHT1eEUcTD9DLMzUGC3R2QmoabYVnuMBM3m qdYjQpNOReu0LHowUclO9HUeRrWmKuYGW/uk VA7osfe1R7+DqfxbxakXxHPc8eV4eiGHQlHj VEBZPLLxjxGBCIOedPm4KMwHPA+Yb24B855x /9FvUmDeCLNkeCCXWrZW+Hi1y62DGqyKuOAp hXkNwYs6djz+rSDv6ZSxQk8Afa0ql0MaKujK 2f2MZA77lH5JiF/byd2klAMzZwnXoOj73Oeo 3m6Sgu2BPkg5jgkffQ== ) 300 RRSIG NSEC 8 7 300 20131212121212 ( 20111010101010 48381 example.sec. MOGPntZ+WMVPLb+sti3KdDazw1WPJ6OLWFQe uTXoKhKInlDql8Kh/civ5k3+d/Y89M99oJbx R0XfJtBGb9hJSL9lqNOZnaHxSUWpQYxEG91E gEKsGDn+V8PrxMXfU0eB/3O+EltpA6tFq8sO clMguHekaiq7G6GWBeEV7/V+1hhkwhq8vxR0 T0soKyBAtu/eRNl3m+DVXjX8KrWFK5dLyCVI kxUSWfktAK2ipM4j29h/ZagnSx37pTtMKMhT sfpB2zZuqjPxt6s8kjKEHoAMOXr4hYfCbJA/ wDH+1KsZJQXOQN+jXeNOt8TIZunQaG4Ph2nd ByQ2FyJ+xsgHZL82nw== ) www.example.sec. 300 IN CNAME example.sec. 300 RRSIG CNAME 5 3 300 20131212121212 ( 20111010101010 516 example.sec. H7cVNwcomY7p/PqE8VfxcjdniHQhOkdmG731 u3kZcNO8tha8KegvuvvKrLL7E9dpsBMGqDGg KScJZcHvB0VyaWcJIT0jQ5ITLh77p9RbNd1A +YWbzI+hS6oiSn1lyTsHvl2v3wgukBQNCkdh tlrJ6EJSQ7tXKeBRU4Lw89Vo1V0= ) 300 RRSIG CNAME 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. PDZgMdPbXcr8wSvWYX54GiiFWKuFZyq0lZ9B UzRRmBC7H3ClOBsrY+UyzsbkelkDoehJl24W eKDdWuOz3eTWA16dEqPP7ISH0T2NLP4JhiJc KeUHk8mtDXPMrSkOhqD1hNwNixYNPxkcsCVy 1Hy8xnJVJik/fXly5PFiQoqOFeNfuxoBLp/B GeoAOex24UpU66DGrozm0+01pHlRn/wR+kuI AJ4sWIVzwg6BXzjyQl8lmiUw66mxsmvN3Rax KKAmxVooc9HpNKc3PGMOD3VqCfWtOnf04/Js KtSe2sGOgIsAm2k8TEa8Dso1tCTNwIbW+OZu QwLUe1pYcllmuYcG8Q== ) 300 RRSIG CNAME 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. c8UfmxeZ/echT9Nu9gsY0Av9ZaPvdBLWo4qH wwktyuf+Z8TaLB4h9sRPFPyvy/f1YNwyvQlp mqgtLsCSAlA38KMvAF4WsMU8zgR0L617KG76 2eDwsE/fZK8QIZ3YHRNP0F3HqYXahUl4+2j/ Vz3BbZe9HoTU+w6nxLrp1JdNfQKMakYvxDgI 61UzJPjx+pGLXf9dENtPr5J27XXFFP5HwK2G Rjzt0y/1WWbsrpXzM/hEj1BgKDQko9Ob5kKj 36TYIfpTy4lJLRYHy0c31E7T4MdovzDTHSuu W8Z7R1szEQ+WOeTR8+Mn35PVICIsSZOCDwJU sMRtA1CYGeH2h38zDA== ) 300 NSEC _443._tcp.www.example.sec. CNAME RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. N8WiClNL3p7dZRcmlR0s+ccMxwq+PFP8hJSc 7t4Ez+J4ak7WeV4h01wkQpcq9DKZWLbGGChd 5GVKEwBSiICd12/Xj4JAFLu36zj/74lRZAWY 4bWm7czIGuKK2DxtyYCtVnWXqMgdU6IE6jHA Sd65L7fsYC5nToDd/A52yQ6ka0E= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. LO+vK07q1yvdDVzQdcXGYzSTBbBmZkMa1voF a9LaO/z1TT2b5t1ez6Q12LaXupl3YN9ebFaC k+1zrUQT+91d/4R83qFrH3fWgNE1KXEPg+YX wzw9UIny8iJOtEIzshD6ThXrLgUKKliAefIR geD3u4GI7JzVSfq0mttYwy08feIG41EOFe3x cKAVKg+VJdpeSNvGTvEfmyzIi3WfO9N03ZPg 94gUIL4jan9zJFLcEZi4mcAcik7He1AmN9/a 5LN1gILxbOyqrphiSAeNus7NpoSryz/jmrY9 doP3Ej4tx9vHKXPapyzorEn9Tu02l8uTdqTD SqofuLEUT8Lh7UCqVg== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. mRq5Q7czgHeZwcF0uQpWLMUFPGb/PNotyks2 5/VS9k7vEptnB6aiUhplGrBslc/HizbtFCcB AHrDGkn+0npBis1FYDxFnvQBAw/TG2024GvA ld6cLtasxT3SxgPs5TiePBNNMjj4KJKxR+NN B+gnVKbFKrw+uP8q7BSXv3V3Wl9NHx5H+BV2 tmdJH6DPfXVqFeZIwaEpL7Q9GkRZah5xcDqa 4R3/hNBHllvAp6EsxLtQ2eV8sCNF3pGJ1lob oepgWIPEki+j3FRgloObd8T2vTKWA/UE3P2O ojVF/3abgXcYvSYcUVOuraINbmnql/DEeEDV tgkUS7Bzm772m4e4Xg== ) sec-mixed-31.example.sec. 300 IN IPSECKEY ( 10 3 1 Some.namE. AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt 3y6xImvMjRqcobreI351nbop04aBtP7o+r0z rNQmy6FqkPiI657FMEdF1cWJ2Q4lA0Pymgq/ BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vc L17OvU1ksLs9/9hhAbYYedmbAAGmAqfICiLB dOPCbhsCUyq8dTa0FaEinyHCJSHJWVZ8dBpb br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 516 example.sec. WPUj4jOLnlSs+3xpnjRzAv/0U1zmk4H/ySH/ MP/hnKKsu9u125TWubqeXXEJO91lGAL+KXlU zf3MX7RlP1dU1/bSZWjZcEfFsvAi9g7aAP9l tLySp4YFbmFPWZD8/e5MdQSdWADBqb0y6PNl xcYy5RKH33YQE2YTh1ikFPc1ljw= ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. kvO6pgkOeaWZFebW9Va1xbE9v4BwtXJGmiYE Y0bSzgJgL4p+c23ld9yOrSXfgZAN02PFbmXj aWWOMgT1opBa53EnmQmigQf6UeBwpAKON1RU sdQP/khA8glVueJD+DvTaqx7stoaeU4POJU5 r44hX00pLkn+VfKKs2jO6XL1cosMI2fKVYcS s5v2IZ83NBebrtyJqJF8KKu10sLilbR4PFOY YJG7/sB58DikqRWn5yj0mY/+OlUBlklK77z+ 6uB8o7eUyTFNPxHZ0loHEa0lcCuaAriu4k5R LZZR3+0mcJj5DrPz+E7rD0P8IfRjeTrlCsV6 k8fXvkTgxwnlfMwyvw== ) 300 RRSIG IPSECKEY 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. T5VLix3xZNUqCpPT9cr+iLY/dv7iu5qGufQd 3ZULo/k87hBJj4JEZsDomYP2CP/0/DXLWwm2 z93vM2FtsgQzvzovBA+NKHaw8SFvTW5CR4A0 morzB8Egz2mWFwKAmJsnP2gyhW2QD5bqANgM KXGPWQdC2va7w7g/aXYohDtHZqAcCzxwP0lG r7Deff1CeDoqKcxXk6WazQd/P1vU14cm8O19 Hq8k5kxGPuJK5dyJ8wp8QZ1UkSD/GwHHMcLK tyVRME30nzrxj/2IkkSFylOFMpgBX5lbMgWJ LzzC1gt8neeZBoPnWW05GB67/sWMUIL3u80E NvY7TVZR9lKfnJZujw== ) 300 NSEC sec-mixed-32.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. L33w6k6XunvXWQhwLh0uXHjeu8v0inOVuqRL 971Eh/n7ILef9kCAfbx7drDVVEMH2loP0vGK jdaxEgEkzq2ptv+50mDBa0WOcbZ5A2JR4ppL iHasyxzYq9x9YNI3in10xITjafuGHTWH7Qi3 z9wIXYXq8XtVEW0RuDZMUPm0SWg= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. NAd2rODkXDpT0DQ+FfQooT/QfroxzDXGRBK8 FUxwkOVMu6DxxjLi6AJ8PTUsxHjL1gz35Y30 sWXf38VftwNnBX10Np+NoipkO2da38/hYRE5 iKQLtFo24i99IN/babJH4vpSa23Ho3Aee6eB +W74sRZqp2rtKP8lyn2TbXe7ExSUEXAUeliD Y/bnJGb2ePewja4FHl/KIGcxyDU3azu5CORw T2QlBIMhgZWUC9RaiQxITgkFkcUzbsCfZM0+ p1akGBL5h3jqVm/Wk1e2UxqJJ0oMn81MXfl4 jEIjJFsH3emhfc2N7D2KBsKG8GYrheFp+Ntl 3htYuTUeeYwhT8Ee0g== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. ORccBKCgrEoEX3t/UWbt7aEb2tX40yxZUOUE 0yNl9+Wjk5twIii5mAxNPTLp56pMNLRKUF/Q U5kj1KKSuQPldo+cVOkPI0J0kd/z8H66P5sJ /ujNXuv+1Ek5j6rsF2Iz1lSmCseetftDkIbA p19N9IA8DPnqo5PiRQFm3lG5tKNtgEF03Nqw 5qwWAMWtJK67NLWNnN47fUzFMMCa5r27XbBL ckhOQAs8RBrMUPlTVcXT9S4jbll4qdQjpc73 ZSyG4eanVwJDj9a1/mQT/P2FM41azTKmD404 jKUlbBbDbAljXiNhrAwWSunnY0TGcy04huV1 38+zuLzvZeqpTZipLw== ) sec-11.example.sec. 300 IN IPSECKEY ( 10 1 1 192.168.1.11 AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt 3y6xImvMjRqcobreI351nbop04aBtP7o+r0z rNQmy6FqkPiI657FMEdF1cWJ2Q4lA0Pymgq/ BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vc L17OvU1ksLs9/9hhAbYYedmbAAGmAqfICiLB dOPCbhsCUyq8dTa0FaEinyHCJSHJWVZ8dBpb br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 516 example.sec. YgyHfjozmawIz2kLT7VUFR1q7EIKrzpgky5a dqMGcVFpzo42sXpbUgNfdYh5Q16rdzPBRdAj N9TsFzbHtQ6R89aeOiXPQkBcw5NM5iP4SeDS E7H+UHDp1uNQOTH9iZu6DZS4QNbN4FgVIhOs 2Gc/eDIpmIjIZeETvAmiI0BiDU8= ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. KQn+0tftooeCpLiZb4djUh2u3fDpT3rsWU6r IsvUxNvRhweOGcurTpA5KUiEuwLoO1HyHNjL OUcfNCOQ3rlO+PLGeK6DJjW61u+rdA/2XQ3t YgQvxMgOcW7YNTj7MJv6K78FtRSkTNfPEctU oCJ0qK4VU2HxG73nWZkEwuUe6p+8y/addJL9 zPEAvV8zWHRGm6eEvj7WAXDl+MTP0PjQbc5H +u3WxKgGtRAR1db4ZOcnd3VJhw5pCTqbzAaj o238Sv+CZXrHaI+KH6+elFjj40L4H6RJJ41i J6Z2Ws7YyXdNbC2etsYfcL/btNY/pjr3ltHq OwD+LAclUUdZN3vHeQ== ) 300 RRSIG IPSECKEY 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. XZVMJBrEuPHn/VQw1U8uPRDF6j8dBoumAGOA w1I2xq2/bThAB2h2Q+mlwLgjI7sm9x/xcKg7 E7nZCemydoal+G7eurUybPJwHRZq+iwJXEgk XkcdVWHLDVNpHONCzA16b1fgApv4jkLJ8sWh duxCPGAqFJoP6OflAingA1bLudWTeX+5/Qez AEkiVMBNDpkYTMPF1NxgHCCehVg5q6X0k877 XPJU7HWBi/aFSa3ohvYDCbHdQ3f5ZO1nhiUe yX+ci7uEod6ryAH4l3ms+eWVOp7Xjb8uPj7C vVL+tSdEABAALLKtlkwdjWID7v3gPRgn7CDA M43M9DaSon8WziX5NQ== ) 300 NSEC sec-12.