pax_global_header00006660000000000000000000000064131411021400014475gustar00rootroot0000000000000052 comment=f423245b9867359398f83e8a60fea167ad7694ca tobez-validns-f423245/000077500000000000000000000000001314110214000145315ustar00rootroot00000000000000tobez-validns-f423245/.gitignore000066400000000000000000000001051314110214000165150ustar00rootroot00000000000000validns base64-test base32hex-test *.o *.core experiment* *.swp core tobez-validns-f423245/Changes000066400000000000000000000021501314110214000160220ustar00rootroot00000000000000Revision history for validns. 0.8 Tue Feb 11 21:39:41 CET 2014 Miscellaneous bug fixes. Miscellaneous portability fixes. Support ECDSA and SHA-256 in SSHFP. Add support for SHA-384 digests in DS (RFC 6605). Support multiple -t options. 0.7 Tue Apr 16 12:37:11 CEST 2013 Support for KX, DLV, DHCID, NAPTR records. Support for X25, ISDN, RT, PX records. Support for MB, MG, MR, MINFO, AFSDB records. NSEC chain validation fix. Do not allow LP point to itself. Miscellaneous performance improvements. Miscellaneous portability fixes. Miscellaneous bug fixes. 0.6 Thu Oct 4 16:40:56 CEST 2012 Support for TLSA records. Support for ILNP (NID, L64, L3, LP) records (untested). Support for IPSECKEY records. Handle TYPEXXX for known types correctly. A number of NSEC3-related bug fixes. Miscellaneous bug fixes. 0.5 Thu Jun 7 15:45:55 CEST 2012 Parallelize signature verification (-n option) 0.4 Thu Mar 22 15:48:25 CET 2012 Support ECC algorithms in DS and DNSKEY (by Miek Gieben) Fix a parsing bug for \nnn in text fields (by Göran Bengtson) 0.3 Tue Feb 14 14:09:54 CET 2012 First packaged release. tobez-validns-f423245/LICENSE000066400000000000000000000024241314110214000155400ustar00rootroot00000000000000Copyright (c) 2011-2014 Anton Berezin "". All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. tobez-validns-f423245/Makefile000066400000000000000000000207451314110214000162010ustar00rootroot00000000000000# The following options seem to work fine on Linux, FreeBSD, and Darwin OPTIMIZE=-O2 -g CFLAGS=-Wall -Werror -pthread -fno-strict-aliasing INCPATH=-I/usr/local/include -I/opt/local/include -I/usr/local/ssl/include CC?=cc # These additional options work on Solaris/gcc to which I have an access # (when combined with the options above, and CC=gcc). #EXTRALPATH=-L/usr/local/ssl/lib -Wl,-R,/usr/local/ssl/lib #EXTRALIBS=-lnsl -lrt # According to Daniel Stirnimann, the following is needed # to make it work on Solaris/cc. #CFLAGS=-fast -xtarget=ultra3 -m64 -xarch=sparcvis2 #INCPATH=-I/opt/sws/include #CC=cc #EXTRALPATH=-L/opt/sws/lib/64 -R/opt/sws/lib/64 #EXTRALIBS-lrt -lnsl #EXTRALINKING=-mt -lpthread validns: main.o carp.o mempool.o textparse.o base64.o base32hex.o \ rr.o soa.o a.o cname.o mx.o ns.o \ rrsig.o nsec.o dnskey.o txt.o aaaa.o \ naptr.o srv.o nsec3param.o nsec3.o ds.o \ hinfo.o loc.o nsec3checks.o ptr.o \ sshfp.o threads.o rp.o spf.o cert.o \ dname.o tlsa.o nid.o l32.o l64.o lp.o \ ipseckey.o cbtree.o mb.o mg.o mr.o minfo.o \ afsdb.o x25.o isdn.o rt.o px.o kx.o \ dlv.o dhcid.o nsap.o caa.o $(CC) $(CFLAGS) $(OPTIMIZE) -o validns \ main.o carp.o mempool.o textparse.o base64.o base32hex.o \ rr.o soa.o a.o cname.o mx.o ns.o \ rrsig.o nsec.o dnskey.o txt.o aaaa.o \ naptr.o srv.o nsec3param.o nsec3.o ds.o \ hinfo.o loc.o nsec3checks.o ptr.o \ sshfp.o threads.o rp.o spf.o cert.o \ dname.o tlsa.o nid.o l32.o l64.o lp.o \ ipseckey.o cbtree.o mb.o mg.o mr.o minfo.o \ afsdb.o x25.o isdn.o rt.o px.o kx.o \ dlv.o dhcid.o nsap.o caa.o \ -L/usr/local/lib -L/opt/local/lib $(EXTRALPATH) \ -lJudy -lcrypto $(EXTRALIBS) $(EXTRALINKING) clean: -rm -f validns main.o carp.o mempool.o textparse.o -rm -f rr.o soa.o a.o cname.o mx.o ns.o -rm -f rrsig.o nsec.o dnskey.o txt.o aaaa.o -rm -f naptr.o srv.o nsec3param.o nsec3.o ds.o -rm -f hinfo.o loc.o nsec3checks.o ptr.o -rm -f sshfp.o base32hex.o base64.o threads.o -rm -f rp.o spf.o cert.o dname.o tlsa.o -rm -f nid.o l32.o l64.o lp.o ipseckey.o -rm -f cbtree.o mb.o mg.o mr.o minfo.o -rm -f afsdb.o x25.o isdn.o rt.o px.o kx.o -rm -f dlv.o dhcid.o nsap.o caa.o -rm -f validns.core core @echo ':-)' main.o: main.c common.h carp.h mempool.h textparse.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o main.o main.c $(INCPATH) carp.o: carp.c carp.h common.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o carp.o carp.c $(INCPATH) mempool.o: mempool.c mempool.h carp.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o mempool.o mempool.c $(INCPATH) textparse.o: textparse.c common.h carp.h mempool.h textparse.h base64.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o textparse.o textparse.c $(INCPATH) base64.o: base64.c base64.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o base64.o base64.c $(INCPATH) base32hex.o: base32hex.c base32hex.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o base32hex.o base32hex.c $(INCPATH) rr.o: rr.c common.h mempool.h carp.h textparse.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o rr.o rr.c $(INCPATH) soa.o: soa.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o soa.o soa.c $(INCPATH) a.o: a.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o a.o a.c $(INCPATH) cname.o: cname.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o cname.o cname.c $(INCPATH) mb.o: mb.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o mb.o mb.c $(INCPATH) mg.o: mg.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o mg.o mg.c $(INCPATH) minfo.o: minfo.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o minfo.o minfo.c $(INCPATH) mr.o: mr.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o mr.o mr.c $(INCPATH) mx.o: mx.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o mx.o mx.c $(INCPATH) afsdb.o: afsdb.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o afsdb.o afsdb.c $(INCPATH) x25.o: x25.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o x25.o x25.c $(INCPATH) isdn.o: isdn.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o isdn.o isdn.c $(INCPATH) rt.o: rt.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o rt.o rt.c $(INCPATH) px.o: px.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o px.o px.c $(INCPATH) kx.o: kx.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o kx.o kx.c $(INCPATH) dlv.o: dlv.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o dlv.o dlv.c $(INCPATH) dhcid.o: dhcid.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o dhcid.o dhcid.c $(INCPATH) nsap.o: nsap.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o nsap.o nsap.c $(INCPATH) ns.o: ns.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o ns.o ns.c $(INCPATH) rrsig.o: rrsig.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o rrsig.o rrsig.c $(INCPATH) nsec.o: nsec.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o nsec.o nsec.c $(INCPATH) dnskey.o: dnskey.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o dnskey.o dnskey.c $(INCPATH) txt.o: txt.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o txt.o txt.c $(INCPATH) aaaa.o: aaaa.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o aaaa.o aaaa.c $(INCPATH) naptr.o: naptr.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o naptr.o naptr.c $(INCPATH) srv.o: srv.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o srv.o srv.c $(INCPATH) nsec3param.o: nsec3param.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o nsec3param.o nsec3param.c $(INCPATH) nsec3.o: nsec3.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o nsec3.o nsec3.c $(INCPATH) ds.o: ds.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o ds.o ds.c $(INCPATH) hinfo.o: hinfo.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o hinfo.o hinfo.c $(INCPATH) loc.o: loc.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o loc.o loc.c $(INCPATH) nsec3checks.o: nsec3checks.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o nsec3checks.o nsec3checks.c $(INCPATH) ptr.o: ptr.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o ptr.o ptr.c $(INCPATH) sshfp.o: sshfp.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o sshfp.o sshfp.c $(INCPATH) caa.o: caa.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o caa.o caa.c $(INCPATH) rp.o: rp.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o rp.o rp.c $(INCPATH) spf.o: spf.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o spf.o spf.c $(INCPATH) cert.o: cert.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o cert.o cert.c $(INCPATH) dname.o: dname.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o dname.o dname.c $(INCPATH) tlsa.o: tlsa.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o tlsa.o tlsa.c $(INCPATH) nid.o: nid.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o nid.o nid.c $(INCPATH) l32.o: l32.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o l32.o l32.c $(INCPATH) l64.o: l64.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o l64.o l64.c $(INCPATH) lp.o: lp.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o lp.o lp.c $(INCPATH) ipseckey.o: ipseckey.c common.h textparse.h mempool.h carp.h rr.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o ipseckey.o ipseckey.c $(INCPATH) cbtree.o: cbtree.c cbtree.h $(CC) $(CFLAGS) $(OPTIMIZE) -c -o cbtree.o cbtree.c $(INCPATH) threads.o: threads.c $(CC) $(CFLAGS) $(OPTIMIZE) -c -o threads.o threads.c $(INCPATH) test: validns perl -MTest::Harness -e 'runtests("t/test.pl")' test-details: validns perl t/test.pl test64: $(CC) -Wall -O2 -o base64-test base64.c -DTEST_PROGRAM ./base64-test test32hex: $(CC) -Wall -O2 -o base32hex-test base32hex.c -DTEST_PROGRAM ./base32hex-test tobez-validns-f423245/README000066400000000000000000000011171314110214000154110ustar00rootroot00000000000000validns version 0.8 validns - DNS and DNSSEC zone file validator. For installation instructions, see installation.mdwn. For usage, see usage.mdwn. For miscellaneous notes, see notes.mdwn. For technical notes, see technical-notes.mdwn. The most recent version can always be found at https://github.com/tobez/validns/ The tarballs of releases can be found at http://www.validns.net/download/ Support: - web: http://www.validns.net/ - email: mailing list validns-users@validns.net (for users and developers alike) author: tobez@tobez.org - IRC: join #validns on EFNet tobez-validns-f423245/a.c000066400000000000000000000026121314110214000151160ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *a_parse(char *name, long ttl, int type, char *s) { struct rr_a *rr = getmem(sizeof(*rr)); if (extract_ipv4(&s, "IPv4 address", &rr->address) <= 0) return NULL; if (*s) { return bitch("garbage after valid A data"); } return store_record(type, name, ttl, rr); } static char* a_human(struct rr *rrv) { RRCAST(a); char s[1024]; if (inet_ntop(AF_INET, &rr->address, s, 1024)) return quickstrdup_temp(s); return "????"; } static struct binary_data a_wirerdata(struct rr *rrv) { RRCAST(a); struct binary_data r; r.length = sizeof(rr->address); r.data = (void *)&rr->address; return r; } static void* a_validate_set(struct rr_set *rr_set) { if (rr_set->named_rr->flags & NAME_FLAG_CONTAINS_SLASH) { struct rr *rr = rr_set->tail; return moan(rr->file_name, rr->line, "host name contains '/'"); } return NULL; } struct rr_methods a_methods = { a_parse, a_human, a_wirerdata, a_validate_set, NULL }; tobez-validns-f423245/aaaa.c000066400000000000000000000026631314110214000155670ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *aaaa_parse(char *name, long ttl, int type, char *s) { struct rr_aaaa *rr = getmem(sizeof(*rr)); if (extract_ipv6(&s, "IPv6 address", &rr->address) <= 0) return NULL; if (*s) { return bitch("garbage after valid AAAA data"); } return store_record(type, name, ttl, rr); } static char* aaaa_human(struct rr *rrv) { RRCAST(aaaa); char s[1024]; if (inet_ntop(AF_INET6, &rr->address, s, 1024)) return quickstrdup_temp(s); return "????"; } static struct binary_data aaaa_wirerdata(struct rr *rrv) { RRCAST(aaaa); struct binary_data r; r.length = sizeof(rr->address); r.data = (void *)&rr->address; return r; } static void* aaaa_validate_set(struct rr_set *rr_set) { if (rr_set->named_rr->flags & NAME_FLAG_CONTAINS_SLASH) { struct rr *rr = rr_set->tail; return moan(rr->file_name, rr->line, "host name contains '/'"); } return NULL; } struct rr_methods aaaa_methods = { aaaa_parse, aaaa_human, aaaa_wirerdata, aaaa_validate_set, NULL }; tobez-validns-f423245/afsdb.c000066400000000000000000000025401314110214000157550ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *afsdb_parse(char *name, long ttl, int type, char *s) { struct rr_afsdb *rr = getmem(sizeof(*rr)); rr->subtype = extract_integer(&s, "AFSDB subtype", NULL); if (rr->subtype < 0) return NULL; if (rr->subtype != 1 && rr->subtype != 2) return bitch("unknown AFSDB subtype"); rr->hostname = extract_name(&s, "AFSDB hostname", 0); if (!rr->hostname) return NULL; if (*s) { return bitch("garbage after valid AFSDB data"); } return store_record(type, name, ttl, rr); } static char* afsdb_human(struct rr *rrv) { RRCAST(afsdb); char s[1024]; snprintf(s, 1024, "%d %s", rr->subtype, rr->hostname); return quickstrdup_temp(s); } static struct binary_data afsdb_wirerdata(struct rr *rrv) { RRCAST(afsdb); return compose_binary_data("2d", 1, rr->subtype, name2wire_name(rr->hostname)); } struct rr_methods afsdb_methods = { afsdb_parse, afsdb_human, afsdb_wirerdata, NULL, NULL }; tobez-validns-f423245/base32hex.c000066400000000000000000000244611314110214000164700ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "base32hex.h" /* base32/normal alignment: * * 0 1 2 3 4 5 6 7 * |12345|123 45|12345|1 2345|1234 5|12345|12 345|12345| * |12345 678|12 34567 8|1234 5678|1 23456 78|123 45678| * 0 1 2 3 4 * * normal byte 0 is (base32[0] << 3) | (base32[1] >> 2) * masks: F8; 07 * normal byte 1 is ((base32[1]&0x03) << 6) | (base32[2] << 1) | (base32[3] >> 4) * masks: C0; 3E; 01 * normal byte 2 is ((base32[3]&0x0F) << 4) | (base32[4] >> 1) * masks: F0; 0F * normal byte 3 is ((base32[4]&0x01) << 7) | (base32[5] << 2) | (base32[6] >> 3) * masks: 80; 7C; 03 * normal byte 4 is ((base32[6]&0x07) << 5) | base32[7] * masks: E0; 1F */ int decode_base32hex(void *dest, char *src, size_t dstsize) { size_t processed = 0; int full_bytes = 0; unsigned char *dst = dest; while (*src) { int v; if (*src >= 'A' && *src <= 'V') v = *src - 'A' + 10; else if (*src >= 'a' && *src <= 'v') v = *src - 'a' + 10; else if (*src >= '0' && *src <= '9') v = *src - '0'; else if (isspace(*src) || *src == '=') { src++; continue; } else { /* any junk chars means input is corrupted */ errno = EINVAL; return -1; } src++; if (processed % 8 == 0) { if (dstsize <= 0) { errno = EINVAL; return -1; } dst[0] &= 0x07; dst[0] |= (v << 3) & 0xF8; processed++; } else if (processed % 8 == 1) { if (dstsize < 1) { errno = EINVAL; return -1; } dst[0] &= 0xF8; dst[0] |= (v >> 2) & 0x07; if (dstsize >= 2) { dst[1] &= 0x3F; dst[1] |= (v << 6) & 0xC0; } processed++; full_bytes++; } else if (processed % 8 == 2) { if (dstsize < 2) { errno = EINVAL; return -1; } dst[1] &= 0xC1; dst[1] |= (v << 1) & 0x3E; processed++; } else if (processed % 8 == 3) { if (dstsize < 2) { errno = EINVAL; return -1; } dst[1] &= 0xFE; dst[1] |= (v >> 4) & 0x01; if (dstsize >= 3) { dst[2] &= 0x0F; dst[2] |= (v << 4) & 0xF0; } processed++; full_bytes++; } else if (processed % 8 == 4) { if (dstsize < 3) { errno = EINVAL; return -1; } dst[2] &= 0xF0; dst[2] |= (v >> 1) & 0x0F; if (dstsize >= 4) { dst[3] &= 0x7F; dst[3] |= (v << 7) & 0x80; } processed++; full_bytes++; } else if (processed % 8 == 5) { if (dstsize < 4) { errno = EINVAL; return -1; } dst[3] &= 0x83; dst[3] |= (v << 2) & 0x7C; processed++; } else if (processed % 8 == 6) { if (dstsize < 4) { errno = EINVAL; return -1; } dst[3] &= 0xFC; dst[3] |= (v >> 3) & 0x03; if (dstsize >= 5) { dst[4] &= 0x1F; dst[4] |= (v << 5) & 0xE0; } processed++; full_bytes++; } else { if (dstsize < 5) { errno = EINVAL; return -1; } dst[4] &= 0xE0; dst[4] |= v & 0x1F; processed++; dst += 5; dstsize -= 5; full_bytes++; } } return full_bytes; } int encode_base32hex(void *dest, size_t dstsize, void *source, size_t srclength) { size_t need_dstsize; int byte = 0; unsigned char *dst = dest; unsigned char *src = source; int i; need_dstsize = 8*(srclength / 5); switch (srclength % 5) { case 1: need_dstsize += 2; break; case 2: need_dstsize += 4; break; case 3: need_dstsize += 5; break; case 4: need_dstsize += 7; break; } if (dstsize < need_dstsize) { errno = EINVAL; return -1; } while (srclength) { switch (byte) { case 0: dst[0] = *src >> 3; dst[1] = (*src & 0x07) << 2; break; case 1: dst[1] |= (*src >> 6) & 0x03; dst[2] = (*src >> 1) & 0x1f; dst[3] = (*src & 0x01) << 4; break; case 2: dst[3] |= (*src >> 4) & 0x0f; dst[4] = (*src & 0x0f) << 1; break; case 3: dst[4] |= (*src >> 7) & 0x01; dst[5] = (*src >> 2) & 0x1f; dst[6] = (*src & 0x03) << 3; break; case 4: dst[6] |= (*src >> 5) & 0x07; dst[7] = *src & 0x1f; break; } srclength--; src++; byte++; if (byte == 5) { dst += 8; byte = 0; } } dst = dest; for (i = 0; i < need_dstsize; i++) { if (*dst < 10) *dst = *dst +'0'; else if (*dst < 32) *dst = *dst - 10 + 'a'; else *dst = '?'; dst++; } return need_dstsize; } #ifdef TEST_PROGRAM static int ok_string_test(int testnum, char *src, char *expect) { unsigned char dstbuf[512]; unsigned char reverse_buf[1024]; int r, r0, i; int expect_sz = strlen(expect); int expect_reverse; char *s, *d; if (expect_sz >= 512) { printf("test %d: NOT OK: internal *test* error, buffer too small for proper testing, FIXME\n", testnum); return 1; } memset(dstbuf, 0xAA, 512); r = decode_base32hex(dstbuf, src, expect_sz); if (r != expect_sz) { printf("test %d: NOT OK: expect size %d, got %d\n", testnum, expect_sz, r); return 1; } else if (memcmp(dstbuf, expect, r) != 0) { printf("test %d: NOT OK: unexpected buffer content\n", testnum); return 1; } if (dstbuf[expect_sz] != 0xAA) { printf("test %d: NOT OK: corrupts memory with \"just enough\" bufsize\n", testnum); return 1; } r = encode_base32hex(reverse_buf, 1024, dstbuf, expect_sz); s = src; d = (char*)dstbuf; expect_reverse = 0; while (*s) { if (*s != ' ' && *s != '=') { *d++ = tolower(*s); expect_reverse++; } s++; } if (r != expect_reverse) { printf("test %d: NOT OK: REVERSE: expect size %d, got %d\n", testnum, expect_reverse, r); return 1; } else if (memcmp(reverse_buf, dstbuf, r) != 0) { printf("test %d: NOT OK: REVERSE: unexpected buffer content\n", testnum); return 1; } memset(dstbuf, 0xAA, 512); for (i = 0; i < expect_sz; i++) { r0 = decode_base32hex(dstbuf, src, i); if (r0 > 0) { printf("test %d: NOT OK: buffer size %d should not be enough\n", testnum, i); return 1; } if (dstbuf[i] != 0xAA) { printf("test %d: NOT OK: corrupts memory with bufsize %d\n", testnum, i); return 1; } } printf("test %d: ok\n", testnum); return 0; } static int expect_junk_error(int testnum, char *src) { char *buf[20]; int r; r = decode_base32hex(buf, src, 20); if (r != -1) { printf("test %d: NOT OK: junk input not recognized\n", testnum); return 1; } printf("test %d: ok\n", testnum); return 0; } int main(void) { int ret = 0; int t = 1; /* from http://tools.ietf.org/html/rfc4648#section-10 */ ret |= ok_string_test(t++, "", ""); ret |= ok_string_test(t++, "CO======", "f"); ret |= ok_string_test(t++, "Co=====", "f"); ret |= ok_string_test(t++, "cO====", "f"); ret |= ok_string_test(t++, "co===", "f"); ret |= ok_string_test(t++, "CO==", "f"); ret |= ok_string_test(t++, "CO=", "f"); ret |= ok_string_test(t++, "CO", "f"); ret |= ok_string_test(t++, "CPNG====", "fo"); ret |= ok_string_test(t++, "cPNG===", "fo"); ret |= ok_string_test(t++, "cpNG==", "fo"); ret |= ok_string_test(t++, "cpnG=", "fo"); ret |= ok_string_test(t++, "cpng", "fo"); ret |= ok_string_test(t++, "CPNMU===", "foo"); ret |= ok_string_test(t++, "CPnMU==", "foo"); ret |= ok_string_test(t++, "CPnmu=", "foo"); ret |= ok_string_test(t++, "cpNMU", "foo"); ret |= ok_string_test(t++, "CPNMUOG=", "foob"); ret |= ok_string_test(t++, "CPNMUoG", "foob"); ret |= ok_string_test(t++, "CPNMUOJ1", "fooba"); ret |= ok_string_test(t++, "cPnMuOj1", "fooba"); ret |= ok_string_test(t++, "CpNmUoJ1", "fooba"); ret |= ok_string_test(t++, "CpNm UoJ1", "fooba"); ret |= ok_string_test(t++, "CPNMUOJ1E8======", "foobar"); ret |= ok_string_test(t++, "CPNMuOJ1E8=====", "foobar"); ret |= ok_string_test(t++, "CpNMuOJ1E8====", "foobar"); ret |= ok_string_test(t++, "CpNMuOJ1e8===", "foobar"); ret |= ok_string_test(t++, "CpNmuOJ 1e8==", "foobar"); ret |= ok_string_test(t++, "CpnmuOJ 1e8=", "foobar"); ret |= ok_string_test(t++, "Cpn muOj 1e8", "foobar"); ret |= expect_junk_error(t++, "?m9vmF"); ret |= expect_junk_error(t++, "%m9vmF"); ret |= expect_junk_error(t++, "m&9vmF"); ret |= expect_junk_error(t++, "m9-vmF"); ret |= expect_junk_error(t++, "m9v*mF"); ret |= expect_junk_error(t++, "m9v#mF"); ret |= expect_junk_error(t++, "m9vm\x01F"); ret |= expect_junk_error(t++, "m9vmF!"); ret |= expect_junk_error(t++, "m9vmF."); ret |= expect_junk_error(t++, "CpnmuOj/1e8x"); ret |= expect_junk_error(t++, "CpnYmuOj1e8"); ret |= expect_junk_error(t++, "CZpnmuOj1e8"); ret |= expect_junk_error(t++, "CzpnmuOj1e8"); ret |= ok_string_test(t++, "MEQIMI6FJE5NI47PJAHV5QIGU1LV3JLJ", "\xb3\xb5\x2b\x48\xcf\x9b\x8b\x79\x10\xf9\x9a\xa3\xf2\xea\x50\xf0\x6b\xf1\xce\xb3"); return ret; } #endif tobez-validns-f423245/base32hex.h000066400000000000000000000005731314110214000164730ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #ifndef _BASE32HEX_H_ #define _BASE32HEX_H_ 1 int decode_base32hex(void *dst, char *src, size_t dstsize); int encode_base32hex(void *dest, size_t dstsize, void *source, size_t srclength); #endif tobez-validns-f423245/base64.c000066400000000000000000000144641314110214000157720ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "base64.h" /* * Very straightforward, ugly, unoptimized, * not much in the way of error handling. * But it works. */ int decode_base64(void *dest, char *src, size_t dstsize) { size_t processed = 0; int full_bytes = 0; unsigned char *dst = dest; while (*src) { int v; if (*src >= 'A' && *src <= 'Z') v = *src - 'A'; else if (*src >= 'a' && *src <= 'z') v = 26 + *src - 'a'; else if (*src >= '0' && *src <= '9') v = 52 + *src - '0'; else if (*src == '+') v = 62; else if (*src == '/') v = 63; else if (isspace(*src) || *src == '=') { src++; continue; } else { /* any junk chars means input is corrupted */ errno = EINVAL; return -1; } src++; if (processed % 4 == 0) { if (dstsize <= 0) { errno = EINVAL; return -1; } dst[0] &= 0x03; dst[0] |= (v << 2) & 0xFC; processed++; } else if (processed % 4 == 1) { if (dstsize < 1) { errno = EINVAL; return -1; } dst[0] &= 0xFC; dst[0] |= (v >> 4) & 0x03; if (dstsize >= 2) { dst[1] &= 0x0F; dst[1] |= (v << 4) & 0xF0; } processed++; full_bytes++; } else if (processed % 4 == 2) { if (dstsize < 2) { errno = EINVAL; return -1; } dst[1] &= 0xF0; dst[1] |= (v >> 2) & 0x0F; if (dstsize >= 3) { dst[2] &= 0x3F; dst[2] |= (v << 6) & 0xC0; } processed++; full_bytes++; } else { if (dstsize <= 2) { errno = EINVAL; return -1; } dst[2] &= 0xC0; dst[2] |= v & 0x3F; processed++; dst += 3; dstsize -= 3; full_bytes++; } } return full_bytes; } #ifdef TEST_PROGRAM static int ok_string_test(int testnum, char *src, char *expect) { unsigned char dstbuf[512]; int r, r0, i; int expect_sz = strlen(expect); if (expect_sz >= 512) { printf("test %d: NOT OK: internal *test* error, buffer too small for proper testing, FIXME\n", testnum); return 1; } memset(dstbuf, 0xAA, 512); r = decode_base64(dstbuf, src, expect_sz); if (r != expect_sz) { printf("test %d: NOT OK: expect size %d, got %d\n", testnum, expect_sz, r); return 1; } else if (memcmp(dstbuf, expect, r) != 0) { printf("test %d: NOT OK: unexpected buffer content\n", testnum); return 1; } if (dstbuf[expect_sz] != 0xAA) { printf("test %d: NOT OK: corrupts memory with \"just enough\" bufsize\n", testnum); return 1; } memset(dstbuf, 0xAA, 512); for (i = 0; i < expect_sz; i++) { r0 = decode_base64(dstbuf, src, i); if (r0 > 0) { printf("test %d: NOT OK: buffer size %d should not be enough\n", testnum, i); return 1; } if (dstbuf[i] != 0xAA) { printf("test %d: NOT OK: corrupts memory with bufsize %d\n", testnum, i); return 1; } } printf("test %d: ok\n", testnum); return 0; } static int expect_junk_error(int testnum, char *src) { char *buf[20]; int r; r = decode_base64(buf, src, 20); if (r != -1) { printf("test %d: NOT OK: junk input not recognized\n", testnum); return 1; } printf("test %d: ok\n", testnum); return 0; } int main(void) { int ret = 0; /* from http://en.wikipedia.org/wiki/Base64 */ ret |= ok_string_test(1, "bGVhc3VyZS4=", "leasure."); ret |= ok_string_test(2, "bGVhc3VyZS4", "leasure."); ret |= ok_string_test(3, "ZWFzdXJlLg==", "easure."); ret |= ok_string_test(4, "ZWFzdXJlLg=", "easure."); ret |= ok_string_test(5, "ZWFzdXJlLg", "easure."); ret |= ok_string_test(6, "YXN1cmUu", "asure."); ret |= ok_string_test(7, "c3VyZS4=", "sure."); ret |= ok_string_test(8, "c3VyZS4", "sure."); ret |= ok_string_test(9, "TWFuIGlzIGRpc3Rpbmd1aXNoZWQsIG5vdCBvbmx5IGJ5IGhpcyByZWFzb24sIGJ1dCBieSB0aGlz\n" "IHNpbmd1bGFyIHBhc3Npb24gZnJvbSBvdGhlciBhbmltYWxzLCB3aGljaCBpcyBhIGx1c3Qgb2Yg\n" "dGhlIG1pbmQsIHRoYXQgYnkgYSBwZXJzZXZlcmFuY2Ugb2YgZGVsaWdodCBpbiB0aGUgY29udGlu\n" "dWVkIGFuZCBpbmRlZmF0aWdhYmxlIGdlbmVyYXRpb24gb2Yga25vd2xlZGdlLCBleGNlZWRzIHRo\n" "ZSBzaG9ydCB2ZWhlbWVuY2Ugb2YgYW55IGNhcm5hbCBwbGVhc3VyZS4=", "Man is distinguished, not only by his reason, but by this singular passion from other animals, which is a lust of the mind, that by a perseverance of delight in the continued and indefatigable generation of knowledge, exceeds the short vehemence of any carnal pleasure."); /* from http://tools.ietf.org/html/rfc4648#section-10 */ ret |= ok_string_test(10, "", ""); ret |= ok_string_test(11, "Zg==", "f"); ret |= ok_string_test(12, "Zg=", "f"); ret |= ok_string_test(13, "Zg", "f"); ret |= ok_string_test(14, "Zm8=", "fo"); ret |= ok_string_test(15, "Zm8", "fo"); ret |= ok_string_test(16, "Zm9v", "foo"); ret |= ok_string_test(17, "Zm9vYg==", "foob"); ret |= ok_string_test(18, "Zm9vYg=", "foob"); ret |= ok_string_test(19, "Zm9vYg", "foob"); ret |= ok_string_test(20, "Zm9vYmE=", "fooba"); ret |= ok_string_test(21, "Zm9vYmE", "fooba"); ret |= ok_string_test(22, "Zm9vYmFy", "foobar"); ret |= expect_junk_error(23, "?Zm9vYmFy"); ret |= expect_junk_error(24, "Z%m9vYmFy"); ret |= expect_junk_error(25, "Zm&9vYmFy"); ret |= expect_junk_error(26, "Zm9-vYmFy"); ret |= expect_junk_error(27, "Zm9v*YmFy"); ret |= expect_junk_error(28, "Zm9vY#mFy"); ret |= expect_junk_error(29, "Zm9vYm\x01Fy"); ret |= expect_junk_error(30, "Zm9vYmF!y"); ret |= expect_junk_error(31, "Zm9vYmFy."); return ret; } #endif tobez-validns-f423245/base64.h000066400000000000000000000004401314110214000157640ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #ifndef _BASE64_H_ #define _BASE64_H_ 1 int decode_base64(void *dst, char *src, size_t dstsize); #endif tobez-validns-f423245/caa.c000066400000000000000000000043001314110214000154160ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2017 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr* caa_parse(char *name, long ttl, int type, char *s) { struct rr_caa *rr = getmem(sizeof(*rr)); int flags; char *str_tag; flags = extract_integer(&s, "CAA flags", NULL); if (flags < 0) return NULL; if (flags != 0 && flags != 128) return bitch("CAA unrecognized flags value"); rr->flags = flags; str_tag = extract_label(&s, "CAA tag", "temporary"); if (!str_tag) return NULL; if (strcmp(str_tag, "issue") == 0) { /* ok */ } else if (strcmp(str_tag, "issuewild") == 0) { /* ok */ } else if (strcmp(str_tag, "iodef") == 0) { /* ok */ } else if (strcmp(str_tag, "auth") == 0) return bitch("CAA reserved tag name"); else if (strcmp(str_tag, "path") == 0) return bitch("CAA reserved tag name"); else if (strcmp(str_tag, "policy") == 0) return bitch("CAA reserved tag name"); else return bitch("CAA unrecognized tag name"); rr->tag = compose_binary_data("s", 0, str_tag); rr->value = extract_text(&s, "CAA tag value"); if (rr->value.length <= 0) return bitch("CAA missing tag value"); if (*s) { return bitch("garbage after valid CAA data"); } return store_record(type, name, ttl, rr); } static char* caa_human(struct rr *rrv) { RRCAST(caa); char ss[4096]; char *s = ss; int l; /* incomplete */ l = snprintf(s, 4096, "%u", rr->flags); s += l; return quickstrdup_temp(ss); } static struct binary_data caa_wirerdata(struct rr *rrv) { RRCAST(caa); return compose_binary_data("1dd", 1, rr->flags, rr->tag, rr->value); } /* static void *caa_validate(struct rr *rrv) { dump_binary_data(stderr, call_get_wired(rrv)); return NULL; } */ struct rr_methods caa_methods = { caa_parse, caa_human, caa_wirerdata, NULL, NULL }; tobez-validns-f423245/carp.c000066400000000000000000000046441314110214000156320ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include #include #include "common.h" #include "carp.h" static void v(int is_croak, int is_x, int exit_code, const char *fmt, va_list ap); void croak(int exit_code, const char *fmt, ...) { va_list ap; va_start(ap, fmt); v(1, errno, exit_code, fmt, ap); va_end(ap); } void croakx(int exit_code, const char *fmt, ...) { va_list ap; va_start(ap, fmt); v(1, -1, exit_code, fmt, ap); va_end(ap); } void * bitch(const char *fmt, ...) { va_list ap; va_start(ap, fmt); if (!G.opt.no_output) { fprintf(stderr, "%s:%d: ", file_info->name, file_info->line); if (fmt != NULL) { vfprintf(stderr, fmt, ap); } fprintf(stderr, "\n"); } va_end(ap); G.exit_code = 1; G.stats.error_count++; file_info->paren_mode = 0; if (G.opt.die_on_first_error) exit(1); return NULL; } void * moan(char *file_name, int line, const char *fmt, ...) { va_list ap; va_start(ap, fmt); if (!G.opt.no_output) { fprintf(stderr, "%s:%d: ", file_name, line); if (fmt != NULL) { vfprintf(stderr, fmt, ap); } fprintf(stderr, "\n"); } va_end(ap); G.exit_code = 1; G.stats.error_count++; if (G.opt.die_on_first_error) exit(1); return NULL; } void v(int is_croak, int use_errno, int exit_code, const char *fmt, va_list ap) { fprintf(stderr, "%s: ", thisprogname()); if (fmt != NULL) { vfprintf(stderr, fmt, ap); if (use_errno >= 0) fprintf(stderr, ": "); } if (use_errno >= 0) fprintf(stderr, "%s\n", strerror(use_errno)); else fprintf(stderr, "\n"); if (is_croak) exit(exit_code); } #if defined(__linux__) static char proggy[MAXPATHLEN]; #endif const char *thisprogname(void) { #if defined(__FreeBSD__) return getprogname(); #elif defined(__APPLE__) return getprogname(); #elif defined(__sun__) return getexecname(); #elif defined(__linux__) if (readlink("/proc/self/exe", proggy, MAXPATHLEN) != -1) return proggy; return ""; #else #error "unsupported OS" #endif } tobez-validns-f423245/carp.h000066400000000000000000000007061314110214000156320ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #ifndef _CARP_H #define _CARP_H 1 const char *thisprogname(void); void croak(int exit_code, const char *fmt, ...); void croakx(int exit_code, const char *fmt, ...); void *bitch(const char *fmt, ...); void *moan(char *file_name, int line, const char *fmt, ...); #endif tobez-validns-f423245/cbtree.c000066400000000000000000000232041314110214000161420ustar00rootroot00000000000000/* djb's critbit with associated data storage. * * Based on https://github.com/agl/critbit, which is in public domain. * Changes: * - data storage added * - cweb removed * - functions renamed and data types cleaned to my liking */ #include #include #include #include #include #include "cbtree.h" struct node { void *child[2]; uint32_t byte; uint8_t otherbits; }; /* our own memory management */ struct pool { struct pool *next; size_t pool_size; size_t free_index; char mem[0]; }; static struct pool *internal = NULL; static struct pool *external = NULL; static int new_pool(struct pool **root, size_t size) { struct pool *pool; size = (size + sizeof(void *) - 1) / sizeof(void *); size *= sizeof(void *); pool = malloc(size + sizeof(struct pool)); if (!pool) { return 1; } pool->next = *root; pool->free_index = 0; pool->pool_size = size; *root = pool; return 0; } static void *alloc(struct pool **root, size_t size) { void *ret; size = (size + sizeof(void *) - 1) / sizeof(void *); size *= sizeof(void *); if (!*root) if (new_pool(root, size > 256000 ? size : 256000) != 0) return NULL; if ((*root)->pool_size - (*root)->free_index < size) if (new_pool(root, size > 256000 ? size : 256000) != 0) return NULL; ret = (*root)->mem + (*root)->free_index; (*root)->free_index += size; return ret; } /* main code */ intptr_t* cbtree_find(struct cbtree *t, const char *u) { const uint8_t *ubytes = (void *)u; const size_t ulen = strlen(u); uint8_t *p = t->root; /* Test for empty tree */ if (!p) return NULL; /* Walk tree for best member */ while (1 & (intptr_t) p) { struct node *q = (void *)(p - 1); /* Calculate direction */ int direction; uint8_t c = 0; if (q->byte < ulen) c = ubytes[q->byte]; direction = (1 + (q->otherbits | c)) >> 8; p = q->child[direction]; } /* The leaves contain "[data ptr][string]" */ if (strcmp(u, (const char *)(p + sizeof(intptr_t))) == 0) return (intptr_t *)p; return NULL; } intptr_t* cbtree_insert(struct cbtree *t, const char *u) { const uint8_t *const ubytes = (void *) u; const size_t ulen = strlen(u); uint8_t *p = t->root; /* Deal with inserting into an empty tree */ if (!p) { char *x = alloc(&external, ulen + 1 + sizeof(intptr_t)); if (!x) return NULL; *((intptr_t *)x) = 0; memcpy(x + sizeof(intptr_t), u, ulen + 1); t->root = x; return (intptr_t *)x; } /* Walk tree for best member */ while (1 & (intptr_t) p) { struct node *q = (void *)(p - 1); /* Calculate direction */ int direction; uint8_t c = 0; if (q->byte < ulen) c = ubytes[q->byte]; direction = (1 + (q->otherbits | c)) >> 8; p = q->child[direction]; } /* Find the critical bit */ /* 1: Find differing byte */ uint32_t newbyte; uint32_t newotherbits; for (newbyte = 0; newbyte < ulen; ++newbyte) { if (p[sizeof(intptr_t) + newbyte] != ubytes[newbyte]) { newotherbits = p[sizeof(intptr_t) + newbyte] ^ ubytes[newbyte]; goto different_byte_found; } } if (p[sizeof(intptr_t) + newbyte] != 0) { newotherbits = p[sizeof(intptr_t) + newbyte]; goto different_byte_found; } return (intptr_t *)p; different_byte_found: /* 2: Find differing bit */ newotherbits |= newotherbits >> 1; newotherbits |= newotherbits >> 2; newotherbits |= newotherbits >> 4; newotherbits = (newotherbits & ~(newotherbits >> 1)) ^ 255; uint8_t c = p[sizeof(intptr_t) + newbyte]; int newdirection = (1 + (newotherbits | c)) >> 8; /* Insert new string */ /* 1: Allocate new node structure */ struct node *newnode; newnode = alloc(&internal, sizeof(struct node)); if (!newnode) return NULL; char *x = alloc(&external, ulen + 1 + sizeof(intptr_t)); if (!x) return NULL; *((intptr_t *)x) = 0; memcpy(x + sizeof(intptr_t), ubytes, ulen + 1); newnode->byte = newbyte; newnode->otherbits = newotherbits; newnode->child[1 - newdirection] = x; /* 2: Insert new node */ void **wherep = &t->root; for (;;) { uint8_t *p = *wherep; if (!