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. JZDzgeshorzlT4iIYDDGjygJ52y3PvJm218B phQCRUs3SMYK5FHe+pvtGyPYzRebRgf6xajE q0U0WxW58Asw0WP50R7TYnNrj4CRW1TcCC4Q GkApJ2XfNczNneXTvovnxfTEhqFQ9Hsy2Vhk UBRg4WpnoMj88+DMH/++iY4UIa4= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. TwjBnssSKttI51P5LxhdzwWFbUeNxV1uQs51 kvhY4zuLHl7dRYAknyRRrxXVzL6fee3lkX0U iitXSyW5OQE7dLIPY8B11hRMupEyCe18dRZk dagHwVHHouSEwEoQJ7FoYkz3L58M+SOcgAMb 9xNtw3mbKsE085RibiH0kIU5Y3cV4HxxHFmk kS2jsAX3Tj/TiRpJ+BJ3bVVSYV66mxC0yaG0 ax2JShGfpJdLmHD+v0fvdyl70PSJnYWwJuk7 h/c+aMvl97kFUPQPC9AtBq8QdQvPGq72VUfC QI2ZrTl0RXpsk+v1soNps7/A/GH8iD4TlMf1 +bMj//EQirOM+Ux1ow== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. PjEdy6YqoBe18dhDBIVXStHSqandfhAwlfTA nXkhm+wp+JbXIlFGCIMe5QRp8cfWgM4M1NSx G4sc7EttcuYkflzhw6EgIQ8p7ex8vYxKQ5CC avoPfiYW9HiTSLwnwamdueB+xUrAcZCtabAE xj9N2GAFOgoj+pi/v9nAYElUzEOdWDNNJdq8 u8TPjIX6lkUbL26Pg5/xUy0+ILJN1633CtUb dtCcra60C4JJ25pkJKqZ2ibZjTdgmgdCfdwj hZUkTdACMy6uT9SAyu7n2yPJTXq0jolfihvY 0Mwc9M4fju0yI2uJOnvxuZjit1wjZ0HbLht4 ViLrokgWVRA+N8wGZw== ) sec-12.example.sec. 300 IN IPSECKEY ( 10 1 2 192.168.1.12 AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt 3y6xImvMjRqcobreI351nbop04aBtP7o+r0z rNQmy6FqkPiI657FMEdF1cWJ2Q4lA0Pymgq/ BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vc L17OvU1ksLs9/9hhAbYYedmbAAGmAqfICiLB dOPCbhsCUyq8dTa0FaEinyHCJSHJWVZ8dBpb br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 516 example.sec. PGGFzwY74AcnaMBw8MVJl6L8zlYNWV9M/BiJ UnUnOTKs+kIRsnLj/HBTUcE2t0koMFFRbYk2 FoxQ2ku3wX8Io6JVKe46o923xy4s2TAGqns9 xb22NWeK13ugneBVPhclsZhuN/UespP4UMWp YJgXH7bjH1IxtxyRkhhfCz3aauw= ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. Tl9oGPGvbFhxKaf2ajy5n1OVPEllXlgaNEAN HAy1Mu8o3ETHgMqBHFVD2D7gyHeXB1mkW2S1 l1+NgxqbAPJqDAptU3eqOGoOA4th+7b6VZgc gqYs2FlisrsC3K/TR1exqCBnSS6/QIJ5QSKq cXLtw4JD2ReGCQJE+Ps14RyjZXtQHpR7b+Mk bCAfwA9r5TavrnpDDy/VN4zey7LQcTrbEKuk 0vk1P/4i3os60sYLN0vlhHm9QDO8ja1NLaAs FpdJlb/pkgVqS9lN5oZwmFbbYjExTI738WsJ 1jgs+z0YNAyFKiqgKz6utFwObkBTeUVrcr69 DLEtVbH0vCUfBLzisA== ) 300 RRSIG IPSECKEY 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. H41hYuLN/6tf3/OZJao/N5nU/tdzA2PAplXB 98QLwukmPfnc/Tp8sPXbxzuH4asCH/bANBbX BxHKKo3Ct8oaKs021ymIvH4lkrD/H9pjguS8 gdh+fG65h8ApSOkuDSK53e6YPKdLuIK+NmE3 CJoRWpqHUUvasH2a91B0ZcLARDshLVnsg66M kuF/XSsTY4GtChgHwksG8/+6RpEypk7qQVw0 a1A/Cmy55Pu3X5puQwbrOUKLHOIEhrwek/x8 rJwtUwQBphjFqWPdSKcVFl5E9H9V5hpdfLx/ nPRU0Ol68KEwlg5S4qr15CBb39p1raV+pHKg 97WOq68oSdqOZRN7/A== ) 300 NSEC sec-20.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. PBiOTzobA3y5ptfXcrY70nhAPeh8MN0AvOHY po3elFJgbET5NMc6GDYHA5cCuUZK85ANeCl6 8+1LN7xJs/DNMf3RDsf3Ll69tzfIFfsszZl0 Ep2tC/OIt0xeTTVxMebfVGrKr3S591nsEtW1 4fpbiH5cP/8fjQaWMua4pGSzcUI= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. OpZkuFHIlJiM3Z8jtyk03C6Oq6syfkN76FOk 6UjVsZf9Ye5NBFY3aTXL8fVi9fTQVIdu9J1/ Rd+hzTF0Rdt1vENvk+nahZG5JvKLC1UhZWsi 9ziJZPUVrobZSRRqEZcdU9LUrggimWlVsUyk LyyUGj+cGUFQ9O8TsLbJ0PbWqZZ8evpPmzWM igPJ1lO3+zJCrsLH46D1a6ivHtKtCE8rm/Lg xBCoFCTw3ToJKpiwwXLiEUnrZ6GvD8Yv8UPB 9o2FtfcAzaKvkbIUdBdkzk6GYS1C89CJzgm8 1KnQI1Sir9lOo71b+AnCyALYYreyTlDaWZoL KHe2IwD2TspvBs8aSQ== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. y1iZw8YbpHGgTLM7716Fl4hUeLyaUZna9ZES NdLJytq0zxpVK5+X1ZMCMkdRK9vweVwmbJQ8 +Kkloz/Z3hdbu8pnlIF4SDTj1bd5IyS94gKX tvOJLD1zmHYZvQa/uLoqFH0oUk8NLEPOLdXx tJz0sg0V62At1L2gzHQsxdtAyRqJU9f3dYZw jV5SdQeIqE/6CyRbRJyZ0AiO6UcAMhUxJ5Qb S4JL81vB2+6huvGl5/dS1L8hwKH4XzuXlF0z V6A4pH4ASXxkdNXMDGeFQGssB6QoPY11+P+H TKxzHByfXdRWgF4zCsHcsia/NrLgFV8d6owZ 3bLp9lgKOPXtsqy3pQ== ) ns1.example.sec. 300 IN A 1.2.3.4 300 RRSIG A 5 3 300 20131212121212 ( 20111010101010 516 example.sec. X0eB5M1N4i/6qZNSbfB4cu4KsP8Byh7vNC5M xdETtmM+iPaplX4lSAZwPzG08VYZ4BzwQnt3 vyW+I7UCp82WGS27sEwAS3QwILK+bd+MFlCo Qo0Zy6mzUuKGFyI+1S0TTum32IjvnR03zVCG dtpftBOjsvH4NrKBsO5u17+Q7ME= ) 300 RRSIG A 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. wKUXC6Xym0zJg0iJi7fsNGwgrWaaGO/ueovB FUzlLmuQw926pESz4zIQiXqWQbQUPzAL4gR3 E+YHpMGx8oHKDMOR5wCQ3Lh0UKrgR98ycmU+ iCOzVU8eV7GWdRSl43u7eZeUckVO1KAm3tRZ O6X6/Zp5MPKIv9uzpq+DYSivd/I8g4ckviGZ heY17iVUuNGuifkg7alrH5cfrOzLfS9cGgME 4+vfP2q3JXKZAZ6p739QvdCzdnXbQdsv/PyY JK7erWh28rKqitYMi0Ov8jyv+LcUbP+in5Co I7Iskuki4jfd/2UeeakW1IOi0WPVErGDa/T5 0KSE9Ikf9fxwQRLoxA== ) 300 RRSIG A 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. H/9FYTkYP4dEy9sgXQy0aynP8cQ0KNYHOtYU j5tSQ55CDJdIa25SU7Bpy9II36tXDQrAlOF5 zmJR6id1vL6LFcYLEaW1mWHMUKZbD5HPA3jm Js43QHh+X8/X2JYHmbE9wOkfJb1hn2qXiG01 ac/iHAb7qOGBxByfC+DdG0v36TTt8+0Zykcq nECHvgdjWxHbJc4FsYtz9TfHTIqgZQCGZokG Zqtu1No1QG1YmNRyRC1XLAkiBYsuLnghdj/r SoG3w4MD0OhcJzgJc6O1aozOMkan6iRIM22a cS6IntUx9y5TRHdKGqF7UR8Ncun9XeN4b9Lg 1rPmWHuUL3v7Jf/jPA== ) 300 NSEC ns2.example.sec. A RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. LjoURmADRcni57f1ozhGZU9YdebzxMZ35FmB x5Tbw5XKUJGljCUWuJ0ynUTJp6rJPm9KJMM2 W2IU/AyWnP9ob4fp5UohILdUmbWDkor2yzRF eWxWsdCKuP8GhMLF2ukYeBkE37iDQxie3nCo sAlg0h5NhTZ9u8VB9J0KVdz566s= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. f5XpjRTRmIh79pHBuXrbyMC7UPjvmoRyulAh QC+0wRh2kp/hqBN0haCfhAVaExd8YvbCH0Sy fxbWcULNI8fmELsK12agHnhe9B8T9CYwWzrw r1cglj37NeJwP95eOXIuKiPTjZ1/RCeaWa0o qtPZNPTMKvCw2NcHTgtUypFQgZWjbtz4baVR jKq/OjBfb2Yjrb7ae4dGdFzfXxpjYgnLrKUJ xz8HUeedKW08mQHbtNEc3h4ybvPnjA/jWYNT /ef8aInqvfrmQOg51hNcK5W3X4WFUl6qkYdz iekEtR81bcwqRg0xdElIEgE5Qlee/b8wUbY+ 99FenDMPc10em4ECQw== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. TI7EXjaEDs6/J6Yi0Khe2GSbLWN0VTz4h/NB 4kVLLIsbxOS0BweX3O5qCoanVxmYUbpxRlfq p6ixun0bOnCNn4p/vz//c18Eyc2AbB70019O qYK0MnabVhsjMEvSz8Rsjt5pki63w3Vkqigb lD0a7ApcJmTc9vYgYK1j9ujouHZUC2Mr9guc Jn3BeXxaHWO5SALCdws0oPLC2WX6EeMwyR39 m4q1h9n/ijlIeaOJH1tDEBgMkgDVpWL7sE0W 4R4JpXJ01dldBSIwPy/4C/arT5D1r9QiNLwe oVe1Ks9QWowuf4g04tZ8r3MOLh+iqbesEUsO AjjmTzJIRsQIWv2zAQ== ) delegation.example.sec. 300 IN NS ns1.example.sec. 300 IN NS ns2.example.sec. 300 DS 60485 5 1 ( 2BB183AF5F22588179A53B0A98631FAD1A29 2118 ) 300 RRSIG DS 5 3 300 20131212121212 ( 20111010101010 516 example.sec. GG1k5JSVW/1BVKJ1QXk88czvq13mEFRiuDYT lUGSe66g1HsC8upefbakxwFR/Qj5LlIM0wyO WHNuJXxk32uUBXIdorKaRIlIT9ZacIzCTG0v x28aRZNft7V901vWPHp/Fi9CgBohjwvelUqZ NWnOxLirpuZHHcB/mA1W9nyZvbA= ) 300 RRSIG DS 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. vIk4mAX8eXRgkM4WYUYU0gQtg6u3uOeYysJx pZ888HfKISgTJtknxeSpEge4EdGOzb1W5F0e XhBvDdS0+g9Fn9evC75X+nj+Kk768i1E/BUy gUAB/X95UBxuRWlFjBFM1FRaxHoE5Z0It3/b ygY+/kh2QgIbbbKaqJsdXqtaAqU/VpKgFuFy RJfBObEoUB1XyJYvl0US9dVbi7iSftynxdco +/YjqRVBJOECjWobZlCECkSJ+wYZF1tEjWv4 Xu8W7CDFsjySXhGNiIty4mod8hg9yf9P0d84 G2lbaXcxD45InJkT8JsK15c4vViIjNdTLcTq fYkIGfAiX++oJWTBtQ== ) 300 RRSIG DS 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. Q5KUYverUZ/XNIf49+SzMfkV/7RI049MwmVH FTdrzW3SQITMIyX5dQN2lqKQJhKcMY5MqTS/ dPLnrjMiq7QbBN7j6UsvMFRBRpL8FN82VY7Z //AARUBEgbPXdtuwCIRV116mv7upjI5m1/H4 dxK7mqUdI6elf0W4/uVT982C+YmEbdVNprpt iPI4fp94UaN5iQIrRokQNEbBg3ucussCygsc 1uxRyp4sSOpfAVzD9nEsx4cWto5gt3gs3Ceo mpft81Spqwc0e3+1Ab8EslLRVzAX4Q6e0wlR yFjd7688IunwAfT0K+ySDWWJjJDSWfr+WO2a K+lgFaa8AqdoNZ5L5A== ) 300 NSEC delegation2.example.sec. NS DS RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. HSudH8LXEmJUMpJuDr04zv/u4AAC5b2cPAl9 KqVRNeXIst++JMtYpasITHx7sQzPG6nfFcfE HZVsmhT+Tb8lEH8XsdYMv92bjxX4bttiU6Sz fd5pUzHCK5Dldiw8z4sQLIL93WpcJplDa7yE DAlnwDSNQMEIpGOWfwrZHZiBOOQ= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. J9sgA8SyRw/WP2r0c1KPs6AevJzJwpPe9J/w NtyklomMCPUl0Q1VRs88pbVacp7qF7XLsnP3 K5yWjLLyOHXVVPuTSg/6wIWjO5y+iGlfD8BR OAYe1Y7S3prIXzY9e4u1lSdaA2Tb+dEzn13U u788+xPXpqKZJybos+B7Addlogajgg4Ug/Ss HNiXKqKMvLJdg98B0mmmTWdDePsfrAF+ySGB DQ0OUU86+msUOUB5eY9/rSndAW+27cnzZ8Y7 k0dTk0Mwz32KoRozjbDPxHs2Bz4bCZiMErqb TAGIdTkAuSyonJeE1E0GTGLoABz20q10l0Fm j626ScNX6CcGQDYvNA== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. uAFx70tItpOf+p7l+3YsNABFiGpu5aE7raHV iXvUn9oRpV4q35hpHlIeLfEBMR203BKmgD/f Hd6bzwkJndsw5Gm+vuWHksXYlQrKI44z5n2c IjjyW0omjEj888rVg+XnZuzyV5maTETb667o WW0T+0kscT3d/oNdlIbnzGTS/RpOjDO3lwvk xedA2FrVTsT/Hr9PeAU4yoFuPPUdG+xVK48t uBdMOranGQLk89gtlj07/+chjwRP5fXGSu0j XGd0PVeZObWtojbd/uG7KHOWQ6og/IKRfCRf FZeohfQ/ktmesHa9KP9btCK8Zz3hrrWpofwY cMT6G6ctB6lOF1//Xw== ) _8443._tcp.www.example.sec. 300 IN NSEC example.sec. RRSIG NSEC TLSA 300 RRSIG NSEC 5 5 300 20131212121212 ( 20111010101010 516 example.sec. Do/iJSb7MVHHfUHqMvHUzn0cA4fhYGRpM2Ub 4T0+CUs2jZf5V8/6A7q2PCr4FeGFUv/UUPZJ ApBeHEkCs4kMMpWnr9vLW1jrVsnEPtbpyHxL J38oOwti691RxuWFoBo2PqNeZirMTBUndYc3 91ePBJIsms9158ArNCv635QgOSQ= ) 300 RRSIG NSEC 5 5 300 20131212121212 ( 20111010101010 44427 example.sec. Emj0e6av3qusflUDYPPEyf4XFvSWC/EGaMoi XPZOZstXgKm5lglqs/pVNn+cexF8vzqZBK/y mqLJaiSpmwp9G4q7L8HFXYCJZ/tdIcsuQzCQ Nql84gleVPeXSJbniM0aImFMoxgCvZ8OS57b QvizZARVxJnJ+jQC39xf6++F9kKeLWZ5QPxN mwBpVn52phWT1jTu11pzoh7GluHXMMvTNY9S 47nh3PQA9VeOxiq3/ixnyOhcRQc8voapOXTl 6ibZ2WVnGguQjX0p54Kh0srLOfze1X6zDcOy vX6h+oPv+85sqd17d9tQqFmPhJPLwy5P9Qjs nI6ypr5JslvRXA55Wg== ) 300 RRSIG NSEC 8 5 300 20131212121212 ( 20111010101010 48381 example.sec. iIzJxjqb9nCuSsQuSHqAd5vQBteAUYvMFldr mWJ47Me8EPB+iGGcT0zLyzDR29m4sB8XfhNS hOLDxsUHM3AXdrmvEV2QZYp9pFSUACeI3eH7 F88WZxrkDD6Xq0TKKnVvm+WS/bcPkicfRGMj SCSFO7QD0miP3UajHHlvRQpMTQadkq1iNRB4 lAmbgs0ewZvb/OUDLR3QI8zQwTk/cCqCnNLI CIultX6+lPY2mNFSTZORJNLRugDOHI/OKLny e/eUyRUcTf2sKkj3AOLJJe+p3c/4LvDq5GqJ 7R/JfLRhBY+Yplw2p4q92bgRv/xpH0aFFkpJ auyl7pn//vPwux9GqQ== ) 300 TLSA 1 1 2 ( 92003BA34942DC74152E2F2C408D29ECA5A5 20E7F2E06BB944F4DCA346BAF63C1B177615 D466F6C4B71C216A50292BD58C9EBDD2F74E 38FE51FFD48C43326CBC ) 300 RRSIG TLSA 5 5 300 20131212121212 ( 20111010101010 516 example.sec. bvAnzUg5Pt5Wp0/eLo8Kxuj+i5CTca3Fi35U 6fMA3mI1QNLs0XoRv9B/qk9pCVvXoNjOppQ/ b6m6NUmWWyuNd1CtyxkoFN9WGt9+uY3CFV9/ PWh4yuYrHkwdJJRf1s88yIqvSo0Raru1RkN2 DHws1P7biz/SiCBj8gpBWzv6lL4= ) 300 RRSIG TLSA 5 5 300 20131212121212 ( 20111010101010 44427 example.sec. KEjdt2eVE8x9m5nQtc6whbe6WUndgDM95+Jn QW46Wp0rqb5heqrEIJuHrH94KCUTA5+mcPVm t6Hb7be94OXRiMD8fL3hFm2E74mlUwea9+it eNseTZ/x2AZY2XvTXnQEmMfnNBjxPCTJXW00 SYxtbeu7X0HugPlUGJT8qzTFv4x3plS/ho7T mBsUVbMa/QIH/7GSFb38y/L9sUatsj3YfPoS WrV6TxjezRvzZVysng+QL3N8pUQPRCLl19CH 2bBM7BVLsxG2MJu26y1YH2hlGgSYo+HOHiFH XTqkUo6hirZ5R4/pSKo5y8v7hrod6sxTZFy7 aVQ4uYxHmCtwyr5JCQ== ) 300 RRSIG TLSA 8 5 300 20131212121212 ( 20111010101010 48381 example.sec. cMMKXvrO3miaFrrFhw5GsQ1RkOUomCESJdxg 7abMY7rACNHDIW1QwoVqjUEEA7fxgG9DBccf fV4kniZiw71F/cgigWrXppo23PAowl34/kcQ DT4hxw5zJz16voa8pxWa21bRpaktEzDe0ebr 0bmpdFek6qLLUXavYKgW0yCW4eL9JKAbA8JN QC1aqKu43meKKx2bnAMW0u8gkvbBIN8jaSJ7 hPB6tYw3I4Oat2nyP7Xdwerx22k+iFsr10y3 kMr1pp81ChI16rJBA64/SGDEYSgPurfz5v7O erJj11AR/ZujoYbtvc19mThfSYGZUQ15D6A+ 3V6fiQ1kKdC9/JdYPw== ) sec-32.example.sec. 300 IN IPSECKEY ( 10 3 2 some.name. AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt 3y6xImvMjRqcobreI351nbop04aBtP7o+r0z rNQmy6FqkPiI657FMEdF1cWJ2Q4lA0Pymgq/ BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vc L17OvU1ksLs9/9hhAbYYedmbAAGmAqfICiLB dOPCbhsCUyq8dTa0FaEinyHCJSHJWVZ8dBpb br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 516 example.sec. sjkn7YxySRjBp8hVepEyNYW/QrAwvx7nQ1ae ptYnoDyVUjOQWNY5uuh0S8Pe3+tJZrkzYz/u 1Y4Huw0QGJ5jwAkxiwKi7DEc1M1Lxwu+c7xR AnsuCesSxpBjU5oLBju6ot4MwGE3cCZ75met GoCrCV+FIsOv8HLrSUHWhOalNk0= ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. K7l7sji24F6FHvM9G4v4db8gOZMCEukzkMBH NVy1afNA2Q2VRcRmVriLF64Y2Z6UO3q5t5o7 fLyNVWRiU3/VvciuUbiaLMDt8E85WBSkIGNJ vi5TIJndEFjreNaTROoqO6HiHuzbraQZudTy TFzjWLG7WyczT273oStNDFbdXhGtAnL8h8zk Vultj5aAto7mLUAtfrLkIGgARp11ksaJkIbm 2liBj1zlCX7JahXfGRrsAaax0PlnMLnKyKcR n92QD176GE4OhRYxglpnyzlJam0CTqJDW1+R k0IMx5a0eaBiv2MzIEAESqCVZwCr58DdQKjB xJboKkBa+lzpJSDB/w== ) 300 RRSIG IPSECKEY 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. pawr4IGf+I49BG8IrNod5UZG13ZDIlUhTQyr TqM0BOJromSWaUpF95EjUYkX/sSf2xQ3L2OD 2+GhskDJrW9+g8KdsJpZQV8bowpvlrQxFZGg VJMBbdW4ioEaVU36j0NoM6e0ikk6DaB4E2qf vc3eFUtfa8nzLy4pn65pDrsTAgGIpzs3je2e kKtP3eBVYl9qERvuDjVfeRJJwSNGOa85cI7G Tq4GUkRMgNQ5/BtPYGU+oFoRAogm1okb1evj es1CTdZHQbFg+A04k5Hru48BMkc2my2Z3vTf XeqGweMPfeU55Ng4SsQuM6nyglTaniTexTQt R2JDABKs8e6MkiHMSQ== ) 300 NSEC sec-mixed-30.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. V4DD0W8YzWujM4KW60BS//aM79bWw5A8ei9o 7ro9K0c3xdRRnoU9X1xz+5prVHsfe22qfxuY qabwfLKLwXa69Y/qPg1yFAR2k7z9WxpYC098 9rSMQQuW1BAREsSkPkSBs7Hn5nPdt3rmc8Ce BSrtFFEEWPmpv0eVQmmb2xtdkeY= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. PyZv0A54ZZvV3/ZtqCm0mMMqIlGUleR9TwJJ WLtYPj2aUF6hSjK0lQjXzd7kjlVUYdPTGX+u w8eAyWMOTxV/k9R1yPt/G3GRuw+5AWQl8bcK 5xF/GjKtPNVITpYSmJv4j+QNRq2y5Shqy3SE Ts6X5NNiLD/MygBxyk/qrhrrcPlVAiV7jJ17 yFr6BxkfoCzliR8p2qUO7WUalVX1yqAd2P6e d0G0CkuNdkeufiyHsNed56eF0D+pnjTDHQHa k+PbSJJOy9Hh97t0aFAxXlOcGtQc7QubRgL3 Id7/VXAs/TsKk/qQZvWOtkPBxDJc2k8Jtoa2 nTTyb4CP07ySVY/8pA== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. wHKy9jgz+DLZyTO3yFmCFde7nle4n32y71nP SNRFE21QEStGJ7uwRC2Fr4VZt0UvGESeT1je WFDgfrD4Qus8UPBlHbo1ls0akEJ1XqYsgqvb c2P8dApzCtyp3uCffV1XgSat4OKzDvuF7nS2 KMZuF8khILvXsCCd5q51bPS+bqNj+lSIRd+7 U0Oof6M/5p31XKVdVgYss0L7chEsCCVTILi5 /4dLsGO5MaXwgaHP3/L+6Ft2S+uF8R41d+eI juJ4fH63v/qQZmoJbOtqXDAZGKRewc7pycwd clgfdSY+xO78YBJgSxClsF45wGgZoQ118KY8 LCL8UZImqlRa4LiArw== ) sec-02.example.sec. 300 IN IPSECKEY ( 10 0 2 . AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt 3y6xImvMjRqcobreI351nbop04aBtP7o+r0z rNQmy6FqkPiI657FMEdF1cWJ2Q4lA0Pymgq/ BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vc L17OvU1ksLs9/9hhAbYYedmbAAGmAqfICiLB dOPCbhsCUyq8dTa0FaEinyHCJSHJWVZ8dBpb br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 516 example.sec. ZxmPJKUcsMJOctEYEwMUmvy2+8ZTIFJsk+b+ t5nNOsx1+FtZgtY1S7RLBus10zY0Q5wt2vmL JNdhfcCP5W35Q3WocU0Beg07WcJLMyMgzi9i 5iAjdXDtDzKF+Lw3p1F1cX7h9ZSzUyH/z+cC YC7ZzH9Op5hO5AHjY1e4nvW6+qg= ) 300 RRSIG IPSECKEY 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. LyutzFpbaLlctxfGVUKFTiycjjatKm9k2zJG /yFyUOr25eH0bKvKWi8bD5D7wTeo5YgBzlCd 999HtAAeg493ITVOfbw+HLr20fUGrtqwZ6B7 QvKzcwsags9zlJWTruWIkTlhS1dfNrTMh7PN KbMuN8YwBiBA1Ke0Imx3moKdTLtunAxYMjNu n5x7dLVO62tFl+ZA2va0TGHamsdyQeBjCd4s 3ykrld0D12WRwqOJHciK2iaxTEx/OBdN90nM Lbj96clMEs6Shd0noe4w5j8bGHfSV/OxreFH yiaK0S8Y5FmX6F9W3az9f+IiZP2nHAWkjkde HMfoXJhS3jX+rI9niQ== ) 300 RRSIG IPSECKEY 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. waXorF6scIEz5rOHz6bekxotCZvRxkOyyE94 FtipboM66SHM6kYQgwltXV9FbWkfVY6RzWVC O9xrLWRAQ4cktelJvl9y6UWNhHa+CNEfjTkb TKwoiWJ5imhmJV6pBXpT4gGy5K7FJHGgJT0t FWAZWBXKLry3iUksy9zUL9HEbwbarjIGc2ZV Frp4t4cgtUT3psv4eK9e1+mdwkefXUN1hmLn pWD4ue4kOG+jcBctH6SIbDkGMpua9hLHT01s c/QZ5qmigjNEapXJaaHeqWJjD5JPOMhJIfmL AziOaUZT6CkwV88Odzb3crsQM2/Id778A3KG 9U2A3Lulfi1PtZhIOA== ) 300 NSEC sec-10.