(1 & (intptr_t) p)) break; struct node *q = (void *) (p - 1); if (q->byte > newbyte) break; if (q->byte == newbyte && q->otherbits > newotherbits) break; uint8_t c = 0; if (q->byte < ulen) c = ubytes[q->byte]; const int direction = (1 + (q->otherbits | c)) >> 8; wherep = q->child + direction; } newnode->child[newdirection] = *wherep; *wherep = (void *) (1 + (char *) newnode); return (intptr_t *)x; } intptr_t cbtree_delete(struct cbtree *t, const char *u) { const uint8_t *ubytes = (void *) u; const size_t ulen = strlen(u); uint8_t *p = t->root; void **wherep = &t->root; void **whereq = 0; struct node *q = 0; int direction = 0; intptr_t ret; /* Deal with deleting from an empty tree */ if (!p) return 0; /* Walk the tree for the best match */ while (1 & (intptr_t) p) { whereq = wherep; q = (void *) (p - 1); uint8_t c = 0; if (q->byte < ulen) c = ubytes[q->byte]; direction = (1 + (q->otherbits | c)) >> 8; wherep = q->child + direction; p = *wherep; } /* Check the best match */ if (0 != strcmp(u, (const char *)(p + sizeof(intptr_t)))) return 0; ret = *((intptr_t *)p); /* Remove the element and/or node */ if (!whereq) { t->root = 0; return ret; } *whereq = q->child[1 - direction]; // free(q); return ret; } static void traverse(void *top) { uint8_t *p = top; if (1 & (intptr_t) p) { struct node *q = (void *) (p - 1); traverse(q->child[0]); traverse(q->child[1]); // free(q); } else { // free(p); } } void cbtree_clear(struct cbtree *t) { if (t->root) traverse(t->root); t->root = NULL; } static int allprefixed_traverse(uint8_t *top, int (*handle)(const char *, intptr_t *, void *), void *arg) { int direction; /* Deal with an internal node */ if (1 & (intptr_t) top) { struct node *q = (void *) (top - 1); for (direction = 0; direction < 2; ++direction) switch(allprefixed_traverse(q->child[direction], handle, arg)) { case 1: break; case 0: return 0; default: return -1; } return 1; } /* Deal with an external node */ return handle((const char *)(top + sizeof(intptr_t)), (intptr_t *)top, arg); } int cbtree_allprefixed(struct cbtree *t, const char *prefix, int (*handle)(const char *, intptr_t *, void *), void *arg) { const uint8_t *ubytes = (void *) prefix; const size_t ulen = strlen(prefix); uint8_t *p = t->root; uint8_t *top = p; int i; if (!p) return 1; /* S = $\emptyset$ */ /* Walk tree, maintaining top pointer */ while (1 & (intptr_t) p) { struct node *q = (void *) (p - 1); uint8_t c = 0; if (q->byte < ulen) c = ubytes[q->byte]; const int direction = (1 + (q->otherbits | c)) >> 8; p = q->child[direction]; if (q->byte < ulen) top = p; } /* Check prefix */ for (i = 0; i < ulen; ++i) { if (p[i+sizeof(intptr_t)] != ubytes[i]) return 1; } return allprefixed_traverse(top, handle, arg); } static const char *byte_to_binary(int x) { static char b[9]; int z; b[0] = '\0'; for (z = 128; z > 0; z >>= 1) strcat(b, ((x & z) == z) ? "1" : "0"); return b; } static void traverse_dump(void *top, int level, int byte) { uint8_t *p = top; int i; for (i = 0; i < level; i++) printf(" "); if (1 & (intptr_t) p) { struct node *q = (void *) (p - 1); printf("[byte(%d),otherbits(%s)]\n", q->byte, byte_to_binary(q->otherbits)); traverse_dump(q->child[0], level + 1, q->byte); traverse_dump(q->child[1], level + 1, q->byte); } else { const size_t ulen = strlen((char *)(p + sizeof(intptr_t))); int c = byte < ulen ? p[sizeof(intptr_t) + byte] : 0; printf("\"%s\" (%s)\n", p + sizeof(intptr_t), byte_to_binary(c)); } } void cbtree_dump(struct cbtree *t) { if (t->root) traverse_dump(t->root, 0, 0); printf("\n"); } char* cbtree_next(struct cbtree *t, const char *u, intptr_t *data) { const uint8_t *ubytes = (void *) u; const size_t ulen = strlen(u); uint8_t *p = t->root; uint8_t *branch = NULL; if (!p) return NULL; /* Walk tree, maintaining top pointer */ while (1 & (intptr_t) p) { struct node *q = (void *) (p - 1); uint8_t c = 0; if (q->byte < ulen) c = ubytes[q->byte]; const int direction = (1 + (q->otherbits | c)) >> 8; if (direction == 0) branch = q->child[1]; p = q->child[direction]; } /* check whether what we found is what we are looking for already */ if (strcmp((char *)(p + sizeof(intptr_t)), u) > 0) { if (data) *data = *((intptr_t *)p); return (char *)(p + sizeof(intptr_t)); } if (!branch) return NULL; /* select the lowest value on the branch */ p = branch; while (1 & (intptr_t) p) { struct node *q = (void *) (p - 1); p = q->child[0]; } if (data) *data = *((intptr_t *)p); return (char *)(p + sizeof(intptr_t)); } tobez-validns-f423245/cbtree.h000066400000000000000000000033531314110214000161520ustar00rootroot00000000000000#ifndef _CBTREE_H #define _CBTREE_H #include #include struct cbtree { void *root; }; /* Re: use of intptr_t instead of void * or a union { void *; int }: * I am aware it is not recommened (see * http://stackoverflow.com/questions/9492798/using-intptr-t-instead-of-void), * but I am not sure I agree; maybe I just don't understand all * implications. Anyways, Judy trees, which I am replacing in my code * with this tiny library, are using "unsigned long", which * is even worse, but works everywherewhere I tested it. */ /* Search for the string u in the tree t. * Returns: * NULL if not found, or * a pointer to a user value associated with the string */ intptr_t *cbtree_find(struct cbtree *t, const char *u); /* Insert the string u into the tree t. * Returns: * NULL in case of an error, or * a pointer to a user value associated with the string; * the user value will be initialized to 0 in * case the insertion has happened, and left * untouched in case the string was already in the tree. */ intptr_t *cbtree_insert(struct cbtree *t, const char *u); /* Delete the string u from the tree t. * Returns: * 0 in case u was not in t, or * a user value which was associated with the string; * please note that the user value can be 0 as well, * so there is no general way to distinguish these two * situations */ intptr_t cbtree_delete(struct cbtree *t, const char *u); void cbtree_clear(struct cbtree *t); int cbtree_allprefixed(struct cbtree *t, const char *prefix, int (*handle)(const char *, intptr_t *, void *), void *arg); void cbtree_dump(struct cbtree *t); char *cbtree_next(struct cbtree *t, const char *u, intptr_t *data); #endif tobez-validns-f423245/cert.c000066400000000000000000000077261314110214000156460ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" /* See http://tools.ietf.org/html/rfc4398 for CERT description. * See http://www.iana.org/assignments/cert-rr-types/cert-rr-types.xml * for certificate types. The version implemented here * has "Last Updated" equal to "2006-09-27" */ static int extract_certificate_type(char **s, char *what) { int type; char *str_type; if (isdigit(**s)) { type = extract_integer(s, what, NULL); if (type >= 1 && type <= 8) return type; if (type == 253 || type == 254) return type; if (type >= 65280 && type <= 65534) return type; if (type < 0 || type > 65535) { bitch("bad certificate type %d", type); return -1; } if (type == 0 || type == 255 || type == 65535) { bitch("certificate type %d is reserved by IANA", type); return -1; } bitch("certificate type %d is unassigned", type); return -1; } else { str_type = extract_label(s, what, "temporary"); if (!str_type) return -1; if (strcmp(str_type, "pkix") == 0) return 1; if (strcmp(str_type, "spki") == 0) return 2; if (strcmp(str_type, "pgp") == 0) return 3; if (strcmp(str_type, "ipkix") == 0) return 4; if (strcmp(str_type, "ispki") == 0) return 5; if (strcmp(str_type, "ipgp") == 0) return 6; if (strcmp(str_type, "acpkix") == 0) return 7; if (strcmp(str_type, "iacpkix") == 0) return 8; if (strcmp(str_type, "uri") == 0) return 253; if (strcmp(str_type, "oid") == 0) return 254; bitch("bad certificate type %s", str_type); return -1; } } static struct rr* cert_parse(char *name, long ttl, int type, char *s) { struct rr_cert *rr = getmem(sizeof(*rr)); int cert_type, key_tag, alg; cert_type = extract_certificate_type(&s, "certificate type"); if (cert_type < 0) return NULL; rr->type = cert_type; key_tag = extract_integer(&s, "key tag", NULL); if (key_tag < 0) return NULL; if (key_tag > 65535) return bitch("bad key tag"); rr->key_tag = key_tag; if (isdigit(*s)) { alg = extract_integer(&s, "algorithm", NULL); if (alg < 0) return NULL; if (alg > 255) return bitch("bad algorithm"); if (alg != 0) { /* 0 is just fine */ if (algorithm_type(alg) == ALG_UNSUPPORTED) return bitch("bad algorithm %d", alg); } } else { alg = extract_algorithm(&s, "algorithm"); if (alg == ALG_UNSUPPORTED) return NULL; } rr->algorithm = alg; if (alg == 0 && key_tag != 0) { /* we might want to bitch here, but RFC says "SHOULD", so we don't */ } rr->certificate = extract_base64_binary_data(&s, "certificate"); if (rr->certificate.length < 0) return NULL; /* TODO validate cert length based on algorithm */ if (*s) { return bitch("garbage after valid CERT data"); } return store_record(type, name, ttl, rr); } static char* cert_human(struct rr *rrv) { RRCAST(cert); char s[1024]; snprintf(s, 1024, "%d %d %d ...", rr->type, rr->key_tag, rr->algorithm); return quickstrdup_temp(s); } static struct binary_data cert_wirerdata(struct rr *rrv) { RRCAST(cert); return compose_binary_data("221d", 1, rr->type, rr->key_tag, rr->algorithm, rr->certificate); } struct rr_methods cert_methods = { cert_parse, cert_human, cert_wirerdata, NULL, NULL }; tobez-validns-f423245/cname.c000066400000000000000000000036531314110214000157670ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *cname_parse(char *name, long ttl, int type, char *s) { struct rr_cname *rr = getmem(sizeof(*rr)); rr->cname = extract_name(&s, "cname", 0); if (!rr->cname) return NULL; if (*s) { return bitch("garbage after valid CNAME data"); } return store_record(type, name, ttl, rr); } static char* cname_human(struct rr *rrv) { RRCAST(cname); return rr->cname; } static struct binary_data cname_wirerdata(struct rr *rrv) { RRCAST(cname); return name2wire_name(rr->cname); } static void* cname_validate_set(struct rr_set *rr_set) { struct rr *rr; struct rr_set *another_set; struct named_rr *named_rr; int count; if (G.opt.policy_checks[POLICY_CNAME_OTHER_DATA]) { if (rr_set->count > 1) { rr = rr_set->tail; return moan(rr->file_name, rr->line, "CNAME and other data"); } named_rr = rr_set->named_rr; count = get_rr_set_count(named_rr); if (count > 1) { another_set = find_rr_set_in_named_rr(named_rr, T_RRSIG); if (another_set) count -= another_set->count; another_set = find_rr_set_in_named_rr(named_rr, T_NSEC); if (another_set) count -= another_set->count; if (count > 1) { rr = rr_set->tail; return moan(rr->file_name, rr->line, "CNAME and other data"); } } } return NULL; } struct rr_methods cname_methods = { cname_parse, cname_human, cname_wirerdata, cname_validate_set, NULL }; tobez-validns-f423245/common.h000066400000000000000000000042641314110214000162000ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #ifndef _COMMON_H_ #define _COMMON_H_ 1 struct generate_template_piece; struct generate_template_piece { char *constant_string; struct generate_template_piece *next; }; #define LINEBUFSZ 2048 struct file_info { struct file_info *next; FILE *file; int line; int paren_mode; char buf[LINEBUFSZ]; char *current_origin; int generate_cur; int generate_lim; char *generate_type; struct generate_template_piece *generate_lhs; struct generate_template_piece *generate_rhs; /* must be last struct member */ char name[0]; }; extern struct file_info *file_info; #define N_POLICY_CHECKS 11 #define POLICY_SINGLE_NS 0 #define POLICY_CNAME_OTHER_DATA 1 #define POLICY_NSEC3PARAM_NOT_APEX 2 #define POLICY_MX_ALIAS 3 #define POLICY_NS_ALIAS 4 #define POLICY_RP_TXT_EXISTS 5 #define POLICY_DNAME 6 #define POLICY_DNSKEY 7 #define POLICY_TLSA_HOST 8 #define POLICY_KSK_EXISTS 9 #define POLICY_SMIMEA_HOST 10 #define MAX_TIMES_TO_CHECK 32 struct globals { struct stats { int names_count; int rr_count; int rrset_count; int error_count; int skipped_dup_rr_count; int soa_rr_count; int signatures_verified; int delegations; int not_authoritative; int nsec3_count; } stats; struct command_line_options { int die_on_first_error; int no_output; int summary; int verbose; char *include_path; int include_path_specified; char *first_origin; int n_times_to_check; uint32_t times_to_check[MAX_TIMES_TO_CHECK]; char policy_checks[N_POLICY_CHECKS]; int n_threads; int soa_minttl_as_default_ttl; } opt; int exit_code; long default_ttl; int nsec3_present; int nsec3_opt_out_present; int dnssec_active; }; extern struct globals G; #define SHA1_BYTES 20 #define SHA256_BYTES 32 #define SHA384_BYTES 48 #define SHA512_BYTES 64 /* GOST R 34.11-94 - 32 bytes */ #define GOST_BYTES 32 #endif tobez-validns-f423245/dhcid.c000066400000000000000000000031631314110214000157530ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr* dhcid_parse(char *name, long ttl, int type, char *s) { struct rr_dhcid *rr = getmem(sizeof(*rr)); struct binary_data data; data = extract_base64_binary_data(&s, "rdata"); if (data.length < 0) return NULL; if (data.length < 3) return bitch("rdata too short"); rr->id_type = data.data[0]*256 + data.data[1]; if (rr->id_type > 2) return bitch("unsupported identifier type %s", rr->id_type); rr->digest_type = data.data[2]; if (rr->digest_type != 1) return bitch("unsupported digest type %s", rr->digest_type); if (data.length != 35) return bitch("wrong digest length, must be 32 for SHA-256"); /* let's cheat a bit */ data.length -= 3; data.data += 3; rr->digest = data; if (*s) { return bitch("garbage after valid DHCID data"); } return store_record(type, name, ttl, rr); } static char* dhcid_human(struct rr *rrv) { return "..."; } static struct binary_data dhcid_wirerdata(struct rr *rrv) { RRCAST(dhcid); return compose_binary_data("21d", 1, rr->id_type, rr->digest_type, rr->digest); } struct rr_methods dhcid_methods = { dhcid_parse, dhcid_human, dhcid_wirerdata, NULL, NULL }; tobez-validns-f423245/dlv.c000066400000000000000000000054231314110214000154660ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr* dlv_parse(char *name, long ttl, int type, char *s) { struct rr_dlv *rr = getmem(sizeof(*rr)); int key_tag, algorithm, digest_type; key_tag = extract_integer(&s, "key tag", NULL); if (key_tag < 0) return NULL; rr->key_tag = key_tag; algorithm = extract_algorithm(&s, "algorithm"); if (algorithm == ALG_UNSUPPORTED) return NULL; rr->algorithm = algorithm; digest_type = extract_integer(&s, "digest type", NULL); if (digest_type < 0) return NULL; rr->digest_type = digest_type; rr->digest = extract_hex_binary_data(&s, "digest", EXTRACT_EAT_WHITESPACE); if (rr->digest.length < 0) return NULL; switch (digest_type) { case 1: if (rr->digest.length != SHA1_BYTES) { return bitch("wrong SHA-1 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA1_BYTES); } break; case 2: if (rr->digest.length != SHA256_BYTES) { return bitch("wrong SHA-256 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA256_BYTES); } break; case 3: if (rr->digest.length != GOST_BYTES) { return bitch("wrong GOST R 34.11-94 digest length: %d bytes found, %d bytes expected", rr->digest.length, GOST_BYTES); } break; case 4: if (rr->digest.length != SHA384_BYTES) { return bitch("wrong SHA-384 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA384_BYTES); } break; default: return bitch("bad or unsupported digest type %d", digest_type); } if (*s) { return bitch("garbage after valid DLV data"); } G.dnssec_active = 1; return store_record(type, name, ttl, rr); } static char* dlv_human(struct rr *rrv) { RRCAST(dlv); char ss[4096]; char *s = ss; int l; int i; l = snprintf(s, 4096, "%u %u %u ", rr->key_tag, rr->algorithm, rr->digest_type); s += l; for (i = 0; i < rr->digest.length; i++) { l = snprintf(s, 4096-(s-ss), "%02X", (unsigned char)rr->digest.data[i]); s += l; } return quickstrdup_temp(ss); } static struct binary_data dlv_wirerdata(struct rr *rrv) { RRCAST(dlv); return compose_binary_data("211d", 1, rr->key_tag, rr->algorithm, rr->digest_type, rr->digest); } struct rr_methods dlv_methods = { dlv_parse, dlv_human, dlv_wirerdata, NULL, NULL }; tobez-validns-f423245/dname.c000066400000000000000000000051641314110214000157670ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" /* DNAMEs are described in http://tools.ietf.org/html/rfc2672 */ static struct rr *dname_parse(char *name, long ttl, int type, char *s) { struct rr_dname *rr = getmem(sizeof(*rr)); rr->target = extract_name(&s, "dname target", 0); if (!rr->target) return NULL; if (*s) { return bitch("garbage after valid DNAME data"); } return store_record(type, name, ttl, rr); } static char* dname_human(struct rr *rrv) { RRCAST(dname); return rr->target; } static struct binary_data dname_wirerdata(struct rr *rrv) { RRCAST(dname); return name2wire_name(rr->target); } static void* dname_validate_set(struct rr_set *rr_set) { struct rr *rr; struct rr_set *suspect; int count; struct named_rr *named_rr, *next_named_rr; if (G.opt.policy_checks[POLICY_DNAME]) { named_rr = rr_set->named_rr; rr = rr_set->tail; if (rr_set->count > 1) return moan(rr->file_name, rr->line, "multiple DNAMEs"); /* This check is already handled by "CNAME and other data" in cname.c * another_set = find_rr_set_in_named_rr(named_rr, T_CNAME); if (another_set) return moan(rr->file_name, rr->line, "DNAME cannot co-exist with a CNAME"); */ next_named_rr = find_next_named_rr(named_rr); /* handle http://tools.ietf.org/html/rfc5155#section-10.2 case */ if (next_named_rr && next_named_rr->parent == named_rr && (named_rr->flags & NAME_FLAG_APEX)) { count = get_rr_set_count(next_named_rr); if (count > 0) { suspect = find_rr_set_in_named_rr(next_named_rr, T_RRSIG); if (suspect) count--; suspect = find_rr_set_in_named_rr(next_named_rr, T_NSEC3); if (suspect) count--; if (count == 0) next_named_rr = find_next_named_rr(next_named_rr); } } if (next_named_rr && next_named_rr->parent == named_rr) return moan(rr->file_name, rr->line, "DNAME must not have any children (but %s exists)", next_named_rr->name); } return NULL; } struct rr_methods dname_methods = { dname_parse, dname_human, dname_wirerdata, dname_validate_set, NULL }; tobez-validns-f423245/dnskey.c000066400000000000000000000156321314110214000162010ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr_dnskey *all_dns_keys = NULL; static struct rr* dnskey_cdnskey_parse(char *name, long ttl, int type, char *s) { struct rr_dnskey *rr = getmem(sizeof(*rr)); struct binary_data key; int flags, proto, algorithm; unsigned int ac; int i; static struct rr *result; flags = extract_integer(&s, "flags", NULL); if (flags < 0) return NULL; if (flags & 0xfe7e) return bitch("reserved flags bits are set"); if (flags & 0x0001 && !(flags & 0x0100)) return bitch("SEP bit is set but Zone Key bit is unset"); rr->flags = flags; /* TODO validate that `name` is the name of the zone if flags have Zone Key bit set */ proto = extract_integer(&s, "protocol", NULL); if (proto < 0) return NULL; if (proto != 3) return bitch("bad protocol value"); rr->protocol = proto; algorithm = extract_algorithm(&s, "algorithm"); if (algorithm == ALG_UNSUPPORTED) return NULL; if (algorithm == ALG_PRIVATEDNS || algorithm == ALG_PRIVATEOID) { return bitch("private algorithms are not supported in %s", type == T_CDNSKEY ? "CDNSKEY" : "DNSKEY"); } rr->algorithm = algorithm; key = extract_base64_binary_data(&s, "public key"); if (key.length < 0) return NULL; /* TODO validate key length based on algorithm */ rr->pubkey = key; ac = 0; ac += rr->flags; ac += rr->protocol << 8; ac += rr->algorithm; for (i = 0; i < rr->pubkey.length; i++) { ac += (i & 1) ? (unsigned char)rr->pubkey.data[i] : ((unsigned char)rr->pubkey.data[i]) << 8; } ac += (ac >> 16) & 0xFFFF; rr->key_tag = ac & 0xFFFF; rr->pkey_built = 0; rr->pkey = NULL; rr->key_type = KEY_TYPE_UNUSED; if (*s) { return bitch("garbage after valid %s data", type == T_CDNSKEY ? "CDNSKEY" : "DNSKEY"); } result = store_record(type, name, ttl, rr); if (result && type == T_DNSKEY) { rr->next_key = all_dns_keys; all_dns_keys = rr; } return result; } static char* dnskey_cdnskey_human(struct rr *rrv) { RRCAST(dnskey); char s[1024]; snprintf(s, 1024, "%hu %d %d XXX ; key id = %hu", rr->flags, rr->protocol, rr->algorithm, rr->key_tag); return quickstrdup_temp(s); } static struct binary_data dnskey_cdnskey_wirerdata(struct rr *rrv) { RRCAST(dnskey); return compose_binary_data("211d", 1, rr->flags, rr->protocol, rr->algorithm, rr->pubkey); } static void *dnskey_cdnskey_validate(struct rr *rrv) { RRCAST(dnskey); if (G.opt.policy_checks[POLICY_DNSKEY]) { if (algorithm_type(rr->algorithm) == ALG_RSA_FAMILY) { unsigned int e_bytes; unsigned char *pk; int l; pk = (unsigned char *)rr->pubkey.data; l = rr->pubkey.length; e_bytes = *pk++; l--; if (e_bytes == 0) { if (l < 2) return moan(rr->rr.file_name, rr->rr.line, "public key is too short"); e_bytes = (*pk++) << 8; e_bytes += *pk++; l -= 2; } if (l < e_bytes) return moan(rr->rr.file_name, rr->rr.line, "public key is too short"); if (*pk == 0) return moan(rr->rr.file_name, rr->rr.line, "leading zero octets in public key exponent"); pk += e_bytes; l -= e_bytes; if (l > 0 && *pk == 0) return moan(rr->rr.file_name, rr->rr.line, "leading zero octets in key modulus"); } } return NULL; } struct rr_methods dnskey_methods = { dnskey_cdnskey_parse, dnskey_cdnskey_human, dnskey_cdnskey_wirerdata, NULL, dnskey_cdnskey_validate }; struct rr_methods cdnskey_methods = { dnskey_cdnskey_parse, dnskey_cdnskey_human, dnskey_cdnskey_wirerdata, NULL, dnskey_cdnskey_validate }; int dnskey_build_pkey(struct rr_dnskey *rr) { if (rr->pkey_built) return rr->pkey ? 