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 516 example.sec. nzu65zs1FgTAdiftobY+Vgeyh6POya/gWdK0 HUynWg7d/zwbwdlqmdcl/ywzyH9jcoInmLNM mjXXCD9ZOKxBnMuizenJSURylwNJSA3K96Bl bcvcPzr4fLyavQ45rzmmmbjseNGLains3Tak 8up1Pq+9R/zsqQ+T4R1A81yqCLw= ) 300 RRSIG NSEC 5 3 300 20131212121212 ( 20111010101010 44427 example.sec. 1PROjUmKAFBcH3CObclEETJoEa8cKReCATnj IDYOi3UPSq4enHwhztVAWzJBXjDQazr8fkUB IrVLTIfvldrJB9IXr08UggU5QwFtZFLZOWUh r8IC7k5569jJ2V57azR4YgZYqglMxiCjKyaY N8US37E2DFRwc5p99XK1XkuL9lYQAZwTuYb0 whqhssimPxgs2pPtHm57bn5RDErhfYcCwlkF h6MRFJdecIiwjflcchTzDwPWLwRj+SrA+pjf taTG8SC5iDyHSdXf+IOiAVlgcijGtb7gj3c8 DSDNL3EengxcrnhGjly/GLsZ/IVFcZAoQtbR Om1P/ivERKHPavJYWA== ) 300 RRSIG NSEC 8 3 300 20131212121212 ( 20111010101010 48381 example.sec. pjz6xpG8TBaG52rjH0BEcdvSm0CHo5otGWGk LKtczobK9Ub2E/QcEHSsUg4xGH0JoRWwRf38 Fmjcf1gMj60A8r78sEe812ZFflXmaTPgiWUi GR4N79PSrhEv5lO0lVZHB83GGGkLKXTbte2N YdZR5sCoddbMQU0+tq22YVffi0fRB251Ee00 M2PFs7t848Lifc8gLEauDPBKqYrgTArcEFME dSWUXrNdwDQPV0/p8SeGj0jWxg3D9fNCpe05 ddGiMfWgOETLDkhgmsfU36VIognwkJQ+NloW DAMi6HP3jyw4qVr6TOsbmOYSLfavwurIOE8V rvCX42KANrhB8DMwRw== ) validns-0.7/t/zones/galaxyplus.org000644 001751 000024 00000001025 11556071306 017607 0ustar00tobezstaff000000 000000 $ORIGIN galaxyplus.org. $TTL 5M @ SOA ns1.catpipe.net. hostmaster.catpipe.net. ( 2011011400 ; Serial 1H ; Refresh 30M ; Retry 1W ; Expire 5M ) ; Minimum TTL NS ns1.catpipe.net. NS ns2.catpipe.net. A 194.28.255.11 MX 5 horch.tobez.org. $ORIGIN . www.galaxyplus.org A 194.28.255.11 $ORIGIN galaxyplus.org. cvs A 194.28.255.11 v6 AAAA 2001:2010:1::feef text TXT "text1" "Another text" "One more" *.meow CNAME www validns-0.7/t/zones/isi-mailboxes.inc000644 001751 000024 00000000252 11542617353 020151 0ustar00tobezstaff000000 000000 MOE MB A.ISI.EDU. LARRY MB A.ISI.EDU. CURLEY MB A.ISI.EDU. STOOGES MG MOE MG LARRY MG CURLEY validns-0.7/t/zones/keyset-example.sec.000644 001751 000024 00000003164 11542617353 020425 0ustar00tobezstaff000000 000000 $ORIGIN . example.sec 300 IN DNSKEY 256 3 5 ( AwEAAbqjCxtmin71unORku1IrrQx2S49KTmw 45jnlNdreCH40YmhDZo26CMiVXbq29rvUDW+ ZEJqVT5fd5GrA1wEEGbrudd2LDr5AedBK7fY TsZf/LEm32/Bu//KzynrJqyB4HSN3GIPbp3K YyY/Hl7HawOvWAd+tUHgUtes4trE/4pr ) ; key id = 516 300 IN DNSKEY 256 3 5 ( AwEAAeluubFtl7Qtw4TpuZl85abGI+HXO4ag qzv1kSLQ5tkYFGdpZyZwQcBU2znMrdw03o6d GOEQi+FeSymycLZmtsKiODsHNwgb6qdxnYm7 +n3ZiPwVhMX3gxIG64FORibWcHAyBe5AAhQA ZIqveqjnY4gwdKZJSmo9ihXBkKS4yJ6Ulopk kSxL1Iq9oXvWrd1ZqjQiSmLF/3juvBGjHVP4 CbPiXZ70UDay6Ysa1to1tHZSQshkRTClB+Dc t8er3cZ1y62yOSbPK0SlouSRplbz+ezNyqD3 c5zvz6F2AcZ4NqaTZOMWZbOowujQj3FxElaZ S+/ughQZKq3OtMN8bqc0tZ0= ) ; key id = 44427 300 IN DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; key id = 48381 300 IN DNSKEY 256 3 10 ( AwEAAcZdPacjnWNuQKCF8CPmUW1/NUxI/G7x dbwrU9lOuAD3sw14rLw2NTzpbC/bubt2aHQ0 nc1duoK0x3DjhAURWki/1O1Yvr2ffQRVpWS+ WjRKCqTjuPrrdImeKdWEdnDl3l5kQpsxx++E IHrDnqiVhBHJdVB70A/I7i5/HiD8HgVooR3I XVyxbT4walrarrhHWEBcXcNbvadg2rc492wS 86zbSmK8iV1e7t6U5iBYmsQjc7TVhBT7xqar knECGC8L/9o/R1zfSzSN+ay+dI45t+jOOLgW p5gmjsI/mXhoO6GqX8rbZoV7/DQyAR5rATJH W1eausJhOgE2wBJgl6V0XbM= ) ; key id = 1862 validns-0.7/t/zones/simple-1035000644 001751 000024 00000001060 11542617353 016511 0ustar00tobezstaff000000 000000 @ IN SOA VENERA Action\.domains ( 20 ; SERIAL 7200 ; REFRESH 600 ; RETRY 3600000; EXPIRE 60) ; MINIMUM NS A.ISI.EDU. NS VENERA NS VAXA MX 10 VENERA MX 20 VAXA A A 26.3.0.103 VENERA A 10.1.0.52 A 128.9.0.32 VAXA A 10.2.0.27 A 128.9.0.33 validns-0.7/t/zones/manyerrors.zone000644 001751 000024 00000013356 12001257341 020004 0ustar00tobezstaff000000 000000 $FUNNYDIRECTIVE $ORIGIN galaxyplus.org. $ORIGINBUTNOTREALLY $ORIGIN?BUTNOTREALLY $ORIGIN ; no origin $ORIGIN galaxyplus.org. muhaha. $TTL 5M $TTLAST $TTL.AST $TTL ; no ttl $TTL not a number $TTL 1z $TTL 1mz $TTL 1m z $INCLUDESSIMO x.yz $INCLUDE\SSIMO x.yz $ $%^&$# something @ A 1.2.3.4 ; SOA must be the first @ NS some.ns.ws. ; SOA must be the first @ SOA meow. grau. 201101144500 1H 30M 1W 5M ; the serial is honestly too large @ SOA ns1.catpipe.net. hostmaster.catpipe.net. ( 2011011400 ; Serial 1H ; Refresh 30M ; Retry 1W ; Expire 5M ) ; Minimum TTL SOA ns1.catpipe.net. hostmaster.catpipe.net. ( ; this will be skipped 2011011400 ; Serial 1H ; Refresh 30M ; Retry 1W ; Expire 5M ) ; Minimum TTL SOA ns1.catpipe.net. hostmaster.catpipe.net. ( ; this will be an error 2011011401 ; Serial 1H ; Refresh 30M ; Retry 1W ; Expire 5M ) ; Minimum TTL NS ns1.catpipe.net. NS ns2.catpipe.net. NS NS ns2.catpipe.net. garbage A 194.28.255.11 A A 194.28.255.11 garbage A 257.17.81.54 A this.is.not.an.a. AAAA 2001:2010:1::feef AAAA AAAA 2001:2010:1::feef garbage AAAA 2001:2010:1::feeL AAAA this.is.not.an.aaaa. MX 5 horch.tobez.org. MX MX 5 MX 5 horch.tobez.org. garbage singlens NS x.y.z xy IN 300 A 194.28.255.11 xy IN 400 A 194.28.255.12 ; bad length for SHA-256 _443._tcp.www IN TLSA ( 0 0 1 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9 ) ; bad length for SHA-512 _8443._tcp.www IN TLSA ( 1 1 2 92003ba34942dc74152e2f2c408d29ec a5a520e7f2e06bb944f4dca346baf63c 1b177615d466f6c4b71c216a50292bd5 8c9ebdd2f74e38fe51ffd48c43326cbcaa ) ; bad hex encoding _25._tcp.mail IN TLSA ( 3 0 0 30820307308201efa003020102020 ) ; bad certificate usage _1._tcp.www IN TLSA ( 4 0 1 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9 ) _10._tcp.www IN TLSA ( x 0 1 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9 ) ; bad selector _2._tcp.www IN TLSA ( 0 2 1 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9 ) _20._tcp.www IN TLSA ( 0 x 1 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9 ) ; bad matching type _3._tcp.www IN TLSA ( 0 0 3 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9 ) _30._tcp.www IN TLSA ( 0 0 x d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9 ) ; policy bad domain name for TLSA tlsa IN TLSA ( 0 0 1 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9aa ) _30._xtp.www IN TLSA ( 0 0 1 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9aa ) outside.org. A 194.28.255.11 long.outside.org. A 194.28.255.11 outsidegalaxyplus.org. A 194.28.255.11 insidegalaxyplus.org.galaxyplus.org. A 194.28.255.11 www A 194.28.255.11 cvs A 194.28.255.11 v6 AAAA 2001:2010:1::feef otherdata1 CNAME a.b.c. otherdata1 CNAME x.y.z. otherdata2 CNAME a.b.c. otherdata2 A 1.2.3.4 cert CERT 3 3 177 V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBtYXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBpbiBnZW5lcmFsLg== cert CERT 3 3 MEOW V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBtYXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBpbiBnZW5lcmFsLg== cert CERT 100000 3 0 V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBtYXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBpbiBnZW5lcmFsLg== cert CERT 255 3 0 V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBtYXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBpbiBnZW5lcmFsLg== cert CERT 700 3 0 V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBtYXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBpbiBnZW5lcmFsLg== cert CERT MEOW 3 0 V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBtYXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBpbiBnZW5lcmFsLg== cert CERT pgp 100000 0 V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBtYXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBpbiBnZW5lcmFsLg== cert CERT pgp 0 0 aha!oho,== ; but this one and the next are fine cert CERT URI 0 0 V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBtYXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBpbiBnZW5lcmFsLg== cert CERT 254 1234 dsa V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBtYXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBpbiBnZW5lcmFsLg== zzz SOA ns1.catpipe.net. hostmaster.catpipe.net. ( ; this will be an error 2011011400 ; Serial 1H ; Refresh 30M ; Retry 1W ; Expire 5M ) ; Minimum TTL xy*z A 12.13.14.15 ; name is not valid *z A 12.13.14.15 ; name: bad wildcard .xyz A 34.45.56.78 ; name cannot start with a dot .. A 34.45.56.78 ; name cannot start with a dot zzzz1 DNAME x.y.dk. blah ; garbage after valid DNAME zzzz2 DNAME x.y.dk. ; fine zzzz2 DNAME a.b.org. ; multiple DNAMEs zzzz3 DNAME a.b.org. ; fine something.zzzz3 A 1.2.3.4 ; DNAME must not have any children (but something.zzzz3.galaxyplus.org exists) zzzz4 DNAME a.b.org. ; fine zzzz4 CNAME zzzz4.a.b.org. ; CNAME and other data zzzz5 DNAME a.b.org. ; fine x.y.z.zzzz5 A 5.6.7.8 ; DNAME must not have any children (but z.zzzz5.galaxyplus.org exists) - yuck zzzz6 DNAME x.y.dk. ; fine, no induced error @ SOA ns1.catpipe.net. hostmaster.catpipe.net. ( ; skipped again 2011011400 ; Serial 1H ; Refresh 30M ; Retry 1W ; Expire 5M ) ; Minimum TTL validns-0.7/t/zones/example.sec.signed.with-errors000644 001751 000024 00000067520 11732633004 022577 0ustar00tobezstaff000000 000000 ; File written on Mon Mar 21 21:09:05 2011 ; dnssec_signzone version 9.6.3 example.sec. 300 IN SOA ns1.example.sec. hostmaster.example.sec. ( 42 ; serial 3600 ; refresh (1 hour) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 300 ; minimum (5 minutes) ) 300 RRSIG SOA 5 2 300 20121212121212 ( 20110321190904 516 example.sec. JMRbXaDnvv39FoonWE688oliqrw7xe6ZNi1r AQUkgjlZGmuNcCDlarDiQHUu1O2GBizRpv2o nh+TFfgqn7FrT7mPDCj5J04BuLl4x9+CayG3 jgdtZ+UW8UUu6jUO/woEsbmdB3HrVjI/UWGC 7qFMaz+i7IxCkMLTS2Qh65Dq74U= ) 300 RRSIG SOA 5 2 300 20121212121212 ( 20110321190904 44427 example.sec. Iek/aYQDuBxFERq5RvLC991ZBqghy83rWaQl xZBz7qd57A6niAWEeA3K4/pfo8VxTVT4EyNw DHWrwDgrW6UxL8mPV7a41XadM7pRPy0zdfrz 1WXrE4sW8miKmpgJ0F1/1Nvtb1oGlCOjTQph IZj/HDrhGBByswk74Rbdfruffbk1H5jM7Fl9 OzaVA0acR0eU2bZwQGIFRXWMqNAlf39noOYb L1fXmiFiwZvWAHdowkwas3Ud4xN2DsR+7QbG XHhU9xvQ9kI+06/RnS5gjAPqUZT7jVn4ipnt TejDrDnc6Ie3YnhvevSpwEMdbJF74NyF6Cfc kbxB0eE1wGt1+0CF9g== ) 300 RRSIG SOA 8 2 300 20121212121212 ( 20110321190904 48381 example.sec. V67XuvoMw+ah8RND4CPMS8HRDPlgVAYg64Ut zT88oQqHQi03GLYR5DU153G7GbqsI9+k7RKu By3by0VKk6eV8ELiI12D+QObEbfzF5tGf6JL 1MlN7K8UGOZ8rhw90FYwFQrlleSDeBkQbHpk 1I/FEe8/RQZDuuxFTxCm2+VQfC406wAQbQDw 85p265NDEtWdOb4fYNziWuHDy2HPEsX4g1BC Rs/9azG9+JV3DAcIh1OhVqVSVRlKEn5e7DQz g2BO2kuOnSmiwqFdDwtjgHekfeai6kNHkL8F zWBlzMgulNLG0Px71FdtLyOzFV2Pt3Gumald gre9Z+7uX+q2uIH32g== ) 300 RRSIG SOA 10 2 300 20121212121212 ( 20110321190904 1862 example.sec. eSWdDs8UBqO139MIjl1DEzuaMiXxeys4Rmxc 3NNVonB6wF1wOLecYY88fxl5q2En9/Qx5BfW bTYPeRsyy+o1u99xRqP3nhQaSKhqFTuxE+nN YKX0CcrvlD4Z5mGtgbNSSnRiCXeLyYdCgYCY e1EoxSybp+3elsZU59/GBgWDXWybcQ2X+4id ZwdCvIKphJGvgCjg31shT3HRfzloasH/ur+C yzCIDW5VJ0atzI6m14dcYeX67DzrvjwwXHOw IgSYuQJrNBODfhHl5DIl3FNTICah4tJdJaZ7 Qnm8xKmiHcwGuLGIA1BG1psbwA5QUuRwNWmB imQyoXTAgDWVb6blJw== ) 300 NS ns1.example.sec. 300 NS ns2.example.sec. 300 RRSIG NS 5 2 300 20121212121212 ( 20110321190904 516 example.sec. TuA7snYtya2rLvT4a5kUsSufYqU0PvzaKqrs Rbwii1zaCezF+E88GeL3Q8mx2pvpIpxVoiou GniJvvDy+aV2DW1t36Yw3CR0dq/+WPjvGV7I rpQEc0E/ezr9m1bfzKq8+m6tr4clMMgm4wAM f+ydfBQ0l0r8KzVlhsQs0h1eMHU= ) 300 RRSIG NS 5 2 300 20121212121212 ( 20110321190904 44427 example.sec. TGMqywohvD/l4jhHM3dyw41dIu7QqPW1lK1T iXqUuFyRgns4twJicCrMAceWJDnWQKScTNDV M11pcpiQAvIqSC8BiX4ARP14z+UblQixJB8u VzpHAWY9Sz4PCu82su1ZkS6RGXyuzuyk/uYd qykUfrFe5YwrDamnmcPCKMomleWdbXlfYQhW TbmF+ZkIQ4jAlPnA7YCIM3fsEFNjbFhX3FqO uC1JWO6NMrOSHRnqGSieATXKaTzuTY1m5N37 YEIsvZM2xu2spGJ4uZL8iab6gQPBkEjwWbU6 bG6pgJBB2MR70RfknaUDSmc/3RDGtBA+qcFb AsYeT9b3OkH8aVXACw== ) 300 RRSIG NS 8 2 300 20121212121212 ( 20110321190904 48381 example.sec. nQFmWKSC8DMsTfeADlp0EYZh5z3nQ3N4QPl3 CdUbxP+T08z/FD5n6gf0EsGbsP9XAwWk2zCq rlykEcm9K5Y8tI8l4isMuCd3yc5M83/zutjJ O+eoRRPTGWisaaGiHavDxUuBUQ7ZeqNcbX4y RPn3zCkfyB01hFIxi7VBiH8XEZlcSHpanwA3 euMje7SjFk8Tz7o/wrKibo/l7sEycWvOH5nS NmaWboyvOnEGdxfSp+PHTmagN/yYIqNHO6eC SNtnDr2EuPWI+VSyHJDm0s8x3eHWPTO4LEDc fhh/OGTVzanN+Vlkj5x/GNpT0Mth7s+G9Y0v 0zaRM2KbMyJVFpMVlA== ) 300 RRSIG NS 10 2 300 20121212121212 ( 20110321190904 1862 example.sec. X+hqBTENZf9j37ts7EdXWFE9kVB372XNLcFk kPlGB72HhLCgk5qQPId71CgaZ2yTva2hH42r FGhB5DzsLfh1nxRhzcEGvEq49ATuGqsxm8HA XXpE5gEfwnmByLoj0/b7MeIorbANGLGdxgpC ZB/KFz4DQuNeE/CBNVhTLiPiOOqqCVTDcqZx IslFUiLCXS0GZ62ns/W/lqZ5uWomVyhS+KCZ KSx9CmopMLTUBOR5j6zjC/A4ZT6mdCHHotvy N+Cgm6PJYPSF+sNI2zbAYtDGhJevIchQWtCr HQB9KgcqBHOVF206PrTbkld0g9KQkNkZxqkA PkVdUCLWIPLXNO5xbw== ) 300 A 3.4.5.6 300 RRSIG A 5 2 300 20121212121212 ( 20110321190904 516 example.sec. AChk/3WsdJmFRecdw0c5W4Fe4i0KQn7udc0x UuXMXQj75pGfDOIoXL3NgZfCBsQemWg2D60D 61z0aps4NYjGEPy51nLhGWX3K8YG+BhEia5T I54qcxevzkYyG1Bzk5RSrpctvs1Y0CuxwnTt 3kGqArAUxWmxAvia7WqSn13/r5s= ) 300 RRSIG A 5 2 300 20121212121212 ( 20110321190904 44427 example.sec. bdr3QPLEGKOTRWa+8QiuoHpMYbS64feik7ZN ro2B/ueKxRuPnqj8YKaF8sgmWbYWxaL9MLA9 H85BfVYEH3EtU9QajbXy5zpiXki/qz/Zts9w B6/rWMvDhlHFFh+peEAjH9YbNGChcw20fgQI 5OGf1f7PIFFZsm8Gm+kWS6XQkwyLX8kY7//S 4kYtWfVKffYJjAXTflgNAfIJXyDrFvXa1XNe 3lbCsmdDoGNJW4FOo4KaJ2rc3OH39+3BMDk9 Xl4hxjCkNNT3QnITRJ97Vo9DngXsTyFYXK/5 ijkl++xhaDVOgU0QkLwbcITbqO91hqI6JE7U fDmdNHzRL6XgLUwqcw== ) 300 RRSIG A 8 2 300 20121212121212 ( 20110321190904 48381 example.sec. PV2SmMFdLY5MSbSOlpLhxTlEv3p0M5PSbTKZ rdM8Edd6D55uE1YOTcSuugFpwlB7LVzCtONv ucmVUrzGzJUT0JbtlWd/Hx0axCLO4hboedkr EoFnGsEmQv2CwHienE0y2KRyLYqcxGeOiZ2l OnVofupTl7TfmVjotatVMKWurcdE9u5lrk5x RHwYgonNr1Lo+qO+3sCUONVYpLWU72dcPJVt aBUrqHQN8vfreSCKE/ifIH99c5s+N2fgtal/ xiO1c60afq6RMvlDxzm+n7KweVHgRSKeBujL rO8JT/yvMernVM5VvoPFZe2LigEayubRPj41 ZKuxSuNsTB553Au8IQ== ) 300 RRSIG A 10 2 300 20121212121212 ( 20110321190904 1862 example.sec. ixJG2UmtG8MzRs4d3sUB0JTldTzDhrEln8DP rOskf3a6qFgwn1V51TgdDSLmy9YTqE6WXOpn elh6r2CEclgqBd2iuunwKfTN8AxOr16Fr/4e vSrzWcEWN5tQoYs1NHCSR65gDN8cl5Fj/v5k oBWKZRVzsKJuy4hpLhvKWpPCPysqW3DUPi3h 4wGElM0DMrqi+27t3kzQel1/MfT4gBb8vljN w72kwYV5cFYnrVWXjffi7+yTeRJoEuKdGRON 21lVmIHv+9XOkTampgoHPI2x1kkYstOlonKl 8lNoPMCVEv/FTsh2jpQa//lHivCIZ9hOBXIg YN5f0ZvBgvKvtRNrlg== ) 300 MX 5 mail.example.sec. 300 RRSIG MX 5 2 300 20121212121212 ( 20110321190904 516 example.sec. fWO25W4rEgnACvegskuIVnF9GQuoQWIlDGzr 99hkO9/LLKd2tQgIgtEPN1APrkcoonFWzJRl WpmpJuYimWFFMfuJ9jkkEfjYrUzR3K1chgSM gmYvAfMr/d8l6BjiFqRCVLZ8kvfzwjIlEx0S +drySAidQV2u/V7yk5/G+5K5wjk= ) 300 RRSIG MX 5 2 300 20121212121212 ( 20110321190904 44427 example.sec. yix4Opq7le5BrNllC9CROkYuJp3/ntKdNheC ydWk6PyL4OV95oroMXmjqFi+f0jDjNbIIr1O GeIb0gD+BVi4mujA4GX9Uddfv07PgSOcQoxf qfNWgdOm9DwmqK+26U/q8o9ko0cLaKNtJF1U BH25MkwYch+/xV+EX5U0cMdHaTUX3/i8Obb5 rRJZo0GiHKiWwFP7akb2LN3NoFrwGO3rwx/t UEY+LfE98jFpsGB7Me8CI3xAehLV74VYAO3R 73mt4Zj/QeTOxST/bR8bBbPPIyWhBRssfI+7 W7DNVr9gSURySCj13+jv3p208AsZWe37Iiby 4epKfZlPr7c4dVsA4g== ) 300 RRSIG MX 8 2 300 20121212121212 ( 20110321190904 48381 example.sec. ACKBdVN2BJ9a91rHFPIHsycu84g1R6LFOPrt gN4qwL4w3NiNMTRSLpvzhvREcPXgyQjWUBzk 2vCWkAKQcwWyk/evALPsX5FmdB4kUacOygBU M35+Y9P2R9ikbiUk2fF0sUlPi1QXCwEVgDab 2Y6FRMvtXkXSvZ5GPZVx4aG2hQlrzXctTOOb HPsdRNuoAmusjiphFJRCLsB9cD2hqvd37hTj QJGhu60qt2zbG925kxlllCJHcDHhgh4mX1CH +sgFsWcTteTk4t67ypldWu+pzZPjs0ABUAp7 8TEe36KkL9Qn9flCcEycm830oa4apo/9iSca 2a7+kf9dvrbuJAKcKA== ) 300 RRSIG MX 10 2 300 20121212121212 ( 20110321190904 1862 example.sec. K6clO4PPzBKN4ALHsZPY7rNvVnbJ8TiSd0l6 s+jHDNyFFjKD7l5N5ofo9olDpG7csJTQHJYt gM9RZNJibk9Rp2ObSQOVr3DKQEUeFD5x0U4d 5P55/4rWta25POwgbAOxT0sInI8f9dw4Pl8Q 7g+xEVssTdOl8NdUGsgMNqaxqOF5vZczQpmn nHMlUdcDlq1udk3O6FT++IpR3mvm60KVY7Dz xXfth2FCvuTqecBGAfILsNch882ODD5iw4Vg rpT07UDWcPivBC64Nj8pyW4pqKkIk00f1dXI tLbECa2mar7uiN1SkFYrofbbSXAH2Adic4p+ OPjDJiSb0qIhbi3Biw== ) 300 NSEC mail.example.sec. A NS SOA RRSIG NSEC DNSKEY 300 RRSIG