1 : 0; rr->pkey_built = 1; if (algorithm_type(rr->algorithm) == ALG_RSA_FAMILY) { RSA *rsa; EVP_PKEY *pkey; unsigned int e_bytes; unsigned char *pk; int l; rsa = RSA_new(); if (!rsa) goto done; pk = (unsigned char *)rr->pubkey.data; l = rr->pubkey.length; e_bytes = *pk++; l--; if (e_bytes == 0) { if (l < 2) /* public key is too short */ goto done; e_bytes = (*pk++) << 8; e_bytes += *pk++; l -= 2; } if (l < e_bytes) /* public key is too short */ goto done; rsa->e = BN_bin2bn(pk, e_bytes, NULL); pk += e_bytes; l -= e_bytes; rsa->n = BN_bin2bn(pk, l, NULL); pkey = EVP_PKEY_new(); if (!pkey) goto done; if (!EVP_PKEY_set1_RSA(pkey, rsa)) goto done; rr->pkey = pkey; } else if (algorithm_type(rr->algorithm) == ALG_ECC_FAMILY) { EC_KEY *pubeckey; EVP_PKEY *pkey; unsigned char *pk; int l; BIGNUM *bn_x = NULL; BIGNUM *bn_y = NULL; if (rr->algorithm == ALG_ECDSAP256SHA256) { l = SHA256_DIGEST_LENGTH; pubeckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); } else if (rr->algorithm == ALG_ECDSAP384SHA384) { l = SHA384_DIGEST_LENGTH; pubeckey = EC_KEY_new_by_curve_name(NID_secp384r1); } else { goto done; } if (!pubeckey) goto done; if (rr->pubkey.length != 2*l) { goto done; } pk = (unsigned char *)rr->pubkey.data; bn_x = BN_bin2bn(pk, l, NULL); bn_y = BN_bin2bn(&pk[l], l, NULL); if (1 != EC_KEY_set_public_key_affine_coordinates(pubeckey, bn_x, bn_y)) { goto done; } pkey = EVP_PKEY_new(); if (!pkey) goto done; if (!EVP_PKEY_assign_EC_KEY(pkey, pubeckey)) goto done; rr->pkey = pkey; } done: if (!rr->pkey) { moan(rr->rr.file_name, rr->rr.line, "error building pkey"); } return rr->pkey ? 1 : 0; } void dnskey_ksk_policy_check(void) { struct rr_dnskey *rr = all_dns_keys; int ksk_found = 0; while (rr) { if (rr->key_type == KEY_TYPE_KSK) ksk_found = 1; rr = rr->next_key; } if (!ksk_found) moan(all_dns_keys->rr.file_name, all_dns_keys->rr.line, "No KSK found"); } tobez-validns-f423245/ds.c000066400000000000000000000057541314110214000153160ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr* ds_cds_parse(char *name, long ttl, int type, char *s) { struct rr_ds *rr = getmem(sizeof(*rr)); int key_tag, algorithm, digest_type; key_tag = extract_integer(&s, "key tag", NULL); if (key_tag < 0) return NULL; rr->key_tag = key_tag; algorithm = extract_algorithm(&s, "algorithm"); if (algorithm == ALG_UNSUPPORTED) return NULL; rr->algorithm = algorithm; digest_type = extract_integer(&s, "digest type", NULL); if (digest_type < 0) return NULL; rr->digest_type = digest_type; rr->digest = extract_hex_binary_data(&s, "digest", EXTRACT_EAT_WHITESPACE); if (rr->digest.length < 0) return NULL; /* See http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xml * for valid digest types. */ switch (digest_type) { case 1: if (rr->digest.length != SHA1_BYTES) { return bitch("wrong SHA-1 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA1_BYTES); } break; case 2: if (rr->digest.length != SHA256_BYTES) { return bitch("wrong SHA-256 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA256_BYTES); } break; case 3: if (rr->digest.length != GOST_BYTES) { return bitch("wrong GOST R 34.11-94 digest length: %d bytes found, %d bytes expected", rr->digest.length, GOST_BYTES); } break; case 4: if (rr->digest.length != SHA384_BYTES) { return bitch("wrong SHA-384 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA384_BYTES); } break; default: return bitch("bad or unsupported digest type %d", digest_type); } if (*s) { return bitch("garbage after valid %s data", type == T_CDS ? "CDS" : "DS"); } return store_record(type, name, ttl, rr); } static char* ds_cds_human(struct rr *rrv) { RRCAST(ds); char ss[4096]; char *s = ss; int l; int i; l = snprintf(s, 4096, "%u %u %u ", rr->key_tag, rr->algorithm, rr->digest_type); s += l; for (i = 0; i < rr->digest.length; i++) { l = snprintf(s, 4096-(s-ss), "%02X", (unsigned char)rr->digest.data[i]); s += l; } return quickstrdup_temp(ss); } static struct binary_data ds_cds_wirerdata(struct rr *rrv) { RRCAST(ds); return compose_binary_data("211d", 1, rr->key_tag, rr->algorithm, rr->digest_type, rr->digest); } struct rr_methods ds_methods = { ds_cds_parse, ds_cds_human, ds_cds_wirerdata, NULL, NULL }; struct rr_methods cds_methods = { ds_cds_parse, ds_cds_human, ds_cds_wirerdata, NULL, NULL }; tobez-validns-f423245/hinfo.c000066400000000000000000000025501314110214000160020ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *hinfo_parse(char *name, long ttl, int type, char *s) { struct rr_hinfo *rr = getmem(sizeof(*rr)); rr->cpu = extract_text(&s, "CPU"); if (rr->cpu.length < 0) return NULL; if (rr->cpu.length > 255) return bitch("CPU string is too long"); rr->os = extract_text(&s, "OS"); if (rr->os.length < 0) return NULL; if (rr->os.length > 255) return bitch("OS string is too long"); if (*s) { return bitch("garbage after valid HINFO data"); } return store_record(type, name, ttl, rr); } static char* hinfo_human(struct rr *rrv) { RRCAST(hinfo); char s[1024]; snprintf(s, 1024, "\"%s\" \"%s\"", rr->cpu.data, rr->os.data); return quickstrdup_temp(s); } static struct binary_data hinfo_wirerdata(struct rr *rrv) { RRCAST(hinfo); return compose_binary_data("bb", 1, rr->cpu, rr->os); } struct rr_methods hinfo_methods = { hinfo_parse, hinfo_human, hinfo_wirerdata, NULL, NULL }; tobez-validns-f423245/installation.mdwn000066400000000000000000000015151314110214000201230ustar00rootroot00000000000000# validns installation ## Compatibility Known to compile and work on: - FreeBSD 10.0 amd64 - FreeBSD 9.0 amd64 - FreeBSD 8.2 i386 - Ubuntu 10.10 1 i386 - Debian 5.0.3 "lenny" x86_64 - MacOS X 10.6.7 (10.7.0 Darwin) i386 Is likely to compile and work on any modern Unix-like OS. ## Requirements - Judy dynamic arrays - http://judy.sourceforge.net/ - FreeBSD: ports/devel/judy - Debian/Ubuntu: libjudy-dev - MacOS X: macports judy - Test::Command::Simple perl module (for tests only) - FreeBSD: ports/devel/p5-Test-Command-Simple - anywhere: cpanm Test::Command::Simple ## Compilation Type `make`. If there are troubles, have a long hard look at the `Makefile`, fix the problems, repeat. ## Installation Copy `validns` executable someplace. The manual page will be added soon. Once it is here, copy it some(other)place as well. tobez-validns-f423245/ipseckey.c000066400000000000000000000126421314110214000165160ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *ipseckey_parse(char *name, long ttl, int type, char *s) { struct rr_ipseckey *rr = getmem(sizeof(*rr)); int i; rr->precedence = i = extract_integer(&s, "precedence", NULL); if (i < 0) return NULL; if (i >= 256) return bitch("precedence range is not valid"); rr->gateway_type = i = extract_integer(&s, "gateway type", NULL); if (i < 0) return NULL; if (i > 3) return bitch("gateway type is not valid"); rr->algorithm = i = extract_integer(&s, "algorithm", NULL); if (i < 0) return NULL; if (i > 2) return bitch("algorithm is not valid"); switch (rr->gateway_type) { case 0: rr->gateway.gateway_none = extract_name(&s, "gateway/.", KEEP_CAPITALIZATION); if (!rr->gateway.gateway_none) return NULL; if (strcmp(rr->gateway.gateway_none, ".") != 0) return bitch("gateway must be \".\" for gateway type 0"); break; case 1: if (extract_ipv4(&s, "gateway/IPv4", &rr->gateway.gateway_ipv4) <= 0) return NULL; break; case 2: if (extract_ipv6(&s, "gateway/IPv6", &rr->gateway.gateway_ipv6) <= 0) return NULL; break; case 3: rr->gateway.gateway_name = extract_name(&s, "gateway/name", KEEP_CAPITALIZATION); if (!rr->gateway.gateway_name) return NULL; break; default: croakx(7, "assertion failed: gateway type %d not within range", rr->gateway_type); } /* My reading of http://tools.ietf.org/html/rfc4025 is fuzzy on: * * - whether it is possible to have algorithm 0 and non-empty key; * - whether it is possible to have empty key and algorithm != 0. * * Here I assume "not possible" for both. */ switch (rr->algorithm) { case 0: break; case 1: /* DSA key */ rr->public_key = extract_base64_binary_data(&s, "public key"); if (rr->public_key.length < 0) return NULL; break; case 2: /* RSA key */ rr->public_key = extract_base64_binary_data(&s, "public key"); if (rr->public_key.length < 0) return NULL; break; default: croakx(7, "assertion failed: algorithm %d not within range", rr->algorithm); } if (*s) { return bitch("garbage after valid IPSECKEY data"); } return store_record(type, name, ttl, rr); } static char* ipseckey_human(struct rr *rrv) { RRCAST(ipseckey); char s[1024], gw[1024]; switch (rr->gateway_type) { case 0: strcpy(gw, rr->gateway.gateway_none); break; case 1: inet_ntop(AF_INET, &rr->gateway.gateway_ipv4, gw, 1024); break; case 2: inet_ntop(AF_INET6, &rr->gateway.gateway_ipv6, gw, 1024); break; case 3: strcpy(gw, rr->gateway.gateway_name); break; default: strcpy(gw, "??"); } snprintf(s, 1024, "( %d %d %d %s ... )", rr->precedence, rr->gateway_type, rr->algorithm, gw); return quickstrdup_temp(s); } static struct binary_data ipseckey_wirerdata(struct rr *rrv) { RRCAST(ipseckey); struct binary_data helper; switch (rr->gateway_type) { case 0: if (rr->algorithm != 0) return compose_binary_data("111d", 1, rr->precedence, rr->gateway_type, rr->algorithm, rr->public_key); else return compose_binary_data("111", 1, rr->precedence, rr->gateway_type, rr->algorithm); break; case 1: helper.length = sizeof(rr->gateway.gateway_ipv4); helper.data = (void *)&rr->gateway.gateway_ipv4; if (rr->algorithm != 0) return compose_binary_data("111dd", 1, rr->precedence, rr->gateway_type, rr->algorithm, helper, rr->public_key); else return compose_binary_data("111d", 1, rr->precedence, rr->gateway_type, rr->algorithm, helper); break; case 2: helper.length = sizeof(rr->gateway.gateway_ipv6); helper.data = (void *)&rr->gateway.gateway_ipv6; if (rr->algorithm != 0) return compose_binary_data("111dd", 1, rr->precedence, rr->gateway_type, rr->algorithm, helper, rr->public_key); else return compose_binary_data("111d", 1, rr->precedence, rr->gateway_type, rr->algorithm, helper); break; case 3: if (rr->algorithm != 0) return compose_binary_data("111dd", 1, rr->precedence, rr->gateway_type, rr->algorithm, name2wire_name(rr->gateway.gateway_name), rr->public_key); else return compose_binary_data("111d", 1, rr->precedence, rr->gateway_type, rr->algorithm, name2wire_name(rr->gateway.gateway_name)); break; } return bad_binary_data(); } struct rr_methods ipseckey_methods = { ipseckey_parse, ipseckey_human, ipseckey_wirerdata, NULL, NULL }; tobez-validns-f423245/isdn.c000066400000000000000000000032631314110214000156360ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" /* XXX Does not accept multiple character-strings */ static struct rr *isdn_parse(char *name, long ttl, int type, char *s) { struct rr_isdn *rr = getmem(sizeof(*rr)); rr->isdn_address = extract_text(&s, "ISDN-address"); if (rr->isdn_address.length < 0) return NULL; if (rr->isdn_address.length > 255) return bitch("ISDN-address too long"); rr->sa_present = 0; if (*s) { rr->sa = extract_text(&s, "subaddress"); if (rr->sa.length < 0) return NULL; if (rr->sa.length > 255) return bitch("subaddress too long"); rr->sa_present = 1; } if (*s) { return bitch("garbage after valid ISDN data"); } return store_record(type, name, ttl, rr); } static char* isdn_human(struct rr *rrv) { RRCAST(isdn); return rr->isdn_address.data; } static struct binary_data isdn_wirerdata(struct rr *rrv) { RRCAST(isdn); struct binary_data r, t; r = bad_binary_data(); t.length = 0; t.data = NULL; r = compose_binary_data("db", 1, t, rr->isdn_address); t = r; if (rr->sa_present) { r = compose_binary_data("db", 1, t, rr->sa); t = r; } return r; } struct rr_methods isdn_methods = { isdn_parse, isdn_human, isdn_wirerdata, NULL, NULL }; tobez-validns-f423245/kx.c000066400000000000000000000023671314110214000153270ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *kx_parse(char *name, long ttl, int type, char *s) { struct rr_kx *rr = getmem(sizeof(*rr)); rr->preference = extract_integer(&s, "KX preference", NULL); if (rr->preference < 0) return NULL; rr->exchanger = extract_name(&s, "KX exchanger", 0); if (!rr->exchanger) return NULL; if (*s) { return bitch("garbage after valid KX data"); } return store_record(type, name, ttl, rr); } static char* kx_human(struct rr *rrv) { RRCAST(kx); char s[1024]; snprintf(s, 1024, "%d %s", rr->preference, rr->exchanger); return quickstrdup_temp(s); } static struct binary_data kx_wirerdata(struct rr *rrv) { RRCAST(kx); return compose_binary_data("2d", 1, rr->preference, name2wire_name(rr->exchanger)); } struct rr_methods kx_methods = { kx_parse, kx_human, kx_wirerdata, NULL, NULL }; tobez-validns-f423245/l32.c000066400000000000000000000026751314110214000153070ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *l32_parse(char *name, long ttl, int type, char *s) { struct rr_l32 *rr = getmem(sizeof(*rr)); struct in_addr ipv4_like; int preference; rr->preference = preference = extract_integer(&s, "L32 preference", NULL); if (preference < 0) return NULL; if (extract_ipv4(&s, "Locator32", &ipv4_like) <= 0) return NULL; rr->locator32 = ipv4_like.s_addr; if (*s) { return bitch("garbage after valid L32 data"); } return store_record(type, name, ttl, rr); } static char* l32_human(struct rr *rrv) { RRCAST(l32); char s[1024]; snprintf(s, 1024, "%d %d.%d.%d.%d", rr->preference, (rr->locator32 >> 24) & 0xff, (rr->locator32 >> 16) & 0xff, (rr->locator32 >> 8) & 0xff, (rr->locator32 >> 0) & 0xff); return quickstrdup_temp(s); } static struct binary_data l32_wirerdata(struct rr *rrv) { RRCAST(l32); return compose_binary_data("24", 1, rr->preference, rr->locator32); } struct rr_methods l32_methods = { l32_parse, l32_human, l32_wirerdata, NULL, NULL }; tobez-validns-f423245/l64.c000066400000000000000000000026541314110214000153110ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *l64_parse(char *name, long ttl, int type, char *s) { struct rr_l64 *rr = getmem(sizeof(*rr)); int preference; rr->preference = preference = extract_integer(&s, "L64 preference", NULL); if (preference < 0) return NULL; if (extract_u64(&s, "Locator64", &rr->locator64) < 0) return NULL; if (*s) { return bitch("garbage after valid L64 data"); } return store_record(type, name, ttl, rr); } static char* l64_human(struct rr *rrv) { RRCAST(l64); char s[1024]; snprintf(s, 1024, "%d %x:%x:%x:%x", rr->preference, (unsigned)(rr->locator64 >> 48) & 0xffff, (unsigned)(rr->locator64 >> 32) & 0xffff, (unsigned)(rr->locator64 >> 16) & 0xffff, (unsigned)(rr->locator64 >> 0) & 0xffff); return quickstrdup_temp(s); } static struct binary_data l64_wirerdata(struct rr *rrv) { RRCAST(l64); return compose_binary_data("28", 1, rr->preference, rr->locator64); } struct rr_methods l64_methods = { l64_parse, l64_human, l64_wirerdata, NULL, NULL }; tobez-validns-f423245/loc.c000066400000000000000000000140341314110214000154540ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static uint8_t double2loc_format(double val) { if (val > 1000000000) { return (((uint8_t)(val / 1000000000)) << 4) | 9; } else if (val > 100000000) { return (((uint8_t)(val / 100000000)) << 4) | 8; } else if (val > 10000000) { return (((uint8_t)(val / 10000000)) << 4) | 7; } else if (val > 1000000) { return (((uint8_t)(val / 1000000)) << 4) | 6; } else if (val > 100000) { return (((uint8_t)(val / 100000)) << 4) | 5; } else if (val > 10000) { return (((uint8_t)(val / 10000)) << 4) | 4; } else if (val > 1000) { return (((uint8_t)(val / 1000)) << 4) | 3; } else if (val > 100) { return (((uint8_t)(val / 100)) << 4) | 2; } else if (val > 10) { return (((uint8_t)(val / 10)) << 4) | 1; } else { return (((uint8_t)(val)) << 4); } } static struct rr *loc_parse(char *name, long ttl, int type, char *s) { struct rr_loc *rr = getmem(sizeof(*rr)); long long i; int deg; int min; double sec, val; rr->version = 0; /* latitude block */ i = extract_integer(&s, "degrees latitude", NULL); if (i < 0) return NULL; if (i > 90) return bitch("degrees latitude not in the range 0..90"); deg = i; min = 0; sec = 0; if (isdigit(*s)) { i = extract_integer(&s, "minutes latitude", NULL); if (i < 0) return NULL; if (i > 59) return bitch("minutes latitude not in the range 0..59"); min = i; if (isdigit(*s)) { /* restricted floating point, starting with a digit */ if (extract_double(&s, "seconds latitude", &sec, 0) < 0) return NULL; if (sec < 0 || sec > 59.999) return bitch("seconds latitude not in the range 0..59.999"); } } rr->latitude = sec*1000 + .5 + min*1000*60 + deg*1000*60*60; if (*s == 'n' || *s == 'N') { s++; rr->latitude = 2147483648u + rr->latitude; } else if (*s == 's' || *s == 'S') { s++; rr->latitude = 2147483648u - rr->latitude; } else { return bitch("latitude: N or S is expected"); } if (*s && !isspace(*s) && *s != ';' && *s != ')') { return bitch("latitude: N or S is expected"); } s = skip_white_space(s); if (!s) return NULL; /* longitude block */ i = extract_integer(&s, "degrees longitude", NULL); if (i < 0) return NULL; if (i > 180) return bitch("degrees longitude not in the range 0..90"); deg = i; min = 0; sec = 0; if (isdigit(*s)) { i = extract_integer(&s, "minutes longitude", NULL); if (i < 0) return NULL; if (i > 59) return bitch("minutes longitude not in the range 0..59"); min = i; if (isdigit(*s)) { /* restricted floating point, starting with a digit */ if (extract_double(&s, "seconds longitude", &sec, 0) < 0) return NULL; if (sec < 0 || sec > 59.999) return bitch("seconds longitude not in the range 0..59.999"); } } rr->longitude = sec*1000 + .5 + min*1000*60 + deg*1000*60*60; if (*s == 'e' || *s == 'E') { s++; rr->longitude = 2147483648u + rr->longitude; } else if (*s == 'w' || *s == 'W') { s++; rr->longitude = 2147483648u - rr->longitude; } else { return bitch("longitude: E or W is expected"); } if (*s && !isspace(*s) && *s != ';' && *s != ')') { return bitch("longitude: E or W is expected"); } s = skip_white_space(s); if (!s) return NULL; if (extract_double(&s, "altitude", &val, 1) < 0) return NULL; if (val < -100000.00 || val > 42849672.95) return bitch("altitude is out of supported range"); rr->altitude = (val + 100000.00) * 100 + 0.5; if (*s) { if (extract_double(&s, "sphere size", &val, 1) < 0) return NULL; if (val < 0 || val > 90000000.00) return bitch("sphere size is out of supported range"); rr->size = double2loc_format(val * 100 + 0.5); if (*s) { if (extract_double(&s, "horizontal precision", &val, 1) < 0) return NULL; if (val < 0 || val > 90000000.00) return bitch("horizontal precision is out of supported range"); rr->horiz_pre = double2loc_format(val * 100 + 0.5); if (*s) { if (extract_double(&s, "vertical precision", &val, 1) < 0) return NULL; if (val < 0 || val > 90000000.00) return bitch("vertical precision is out of supported range"); rr->vert_pre = double2loc_format(val * 100 + 0.5); } else { rr->vert_pre = double2loc_format(10 * 100 + 0.5); } } else { rr->horiz_pre = double2loc_format(10000 * 100 + 0.5); } } else { rr->size = double2loc_format(1 * 100 + 0.5); } if (*s) { return bitch("garbage after valid LOC data"); } return store_record(type, name, ttl, rr); } static char* loc_human(struct rr *rrv) { // struct rr_loc *rr = (struct rr_loc *)rrv; // char s[1024]; // snprintf(s, 1024, "\"%s\" \"%s\"", rr->cpu.data, rr->os.data); // return quickstrdup_temp(s); return "meow"; } static struct binary_data loc_wirerdata(struct rr *rrv) { RRCAST(loc); return compose_binary_data("1111444", 1, rr->version, rr->size, rr->horiz_pre, rr->vert_pre, rr->latitude, rr->longitude, rr->altitude); } struct rr_methods loc_methods = { loc_parse, loc_human, loc_wirerdata, NULL, NULL }; tobez-validns-f423245/lp.c000066400000000000000000000025471314110214000153200ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *lp_parse(char *name, long ttl, int type, char *s) { struct rr_lp *rr = getmem(sizeof(*rr)); int preference; rr->preference = preference = extract_integer(&s, "LP preference", NULL); if (preference < 0) return NULL; rr->fqdn = extract_name(&s, "LP fqdn", 0); if (!rr->fqdn) return NULL; if (strcasecmp(name, rr->fqdn) == 0) { return bitch("LP points to itself"); } if (*s) { return bitch("garbage after valid LP data"); } return store_record(type, name, ttl, rr); } static char* lp_human(struct rr *rrv) { RRCAST(lp); char s[1024]; snprintf(s, 1024, "%d %s", rr->preference, rr->fqdn); return quickstrdup_temp(s); } static struct binary_data lp_wirerdata(struct rr *rrv) { RRCAST(lp); return compose_binary_data("2d", 1, rr->preference, name2wire_name(rr->fqdn)); } struct rr_methods lp_methods = { lp_parse, lp_human, lp_wirerdata, NULL, NULL }; tobez-validns-f423245/main.c000066400000000000000000000541021314110214000156230ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include "common.h" #include "carp.h" #include "mempool.h" #include "textparse.h" #include "rr.h" struct globals G; struct file_info *file_info = NULL; int read_zone_file(void); void open_zone_file(char *fname); static void concat_generate_template(char *buf, int bufsz, int val, struct generate_template_piece *t) { char sval[40]; while (t) { if (t->constant_string) { mystrlcat(buf, t->constant_string, bufsz); } else { snprintf(sval, 40, "%d", val); mystrlcat(buf, sval, bufsz); } t = t->next; } } static struct generate_template_piece * free_generate_template(struct generate_template_piece *t) { struct generate_template_piece *n; while (t) { n = t->next; free(t); t = n; } return NULL; } static void create_generate_template_piece(struct generate_template_piece **generate_template, char *s) { if (s && *s == 0) return; struct generate_template_piece *p = malloc(sizeof(struct generate_template_piece)); p->constant_string = s; p->next = NULL; if (*generate_template) { struct generate_template_piece *t = *generate_template; while (t->next) t = t->next; t->next = p; } else { *generate_template = p; } } static struct generate_template_piece * prepare_generate_template(char *t) { char *s = t; struct generate_template_piece *r = NULL; while (1) { while (*t && *t != '$') t++; if (!*t) { create_generate_template_piece(&r, s); break; } else { *t = 0; create_generate_template_piece(&r, s); create_generate_template_piece(&r, NULL); t++; s = t; } } return r; } static char *process_directive(char *s) { char *d = s+1; if (*(s+1) == 'O' && strncmp(s, "$ORIGIN", 7) == 0) { char *o; s += 7; if (!isspace(*s)) { if (isalnum(*s)) goto unrecognized_directive; return bitch("bad $ORIGIN format"); } s = skip_white_space(s); o = extract_name(&s, "$ORIGIN value", 0); if (!o) { return NULL; } if (*s) { return bitch("garbage after valid $ORIGIN directive"); } file_info->current_origin = o; if (G.opt.verbose) { fprintf(stderr, "-> %s:%d: ", file_info->name, file_info->line); fprintf(stderr, "origin is now %s\n", o); } } else if (*(s+1) == 'T' && strncmp(s, "$TTL", 4) == 0) { s += 4; if (!isspace(*s)) { if (isalnum(*s)) goto unrecognized_directive; return bitch("bad $TTL format"); } s = skip_white_space(s); G.default_ttl = extract_timevalue(&s, "$TTL value"); if (G.default_ttl < 0) { return NULL; } if (*s) { return bitch("garbage after valid $TTL directive"); } if (G.opt.verbose) { fprintf(stderr, "-> %s:%d: ", file_info->name, file_info->line); fprintf(stderr, "default ttl is now %ld\n", G.default_ttl); } } else if (*(s+1) == 'G' && strncmp(s, "$GENERATE", 9) == 0) { int from, to; char *lhs, *rdtype; s += 9; if (!isspace(*s)) { if (isalnum(*s)) goto unrecognized_directive; return bitch("bad $GENERATE format"); } s = skip_white_space(s); from = extract_integer(&s, "generate-from", "-"); if (from < 0) return NULL; if (*s != '-') return bitch("'-' between generate-from and generate-to is expected"); s++; to = extract_integer(&s, "generate-to", "-"); if (to < 0) return NULL; if (*s == '/') return bitch("generate-step is unsupported for now"); lhs = extract_name(&s, "generate-lhs", KEEP_CAPITALIZATION | DOLLAR_OK_IN_NAMES); if (!lhs) return NULL; if (*s == '{') return bitch("{offset,width,type} is unsupported for now"); rdtype = extract_label(&s, "type", NULL); if (!rdtype) return NULL; file_info->generate_cur = from; file_info->generate_lim = to; file_info->generate_type = rdtype; file_info->generate_lhs = prepare_generate_template(lhs); file_info->generate_rhs = prepare_generate_template(quickstrdup(s)); return s; } else if (*(s+1) == 'I' && strncmp(s, "$INCLUDE", 8) == 0) { char *p, *f; char c; s += 8; if (!isspace(*s)) { if (isalnum(*s)) goto unrecognized_directive; return bitch("bad $INCLUDE format"); } s = skip_white_space(s); p = s; while (*s && !isspace(*s) && *s != ';') s++; c = *s; *s = '\0'; if (!*p) { return bitch("$INCLUDE directive with empty file name"); } f = quickstrdup_temp(p); *s = c; s = skip_white_space(s); if (*s) { return bitch("garbage after valid $INCLUDE directive"); } if (*f == '/') { open_zone_file(f); } else { char buf[1024]; snprintf(buf, 1024, "%s/%s", G.opt.include_path, f); open_zone_file(buf); } } else { unrecognized_directive: s = d-1; while (isalnum(*d)) d++; *d = '\0'; return bitch("unrecognized directive: %s", s); } return s; } char * read_zone_line(void) { char *r; if (file_info->generate_lhs) { if (file_info->generate_cur <= file_info->generate_lim) { file_info->buf[0] = 0; concat_generate_template(file_info->buf, LINEBUFSZ, file_info->generate_cur, file_info->generate_lhs); mystrlcat(file_info->buf, " ", LINEBUFSZ); mystrlcat(file_info->buf, file_info->generate_type, LINEBUFSZ); mystrlcat(file_info->buf, " ", LINEBUFSZ); concat_generate_template(file_info->buf, LINEBUFSZ, file_info->generate_cur, file_info->generate_rhs); file_info->generate_cur++; return file_info->buf; } else { /* Done with this $GENERATE */ file_info->generate_cur = 0; file_info->generate_lim = 0; file_info->generate_type = NULL; file_info->generate_lhs = NULL; free_generate_template(file_info->generate_lhs); free_generate_template(file_info->generate_rhs); file_info->generate_rhs = NULL; } } r = fgets(file_info->buf, LINEBUFSZ, file_info->file); if (r) file_info->line++; return r; } int read_zone_file(void) { char *s; char *name = NULL, *class, *rdtype; long ttl = -1; while (file_info) { while (read_zone_line()) { freeall_temp(); file_info->paren_mode = 0; rdtype = NULL; if (empty_line_or_comment(file_info->buf)) continue; s = file_info->buf; if (!isspace(*s)) { /* , $INCLUDE, $ORIGIN */ if (*s == '$') { process_directive(s); continue; } else { /* */ name = extract_name(&s, "record name", 0); if (!name) continue; } } else { s = skip_white_space(s); } if (!s) continue; if (!name) { bitch("cannot assume previous name for it is not known"); continue; } if (G.default_ttl >= 0) ttl = G.default_ttl; if (isdigit(*s)) { ttl = extract_timevalue(&s, "TTL"); if (ttl < 0) continue; class = extract_label(&s, "class or type", "temporary"); if (!class) continue; if (*class == 'i' && *(class+1) == 'n' && *(class+2) == 0) { } else if (*class == 'c' && *(class+1) == 's' && *(class+2) == 0) { bitch("CSNET class is not supported"); continue; } else if (*class == 'c' && *(class+1) == 'h' && *(class+2) == 0) { bitch("CHAOS class is not supported"); continue; } else if (*class == 'h' && *(class+1) == 's' && *(class+2) == 0) { bitch("HESIOD class is not supported"); continue; } else { rdtype = class; } } else { class = extract_label(&s, "class or type", "temporary"); if (!class) continue; if (*class == 'i' && *(class+1) == 'n' && *(class+2) == 0) { if (isdigit(*s)) { ttl = extract_timevalue(&s, "TTL"); if (ttl < 0) continue; } } else if (*class == 'c' && *(class+1) == 's' && *(class+2) == 0) { bitch("CSNET class is not supported"); continue; } else if (*class == 'c' && *(class+1) == 'h' && *(class+2) == 0) { bitch("CHAOS class is not supported"); continue; } else if (*class == 'h' && *(class+1) == 's' && *(class+2) == 0) { bitch("HESIOD class is not supported"); continue; } else { rdtype = class; } } if (!rdtype) { rdtype = extract_label(&s, "type", "temporary"); } if (!rdtype) { continue; } if (ttl < 0) { ttl = G.default_ttl; } { int is_generic; int type = str2rdtype(rdtype, &is_generic); struct rr *rr; if (type <= 0) continue; if (ttl < 0 && !(G.opt.soa_minttl_as_default_ttl && type == T_SOA)) { bitch("ttl not specified and default is not known"); continue; } if (is_generic) rr = rr_parse_any(name, ttl, type, s); else if (type > T_MAX) rr = rr_parse_any(name, ttl, type, s); else if (rr_methods[type].rr_parse) rr = rr_methods[type].rr_parse(name, ttl, type, s); else rr = rr_parse_any(name, ttl, type, s); if (type == T_SOA && ttl < 0 && rr) { struct rr_soa *soa = (struct rr_soa *) rr; soa->rr.ttl = G.default_ttl = soa->minimum; if (G.opt.verbose) { fprintf(stderr, "-> %s:%d: ", file_info->name, file_info->line); fprintf(stderr, "no ttl specified; using SOA MINTTL (%ld) instead\n", G.default_ttl); } } } } if (ferror(file_info->file)) croak(1, "read error for %s", file_info->name); file_info = file_info->next; } return 0; } void open_zone_file(char *fname) { FILE *f; struct file_info *new_file_info; if (strcmp(fname, "-") == 0) { f = stdin; fname = "stdin"; } else { f = fopen(fname, "r"); if (!file_info && !G.opt.include_path_specified) { G.opt.include_path = quickstrdup(dirname(quickstrdup_temp(fname))); } } if (!f) croak(1, "open %s", fname); new_file_info = malloc(sizeof(*new_file_info) + strlen(fname) + 1); if (!new_file_info) croak(1, "malloc(file_info), %s", fname); new_file_info->next = file_info; new_file_info->file = f; new_file_info->line = 0; strcpy(new_file_info->name, fname); if (file_info) { new_file_info->current_origin = file_info->current_origin; } else { new_file_info->current_origin = G.opt.first_origin; } file_info = new_file_info; } void usage(char *err) { if (err) fprintf(stderr, "%s\n", err); fprintf(stderr, "Usage:\n"); fprintf(stderr, " %s -h\n", thisprogname()); fprintf(stderr, " %s [options] zone-file\n", thisprogname()); fprintf(stderr, "Usage parameters:\n"); fprintf(stderr, "\t-h\t\tproduce usage text and quit\n"); fprintf(stderr, "\t-f\t\tquit on first validation error\n"); fprintf(stderr, "\t-p name\tperform policy check \n"); fprintf(stderr, "\t\t\tsingle-ns\n"); fprintf(stderr, "\t\t\tcname-other-data\n"); fprintf(stderr, "\t\t\tdname\n"); fprintf(stderr, "\t\t\tnsec3param-not-apex\n"); fprintf(stderr, "\t\t\tmx-alias\n"); fprintf(stderr, "\t\t\tns-alias\n"); fprintf(stderr, "\t\t\trp-txt-exists\n"); fprintf(stderr, "\t\t\ttlsa-host\n"); fprintf(stderr, "\t\t\tksk-exists\n"); fprintf(stderr, "\t\t\tsmimea-host\n"); fprintf(stderr, "\t\t\tall\n"); fprintf(stderr, "\t-n N\t\tuse N worker threads\n"); fprintf(stderr, "\t-q\t\tquiet - do not produce any output\n"); fprintf(stderr, "\t-s\t\tprint validation summary/stats\n"); fprintf(stderr, "\t-v\t\tbe extra verbose\n"); fprintf(stderr, "\t-I path\tuse this path for $INCLUDE files\n"); fprintf(stderr, "\t-z origin\tuse this origin as initial $ORIGIN\n"); fprintf(stderr, "\t-t epoch-time\tuse this time instead of \"now\"\n"); exit(1); } struct rr_methods rr_methods[T_MAX+1]; static void initialize_globals(void) { int i; setenv("TZ", "GMT0", 1); tzset(); memset(&G, 0, sizeof(G)); memset(&G.opt, 0, sizeof(G.opt)); memset(&G.stats, 0, sizeof(G.stats)); memset(rr_counts, 0, sizeof(rr_counts[0])*(T_MAX+1)); G.default_ttl = -1; /* XXX orly? */ G.opt.times_to_check[0] = time(NULL); G.opt.n_times_to_check = 0; G.opt.include_path = "."; for (i = 0; i <= T_MAX; i++) { rr_methods[i] = unknown_methods; } rr_methods[T_AAAA] = aaaa_methods; rr_methods[T_A] = a_methods; rr_methods[T_AFSDB] = afsdb_methods; rr_methods[T_CAA] = caa_methods; rr_methods[T_CDNSKEY] = cdnskey_methods; rr_methods[T_CDS] = cds_methods; rr_methods[T_CERT] = cert_methods; rr_methods[T_CNAME] = cname_methods; rr_methods[T_DHCID] = dhcid_methods; rr_methods[T_DLV] = dlv_methods; rr_methods[T_DNAME] = dname_methods; rr_methods[T_DNSKEY] = dnskey_methods; rr_methods[T_DS] = ds_methods; rr_methods[T_HINFO] = hinfo_methods; rr_methods[T_IPSECKEY] = ipseckey_methods; rr_methods[T_ISDN] = isdn_methods; rr_methods[T_KX] = kx_methods; rr_methods[T_L32] = l32_methods; rr_methods[T_L64] = l64_methods; rr_methods[T_LOC] = loc_methods; rr_methods[T_LP] = lp_methods; rr_methods[T_MB] = mb_methods; rr_methods[T_MG] = mg_methods; rr_methods[T_MINFO] = minfo_methods; rr_methods[T_MR] = mr_methods; rr_methods[T_MX] = mx_methods; rr_methods[T_NAPTR] = naptr_methods; rr_methods[T_NID] = nid_methods; rr_methods[T_NSAP] = nsap_methods; rr_methods[T_NSEC3PARAM] = nsec3param_methods; rr_methods[T_NSEC3] = nsec3_methods; rr_methods[T_NSEC] = nsec_methods; rr_methods[T_NS] = ns_methods; rr_methods[T_PTR] = ptr_methods; rr_methods[T_PX] = px_methods; rr_methods[T_RP] = rp_methods; rr_methods[T_RT] = rt_methods; rr_methods[T_RRSIG] = rrsig_methods; rr_methods[T_SMIMEA] = smimea_methods; rr_methods[T_SOA] = soa_methods; rr_methods[T_SPF] = spf_methods; rr_methods[T_SRV] = srv_methods; rr_methods[T_SSHFP] = sshfp_methods; rr_methods[T_TLSA] = tlsa_methods; rr_methods[T_TXT] = txt_methods; rr_methods[T_X25] = x25_methods; } int main(int argc, char **argv) { int o; struct timeval start, stop; initialize_globals(); while ((o = getopt(argc, argv, "fhMqsvI:z:t:p:n:")) != -1) { switch(o) { case 'h': usage(NULL); break; case 'f': G.opt.die_on_first_error = 1; break; case 'M': G.opt.soa_minttl_as_default_ttl = 1; break; case 'q': G.opt.no_output = 1; break; case 's': G.opt.summary++; break; case 'v': G.opt.verbose = 1; break; case 'p': if (strcmp(optarg, "all") == 0) { int i; for (i = 0; i < N_POLICY_CHECKS; i++) { G.opt.policy_checks[i] = 1; } } else if (strcmp(optarg, "single-ns") == 0) { G.opt.policy_checks[POLICY_SINGLE_NS] = 1; } else if (strcmp(optarg, "cname-other-data") == 0) { G.opt.policy_checks[POLICY_CNAME_OTHER_DATA] = 1; } else if (strcmp(optarg, "dname") == 0) { G.opt.policy_checks[POLICY_DNAME] = 1; } else if (strcmp(optarg, "dnskey") == 0) { G.opt.policy_checks[POLICY_DNSKEY] = 1; } else if (strcmp(optarg, "nsec3param-not-apex") == 0) { G.opt.policy_checks[POLICY_NSEC3PARAM_NOT_APEX] = 1; } else if (strcmp(optarg, "mx-alias") == 0) { G.opt.policy_checks[POLICY_MX_ALIAS] = 1; } else if (strcmp(optarg, "ns-alias") == 0) { G.opt.policy_checks[POLICY_NS_ALIAS] = 1; } else if (strcmp(optarg, "rp-txt-exists") == 0) { G.opt.policy_checks[POLICY_RP_TXT_EXISTS] = 1; } else if (strcmp(optarg, "tlsa-host") == 0) { G.opt.policy_checks[POLICY_TLSA_HOST] = 1; } else if (strcmp(optarg, "smimea-host") == 0) { G.opt.policy_checks[POLICY_SMIMEA_HOST] = 1; } else if (strcmp(optarg, "ksk-exists") == 0) { G.opt.policy_checks[POLICY_KSK_EXISTS] = 1; } else { usage("unknown policy name"); } break; case 'I': G.opt.include_path = optarg; G.opt.include_path_specified = 1; break; case 'z': if (strlen(optarg) && *(optarg+strlen(optarg)-1) == '.') { G.opt.first_origin = optarg; } else if (strlen(optarg)) { G.opt.first_origin = getmem(strlen(optarg)+2); strcpy(mystpcpy(G.opt.first_origin, optarg), "."); } else { usage("origin must not be empty"); } break; case 'n': G.opt.n_threads = strtol(optarg, NULL, 10); if (G.opt.n_threads > 256) usage("non-sensical number of threads requested"); if (G.opt.verbose) fprintf(stderr, "using %d worker threads\n", G.opt.n_threads); break; case 't': if (G.opt.n_times_to_check >= MAX_TIMES_TO_CHECK) usage("too many -t specified"); G.opt.times_to_check[G.opt.n_times_to_check++] = strtol(optarg, NULL, 10); break; default: usage(NULL); } } if (G.opt.n_times_to_check <= 0) G.opt.n_times_to_check = 1; argc -= optind; argv += optind; if (argc != 1) usage(NULL); gettimeofday(&start, NULL); open_zone_file(argv[0]); read_zone_file(); validate_zone(); verify_all_keys(); if (G.nsec3_present) { if (first_nsec3) nsec3_validate(&first_nsec3->rr); perform_remaining_nsec3checks(); } if (G.dnssec_active && G.opt.policy_checks[POLICY_KSK_EXISTS]) { dnskey_ksk_policy_check(); } gettimeofday(&stop, NULL); if (G.opt.summary) { printf("records found: %d\n", G.stats.rr_count); printf("skipped dups: %d\n", G.stats.skipped_dup_rr_count); printf("record sets found: %d\n", G.stats.rrset_count); printf("unique names found: %d\n", G.stats.names_count); printf("delegations found: %d\n", G.stats.delegations); printf(" nsec3 records: %d\n", G.stats.nsec3_count); /* "not authoritative names" - non-empty terminals without any authoritative records */ /* delegation points count as authoritative, which might or might not be correct */ printf("not authoritative names, not counting delegation points:\n" " %d\n", G.stats.not_authoritative); printf("validation errors: %d\n", G.stats.error_count); printf("signatures verified: %d\n", G.stats.signatures_verified); printf("time taken: %.3fs\n", stop.tv_sec - start.tv_sec + (stop.tv_usec - start.tv_usec)/1000000.); if (G.opt.summary > 1) { int i; printf("record count by type:\n"); for (i = 1; i <= T_MAX; i++) { if (rr_counts[i]) printf("%20s: %d\n", rdtype2str(i), rr_counts[i]); } } } return G.exit_code; } tobez-validns-f423245/mb.c000066400000000000000000000017261314110214000153010ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *mb_parse(char *name, long ttl, int type, char *s) { struct rr_mb *rr = getmem(sizeof(*rr)); rr->madname = extract_name(&s, "madname", 0); if (!rr->madname) return NULL; if (*s) { return bitch("garbage after valid MB data"); } return store_record(type, name, ttl, rr); } static char* mb_human(struct rr *rrv) { RRCAST(mb); return rr->madname; } static struct binary_data mb_wirerdata(struct rr *rrv) { RRCAST(mb); return name2wire_name(rr->madname); } struct rr_methods mb_methods = { mb_parse, mb_human, mb_wirerdata, NULL, NULL }; tobez-validns-f423245/mempool.c000066400000000000000000000046131314110214000163510ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include "mempool.h" #include "carp.h" struct pool { struct pool *next; size_t pool_size; size_t free_index; char mem[0]; }; static struct pool *freespace = NULL; static struct pool *temp_freespace = NULL; static void new_pool(size_t size) { struct pool *pool; size = (size + sizeof(void *) - 1) / sizeof(void *); size *= sizeof(void *); pool = malloc(size + sizeof(struct pool)); if (!pool) croak(1, "new_pool malloc"); pool->next = freespace; pool->free_index = 0; pool->pool_size = size; freespace = pool; } void mem_requirements_hint(size_t size) { if (freespace) return; new_pool(size); } void *getmem(size_t size) { void *ret; size = (size + sizeof(void *) - 1) / sizeof(void *); size *= sizeof(void *); if (!freespace) new_pool(size > 256000 ? size : 256000); if (freespace->pool_size - freespace->free_index < size) new_pool(size > 256000 ? size : 256000); ret = freespace->mem + freespace->free_index; freespace->free_index += size; return ret; } void *getmem_temp(size_t size) { void *ret; size = (size + sizeof(void *) - 1) / sizeof(void *); size *= sizeof(void *); if (!temp_freespace) { size_t pool_size = size > 1024*1024 ? size : 1024*1024; pool_size = (pool_size + sizeof(void *) - 1) / sizeof(void *); pool_size *= sizeof(void *); temp_freespace = malloc(pool_size + sizeof(struct pool)); if (!temp_freespace) croak(1, "getmem_temp malloc"); temp_freespace->next = NULL; temp_freespace->free_index = 0; temp_freespace->pool_size = pool_size; } if (temp_freespace->pool_size - temp_freespace->free_index < size) croak(1, "getmem_temp request too large"); ret = temp_freespace->mem + temp_freespace->free_index; temp_freespace->free_index += size; return ret; } int freeall_temp(void) { if (temp_freespace) { temp_freespace->free_index = 0; } return 1; } char *quickstrdup(char *s) { char *r = getmem(strlen(s)+1); return strcpy(r, s); } char *quickstrdup_temp(char *s) { char *r = getmem_temp(strlen(s)+1); return strcpy(r, s); } tobez-validns-f423245/mempool.h000066400000000000000000000006411314110214000163530ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #ifndef _MEMPOOL_H #define _MEMPOOL_H 1 void mem_requirements_hint(size_t size); void *getmem(size_t size); char *quickstrdup(char *s); int freeall_temp(void); void *getmem_temp(size_t size); char *quickstrdup_temp(char *s); #endif tobez-validns-f423245/mg.c000066400000000000000000000017261314110214000153060ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *mg_parse(char *name, long ttl, int type, char *s) { struct rr_mg *rr = getmem(sizeof(*rr)); rr->mgmname = extract_name(&s, "mgmname", 0); if (!rr->mgmname) return NULL; if (*s) { return bitch("garbage after valid MG data"); } return store_record(type, name, ttl, rr); } static char* mg_human(struct rr *rrv) { RRCAST(mg); return rr->mgmname; } static struct binary_data mg_wirerdata(struct rr *rrv) { RRCAST(mg); return name2wire_name(rr->mgmname); } struct rr_methods mg_methods = { mg_parse, mg_human, mg_wirerdata, NULL, NULL }; tobez-validns-f423245/minfo.c000066400000000000000000000023661314110214000160140ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *minfo_parse(char *name, long ttl, int type, char *s) { struct rr_minfo *rr = getmem(sizeof(*rr)); rr->rmailbx = extract_name(&s, "rmailbx", 0); if (!rr->rmailbx) return NULL; rr->emailbx = extract_name(&s, "emailbx", 0); if (!rr->emailbx) return NULL; if (*s) { return bitch("garbage after valid MINFO data"); } return store_record(type, name, ttl, rr); } static char* minfo_human(struct rr *rrv) { RRCAST(minfo); char s[1024]; snprintf(s, 1024, "%s %s", rr->rmailbx, rr->emailbx); return quickstrdup_temp(s); } static struct binary_data minfo_wirerdata(struct rr *rrv) { RRCAST(minfo); return compose_binary_data("dd", 1, name2wire_name(rr->rmailbx), name2wire_name(rr->emailbx)); } struct rr_methods minfo_methods = { minfo_parse, minfo_human, minfo_wirerdata, NULL, NULL }; tobez-validns-f423245/mr.c000066400000000000000000000017261314110214000153210ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *mr_parse(char *name, long ttl, int type, char *s) { struct rr_mr *rr = getmem(sizeof(*rr)); rr->newname = extract_name(&s, "newname", 0); if (!rr->newname) return NULL; if (*s) { return bitch("garbage after valid MR data"); } return store_record(type, name, ttl, rr); } static char* mr_human(struct rr *rrv) { RRCAST(mr); return rr->newname; } static struct binary_data mr_wirerdata(struct rr *rrv) { RRCAST(mr); return name2wire_name(rr->newname); } struct rr_methods mr_methods = { mr_parse, mr_human, mr_wirerdata, NULL, NULL }; tobez-validns-f423245/mx.c000066400000000000000000000034601314110214000153240ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *mx_parse(char *name, long ttl, int type, char *s) { struct rr_mx *rr = getmem(sizeof(*rr)); rr->preference = extract_integer(&s, "MX preference", NULL); if (rr->preference < 0) return NULL; /* XXX preference range check */ rr->exchange = extract_name(&s, "MX exchange", 0); if (!rr->exchange) return NULL; if (*s) { return bitch("garbage after valid MX data"); } return store_record(type, name, ttl, rr); } static char* mx_human(struct rr *rrv) { RRCAST(mx); char s[1024]; snprintf(s, 1024, "%d %s", rr->preference, rr->exchange); return quickstrdup_temp(s); } static struct binary_data mx_wirerdata(struct rr *rrv) { RRCAST(mx); return compose_binary_data("2d", 1, rr->preference, name2wire_name(rr->exchange)); } static void* mx_validate_set(struct rr_set *rr_set) { if (rr_set->named_rr->flags & NAME_FLAG_CONTAINS_SLASH) { struct rr *rr = rr_set->tail; return moan(rr->file_name, rr->line, "host name contains '/'"); } return NULL; } static void *mx_validate(struct rr *rrv) { RRCAST(mx); if (G.opt.policy_checks[POLICY_MX_ALIAS]) { if (find_rr_set(T_CNAME, rr->exchange)) { return moan(rr->rr.file_name, rr->rr.line, "MX exchange is an alias"); } } return NULL; } struct rr_methods mx_methods = { mx_parse, mx_human, mx_wirerdata, mx_validate_set, mx_validate }; tobez-validns-f423245/naptr.c000066400000000000000000000042101314110214000160160ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *naptr_parse(char *name, long ttl, int type, char *s) { struct rr_naptr *rr = getmem(sizeof(*rr)); int i; struct binary_data text; i = extract_integer(&s, "order", NULL); if (i < 0) return NULL; if (i >= 65536) return bitch("order range is not valid"); rr->order = i; i = extract_integer(&s, "preference", NULL); if (i < 0) return NULL; if (i >= 65536) return bitch("preference range is not valid"); rr->preference = i; text = extract_text(&s, "flags"); if (text.length < 0) return NULL; for (i = 0; i < text.length; i++) { if (!isalnum(text.data[i])) { return bitch("flags contains illegal characters"); } } rr->flags = text; text = extract_text(&s, "services"); if (text.length < 0) return NULL; rr->services = text; text = extract_text(&s, "regexp"); if (text.length < 0) return NULL; rr->regexp = text; rr->replacement = extract_name(&s, "replacement", 0); if (!rr->replacement) return NULL; if (*s) { return bitch("garbage after valid NAPTR data"); } return store_record(type, name, ttl, rr); } static char* naptr_human(struct rr *rrv) { RRCAST(naptr); char s[1024]; snprintf(s, 1024, "%hu %hu \"%s\" ...", rr->order, rr->preference, rr->flags.data); return quickstrdup_temp(s); } static struct binary_data naptr_wirerdata(struct rr *rrv) { RRCAST(naptr); return compose_binary_data("22bbbd", 1, rr->order, rr->preference, rr->flags, rr->services, rr->regexp, name2wire_name(rr->replacement)); } struct rr_methods naptr_methods = { naptr_parse, naptr_human, naptr_wirerdata, NULL, NULL }; tobez-validns-f423245/nid.c000066400000000000000000000026351314110214000154550ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *nid_parse(char *name, long ttl, int type, char *s) { struct rr_nid *rr = getmem(sizeof(*rr)); int preference; rr->preference = preference = extract_integer(&s, "NID preference", NULL); if (preference < 0) return NULL; if (extract_u64(&s, "NodeID", &rr->node_id) < 0) return NULL; if (*s) { return bitch("garbage after valid NID data"); } return store_record(type, name, ttl, rr); } static char* nid_human(struct rr *rrv) { RRCAST(nid); char s[1024]; snprintf(s, 1024, "%d %x:%x:%x:%x", rr->preference, (unsigned)(rr->node_id >> 48) & 0xffff, (unsigned)(rr->node_id >> 32) & 0xffff, (unsigned)(rr->node_id >> 16) & 0xffff, (unsigned)(rr->node_id >> 0) & 0xffff); return quickstrdup_temp(s); } static struct binary_data nid_wirerdata(struct rr *rrv) { RRCAST(nid); return compose_binary_data("28", 1, rr->preference, rr->node_id); } struct rr_methods nid_methods = { nid_parse, nid_human, nid_wirerdata, NULL, NULL }; tobez-validns-f423245/notes.mdwn000066400000000000000000000012121314110214000165440ustar00rootroot00000000000000# validns notes ## OMISSIONS A number of corners were cut to assume the most usual way of doing things. Therefore, in many cases, `validns` currently does not strictly adhere to various standards. In particular, it should be possible (and easy) to construct a perfectly valid zone file which `validns` will report as problematic. It is expected that those cases will be all fixed over time. But if you have a valid zone which `validns` cannot parse, please do report this fact to the author, with examples. If there is a need for the community to fix a particular omission, it will be fixed sooner. Needless to say, patches are always welcome. tobez-validns-f423245/ns.c000066400000000000000000000037471314110214000153300ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *ns_parse(char *name, long ttl, int type, char *s) { struct rr_ns *rr = getmem(sizeof(*rr)); struct rr *ret_rr; rr->nsdname = extract_name(&s, "name server domain name", 0); if (!rr->nsdname) return NULL; if (*s) { return bitch("garbage after valid NS data"); } ret_rr = store_record(type, name, ttl, rr); if (ret_rr) { if (!(ret_rr->rr_set->named_rr->flags & (NAME_FLAG_APEX|NAME_FLAG_DELEGATION))) { ret_rr->rr_set->named_rr->flags |= NAME_FLAG_DELEGATION; G.stats.delegations++; } } return ret_rr; } static char* ns_human(struct rr *rrv) { RRCAST(ns); return rr->nsdname; } static struct binary_data ns_wirerdata(struct rr *rrv) { RRCAST(ns); return name2wire_name(rr->nsdname); } static void* ns_validate_set(struct rr_set *rr_set) { struct rr *rr; if (G.opt.policy_checks[POLICY_SINGLE_NS]) { if (rr_set->count < 2) { rr = rr_set->tail; return moan(rr->file_name, rr->line, "there should be at least two NS records per name"); } } return NULL; } static void *ns_validate(struct rr *rrv) { RRCAST(ns); if (G.opt.policy_checks[POLICY_NS_ALIAS]) { if (find_rr_set(T_CNAME, rr->nsdname)) { return moan(rr->rr.file_name, rr->rr.line, "NS data is an alias"); } } if (strchr(rr->nsdname, '/') != NULL) return moan(rr->rr.file_name, rr->rr.line, "NS data contains '/'"); return NULL; } struct rr_methods ns_methods = { ns_parse, ns_human, ns_wirerdata, ns_validate_set, ns_validate }; tobez-validns-f423245/nsap.c000066400000000000000000000020001314110214000156260ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr* nsap_parse(char *name, long ttl, int type, char *s) { struct rr_nsap *rr = getmem(sizeof(*rr)); rr->data = extract_hex_binary_data(&s, "NSAP data", EXTRACT_EAT_WHITESPACE); if (rr->data.length < 0) return NULL; if (*s) { return bitch("garbage after valid NSAP data"); } return store_record(type, name, ttl, rr); } static char* nsap_human(struct rr *rrv) { return "..."; } static struct binary_data nsap_wirerdata(struct rr *rrv) { RRCAST(nsap); return compose_binary_data("d", 1, rr->data); } struct rr_methods nsap_methods = { nsap_parse, nsap_human, nsap_wirerdata, NULL, NULL }; tobez-validns-f423245/nsec.c000066400000000000000000000102101314110214000156170ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. 604800 NSEC example.com. NS DS RRSIG NSEC 604800 RRSIG NSEC 10 3 604800 20130321184221 ( 20130219184221 35615 example.com. WWg7EiYoY8Hp593I2i5Mkl2ezg7YuAnq0y75 oymTCuEfGwh4OxbMT/mWNqAFL5Y8f0YoQOOY wZP0m/sGK/EJN7ulNsfQyULY4WsyHIGlKMwT KdyDXJLrmrzlmRnGv7pFb0bo53n3osE0uFfH yMQYOkQRYfqa4yWXF9Nl48dy67frtVih0foy 9Mm76mmJSDUd/jGsYQmaoFGVU/a64rWapVQ9 O/mXPqr6Pw2ZCHecsF4ElMEp41YqG1DfR5QR khTjvTlg4aTKvgX1YuvDhjUygSHit47xn2NC 2WwEZF+vYXT9DIUCMcKdVeb4bjWwUXbWNFqz Ca3jb/mpOpUDFnrRPw== ) * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr* nsec_parse(char *name, long ttl, int type, char *s) { struct rr_nsec *rr = getmem(sizeof(*rr)); struct binary_data bitmap; char *str_type = NULL; int ltype; rr->next_domain = extract_name(&s, "next domain", KEEP_CAPITALIZATION); /* TODO: validate next_domain, http://tools.ietf.org/html/rfc4034#section-4.1.1 */ bitmap = new_set(); while (s && *s) { str_type = extract_label(&s, "type list", "temporary"); if (!str_type) return NULL; ltype = str2rdtype(str_type, NULL); if (ltype < 0) return NULL; add_bit_to_set(&bitmap, ltype); } if (!s) return NULL; if (!str_type) { return bitch("NSEC type list should not be empty"); } rr->type_bitmap = compressed_set(&bitmap); G.dnssec_active = 1; return store_record(type, name, ttl, rr); } static char* nsec_human(struct rr *rrv) { RRCAST(nsec); char ss[1024]; char *s = ss; int l; char *base; int i, k; int type; char *type_name; l = snprintf(s, 1024, "%s", rr->next_domain); s += l; base = rr->type_bitmap.data; while (base - rr->type_bitmap.data < rr->type_bitmap.length) { for (i = 0; i < base[1]; i++) { for (k = 0; k <= 7; k++) { if (base[2+i] & (0x80 >> k)) { type = ((unsigned char)base[0])*256 + i*8 + k; type_name = rdtype2str(type); l = snprintf(s, 1024-(s-ss), " %s", type_name); s += l; } } } base += base[1]+2; } return quickstrdup_temp(ss); } static struct binary_data nsec_wirerdata(struct rr *rrv) { RRCAST(nsec); return compose_binary_data("dd", 1, name2wire_name(rr->next_domain), rr->type_bitmap); } static void* nsec_validate(struct rr *rrv) { RRCAST(nsec); struct named_rr *named_rr; named_rr = rr->rr.rr_set->named_rr; if (!check_typemap(rr->type_bitmap, named_rr, rrv)) return NULL; return rr; } void validate_nsec_chain(void) { struct rr_set *rr_set; struct named_rr *named_rr; rr_set = find_rr_set(T_NSEC, zone_apex); if (!rr_set) { named_rr = find_named_rr(zone_apex); moan(named_rr->file_name, named_rr->line, "apex NSEC not found"); return; } while (1) { char name[1024]; struct rr_nsec *rr = (struct rr_nsec *)rr_set->tail; char *s, *t; if (strcasecmp(rr->next_domain, zone_apex) == 0) /* chain complete */ break; freeall_temp(); s = rr->next_domain; t = name; while (*s) *t++ = tolower(*s++); *t = 0; rr_set = find_rr_set(T_NSEC, name); if (!rr_set) { moan(rr->rr.file_name, rr->rr.line, "broken NSEC chain %s -> %s", rr->rr.rr_set->named_rr->name, rr->next_domain); break; } } freeall_temp(); } struct rr_methods nsec_methods = { nsec_parse, nsec_human, nsec_wirerdata, NULL, nsec_validate }; tobez-validns-f423245/nsec3.c000066400000000000000000000120501314110214000157060ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" #include "base32hex.h" static struct rr* nsec3_parse(char *name, long ttl, int type, char *s) { struct rr_nsec3 *rr = getmem(sizeof(*rr)); struct rr *ret_rr; struct binary_data bitmap; int i; int opt_out = 0; char *str_type = NULL; int ltype; i = extract_integer(&s, "hash algorithm", NULL); if (i < 0) return NULL; if (i > 255) return bitch("bad hash algorithm value"); if (i != 1) return bitch("unrecognized or unsupported hash algorithm"); rr->hash_algorithm = i; i = extract_integer(&s, "flags", NULL); if (i < 0) return NULL; if (i > 255) return bitch("bad flags value"); if (!(i == 0 || i == 1)) return bitch("unsupported flags value"); if (i == 1) opt_out = 1; rr->flags = i; i = extract_integer(&s, "iterations", NULL); if (i < 0) return NULL; if (i > 2500) return bitch("bad iterations value"); rr->iterations = i; /* TODO validate iteration count according to key size, * as per http://tools.ietf.org/html/rfc5155#section-10.3 */ if (*s == '-') { rr->salt.length = 0; rr->salt.data = NULL; s++; if (*s && !isspace(*s) && *s != ';' && *s != ')') return bitch("salt is not valid"); s = skip_white_space(s); } else { rr->salt = extract_hex_binary_data(&s, "salt", EXTRACT_DONT_EAT_WHITESPACE); if (rr->salt.length <= 0) return NULL; if (rr->salt.length > 255) return bitch("salt is too long"); } rr->next_hashed_owner = extract_base32hex_binary_data(&s, "next hashed owner"); if (rr->next_hashed_owner.length != 20) { return bitch("next hashed owner does not have the right size"); } bitmap = new_set(); while (s && *s) { str_type = extract_label(&s, "type list", "temporary"); if (!str_type) return NULL; ltype = str2rdtype(str_type, NULL); if (ltype < 0) return NULL; add_bit_to_set(&bitmap, ltype); } if (!s) return NULL; rr->type_bitmap = compressed_set(&bitmap); rr->corresponding_name = NULL; rr->next_nsec3 = NULL; if (!remember_nsec3(name, rr)) return NULL; ret_rr = store_record(type, name, ttl, rr); if (ret_rr) { G.nsec3_present = 1; G.dnssec_active = 1; G.stats.nsec3_count++; if (opt_out) { G.nsec3_opt_out_present = 1; } if (ret_rr && !nsec3param) nsec3param = ret_rr; } return ret_rr; } static char* nsec3_human(struct rr *rrv) { RRCAST(nsec3); char ss[1024]; char *s = ss; int l; int i; l = snprintf(s, 1024, "%u %u %u ", rr->hash_algorithm, rr->flags, rr->iterations); s += l; if (rr->salt.length) { for (i = 0; i < rr->salt.length; i++) { l = snprintf(s, 1024-(s-ss), "%02X", (unsigned char)rr->salt.data[i]); s += l; } } else { sprintf(s, "-"); } return quickstrdup_temp(ss); } static struct binary_data nsec3_wirerdata(struct rr *rrv) { RRCAST(nsec3); return compose_binary_data("112bbd", 1, rr->hash_algorithm, rr->flags, rr->iterations, rr->salt, rr->next_hashed_owner, rr->type_bitmap); } struct rr_nsec3 *first_nsec3 = NULL; struct rr_nsec3 *latest_nsec3 = NULL; void* nsec3_validate(struct rr *rrv) { RRCAST(nsec3); if (!first_nsec3) { first_nsec3 = rr; } if (latest_nsec3) { if (memcmp(latest_nsec3->next_hashed_owner.data, rr->this_hashed_name.data, 20) != 0) { char *expected_name = quickstrdup_temp(rr->rr.rr_set->named_rr->name); /* guaranteed to have same length, I think */ encode_base32hex(expected_name, 32, latest_nsec3->next_hashed_owner.data, 20); if (rr == first_nsec3) { moan(latest_nsec3->rr.file_name, latest_nsec3->rr.line, "broken NSEC3 chain, expected %s, but nothing found", expected_name); } else { moan(latest_nsec3->rr.file_name, latest_nsec3->rr.line, "broken NSEC3 chain, expected %s, but found %s", expected_name, rr->rr.rr_set->named_rr->name); } if (rr != first_nsec3) latest_nsec3->next_nsec3 = rr; latest_nsec3 = rr; return NULL; } if (rr != first_nsec3) latest_nsec3->next_nsec3 = rr; } latest_nsec3 = rr; return rr; } struct rr_methods nsec3_methods = { nsec3_parse, nsec3_human, nsec3_wirerdata, NULL, nsec3_validate }; tobez-validns-f423245/nsec3checks.c000066400000000000000000000220341314110214000170720ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" #include "base32hex.h" #include "cbtree.h" static struct binary_data name2hash(char *name, struct rr *param) { struct rr_nsec3param *p = (struct rr_nsec3param *)param; EVP_MD_CTX ctx; unsigned char md0[EVP_MAX_MD_SIZE]; unsigned char md1[EVP_MAX_MD_SIZE]; unsigned char *md[2]; int mdi = 0; struct binary_data r = bad_binary_data(); struct binary_data wire_name = name2wire_name(name); int i; int