NSEC 5 2 300 20121212121212 ( 20110321190904 516 example.sec. NzQ6/OI3Lb97qiSV1GSI2Z+7KZl+d7cfejS4 EEOHNKs3plSwgEzMdaJr2LHfWwyEO3mn7RY5 JiqTXUfoeTXugcn5MZcG1aa3sdskEJEClI8V Dq9HMwFMXxSJ5LeRPdSQA1gXMMuqKOtKXajb DKpCwr3yLYho1L6vuo+bOExelPM= ) 300 RRSIG NSEC 5 2 300 20121212121212 ( 20110321190904 44427 example.sec. idXRv7E4VzNoE6OjxQ4jnqsnvx5pjhrfkbXC JApP8GVpxGLqS/pPaTePaL9OgckwvFsnd2J5 PJstTv26WNGkijxkaNe4t4BNhmQymBksTXqh 0hU9oXyLX52pb1VALcvai/sVWfkANFnk0ss9 GEps2MOsM0Rpnc9lS26JmkgCr+8tUZBWizOq 30YmCPLI931MThIMA8cKaXfZehJ+aUMceUc3 DvPNM47OB5W9Syu4QbAsrU50tNkyNbkMJVmC NmNDQ1Uk0th5fU0rcZykIqCH756YFWzchYBS Jofz8JYNUxUho3+hzSNH5YLvMyquzM05lXeb 6TNi5wjOG9xhW/X/gQ== ) 300 RRSIG NSEC 8 2 300 20121212121212 ( 20110321190904 48381 example.sec. CWmDzJop+g5+bPmvwwuvmP0X6gsd81dw9xH4 RzTVRJ49gt6I6Tx7k/oA1Hs3UFJGt6QSgtVz 7NKSn3X4lXMb1ByhyQsefLCV/vtAO4UxY69L 0DsKso111pIkKxFP7Y/oJKgn1bBC6FMIJ7N7 LkMFzRIl2uetDFq2JIwauFy6BCs/CTaIx7uR tVgGe+TRDLjbPlPtYdESEpb9zKLQUQsIGz+N NfwWbp9R/oWx6lwxvy26JvvJhq8n46lm6ZUy /+zm0qAmE4YhMbHm3qdLesof8qVCI3VAPfT6 AMdqe62eo9WdFa6/9x/wlcJNK43CTloTD9bg 2gAVqJqfknKfR94dYw== ) 300 RRSIG NSEC 10 2 300 20121212121212 ( 20110321190904 1862 example.sec. Q6WeIbTOIMaIMEvCHqGiPwlqvwDH+mlyHgmK 08FvdpG5t6TFB8QPzyMQufN/Ti5e8K0IiAv8 JPUb+ZqLq++72qrgyEhUOFG7+66LIHwcdEaF k08GwUFNpcn2W0/+QuVEVe68xHtluyTkCEFJ 4gHY7kd1zn6NrQCvt4U3KQAAr0suxNZ8mHuD hgO4ECYZBrqmpctNYD++Ny5spyzMzqHjUoin k3qj3XLjXKhfVhrmayjPxOFH1F4YH797JGF7 Yiubt5CH87rFl9jT+rDf7YvIHXwRpvq4xyPJ uS/CRvNCZpDS/0Ma3k7noD1c+m9U7/DeZq+e wwmoFYz1e+d0QEufNA== ) 300 DNSKEY 256 3 5 ( AwEAAbqjCxtmin71unORku1IrrQx2S49KTmw 45jnlNdreCH40YmhDZo26CMiVXbq29rvUDW+ ZEJqVT5fd5GrA1wEEGbrudd2LDr5AedBK7fY TsZf/LEm32/Bu//KzynrJqyB4HSN3GIPbp3K YyY/Hl7HawOvWAd+tUHgUtes4trE/4pr ) ; key id = 516 300 DNSKEY 256 3 5 ( AwEAAeluubFtl7Qtw4TpuZl85abGI+HXO4ag qzv1kSLQ5tkYFGdpZyZwQcBU2znMrdw03o6d GOEQi+FeSymycLZmtsKiODsHNwgb6qdxnYm7 +n3ZiPwVhMX3gxIG64FORibWcHAyBe5AAhQA ZIqveqjnY4gwdKZJSmo9ihXBkKS4yJ6Ulopk kSxL1Iq9oXvWrd1ZqjQiSmLF/3juvBGjHVP4 CbPiXZ70UDay6Ysa1to1tHZSQshkRTClB+Dc t8er3cZ1y62yOSbPK0SlouSRplbz+ezNyqD3 c5zvz6F2AcZ4NqaTZOMWZbOowujQj3FxElaZ S+/ughQZKq3OtMN8bqc0tZ0= ) ; key id = 44427 300 DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; key id = 48381 300 DNSKEY 256 3 10 ( AwEAAcZdPacjnWNuQKCF8CPmUW1/NUxI/G7x dbwrU9lOuAD3sw14rLw2NTzpbC/bubt2aHQ0 nc1duoK0x3DjhAURWki/1O1Yvr2ffQRVpWS+ WjRKCqTjuPrrdImeKdWEdnDl3l5kQpsxx++E IHrDnqiVhBHJdVB70A/I7i5/HiD8HgVooR3I XVyxbT4walrarrhHWEBcXcNbvadg2rc492wS 86zbSmK8iV1e7t6U5iBYmsQjc7TVhBT7xqar knECGC8L/9o/R1zfSzSN+ay+dI45t+jOOLgW p5gmjsI/mXhoO6GqX8rbZoV7/DQyAR5rATJH W1eausJhOgE2wBJgl6V0XbM= ) ; key id = 1862 300 RRSIG DNSKEY 5 2 300 20121212121212 ( 20110321190904 516 example.sec. twpGirC+tYDotLYKaRvJfOaSI+K0RPNTwFpw UXl7l4OKQen1MvmiIo8XI9kY+C+X0oSWnqEk BvGiYkhUF69mNe4N7joDQxKO3uSfuvaoKwV9 qAZ3vgSNl4MT3LROsSsZLlDen4SpSxvkXtLp cKcrJghOvkzhz3iXVrg/w6bXjYA= ) 300 RRSIG DNSKEY 5 2 300 20121212121212 ( 20110321190904 44427 example.sec. k8/IGKAGrXm4nrq8bl1q/wwsGuSNzwqsm9xV CQljrZ8dYw3+fhWJnCHbq5fGXkzSpAGzRl6z MwIzpQa9+seXctjZYB7rwMCXaLGB/Q3a1ALx LBNM7Dg9aCoSff8msyL6d+c2VVy8zDOD1TwR UkLYMxYPt/iOXubTHQjl1ZiB7NgCKCImThCF DySgwHQiKIIx2718uUlbgpmiubEkpFuyxkvZ PwhRBoqITD6THmZT8rNtJPrSNfsq47U5hwRq LSQZqKlzqjdZOW4ZTs3bQ8+AAWTlw8JrtL6F oCJncBW+nIu0bkjLEmdjD4H6xoL7DikgLI1j bD6SAOoebcYMxOx+Ew== ) 300 RRSIG DNSKEY 8 2 300 20121212121212 ( 20110321190904 48381 example.sec. D0bZ2H0Nh67jbc7rJbmie9trcwpAF+S96ldr fTbPKzpEvhBA7nL0X9ZP4Gfzi+c0U/l0O6c/ cFeo+VSKqMkwt5podbGiqEgvUzGpPPnwT2uB sD2N5G34OvuQ9j0wmlKOqO2WmP/i9hJWfon2 FiFqAyVtJJScMnYOgrtx2bWQNCcys3JnA7I/ K2eGfbDRDH5fGGIpCAaIU+XoLACmLLh4v0X5 mQU83+EX9mSQLY6z8eOGr/gTAbW09p9vllcS 8lqEsmubC86aOWcufb7MHEXiMQwytbIXdraY T+wcMehzRzYVmRPe7jRa/ALkNYdUhVzKX1Ol h3e2i935lGUu6ZWOcQ== ) 300 RRSIG DNSKEY 10 2 300 20121212121212 ( 20110321190904 1862 example.sec. POpWaOMkZkn+bz7cfrZ3Qkt1hxW4r8xoAEma LsQF/PuVGjLsvlR1TjmqUuSACJnorx5vFYUT 43LolixZ8vT6Sw+MxMRVHcWdnFLQppmAe1RR g8J9c/9fWmAbo39AoHfX4LpAjGuJ/+R6Cs0y sVNHVS29hhIieJ6GjD2GqApcQ+saNqKBm+4D VxXDroO7NhQgu1XpZBcMSFVozCtdzPgvN+BE afMXOXVYAh51/hRfTVqP6n8fRjrQPCyOQ4NT GO8ILtAu90KGy2GPjng6ZjqlnXEH5CuNC1sh xXf5f0PbyUo++Lx0NNk65Qzi25mDSDTMlMqA OnkowvuLgdmROw9qiA== ) mail.example.sec. 300 IN A 2.3.4.5 300 RRSIG A 5 3 300 20121212121212 ( 20110321190904 516 example.sec. ZY/dLHB6hV62KnA+mpK8bw2l4312JKyOAJky vHCo2R7+lDumTb0wgFSLd/novxtkurnVgUMt K7G1mOLUaqM6hnWKHrJMjivBrDtrfHmPNNe9 Re6SeB1fKPin4+XgrpHUCnuqmIbD0tmsxYq3 DBLGqvYVKCQwyAyouRFiNeIW0eo= ) 300 RRSIG A 5 3 300 20121212121212 ( 20110321190904 44427 example.sec. QWSep452ST8xRmCMptGQuAt/J+mwA8yKUHCR upe4zuXVojch0CcOY5A/ge3cqS4yINxHTTgm HP3MlcoS3uei5w/LfAs8tQpUCWhF4pEZjEuP XpQ6ARi51JkmXBSF5aKDQH2bJ+PTEUmaNmLC n5mApz4Voo9YdS9ufIs2S7dusyOpdTDoDE/7 drMQj6EurENB0a+y5/yxcHR5j8YjSlqtY45k HVz2G2xe0zpopE3mSvIDz0jDUrRsKz3vpx+P DG3VDlMRiensfmO/rfGycDGkvqo4FIm4nl2+ 0UaTINnqhseE3Effz0XDn4glB8KcZJctul6w Ae1iDYc23Z8t6XEVOQ== ) 300 RRSIG A 8 3 300 20121212121212 ( 20110321190904 48381 example.sec. 1gYbEZMy84ynTBpBxjSb6FAdNsOZQtHUVFRs +Xf3yhGKeQRiRxyGzNfT+nGz01LKdICGMcsd dqhjovq90J6beAllwwoyw72cxFPLb1JTBIdf xE1to+HI84luqtgZQ4Tbrcm7Q+HKN9FPkHDG g/dbhfLJNffKj0AWL8aWhxEXj5HxXXP/bW6l yv1iJtf5axrOTUcBCRY/LllnOMNyRviJuosZ Hg1QbaMuNqNueRB/b7ng4TGRP67KDhg9ZQDv VgVa0DeUuCbo6jyYfrC0J653t3IJmICKPJvP TnWhwqYYT65O3BvmGl5zvpxTWw052UCVuUz9 ClrJYpTE4/mpo/elgA== ) 300 RRSIG A 10 3 300 20121212121212 ( 20110321190904 1862 example.sec. Cq59fLZ78qxYgFwlb8RDsRj4nyP0lYUKbafX jnNIz5Kd3I3IhZhT7PN+wcpZthv7h9rM59JO BJE8Qsl0M7Dd/4ncowdqwrGG9gif3yRnSvFs db1NxuRkn+syGXO8zzEdcb9wjK6gCoq8ulLJ b1EylyDyRcR5929/uCCFEIP6WnlDVXmArFMd ol2NTky759aSS6YMsfgAgZnymOKgesTWmg+z Thr5R80zUG97USWbH2qG1SHhIozWkQeeTtnZ 0/cOKaal6+xEao7r7vVLB11NDgrIH2smeMSU QrqFMPAtIxQgQVqk4urc6YTtfe8p1HIDzDVf /7xqj3WpVcLa0+s7rA== ) 300 NSEC ns1.example.sec. A RRSIG NSEC SRV 300 RRSIG NSEC 5 3 300 20121212121212 ( 20110321190904 516 example.sec. PGsq/tTtjx+oeDoZTZhLrWFF+EkQ8MjBpmVF O88U/MqnjY58f1exv1H+ry2rZO76/DZ9hAmT nlBu7mRsodOHxmkj2iAwEQY4wPwtDsYJAqfL iKiLbZ4lhQWq2I/PG7sbBKf40E+OUa2H0SUp umJ8vNd8is6L1RrKQX9Tpk7WTuU= ) 300 RRSIG NSEC 5 3 300 20121212121212 ( 20110321190904 44427 example.sec. bRK1zV4xNg9tPwy6gE5nvTG53O29GWKQn+Ho qOzuN4865me4xP682b9fCkP2YfanyAf1joUm ++OShdVeczfx0NohnRJRg4eQEHG7VSaFrUCF 6YIUXy9xcX9RtHHp0wE4nOe3va5OIWjCM/Yu iCTRNWkh4Q42yXsSTQKlKyXYRZCyJFITfP5T gJ2nZqVM/5V9rkNvAV6KPrZ9AeWmkwrX+t2v A8miQzS9PZKWVrtDhmLkbeHeM+6T2fHALfAJ iwqgI9QBsX+pKyrGvIlfqdeyMs+q/kFntV+L 6X9wOYz8mEK4BMvr//B/1UsFkZmy8+jrvNNG wtt/1B81q7tPA/yF5g== ) 300 RRSIG NSEC 8 3 300 20121212121212 ( 20110321190904 48381 example.sec. uEW8IXojJOkAssm3Lp09z9QIbP8NQgR4QmYN gtAhRvwYES2OvKVCX25fyAl3u8w08GCCj4BC B5WGHLjrPz116EfuDh2nqiLUJt64UekZRbqx mvtM6zTMdOc6ICCKPnyg4eUiXoMkyKhinsz7 KDSzN3W4z3kqXszj7vbbtkz81Ps8g/DU/g9y 5CqEOrd6r/i+A88/w5LL35+M9Gjoyj2U6pCX EQtEp6LPA6eTM+YL56rgOHEWPDb4QI65BBGM mBygA5pSJ1ZPUMTr+BNgGrywZJIRdQevEUW7 2p8+PPHp5Wbm+d0+o08ZzHB8sjgLEKH6mXyV /TF4ufzu7HfTfjl+eg== ) 300 RRSIG NSEC 10 3 300 20121212121212 ( 20110321190904 1862 example.sec. fjMYa4kw8rNtj8y/IRmD3Z7IxRfv8DLS6+Ew uc39UPTVW/c/JqHy/XHu05xdP4SXf6zbF92J p5VjWC408SixMs8gwGS2ihPINY2ptbv+nqBo a+XTB0U4bTb1YrufiNb5jyY7UPLuUfMSeKl7 CHCTY8RlC4G3Ac3pH/b31d2msVzZ+kuO1i1/ lXlkU8olU1jHuzaXOL5+ztjNYad5p7fyI9c7 XpB2hDhrDB9KsMYjk+wxzawx2N9DmqM42X3k O83wTJ4VDcIeZ7fCiRchaaH99hEo0HtaTdCp d/dGkG6Gz6tl4ufGOyQuLpbnfnd+v5D3IDyX CXDWmxtw4xYMcY2mrg== ) ns1.example.sec. 300 IN A 1.2.3.4 300 RRSIG A 5 3 300 20121212121212 ( 20110321190904 516 example.sec. q88manDDkCIzUXoF0BxY71gt2o9s0kTTMGMV MQlKcPDZPckOJfVqbvPlSQXmheOkmOYp4+VZ YFP/JwoMJDOtd6xNlBaC0FYmg8mxwd7uXiwE cbBeqG4SZ/4An7eWiOI8R3J6Y43N0fuG+3nC GndytHwRrmjWT1cHNdew2ShiMHg= ) 300 RRSIG A 5 3 300 20121212121212 ( 20110321190904 44427 example.sec. sRkfaRLf62D7K5bLlC60JkAbkze3ShxCrvf0 VoEzGER/06NXOB6TIL2KDKMnzZw4h2mD+X2D YA7IqO9H9tAbF7TNMiLMdEYUFCL3cPkPchyY MvtseHlT0LRlhwW344Ar8P9S+vkvt/P4uwkN u6Sc0ctDjHtVBpVhMA3rVlxZl8qwYt24XVCZ enxOSQQQH0Nb0TmAS7sHw2927gbC1voW2y9j PakzCXs5y0TKLhAUW2ArE1sTlq0qiTn9JrU7 h0sL7uxku+hFsq2kpx1NW6a89l2pD2aS86Ys IdAY/xVATGWdvV3OLmVBfqXvNWwOuPHVfSmy hyA8kCgEN7TlpHPV0Q== ) 300 RRSIG A 8 3 300 20121212121212 ( 20110321190904 48381 example.sec. bv0FRbTFq9xVa8/jq2dIKmoSh+n55s8nHS1+ wN11khtVqAyUv6fJeZ3GLR3aUluZf+kgkXCs 2e+gL0K+L4/z+9dE2rgeIQU14TsmaAvMN37X ZjcSIwGFtVBr4WvFQLO9VzPe9Gntu2kzG40Y qTKUIyAkME9kIR+ikalKXSX7zOrKj3/rTPBz M1qVFU9FZy8qBCrk2IRvW2029s+kEDyymfIV /OrUFCUskDx/EaczOAzAItiUCIvdJ1FariPK pWFCFzMVXhjX4jhs6F2NgoiK0aofBebU6SGs PA8Ag4l54GGX8hNaGHNmWO+sOk64yHTMgR+9 1gjd4g6hzf9loJ4ljQ== ) 300 RRSIG A 10 3 300 20121212121212 ( 20110321190904 1862 example.sec. sNSj6dl0kRRhG4E5A8V87JEqQX2vW1TBXWuM KuRiYhEfNqGp9Y50ca84Tqgb0sEOnk4EAtzF AMJKEVQS4mAlS9O+R7et/QVJKFLCn8D+wrRD ly5Bb8C7gMbGYMkjnap1eQg4gaNVVpU2tR/W wZGzFCK1fDluY4CPm4a75DNH977uDBV63AuV c0beAhJh8dSHhqRQJm9Rm3pAU8uQv4FRBwXf i8JU8ddvqQMYbEuOkmR17pLKu5127MaO0+No NpFHvjeMNAFYYx7et9IWSGB0o3aoIM2pHLLq JXtC2e2DXiXXQ8rS+C9LRtDAto7USU4xDMPm Wj412ruoUXZfo1Jvbg== ) 300 NSEC ns2.example.sec. A RRSIG NSEC 300 RRSIG NSEC 5 3 300 20121212121212 ( 20110321190904 516 example.sec. TgF67yndlSPf6vetm1VLWWi5C3zRJR2LWMPD FO5Duw1otZGVxIsbq2bM7Qabw5omSG1OWomf GJ6bEthwev7o7eq0DBlDGi1yvSghg36ww96l Zj3EdFgmnp+qxAPfRD3Jk30Q7bp+5e15xxxD R/Pug2q/OIUV4cfURCBmjohfIJs= ) 300 RRSIG NSEC 5 3 300 20121212121212 ( 20110321190904 44427 example.sec. GayKxJJyVoFrEKEEn4YiG0w3F8AAIaXf9HrY ZlSrPCeSlWKvRrPISzeEFz8TMQUOGD3K1n7R fpwH0BCBeoKIxqYPXL/kFcKfb7t7KwgJXJKV wSd015RwXCmUEpdUbhDzBD+Apewcd1D8AUmg MHwRrt06Q7nJdmehrP7jzNLEfBZBEGRF1TOI hgobjVyeplEW7tPgnI51+cTKHJ9zhJ1UKDPp r3RQt7MxdL61SzsGzBSyVcKdcx9tJ1e2NbgY mKPylMk/NOfSKLdQeaC2avtQ5E/IR8o8r4Ua BLkwaH8bFnZ/1dx3I10dylJZMKrXXlcYxS/v BNcKo8DGC62xI2UaNw== ) 300 RRSIG NSEC 8 3 300 20121212121212 ( 20110321190904 48381 example.sec. xuANn6jCFHhuvWqf8/dNcUNTc0uh1046iuEz CjJZ1wgE+oXusIilWDhgTvR/H/bvLjh0phLX mxhg4G3SQvG0Wvvdv2VBo7f5CriIzndJjodc h2W6wqvggE9ijc4q7uDHWwbRM0qN3DkghNWq pbNVeRD0Ci273J6nfP0nH9m0Wes8rX1JnSxq Iw0vMWgD28dOsn9TPpk3kDM3U8zSjYASja12 mZURoF0sXVvp+aC68JTW20/e2yJFF6e+68om GuOeVFUlglKZ6VZAa5goAohruGZbyMFvlJPJ daGhycpybeGcF7fbxpCrNCnwiiBDGKBR1mut MyytVKIFb/iMsw3g2g== ) 300 RRSIG NSEC 10 3 300 20121212121212 ( 20110321190904 1862 example.sec. Z9QQ8kcwWdayNrUuUebNq/Oy2ftLUmc7EGSh 0HWylvMgOWPQlC+NMOF2dowO/NWPY9skwvck tsNrZ0dMtvzt6MAAxC9UsJsQ+iirOB2U/tVI pUAjIdTbxLlMhsmLJOW8xy3MYVBdf3u+IpQK 90/a3Ngwft0Zy6KXBP7BndMXmISWSi+0QWwI 5yF8qBbUx6iwmC5x30TIywBl6yggB7GG4MBv v2CoszyNH5GjtqY3272z6VUd8XB3MyDu4an4 5HCsQ0IKKATmkbPnBS3JhJ1zcEtZkFqiOSw+ wgwWv+2hIpKrq0RR9qX/vYUEYjCADsadjbEE CWO/9GT27DcUegbMrw== ) ns122.example.sec. 300 IN A 7.7.7.7 ; this is outside of NSEC ns2.example.sec. 300 IN A 5.6.7.8 300 RRSIG A 5 3 300 20121212121212 ( 20110321190904 516 example.sec. VVI8nK3F3BfMlyZlEPw1emkSJez0asH/ZvaW OjAgJNg+YlgfwAYFz/zcX0xH/njX037KtCXZ RaF1igpXvcPEW55pS921Qq2aOEY/9HvFdrsr 34jfLPu6PuVPiJLJJELXVjkBwOxXyMARAd58 TggMOlw58KCCd/2h1OLZ4Ky5Er8= ) 300 RRSIG A 5 3 300 20121212121212 ( 20110321190904 44427 example.sec. GeEgzMqBdc+lrdThCik5veRQ0GPERifkCgJB Tb6Asx2Vn4k6+K8kMGl7OxMbGtluoH1nzjYT Ro6QuhPk5ft7pCP0xZPBwOcl0hJsZ+k1oA9K BX7vXXg7qtpYy9RXHhJ58i5dfRN8TsPbMJtf ZrmwQyUMw5HjY0Nc4BPZGbocR2xOBSYBn/A5 3zMFcn0lrKiC0J/TeFtTv8HVCmZ1Bhfn6gTK 0ezQtRQDmEaWEGR7JQas7h1y5+qWrtKVu1eQ 5n0zmamD26sdwBcrbHKqUa9x+bbdz3cfWnze k31jZGwAcMvLAWi1w4kZWvVdxYEd7WkxLYfu TkvjObzS0C9cGtxwcA== ) 300 RRSIG A 8 3 300 20121212121212 ( 20110321190904 48381 example.sec. OuKzAU6DTB88xG8F/UZDDhCopgDqqXBtrCNW UzejdSnlOkWCWyhoqNdDVUmP8RsKyvbHgMll DFsrE8EOU2dFJc94i8uX+VOOQ9XX7I7Figny i1KiFuG5M/BhJJ8yoLhT2c7gG80Tt7oHJpDP 4UEZkBP4Lplna7rySMPubY62zprvV5xIO+gM qwFqL5U2D90nrHl5NDwEw2ruCZYPv684Bmce 5Rslh/6J7VxTjJaVGUr8T81HKnE5Xw1MQ2x1 VtrsCBIRrwL2YxfdRf6j2GR5JDozk49mQUm8 BPIvC69Kijr3JhP1CakJFMfDRCEyj01UjBKz QisQOEDJP4tRVNo1CA== ) 300 RRSIG A 10 3 300 20121212121212 ( 20110321190904 1862 example.sec. Noj04flBhck+sWYKhMYJdm34qfdCUtHZC9a1 iRgEaI4AgKjyJJjbKxXwxlpveoztFiQEnt+e ZZUSVpaR7UmhmX+F8uOlxr50+W9xwrlYpjsv D038kUpQkapSd9ukjte4A5/jCQrrxfxa9R1/ XJ2nHfTJXpHZjujjdj7Uavv5g1c3KaRien75 3zniwYp1rQq+RgCbtqtCYRf31Qc6h9BGt2ul z2GJaGfJH65FHuZtkOy+pT9vEJWc8GK61GVO UaHN6UcR3RtrzCeY/8nGkaDFFYc0YvhD7bOF 7+GB1dhTf/sFR6uC6mlWlirGyTj+JYb8jCMd OwI7kW7fzjgSPB1cgw== ) 300 NSEC www.example.sec. A RRSIG NSEC 300 RRSIG NSEC 5 3 300 20121212121212 ( 20110321190904 516 example.sec. Qak5r5ieUDezQdqLu4FWvQRIP/VG6MdE/ziz HddAkuVa4jlBAarWpt8X6ChABhexVPmK/f4x qORf8qvaVYz0PzvuTHpEgGAiqHpiwK4V4z09 JaSlxDjsGCl41uceNFGfMkH+Q6Gj3dIeJ19f k2DYjZ/t+1nMd01SKJAFsTpmiRg= ) 300 RRSIG NSEC 5 3 300 20121212121212 ( 20110321190904 44427 example.sec. RkQuxEi+JUN9LVxZZ5VBspPxF5U5g5rASBj1 yrDBJQIRdGIDITYeiBP4xw9rAHO9bo83yn30 VNZOWdCqWaG2NOxyfilhURpPlVo1vTmWd7p/ 4xeMcGBs8LsM6t3Z9U1Ecc+sLEgsccHf+363 a6N5+HYIRE0BjvIo75EoJy4UIZrTVrMBJwYZ W0OjWjfQH2ce39q7lc9NshKY/2MZLJ35HHLK 4WI1e+IB7rSPKGTRhLSiwbA4rjharxqv4xvt XUDsphQoMqXYLn4H2d7rkPGKLa1+2BsMYV+v DoBFNysVcIAOJErDpKqBorLLuL8Qi+DKwsZe EDz746YkVj3LoOCRCA== ) 300 RRSIG NSEC 8 3 300 20121212121212 ( 20110321190904 48381 example.sec. oa3kWJRq6dlRomWXjxJAp0xPXkEF9t/3uw+U yAYm72kZfeOCMZcTxQRyUSvT8aDsLxhphq7+ H0R43HUh4GYpGtZXBOcTMUiNIDHxFJYwp5xL pYCvHZ8m2mwDNeEkJ2mWcxYwg8wghxZjf0sG ivB9ufyOCl1V+R4PLkAFZXctUEsZvP05Ukdm NwdTFGcj+RO8vzz1UT82L23hBc/ZBcv7+/2j OiH0j3g/gM2ko0o2G5Cte5746zmvs7MQW1N2 KxDbHxuy8/Aym8Q8CyYEze0VTBZjopiYXmjM taslp9pQUH6lsTA/I0XeWcL+z4Y+L8gGmr6o lHpSE0c/pN5thXjbeg== ) 300 RRSIG NSEC 10 3 300 20121212121212 ( 20110321190904 1862 example.sec. BbEEJ/Su2CoQiuFq1ufsJlJmKQEHOZioW4LF nrQtLPbFMTDUhgxxkog9J8nS6IVrElQaiZLH CjqGaSNXk7YStRpyLpz+Yb/TEt4T6CrBRphU havGpG6IZY51I7msyyHbkJXNXvrYY9uqCvdf 3Qea2x+9bTXhGvg/4r7QcqH1jfbqXyl+yzo0 QyYCNw3oc/MSrwWpDWktpWjMiXnJ8HhVfoqe j+PHuoTiCkL6QniPhrBzWfhzkVg3pH2qSo+0 Oz6YRaL0Mihhn/8dpvle6X74joQ6tdWaxluP 9WqXHTYauei7jT+hDtiB4jqH87tcV6msQbxc sv/EuM7dBcF3vNr9vw== ) www.example.sec. 300 IN CNAME example.sec. 300 RRSIG CNAME 5 3 300 20121212121212 ( 20110321190904 516 example.sec. Wser36d8n6h3zg09EXM+ZeF7aODFbm04YFCf RERKgKV7F+H/Ma4xGSxve7vIoMgSkIqVeFSo 8yLYZV5AxSCz2J9YFMdldW47nW3kPkV8aUw6 kJtPjugDFgJFFN3G7lCBXrUnywMZAhyO62Zm 50VCggbj+13J64ByTEEL47Jmd+8= ) 300 RRSIG CNAME 5 3 300 20121212121212 ( 20110321190904 44427 example.sec. 49nOsxfIImn4sYwc/giAdVJGjnw/sOxGOQhp UMJqwiKtoaADw0s6FMsv5ApDN7QbV10UBuHt Jmy/H9e+5Hbth+/VsAoCKI9HYfiw9qNqHk4q hKu7VBTd1ITgMObglOrPf39Xik3jq6miYCXi lyvXLoyeDl7yKszuDQbyGwGnw9PyMWe1BK/A 24ZO93NRAfQRRvYkH0QLzXPM7sewJbij9MZP 72AlcsB+MfKxgNVzPTS4pyD0H7ER/PMW3ESP eU7yz4ewpOi5rLCsztqHpim7s4ky3ub4ttJO 4J03h46ic2bv4ogsvShR2wFzeAr38B5C3cXc hYuKQOvXPGleGyH55A== ) 300 RRSIG CNAME 8 3 300 20121212121212 ( 20110321190904 48381 example.sec. eoGO0lF77s/0ujZ24CvJ6F45oqryxInpfLA5 B8HROJbU7TJ/hERgl6r3EAAc75uP2yn0TY7R 2Q5Wh+RWsQjh6NwvbLcKpOvX3EpOxg2oSLBb P46G8TiMGCaydR0Xx21Hxk4DmRHTjNu4o56z Y3Gm1eHJ5To1V39ThJMaUvuMFwpSdGgBq8L8 WoOHz23W94tO0AS5QwtCAFpUjSG05rgjBJdL Y/00Q9ry15ZwZXIRizmBoRrZ8eSxW3Dn6J8B kPN7W9z4Z7VVciQuZFfoIk8Mvl8vlCdUqWt+ t/2bcfgrxrlnHhFqOJG31XRjJOVc28FDI85Z KZ9tQTiOxdC7H0d8YA== ) 300 RRSIG CNAME 10 3 300 20121212121212 ( 20110321190904 1862 example.sec. v50k8qrOxI9UowuANOSnAGF00R7yxlD2dNsa HtHONDM89jMMs4S721SVvm9HHxVCieESyuou G/K/u54MwIFA3AgKrV446Ns3M0aZJeOPANap sjfdIqfs0hQwZ3Jth7GMpNGG5rLSmIkn943l 6XrRSewQPoVT3ZD8jeLQKGXY59KlIkra5Hfr fGLiBqpFOpeb7IxHcPed01vjgGgButOAxsFj xiudVrX5FpcgZ5/DX1o//cAdgqcvIoiiWhfZ jJEEQ6Kw4DkwFJKXEhItEtaTaciOIqlQkq5n G2xqghKBxlcl9D15yKTHkozKhLXJJKGAn6p8 oz8iSw3f9iWejBsrfw== ) 300 NSEC example.sec. CNAME RRSIG NSEC 300 RRSIG NSEC 5 3 300 20121212121212 ( 20110321190904 516 example.sec. hNtegxDTYwygt81ZbwX04aHE/M5cQILPAwMH Om9dHodMiddnFQhLTBOxfn16vuCP4UeIRUwH WvqqGElVMyWuGGtJxe7r8IaSm1JeBv4TQ0rd snu2zH8TCY6QlPBi067ukq54po/f85wtreem PrruWM3347d/EVYhA07Pi9Jqkug= ) 300 RRSIG NSEC 5 3 300 20121212121212 ( 20110321190904 44427 example.sec. ArFauCuLgUvbz2ALhiNoqgBiUgZlGeZwk/37 ZwqN59DrExfUxAuFEPmBSLLd4W4KDmyR8og8 RDZ1kWZjKuXB9Vh/Etx6Tkha0bUukEzc9UQk KwF6GUTjdO5MOkMUU9sJO6ecAkWxmfcpvG8z 6wg4BxfL/QfkodMyeTkr93PnZPDhIFA/jRpB mDDCUfXHY40shfR5AaIQwMnVIacd+d7rOB9z k8BSZeex7vzHbKoQGgR93woGq766C5EYhVi5 BivAbtda+QXarXD1VkQKZ4BVtG034iOkGBJ0 v9983Yqu9bvAINvlj9wtOk9Br8mDUKpbdnlM sMCCMaHWvHkUu5qlZQ== ) 300 RRSIG NSEC 8 3 300 20121212121212 ( 20110321190904 48381 example.sec. q6/Bry1OxPs3NSd8gjHVA5dZkKn+khj12ZJY iAQl2KNQZ2g0P8+1T4V4Vs21pdQzVSupIucE BN62FiEuGwp3NEYiYW7E9pU77j0GudveoMyK LsI9G8K27bnsMdJG+wizGNkIbmX+lHhBQNpO sSHyyldubyyJymdPy2mhg93iIofRPM7ljuJ/ W7zZkt29d41/su5Uk8sDMhjgRrw2AC0EPzVl Q/B/SJZ9Rzx/5Dj7QHcG/FkAd4WGQ9XI93SF LMQn6OQVWXRvXYVgTDMNzXV+YKey5ia9bnDL yXKu+BdkrjXyrmbVS+LQ4SEbL+MwjOawCab/ pHbGIhMYL9q2sI+PDQ== ) 300 RRSIG NSEC 10 3 300 20121212121212 ( 20110321190904 1862 example.sec. T1Y1W3dghJKxZzjGnJaoFIuuA0qu8xebm5Vj j8V3W6tdtgnfmIGfHles5wIP8djWMPCYcA4X yco/dhyVW+6xHgW6DtIWFp6w6maoLzASXf4J upwQZaBsFTbu/BPaEna0H8RWV8bo34zdh2qD Uve6XcdosNAkObfLNs7JPBJhEVxwu/ms3Z6h 9IpdoeNDBi3DoBC8GA+m7KW61GnxMd0KGj0H QnK1sS2mZe5lGKCoZDViG4ttTl3ctWoLw5R3 ukb4JEiS3zkuLTMX59PqJ+sw6y3QBgKOSnbv k18XsducRJhqpwfUGOsmAn6/qGw0HC9XN+rO jE94zVw/whela3Q7vA== ) 300 RRSIG NSEC 10 3 256 20121212121212 ( 20110321190904 1862 example.sec. T1Y1W3dghJKxZzjGnJaoFIuuA0qu8xebm5Vj j8V3W6tdtgnfmIGfHles5wIP8djWMPCYcA4X yco/dhyVW+6xHgW6DtIWFp6w6maoLzASXf4J upwQZaBsFTbu/BPaEna0H8RWV8bo34zdh2qD Uve6XcdosNAkObfLNs7JPBJhEVxwu/ms3Z6h 9IpdoeNDBi3DoBC8GA+m7KW61GnxMd0KGj0H QnK1sS2mZe5lGKCoZDViG4ttTl3ctWoLw5R3 ukb4JEiS3zkuLTMX59PqJ+sw6y3QBgKOSnbv k18XsducRJhqpwfUGOsmAn6/qGw0HC9XN+rO jE94zVw/whela3Q7vA== ) 300 RRSIG NSEC 10 3 300 20121212121212 ( 20110321190904 1862 nosuch.sec. T1Y1W3dghJKxZzjGnJaoFIuuA0qu8xebm5Vj j8V3W6tdtgnfmIGfHles5wIP8djWMPCYcA4X yco/dhyVW+6xHgW6DtIWFp6w6maoLzASXf4J upwQZaBsFTbu/BPaEna0H8RWV8bo34zdh2qD Uve6XcdosNAkObfLNs7JPBJhEVxwu/ms3Z6h 9IpdoeNDBi3DoBC8GA+m7KW61GnxMd0KGj0H QnK1sS2mZe5lGKCoZDViG4ttTl3ctWoLw5R3 ukb4JEiS3zkuLTMX59PqJ+sw6y3QBgKOSnbv k18XsducRJhqpwfUGOsmAn6/qGw0HC9XN+rO jE94zVw/whela3Q7vA== ) ghost.example.sec. 300 IN NS ns1.example.sec. 300 IN NS ns2.example.sec. 300 DS 50458 12 3 ( 2E40B2A6CCD2760EC70AF69D1C144064C8 1E53A6B3EEE78BDB9E0BAFBB9C02 ) zzz.example.sec. 300 IN CNAME example.sec. ; previous NSEC should bitch about it 300 NSEC zzzz.example.sec. CNAME NSEC ; this one will also bitch nosuch.example.sec. 300 RRSIG NAPTR 5 2 300 20121212121212 ( 20110321190904 516 example.sec. JMRbXaDnvv39FoonWE688oliqrw7xe6ZNi1r AQUkgjlZGmuNcCDlarDiQHUu1O2GBizRpv2o nh+TFfgqn7FrT7mPDCj5J04BuLl4x9+CayG3 jgdtZ+UW8UUu6jUO/woEsbmdB3HrVjI/UWGC 7qFMaz+i7IxCkMLTS2Qh65Dq74U= ) validns-0.7/t/zones/ttl-regression.zone000644 001751 000024 00000000246 11640067440 020565 0ustar00tobezstaff000000 000000 $ORIGIN example.com. $TTL 86400 @ IN SOA ns hostmaster 1 10800 3600 2592000 1200 IN NS ns $TTL 600 ns IN A 192.0.2.1 validns-0.7/t/zones/mx-ns-alias000644 001751 000024 00000003316 11634353307 016767 0ustar00tobezstaff000000 000000 $TTL 1d @ IN SOA ns1.example.jp. hostmaster.example.jp. ( 1 20m 15m 4w 15m ) NS ns1.example.jp. NS ns2.examPle.jp. MX 10 maIl.example.jp. ns1 A 192.0.2.53 Ns2 CNAME ns1.example.jp. maiL CNAME ns1.example.jp. validns-0.7/t/zones/ttl.zone000644 001751 000024 00000000236 11640104615 016402 0ustar00tobezstaff000000 000000 $ORIGIN example.com. @ IN 200 SOA ns hostmaster 1 10800 3600 2592000 1200 IN NS ns $TTL 600 ns IN A 192.0.2.1 validns-0.7/t/zones/rp-policy000644 001751 000024 00000002544 11653501732 016554 0ustar00tobezstaff000000 000000 $TTL 1d @ IN SOA ns1.example.jp. hostmaster.example.jp. ( 1 20m 15m 4w 15m ) NS ns1.example.jp. NS ns2.examPle.jp. ns1 A 192.0.2.53 Ns2 A 192.168.1.1 x RP mail.box y validns-0.7/t/zones/dnskey-exponent.zone000644 001751 000024 00000002302 11710046530 020725 0ustar00tobezstaff000000 000000 nz. 86400 IN SOA loopback.dns.net.nz. soa.nzrs.net.nz. 2012012024 900 300 604800 3600 nz. 86400 IN NS ns3.dns.net.nz. nz. 86400 IN NS ns4.dns.net.nz. nz. 86400 IN NS ns7.dns.net.nz. nz. 86400 IN NS ns6.dns.net.nz. nz. 86400 IN NS ns2.dns.net.nz. nz. 86400 IN NS ns5.dns.net.nz. nz. 86400 IN NS ns1.dns.net.nz. nz. 3600 IN DNSKEY 257 3 8 ( BAABAAGwfTiEoh71o6S55+Mdy1qqVRnpKY1VHznrv+wx rPfvRGB5VivFFPFN+33fsaTxJQTceOtOna7IKxTffj6p bBG4a9vtk2FqF551IwXomKWJnzRVKqYzuAx+Os/5gLIN BH7+qRWAkJwCdQXIaJGyGmshkO5Ci5Ex5Cm3EZCeVrie 0fLI03Ufjuhi6IJ7gLzjEWw84faLIxWHEj8w0UVcXfaI 2VL0oUC/R+9RaO7BJKv93ZqoZhTOSg9nH51qfubbK6FM svOWEyVcUNE6NESYEbuCiUByKfxanvzzYUUCzmm+JwV7 7Ebj3XZSBnWnA2ylLXQ4+HD84rnqb1SgGXu9HZYn ) ; key id = 2517 nz. 3600 IN DNSKEY 256 3 8 ( BAABAAGD+q3p2XDCb6SvAbACB/NPdljxhpBx2O9ZnvF2 OYb6kViMJ5dgxYDcFtvL5RW31Bc7UDvseoQPUK1wora3 BtUTylo1xd5PN/lV600mrNGRxfmw77Hen/MXH5GQrjaj O+rFP1xce1/jdyvCciJzrYRcPL9p4c/eGoJK3ZMubiu1 OQ== ) ; key id = 27212 validns-0.7/t/zones/Kexample.sec.+012+50458.ds000644 001751 000024 00000000307 11732632042 020607 0ustar00tobezstaff000000 000000 example.sec. IN DS 50458 12 3 2e40b2a6ccd2760ec70af69d1c144064c8931e53a6b3eee78bdb9e0bafbb9c02 ; xerig-bosep-kufot-datib-vucob-petin-toluc-gubuk-gidyn-faleh-fenor-ferav-lydat-rolib-rirur-rulab-daxux validns-0.7/t/zones/Kexample.sec.+012+50458.key000644 001751 000024 00000000232 11732632042 020766 0ustar00tobezstaff000000 000000 example.sec. IN DNSKEY 256 3 12 XnGVpOY8yAhHyYXD50FS0oT6ncmCTbL0B8KoEuVraI8cy2Q6TXMlgMA5Vl10vE43EOWMVqRLr/0ETAGGNcvGlQ== ;{id = 50458 (zsk), size = 512b} validns-0.7/t/zones/Kexample.sec.+012+50458.private000644 001751 000024 00000000235 11732632042 021653 0ustar00tobezstaff000000 000000 Private-key-format: v1.2 Algorithm: 12 (ECC-GOST) GostAsn1: MEYCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIwIhAOaeDNwrAtYS5g7Qtk8qPiAbIl2r33YG1QYBUFXmphAI validns-0.7/t/zones/misc-regression.zone000644 001751 000024 00000000302 11764101743 020710 0ustar00tobezstaff000000 000000 $ORIGIN example.com. $TTL 86400 @ IN SOA ns hostmaster 1 10800 3600 2592000 1200 IN NS ns ns IN A 192.0.2.1 xx IN TXT "a\108ias" yy IN TXT "\";" validns-0.7/t/zones/1035-with-include000644 001751 000024 00000001114 11542617353 017614 0ustar00tobezstaff000000 000000 @ IN SOA VENERA Action\.domains ( 20 ; SERIAL 7200 ; REFRESH 600 ; RETRY 3600000; EXPIRE 60) ; MINIMUM NS A.ISI.EDU. NS VENERA NS VAXA MX 10 VENERA MX 20 VAXA A A 26.3.0.103 VENERA A 10.1.0.52 A 128.9.0.32 VAXA A 10.2.0.27 A 128.9.0.33 $INCLUDE isi-mailboxes.inc