digest_size; md[0] = md0; md[1] = md1; if (wire_name.length < 0) return r; /* XXX Maybe use Init_ex and Final_ex for speed? */ EVP_MD_CTX_init(&ctx); if (EVP_DigestInit(&ctx, EVP_sha1()) != 1) return r; digest_size = EVP_MD_CTX_size(&ctx); EVP_DigestUpdate(&ctx, wire_name.data, wire_name.length); EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length); EVP_DigestFinal(&ctx, md[mdi], NULL); for (i = 0; i < p->iterations; i++) { if (EVP_DigestInit(&ctx, EVP_sha1()) != 1) return r; EVP_DigestUpdate(&ctx, md[mdi], digest_size); mdi = (mdi + 1) % 2; EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length); EVP_DigestFinal(&ctx, md[mdi], NULL); } r.length = digest_size; r.data = getmem(digest_size); memcpy(r.data, md[mdi], digest_size); return r; } int sorted_hashed_names_count; uint32_t mask; struct binary_data *sorted_hashed_names; void *nsec3_hash; static int validate_nsec3_for_name(const char *name, intptr_t *data, void *p) { struct named_rr *named_rr = *((struct named_rr **)data); struct binary_data hash; struct rr_nsec3 **nsec3_slot; struct rr_nsec3 *nsec3; if ((named_rr->flags & mask) == NAME_FLAG_KIDS_WITH_RECORDS) { //fprintf(stderr, "--- need nsec3, kids with records: %s\n", named_rr->name); needs_nsec3: freeall_temp(); hash = name2hash(named_rr->name, nsec3param); if (hash.length < 0) { moan(named_rr->file_name, named_rr->line, "internal: cannot calculate hashed name"); goto next; } if (hash.length != 20) croak(4, "assertion failed: wrong hashed name size %d", hash.length); JHSG(nsec3_slot, nsec3_hash, hash.data, hash.length); if (nsec3_slot == PJERR) croak(5, "perform_remaining_nsec3checks: JHSG failed"); if (!nsec3_slot) { moan(named_rr->file_name, named_rr->line, "no corresponding NSEC3 found for %s", named_rr->name); goto next; } nsec3 = *nsec3_slot; if (!nsec3) croak(6, "assertion failed: existing nsec3 from hash is empty"); nsec3->corresponding_name = named_rr; sorted_hashed_names_count++; check_typemap(nsec3->type_bitmap, named_rr, &nsec3->rr); } else if ((named_rr->flags & (NAME_FLAG_NOT_AUTHORITATIVE|NAME_FLAG_SIGNED_DELEGATION)) == NAME_FLAG_SIGNED_DELEGATION) { //fprintf(stderr, "--- need nsec3, signed delegation: %s\n", named_rr->name); goto needs_nsec3; } else if (!G.nsec3_opt_out_present && (named_rr->flags & (NAME_FLAG_APEX_PARENT|NAME_FLAG_NOT_AUTHORITATIVE|NAME_FLAG_DELEGATION|NAME_FLAG_HAS_RECORDS)) == 0) { //fprintf(stderr, "--- need nsec3, empty non-term: %s\n", named_rr->name); goto needs_nsec3; } else if (!G.nsec3_opt_out_present && (named_rr->flags & (NAME_FLAG_DELEGATION|NAME_FLAG_NOT_AUTHORITATIVE))==NAME_FLAG_DELEGATION) { //fprintf(stderr, "--- need nsec3, no opt-out: %s\n", named_rr->name); goto needs_nsec3; } else if (!G.nsec3_opt_out_present && (named_rr->flags & (NAME_FLAG_THIS_WITH_RECORDS|NAME_FLAG_NOT_AUTHORITATIVE)) == NAME_FLAG_THIS_WITH_RECORDS) { //fprintf(stderr, "--- need nsec3, this with records: %s\n", named_rr->name); goto needs_nsec3; } else { //fprintf(stderr, "--- NO need for nsec3: %s\n", named_rr->name); } next: return 1; } void perform_remaining_nsec3checks(void) { struct rr_nsec3 *nsec3; sorted_hashed_names_count = 0; mask = NAME_FLAG_NOT_AUTHORITATIVE|NAME_FLAG_NSEC3_ONLY|NAME_FLAG_KIDS_WITH_RECORDS; if (G.nsec3_opt_out_present) { mask |= NAME_FLAG_DELEGATION; } cbtree_allprefixed(&zone_data, "", validate_nsec3_for_name, NULL); nsec3 = first_nsec3; while (nsec3) { if (!nsec3->corresponding_name) { moan(nsec3->rr.file_name, nsec3->rr.line, "NSEC3 without a corresponding record (or empty non-terminal)"); } nsec3 = nsec3->next_nsec3; } } void *remember_nsec3(char *name, struct rr_nsec3 *rr) { char hashed_name[33]; char binary_hashed_name[20]; int l; struct rr_nsec3 **nsec3_slot; l = strlen(name); if (l < 33 || name[32] != '.') return bitch("NSEC3 record name is not valid"); if (l == 33 && zone_apex_l != 1) /* root zone */ return bitch("NSEC3 record name is not valid"); if (l > 33 && strcmp(name+33, zone_apex) != 0) return bitch("NSEC3 record name is not valid"); memcpy(hashed_name, name, 32); hashed_name[32] = 0; l = decode_base32hex(binary_hashed_name, hashed_name, 20); if (l != 20) return bitch("NSEC3 record name is not valid"); JHSI(nsec3_slot, nsec3_hash, binary_hashed_name, 20); if (nsec3_slot == PJERR) croak(2, "remember_nsec3: JHSI failed"); if (*nsec3_slot) return bitch("multiple NSEC3 with the same record name"); *nsec3_slot = rr; rr->this_hashed_name.length = 20; rr->this_hashed_name.data = getmem(20); memcpy(rr->this_hashed_name.data, binary_hashed_name, 20); return rr; } void *check_typemap(struct binary_data type_bitmap, struct named_rr *named_rr, struct rr *reference_rr) { int type; char *base; int i, k; struct rr_set *set; uint32_t nsec_distinct_types = 0; uint32_t real_distinct_types; base = type_bitmap.data; while (base - type_bitmap.data < type_bitmap.length) { for (i = 0; i < base[1]; i++) { for (k = 0; k <= 7; k++) { if (base[2+i] & (0x80 >> k)) { type = ((unsigned char)base[0])*256 + i*8 + k; nsec_distinct_types++; set = find_rr_set_in_named_rr(named_rr, type); if (!set) { return moan(reference_rr->file_name, reference_rr->line, "%s mentions %s, but no such record found for %s", rdtype2str(reference_rr->rdtype), rdtype2str(type), named_rr->name); } } } } base += base[1]+2; } real_distinct_types = get_rr_set_count(named_rr); if (real_distinct_types > nsec_distinct_types) { void *bitmap = NULL; struct rr_set **rr_set_slot; int rc; Word_t rcw; Word_t rdtype; int skipped = 0; base = type_bitmap.data; while (base - type_bitmap.data < type_bitmap.length) { for (i = 0; i < base[1]; i++) { for (k = 0; k <= 7; k++) { if (base[2+i] & (0x80 >> k)) { type = ((unsigned char)base[0])*256 + i*8 + k; J1S(rc, bitmap, type); } } } base += base[1]+2; } rdtype = 0; JLF(rr_set_slot, named_rr->rr_sets, rdtype); while (rr_set_slot) { J1T(rc, bitmap, (*rr_set_slot)->rdtype); if (!rc) { if ((named_rr->flags & NAME_FLAG_DELEGATION) && ((*rr_set_slot)->rdtype == T_A || (*rr_set_slot)->rdtype == T_AAAA)) { skipped++; } else { moan(reference_rr->file_name, reference_rr->line, "%s exists, but %s does not mention it for %s", rdtype2str((*rr_set_slot)->rdtype), rdtype2str(reference_rr->rdtype), named_rr->name); J1FA(rcw, bitmap); return NULL; } } JLN(rr_set_slot, named_rr->rr_sets, rdtype); } J1FA(rcw, bitmap); if (real_distinct_types - skipped > nsec_distinct_types) { return moan(reference_rr->file_name, reference_rr->line, "internal: we know %s typemap is wrong, but don't know any details", rdtype2str(reference_rr->rdtype)); } } return reference_rr; } tobez-validns-f423245/nsec3param.c000066400000000000000000000061511314110214000167340ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" struct rr *nsec3param = NULL; static struct rr* nsec3param_parse(char *name, long ttl, int type, char *s) { struct rr_nsec3param *rr = getmem(sizeof(*rr)); struct rr *ret_rr; int i; i = extract_integer(&s, "hash algorithm", NULL); if (i < 0) return NULL; if (i > 255) return bitch("bad hash algorithm value"); if (i != 1) return bitch("unrecognized or unsupported hash algorithm"); rr->hash_algorithm = i; i = extract_integer(&s, "flags", NULL); if (i < 0) return NULL; if (i > 255) return bitch("bad flags value"); if (i != 0) return bitch("flags is supposed to be 0 for NSEC3PARAM"); rr->flags = i; i = extract_integer(&s, "iterations", NULL); if (i < 0) return NULL; if (i > 2500) return bitch("bad iterations value"); rr->iterations = i; /* TODO validate iteration count according to key size, * as per http://tools.ietf.org/html/rfc5155#section-10.3 */ if (*s == '-') { rr->salt.length = 0; rr->salt.data = NULL; s++; if (*s && !isspace(*s) && *s != ';' && *s != ')') return bitch("salt is not valid"); s = skip_white_space(s); } else { rr->salt = extract_hex_binary_data(&s, "salt", EXTRACT_DONT_EAT_WHITESPACE); if (rr->salt.length <= 0) return NULL; if (rr->salt.length > 255) return bitch("salt is too long"); } if (*s) { return bitch("garbage after valid NSEC3PARAM data"); } G.dnssec_active = 1; ret_rr = store_record(type, name, ttl, rr); if (ret_rr && !nsec3param && (ret_rr->rr_set->named_rr->flags & NAME_FLAG_APEX)) nsec3param = ret_rr; if (G.opt.policy_checks[POLICY_NSEC3PARAM_NOT_APEX] && (ret_rr->rr_set->named_rr->flags & NAME_FLAG_APEX) == 0) { return bitch("NSEC3PARAM found not at zone apex"); } return ret_rr; } static char* nsec3param_human(struct rr *rrv) { RRCAST(nsec3param); char ss[1024]; char *s = ss; int l; int i; l = snprintf(s, 1024, "%u %u %u ", rr->hash_algorithm, rr->flags, rr->iterations); s += l; if (rr->salt.length) { for (i = 0; i < rr->salt.length; i++) { l = snprintf(s, 1024-(s-ss), "%02X", (unsigned char)rr->salt.data[i]); s += l; } } else { sprintf(s, "-"); } return quickstrdup_temp(ss); } static struct binary_data nsec3param_wirerdata(struct rr *rrv) { RRCAST(nsec3param); return compose_binary_data("112b", 1, rr->hash_algorithm, rr->flags, rr->iterations, rr->salt); } struct rr_methods nsec3param_methods = { nsec3param_parse, nsec3param_human, nsec3param_wirerdata, NULL, NULL }; tobez-validns-f423245/ptr.c000066400000000000000000000017661314110214000155140ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *ptr_parse(char *name, long ttl, int type, char *s) { struct rr_ptr *rr = getmem(sizeof(*rr)); rr->ptrdname = extract_name(&s, "name server domain name", 0); if (!rr->ptrdname) return NULL; if (*s) { return bitch("garbage after valid PTR data"); } return store_record(type, name, ttl, rr); } static char* ptr_human(struct rr *rrv) { RRCAST(ptr); return rr->ptrdname; } static struct binary_data ptr_wirerdata(struct rr *rrv) { RRCAST(ptr); return name2wire_name(rr->ptrdname); } struct rr_methods ptr_methods = { ptr_parse, ptr_human, ptr_wirerdata, NULL, NULL }; tobez-validns-f423245/px.c000066400000000000000000000025711314110214000153310ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *px_parse(char *name, long ttl, int type, char *s) { struct rr_px *rr = getmem(sizeof(*rr)); rr->preference = extract_integer(&s, "PX preference", NULL); if (rr->preference < 0) return NULL; rr->map822 = extract_name(&s, "map822", 0); if (!rr->map822) return NULL; rr->mapx400 = extract_name(&s, "mapx400", 0); if (!rr->mapx400) return NULL; if (*s) { return bitch("garbage after valid KX data"); } return store_record(type, name, ttl, rr); } static char* px_human(struct rr *rrv) { RRCAST(px); char s[1024]; snprintf(s, 1024, "%d %s %s", rr->preference, rr->map822, rr->mapx400); return quickstrdup_temp(s); } static struct binary_data px_wirerdata(struct rr *rrv) { RRCAST(px); return compose_binary_data("2dd", 1, rr->preference, name2wire_name(rr->map822), name2wire_name(rr->mapx400)); } struct rr_methods px_methods = { px_parse, px_human, px_wirerdata, NULL, NULL }; tobez-validns-f423245/rp.c000066400000000000000000000032421314110214000153170ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *rp_parse(char *name, long ttl, int type, char *s) { struct rr_rp *rr = getmem(sizeof(*rr)); rr->mbox_dname = extract_name(&s, "mbox domain name", 0); if (!rr->mbox_dname) return NULL; rr->txt_dname = extract_name(&s, "txt domain name", 0); if (!rr->txt_dname) return NULL; if (*s) { return bitch("garbage after valid RP data"); } return store_record(type, name, ttl, rr); } static char* rp_human(struct rr *rrv) { RRCAST(rp); char s[1024]; snprintf(s, 1024, "\"%s\" \"%s\"", rr->mbox_dname, rr->txt_dname); return quickstrdup_temp(s); } static struct binary_data rp_wirerdata(struct rr *rrv) { RRCAST(rp); return compose_binary_data("dd", 1, name2wire_name(rr->mbox_dname), name2wire_name(rr->txt_dname)); } static void *rp_validate(struct rr *rrv) { RRCAST(rp); if (G.opt.policy_checks[POLICY_RP_TXT_EXISTS]) { if (name_belongs_to_zone(rr->txt_dname) && !find_rr_set(T_TXT, rr->txt_dname)) { return moan(rr->rr.file_name, rr->rr.line, "%s RP TXT %s does not exist", rr->rr.rr_set->named_rr->name, rr->txt_dname); } } return NULL; } struct rr_methods rp_methods = { rp_parse, rp_human, rp_wirerdata, NULL, rp_validate }; tobez-validns-f423245/rr.c000066400000000000000000000621151314110214000153250ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "common.h" #include "mempool.h" #include "carp.h" #include "textparse.h" #include "rr.h" #include "cbtree.h" static char* rdtype2str_map[T_MAX+1] = { "0", "A", "NS", "MD", "MF", "CNAME", /* 5 */ "SOA", "MB", "MG", "MR", "NULL", /* 10 */ "WKS", "PTR", "HINFO", "MINFO", "MX", /* 15 */ "TXT", "RP", "AFSDB", "X25", "ISDN", /* 20 */ "RT", "NSAP", "NSAP-PTR", "SIG", "KEY", /* 25 */ "PX", "GPOS", "AAAA", "LOC", "NXT", /* 30 */ "EID", "NIMLOC", "SRV", "ATMA", "NAPTR", /* 35 */ "KX", "CERT", "A6", "DNAME", "SINK", /* 40 */ "OPT", "APL", "DS", "SSHFP", "IPSECKEY", /* 45 */ "RRSIG", "NSEC", "DNSKEY", "DHCID", "NSEC3", /* 50 */ "NSEC3PARAM", "TLSA", "SMIMEA", 0, 0, 0, 0, 0, "CDS", "CDNSKEY", /* 60 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 70 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 80 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 90 */ 0, 0, 0, 0, 0, 0, 0, 0, "SPF", 0, /* 100 */ 0, 0, 0, "NID", "L32", "L64", "LP", 0, 0, 0, /* 110 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 120 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 130 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 140 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 150 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 160 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 170 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 180 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 190 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 200 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 210 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 220 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 230 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 240 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* 250 */ 0, 0, 0, 0, 0, 0, "CAA", 0, 0, 0, /* 260 */ }; struct cbtree zone_data = {NULL}; char *zone_apex = NULL; int zone_apex_l = 0; int rr_counts[T_MAX+1]; char *rdtype2str(int type) { char s[10]; char *r; if (type < 0 || type > 65535) { return "???"; } if (type > T_MAX) { sprintf(s, "TYPE%d", type); return quickstrdup_temp(s); } r = rdtype2str_map[type]; if (r) return r; if (type == 32769) { return rdtype2str_map[type] = "DLV"; } sprintf(s, "TYPE%d", type); return quickstrdup_temp(s); } static unsigned char *name2findable_name(char *s) { int l = strlen(s); unsigned char *res = getmem_temp(l+1); unsigned char *r = res; int i; if (l > 0 && s[l-1] == '.') l--; while (--l >= 0) { i = l; while (i >= 0 && s[i] != '.') i--; memcpy(r, s+i+1, l-i); r += l-i; *r = '\x01'; r++; l = i; } if (r > res) r--; *r = 0; return res; } struct binary_data name2wire_name(char *s) { unsigned char *res = getmem_temp(strlen(s)+2); unsigned char *r = res; unsigned char *c = res; struct binary_data toret; r++; *c = 0; while (*s) { if (*s != '.') { *r++ = *s++; } else { *c = (unsigned char)(r-c-1); c = r; *c = 0; r++; s++; } } *c = (unsigned char)(r-c-1); toret.length = r-res; toret.data = (char*)res; if (toret.length == 2) /* "." is just 00, not 00 00 */ toret.length = 1; return toret; } static struct named_rr *find_or_create_named_rr(char *name) { struct named_rr *named_rr = find_named_rr(name); if (!named_rr) { struct named_rr **named_rr_slot; char *s; named_rr = getmem(sizeof(struct named_rr)); named_rr->name = quickstrdup(name); named_rr->rr_sets = NULL; named_rr->line = file_info->line; named_rr->file_name = file_info->name; named_rr->flags = 0; named_rr->parent = NULL; if (strchr(name, '/') != NULL) named_rr->flags |= NAME_FLAG_CONTAINS_SLASH; named_rr_slot = (void *)cbtree_insert(&zone_data, (char *)name2findable_name(name)); if (!named_rr_slot) croak(2, "find_or_create_named_rr: tree insertion failed"); if (*named_rr_slot) croak(3, "find_or_create_named_rr: assertion error, %s should not be there", name); *named_rr_slot = named_rr; G.stats.names_count++; s = strchr(name, '.'); if (s && s[1] != '\0') { named_rr->parent = find_or_create_named_rr(s+1); } } return named_rr; } static struct rr_set *find_or_create_rr_set(struct named_rr *named_rr, int rdtype) { struct rr_set *rr_set = find_rr_set_in_named_rr(named_rr, rdtype); if (!rr_set) { struct rr_set **rr_set_slot; rr_set = getmem(sizeof(struct rr_set)); rr_set->head = NULL; rr_set->tail = NULL; rr_set->named_rr = named_rr; rr_set->rdtype = rdtype; rr_set->count = 0; JLI(rr_set_slot, named_rr->rr_sets, rdtype); if (rr_set_slot == PJERR) croak(2, "find_or_create_rr_set: JLI failed"); if (*rr_set_slot) croak(3, "find_or_create_rr_set: assertion error, %s/%s should not be there", named_rr->name, rdtype2str(rdtype)); *rr_set_slot = rr_set; G.stats.rrset_count++; } return rr_set; } int name_belongs_to_zone(const char *name) { int name_l; name_l = strlen(name); if (zone_apex && name_l >= zone_apex_l) { if (strcmp(zone_apex, name+name_l-zone_apex_l) != 0) { return 0; } else if (name_l > zone_apex_l && name[name_l-zone_apex_l-1] != '.') { return 0; } } else { if (zone_apex) { return 0; } else { // XXX this is actually very bad, zone apex is not know return 0; } } return 1; } struct binary_data call_get_wired(struct rr *rr) { rr_wire_func get_wired; if (rr->rdtype > T_MAX || rr->is_generic) get_wired = any_wirerdata; else get_wired = rr_methods[rr->rdtype].rr_wire; if (!get_wired) return bad_binary_data(); return get_wired(rr); } struct rr *store_record(int rdtype, char *name, long ttl, void *rrptr) { struct rr *rr = rrptr; struct named_rr *named_rr; struct rr_set *rr_set; int name_l; int apex_assigned = 0; int is_generic = 0; if (rdtype < 0) { rdtype = -rdtype; is_generic = 1; } name_l = strlen(name); if (name_l > 511) return bitch("name is too long: %s", name); if (G.stats.rr_count == 0) { if (rdtype != T_SOA) { return bitch("the first record in the zone must be an SOA record"); } else { zone_apex = name; zone_apex_l = name_l; apex_assigned = 1; } } if (zone_apex && name_l >= zone_apex_l) { if (strcmp(zone_apex, name+name_l-zone_apex_l) != 0) { return bitch("%s does not belong to zone %s", name, zone_apex); } else if (name_l > zone_apex_l && name[name_l-zone_apex_l-1] != '.') { return bitch("%s does not belong to zone %s", name, zone_apex); } } else { if (zone_apex) { return bitch("%s does not belong to zone %s", name, zone_apex); } else { croakx(3, "assertion error: %s does not belong to a zone", name); } } named_rr = find_or_create_named_rr(name); if (apex_assigned) { named_rr->flags |= NAME_FLAG_APEX; } rr_set = find_or_create_rr_set(named_rr, rdtype); rr->rdtype = rdtype; rr->ttl = ttl; rr->line = file_info->line; rr->file_name = file_info->name; rr->is_generic = is_generic; if (rr_set->count > 0) { struct binary_data new_d, old_d; struct rr *old_rr; new_d = call_get_wired(rr); if (new_d.length < 0) goto after_dup_check; old_rr = rr_set->tail; while (old_rr) { old_d = call_get_wired(old_rr); if (old_d.length == new_d.length && memcmp(old_d.data, new_d.data, old_d.length) == 0) { G.stats.skipped_dup_rr_count++; return old_rr; } old_rr = old_rr->next; } } after_dup_check: if (rdtype == T_SOA) { if (G.stats.soa_rr_count++) { return bitch("there could only be one SOA in a zone"); } } rr->rr_set = rr_set; rr->next = NULL; rr->prev = rr_set->head; rr_set->head = rr; if (rr->prev) rr->prev->next = rr; if (!rr_set->tail) rr_set->tail = rr; rr_set->count++; if (G.opt.verbose) { char *rdata; if (rdtype > T_MAX) rdata = any_human(rr); else rdata = rr_methods[rdtype].rr_human(rr); fprintf(stderr, "-> %s:%d: %s IN %ld %s", file_info->name, file_info->line, name, ttl, rdtype2str(rdtype)); if (rdata) { fprintf(stderr, " %s\n", rdata); } else { fprintf(stderr, "\n"); } } G.stats.rr_count++; named_rr->flags |= NAME_FLAG_HAS_RECORDS; return rr; } struct named_rr *find_named_rr(char *name) { struct named_rr **named_rr_slot; named_rr_slot = (void*) cbtree_find(&zone_data, (char *)name2findable_name(name)); if (named_rr_slot) return *named_rr_slot; return NULL; } struct named_rr *find_next_named_rr(struct named_rr *named_rr) { struct named_rr *res; if (cbtree_next(&zone_data, (char *)name2findable_name(named_rr->name), (intptr_t *)&res) == NULL) return NULL; return res; } struct rr_set *find_rr_set(int rdtype, char *name) { struct named_rr *named_rr; named_rr = find_named_rr(name); if (!named_rr) return NULL; return find_rr_set_in_named_rr(named_rr, rdtype); } struct rr_set *find_rr_set_in_named_rr(struct named_rr *named_rr, int rdtype) { struct rr_set **rr_set_slot; JLG(rr_set_slot, named_rr->rr_sets, rdtype); if (rr_set_slot) return *rr_set_slot; return NULL; } uint32_t get_rr_set_count(struct named_rr *named_rr) { uint32_t count; JLC(count, named_rr->rr_sets, 0, -1); return count; } struct rr *rr_parse_any(char *name, long ttl, int type, char *s) { struct rr_any *rr = getmem(sizeof(*rr)); long long len; if (*s++ != '\\') { invalid: return bitch("invalid custom type rdata"); } if (*s++ != '#') goto invalid; if (*s && !isspace(*s) && *s != ';' && *s != ')') goto invalid; s = skip_white_space(s); if (!s) return NULL; len = extract_integer(&s, "custom data size", NULL); if (len < 0) return NULL; if (len > 65535) goto invalid; rr->data = extract_hex_binary_data(&s, "custom data", EXTRACT_EAT_WHITESPACE); if (rr->data.length < 0) return NULL; if (rr->data.length != len) return bitch("custom data is longer than specified"); if (*s) { return bitch("garbage after valid %s data", rdtype2str(type)); } return store_record(-type, name, ttl, rr); } char* any_human(struct rr *rrv) { RRCAST(any); char buf[80]; sprintf(buf, "\\# %d ...", rr->data.length); return quickstrdup_temp(buf); } struct binary_data any_wirerdata(struct rr *rrv) { RRCAST(any); return compose_binary_data("d", 1, rr->data); } struct rr_methods unknown_methods = { NULL, any_human, any_wirerdata, NULL, NULL }; int str2rdtype(char *rdtype, int *is_generic) { if (!rdtype) return -1; if (is_generic) *is_generic = 0; switch (*rdtype) { case 'a': if (strcmp(rdtype, "a") == 0) { return T_A; } else if (strcmp(rdtype, "aaaa") == 0) { return T_AAAA; } else if (strcmp(rdtype, "afsdb") == 0) { return T_AFSDB; } break; case 'c': if (strcmp(rdtype, "cname") == 0) { return T_CNAME; } else if (strcmp(rdtype, "cert") == 0) { return T_CERT; } else if (strcmp(rdtype, "caa") == 0) { return T_CAA; } else if (strcmp(rdtype, "cds") == 0) { return T_CDS; } else if (strcmp(rdtype, "cdnskey") == 0) { return T_CDNSKEY; } break; case 'd': if (strcmp(rdtype, "ds") == 0) { return T_DS; } else if (strcmp(rdtype, "dnskey") == 0) { return T_DNSKEY; } else if (strcmp(rdtype, "dname") == 0) { return T_DNAME; } else if (strcmp(rdtype, "dlv") == 0) { return T_DLV; } else if (strcmp(rdtype, "dhcid") == 0) { return T_DHCID; } break; case 'h': if (strcmp(rdtype, "hinfo") == 0) { return T_HINFO; } break; case 'i': if (strcmp(rdtype, "ipseckey") == 0) { return T_IPSECKEY; } else if (strcmp(rdtype, "isdn") == 0) { return T_ISDN; } break; case 'k': if (strcmp(rdtype, "kx") == 0) { return T_KX; } break; case 'l': if (strcmp(rdtype, "loc") == 0) { return T_LOC; } else if (strcmp(rdtype, "l32") == 0) { return T_L32; } else if (strcmp(rdtype, "l64") == 0) { return T_L64; } else if (strcmp(rdtype, "lp") == 0) { return T_LP; } break; case 'm': if (strcmp(rdtype, "mx") == 0) { return T_MX; } else if (strcmp(rdtype, "mb") == 0) { return T_MB; } else if (strcmp(rdtype, "mg") == 0) { return T_MG; } else if (strcmp(rdtype, "minfo") == 0) { return T_MINFO; } else if (strcmp(rdtype, "mr") == 0) { return T_MR; } break; case 'n': if (strcmp(rdtype, "ns") == 0) { return T_NS; } else if (strcmp(rdtype, "naptr") == 0) { return T_NAPTR; } else if (strcmp(rdtype, "nsec") == 0) { return T_NSEC; } else if (strcmp(rdtype, "nsec3") == 0) { return T_NSEC3; } else if (strcmp(rdtype, "nid") == 0) { return T_NID; } else if (strcmp(rdtype, "nsec3param") == 0) { return T_NSEC3PARAM; } else if (strcmp(rdtype, "nsap") == 0) { return T_NSAP; } break; case 'p': if (strcmp(rdtype, "ptr") == 0) { return T_PTR; } else if (strcmp(rdtype, "px") == 0) { return T_PX; } break; case 'r': if (strcmp(rdtype, "rrsig") == 0) { return T_RRSIG; } else if (strcmp(rdtype, "rp") == 0) { return T_RP; } else if (strcmp(rdtype, "rt") == 0) { return T_RT; } break; case 's': if (strcmp(rdtype, "soa") == 0) { return T_SOA; } else if (strcmp(rdtype, "srv") == 0) { return T_SRV; } else if (strcmp(rdtype, "spf") == 0) { return T_SPF; } else if (strcmp(rdtype, "sshfp") == 0) { return T_SSHFP; } else if (strcmp(rdtype, "smimea") == 0) { return T_SMIMEA; } break; case 't': if (strcmp(rdtype, "txt") == 0) { return T_TXT; } else if (strcmp(rdtype, "tlsa") == 0) { return T_TLSA; } else if (strncmp(rdtype, "type", 4) == 0) { long type = strtol(rdtype+4, NULL, 10); if (is_generic) *is_generic = 1; if (type <= 0 || type > 65535) bitch("invalid rdtype %s", rdtype); return type; } break; case 'x': if (strcmp(rdtype, "x25") == 0) { return T_X25; } break; } bitch("invalid or unsupported rdtype %s", rdtype); return -1; } void validate_rrset(struct rr_set *rr_set) { struct rr *rr; int ttl; /* This can happen when rr_set was allocated but * nothing was added to it due to an error. */ if (rr_set->count == 0) return; rr = rr_set->tail; if (!rr) { croakx(4, "assertion failed: %s %s is null, but count is %d", rdtype2str(rr_set->rdtype), rr_set->named_rr->name, rr_set->count); } if (rr_set->rdtype < T_MAX && rr_methods[rr_set->rdtype].rr_validate_set) rr_methods[rr_set->rdtype].rr_validate_set(rr_set); ttl = rr->ttl; while (rr) { validate_record(rr); if (ttl != rr->ttl) { if (rr->rdtype != T_RRSIG) /* RRSIG is an exception */ moan(rr->file_name, rr->line, "TTL values differ within an RR set"); } rr = rr->next; } } void debug(struct named_rr *named_rr, char *s) { fprintf(stderr, "%s %s", s, named_rr->name); if ((named_rr->flags & NAME_FLAG_APEX)) fprintf(stderr, ", apex"); if ((named_rr->flags & NAME_FLAG_HAS_RECORDS)) fprintf(stderr, ", has records"); if ((named_rr->flags & NAME_FLAG_DELEGATION)) fprintf(stderr, ", delegation"); if ((named_rr->flags & NAME_FLAG_NOT_AUTHORITATIVE)) fprintf(stderr, ", not auth"); if ((named_rr->flags & NAME_FLAG_NSEC3_ONLY)) fprintf(stderr, ", nsec3 only"); if ((named_rr->flags & NAME_FLAG_KIDS_WITH_RECORDS)) fprintf(stderr, ", kid records"); if ((named_rr->flags & NAME_FLAG_SIGNED_DELEGATION)) fprintf(stderr, ", signed delegation"); if ((named_rr->flags & NAME_FLAG_APEX_PARENT)) fprintf(stderr, ", apex parent"); fprintf(stderr, "\n"); } static int validate_named_rr(const char *name, intptr_t *data, void *p) { struct named_rr *named_rr = *((struct named_rr **)data); Word_t rdtype; struct rr_set **rr_set_p; int nsec3_present = 0; int nsec3_only = 1; static int seen_apex = 0; if ((named_rr->flags & NAME_FLAG_APEX)) seen_apex = 1; if (!seen_apex) named_rr->flags |= NAME_FLAG_APEX_PARENT; if (named_rr->parent && (named_rr->parent->flags & (NAME_FLAG_DELEGATION|NAME_FLAG_NOT_AUTHORITATIVE)) != 0) { named_rr->flags |= NAME_FLAG_NOT_AUTHORITATIVE; if ((named_rr->flags & NAME_FLAG_HAS_RECORDS) != 0) { G.stats.not_authoritative++; } } if (G.nsec3_opt_out_present && (named_rr->flags & NAME_FLAG_DELEGATION)) { JLG(rr_set_p, named_rr->rr_sets, T_DS); if (!rr_set_p) named_rr->flags |= NAME_FLAG_NOT_AUTHORITATIVE; } //debug(named_rr, ">>>>"); rdtype = 0; JLF(rr_set_p, named_rr->rr_sets, rdtype); while (rr_set_p) { validate_rrset(*rr_set_p); if (rdtype == T_NSEC3) nsec3_present = 1; else if (rdtype != T_RRSIG) nsec3_only = 0; if (rdtype != T_NSEC3 && rdtype != T_RRSIG && rdtype != T_NS) named_rr->flags |= NAME_FLAG_THIS_WITH_RECORDS; if ((named_rr->flags & NAME_FLAG_NOT_AUTHORITATIVE) == 0 && rdtype != T_NS && rdtype != T_NSEC3 && rdtype != T_RRSIG) { struct named_rr *nrr = named_rr; int skip_first = rdtype == T_NS; while (nrr && (nrr->flags & NAME_FLAG_KIDS_WITH_RECORDS) == 0) { if ((nrr->flags & NAME_FLAG_APEX_PARENT) || strlen(nrr->name) < zone_apex_l) { nrr->flags |= NAME_FLAG_APEX_PARENT; break; } if (!skip_first) nrr->flags |= NAME_FLAG_KIDS_WITH_RECORDS; skip_first = 0; nrr = nrr->parent; } } if (rdtype == T_DS) { struct named_rr *nrr = named_rr; while (nrr && (nrr->flags & (NAME_FLAG_DELEGATION|NAME_FLAG_NOT_AUTHORITATIVE)) != 0) { // nrr->flags &= ~(NAME_FLAG_DELEGATION|NAME_FLAG_NOT_AUTHORITATIVE); nrr->flags |= NAME_FLAG_SIGNED_DELEGATION; nrr = nrr->parent; } } JLN(rr_set_p, named_rr->rr_sets, rdtype); } if (nsec3_present && nsec3_only) { named_rr->flags |= NAME_FLAG_NSEC3_ONLY; } return 1; } static void* nsec_validate_pass2(struct rr *rrv) { RRCAST(nsec); struct named_rr *named_rr, *next_named_rr; named_rr = rr->rr.rr_set->named_rr; next_named_rr = find_next_named_rr(named_rr); /* Skip empty non-terminals and not authoritative records from consideration */ while (next_named_rr) { if ((next_named_rr->flags & NAME_FLAG_HAS_RECORDS) == 0) { next_named_rr = find_next_named_rr(next_named_rr); continue; } if (next_named_rr->parent && (next_named_rr->parent->flags & (NAME_FLAG_DELEGATION|NAME_FLAG_NOT_AUTHORITATIVE)) != 0) { named_rr->flags |= NAME_FLAG_NOT_AUTHORITATIVE; next_named_rr = find_next_named_rr(next_named_rr); continue; } break; } if (strcasecmp(rr->next_domain, zone_apex) == 0) { if (next_named_rr) { return moan(rr->rr.file_name, rr->rr.line, "NSEC says %s is the last name, but %s exists", named_rr->name, next_named_rr->name); } } else { if (!next_named_rr) { return moan(rr->rr.file_name, rr->rr.line, "NSEC says %s comes after %s, but nothing does", rr->next_domain, named_rr->name); } else if (strcasecmp(rr->next_domain, next_named_rr->name) != 0) { return moan(rr->rr.file_name, rr->rr.line, "NSEC says %s comes after %s, but %s does", rr->next_domain, named_rr->name, next_named_rr->name); } } /* TODO: more checks */ return rr; } static int second_pass_one_name(const char *name, intptr_t *data, void *p) { struct named_rr *named_rr = *((struct named_rr **)data); struct rr_set **rr_set_p; freeall_temp(); JLG(rr_set_p, named_rr->rr_sets, T_NSEC); if (rr_set_p && (*rr_set_p)->tail) { nsec_validate_pass2((*rr_set_p)->tail); } return 1; } void validate_zone(void) { cbtree_allprefixed(&zone_data, "", validate_named_rr, NULL); cbtree_allprefixed(&zone_data, "", second_pass_one_name, NULL); if (G.dnssec_active && !G.nsec3_present) validate_nsec_chain(); } void validate_record(struct rr *rr) { freeall_temp(); if (!rr->is_generic && rr->rdtype <= T_MAX) rr_counts[rr->rdtype]++; if (!rr->is_generic && rr->rdtype <= T_MAX && rr_methods[rr->rdtype].rr_validate) rr_methods[rr->rdtype].rr_validate(rr); } int extract_algorithm(char **s, char *what) { int alg; char *str_alg; if (isdigit(**s)) { alg = extract_integer(s, what, NULL); if (algorithm_type(alg) == ALG_UNSUPPORTED) { bitch("bad or unsupported algorithm %d", alg); return ALG_UNSUPPORTED; } return alg; } else { str_alg = extract_label(s, what, "temporary"); if (!str_alg) return ALG_UNSUPPORTED; if (strcmp(str_alg, "dsa") == 0) return ALG_DSA; if (strcmp(str_alg, "rsasha1") == 0) return ALG_RSASHA1; if (strcmp(str_alg, "dsa-nsec3-sha1") == 0) return ALG_DSA_NSEC3_SHA1; if (strcmp(str_alg, "rsasha1-nsec3-sha1") == 0) return ALG_RSASHA1_NSEC3_SHA1; if (strcmp(str_alg, "rsasha256") == 0) return ALG_RSASHA256; if (strcmp(str_alg, "rsasha512") == 0) return ALG_RSASHA512; if (strcmp(str_alg, "ecc-gost") == 0) return ALG_ECCGOST; if (strcmp(str_alg, "ecdsap256sha256") == 0) return ALG_ECDSAP256SHA256; if (strcmp(str_alg, "ecdsap384sha384") == 0) return ALG_ECDSAP384SHA384; if (strcmp(str_alg, "ed25519") == 0) return ALG_ED25519; if (strcmp(str_alg, "ed448") == 0) return ALG_ED448; if (strcmp(str_alg, "privatedns") == 0) return ALG_PRIVATEDNS; if (strcmp(str_alg, "privateoid") == 0) return ALG_PRIVATEOID; bitch("bad or unsupported algorithm %s", str_alg); return ALG_UNSUPPORTED; } } int algorithm_type(int alg) { switch (alg) { case ALG_DSA: return ALG_DSA_FAMILY; case ALG_RSASHA1: return ALG_RSA_FAMILY; case ALG_DSA_NSEC3_SHA1: return ALG_DSA_FAMILY; case ALG_RSASHA1_NSEC3_SHA1: return ALG_RSA_FAMILY; case ALG_RSASHA256: return ALG_RSA_FAMILY; case ALG_RSASHA512: return ALG_RSA_FAMILY; case ALG_ECCGOST: return ALG_ECC_FAMILY; case ALG_ECDSAP256SHA256: return ALG_ECC_FAMILY; case ALG_ECDSAP384SHA384: return ALG_ECC_FAMILY; case ALG_ED25519: return ALG_ECC_FAMILY; case ALG_ED448: return ALG_ECC_FAMILY; case ALG_PRIVATEDNS: return ALG_PRIVATE_FAMILY; case ALG_PRIVATEOID: return ALG_PRIVATE_FAMILY; } return ALG_UNSUPPORTED; } tobez-validns-f423245/rr.h000066400000000000000000000271551314110214000153370ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #ifndef _RR_H #define _RR_H 1 #define T_A 1 #define T_NS 2 #define T_CNAME 5 #define T_SOA 6 #define T_MB 7 #define T_MG 8 #define T_MR 9 #define T_PTR 12 #define T_HINFO 13 #define T_MINFO 14 #define T_MX 15 #define T_TXT 16 #define T_RP 17 #define T_AFSDB 18 #define T_X25 19 #define T_ISDN 20 #define T_RT 21 #define T_NSAP 22 #define T_PX 26 #define T_AAAA 28 #define T_LOC 29 #define T_SRV 33 #define T_NAPTR 35 #define T_KX 36 #define T_CERT 37 #define T_DNAME 39 #define T_DS 43 #define T_SSHFP 44 #define T_IPSECKEY 45 #define T_RRSIG 46 #define T_NSEC 47 #define T_DNSKEY 48 #define T_DHCID 49 #define T_NSEC3 50 #define T_NSEC3PARAM 51 #define T_TLSA 52 #define T_SMIMEA 53 #define T_CDS 59 #define T_CDNSKEY 60 #define T_SPF 99 #define T_NID 104 #define T_L32 105 #define T_L64 106 #define T_LP 107 #define T_CAA 257 #define T_DLV 32769 #define T_MAX 32769 #define ALG_DSA 3 #define ALG_RSASHA1 5 #define ALG_DSA_NSEC3_SHA1 6 #define ALG_RSASHA1_NSEC3_SHA1 7 #define ALG_RSASHA256 8 #define ALG_RSASHA512 10 #define ALG_ECCGOST 12 #define ALG_ECDSAP256SHA256 13 #define ALG_ECDSAP384SHA384 14 #define ALG_ED25519 15 #define ALG_ED448 16 #define ALG_PRIVATEDNS 253 #define ALG_PRIVATEOID 254 #define ALG_UNSUPPORTED 0 #define ALG_DSA_FAMILY 1 #define ALG_RSA_FAMILY 2 #define ALG_PRIVATE_FAMILY 3 #define ALG_ECC_FAMILY 4 #define RRCAST(t) struct rr_ ## t *rr = (struct rr_ ## t *)rrv struct cbtree; extern struct cbtree zone_data; extern char *zone_apex; extern int zone_apex_l; struct named_rr; struct rr_set; struct rr; typedef struct rr* (*rr_parse_func)(char *, long, int, char *); typedef char* (*rr_human_func)(struct rr*); typedef struct binary_data (*rr_wire_func)(struct rr*); typedef void* (*rr_validate_set_func)(struct rr_set*); typedef void* (*rr_validate_func)(struct rr*); struct rr_methods { rr_parse_func rr_parse; rr_human_func rr_human; rr_wire_func rr_wire; rr_validate_set_func rr_validate_set; rr_validate_func rr_validate; }; extern struct rr_methods rr_methods[T_MAX+1]; extern struct rr_methods unknown_methods; extern int rr_counts[T_MAX+1]; struct binary_data call_get_wired(struct rr *rr); struct rr *rr_parse_any(char *name, long ttl, int type, char *s); char* any_human(struct rr *rrv); struct binary_data any_wirerdata(struct rr *rrv); int name_belongs_to_zone(const char *name); void validate_record(struct rr *rr); void validate_zone(void); struct rr *store_record(int rdtype, char *name, long ttl, void *rrptr); int str2rdtype(char *rdtype, int *is_generic); char *rdtype2str(int type); struct named_rr *find_named_rr(char *name); struct named_rr *find_next_named_rr(struct named_rr *named_rr); struct rr_set *find_rr_set(int rdtype, char *name); struct rr_set *find_rr_set_in_named_rr(struct named_rr *named_rr, int rdtype); uint32_t get_rr_set_count(struct named_rr *named_rr); struct binary_data name2wire_name(char *s); int algorithm_type(int alg); int extract_algorithm(char **s, char *what); #define NAME_FLAG_APEX 1 #define NAME_FLAG_HAS_RECORDS 2 #define NAME_FLAG_DELEGATION 4 #define NAME_FLAG_NOT_AUTHORITATIVE 8 #define NAME_FLAG_NSEC3_ONLY 16 #define NAME_FLAG_KIDS_WITH_RECORDS 32 #define NAME_FLAG_SIGNED_DELEGATION 64 #define NAME_FLAG_APEX_PARENT 128 #define NAME_FLAG_THIS_WITH_RECORDS 256 #define NAME_FLAG_CONTAINS_SLASH 512 struct named_rr { char *name; void *rr_sets; int line; char *file_name; uint32_t flags; struct named_rr *parent; }; struct rr_set { struct rr* head; struct rr* tail; struct named_rr *named_rr; int rdtype; int count; }; struct rr { struct rr* next; struct rr* prev; struct rr_set *rr_set; int ttl; int rdtype; int line; int is_generic; char *file_name; }; struct rr_any { struct rr rr; struct binary_data data; }; struct rr_a { struct rr rr; struct in_addr address; }; extern struct rr_methods a_methods; struct rr_soa { struct rr rr; uint32_t serial; int refresh, retry, expire, minimum; char *rname; char *mname; }; extern struct rr_methods soa_methods; struct rr_ns { struct rr rr; char *nsdname; }; extern struct rr_methods ns_methods; struct rr_dhcid { struct rr rr; int id_type; int digest_type; struct binary_data digest; }; extern struct rr_methods dhcid_methods; struct rr_txt_segment { struct binary_data txt; struct rr_txt_segment *next; }; struct rr_txt { struct rr rr; int count; struct rr_txt_segment *txt; }; extern struct rr_methods txt_methods; struct rr_tlsa_smimea { struct rr rr; uint8_t cert_usage; uint8_t selector; uint8_t matching_type; struct binary_data association_data; }; extern struct rr_methods tlsa_methods; extern struct rr_methods smimea_methods; struct rr_ipseckey { struct rr rr; uint8_t precedence; uint8_t gateway_type; uint8_t algorithm; union { char *gateway_none; /* gateway_type == 0 */ struct in_addr gateway_ipv4; /* gateway_type == 1 */ struct in6_addr gateway_ipv6; /* gateway_type == 2 */ char *gateway_name; /* gateway_type == 3 */ } gateway; struct binary_data public_key; }; extern struct rr_methods ipseckey_methods; struct rr_nid { struct rr rr; uint16_t preference; uint64_t node_id; }; extern struct rr_methods nid_methods; struct rr_l32 { struct rr rr; uint16_t preference; uint32_t locator32; }; extern struct rr_methods l32_methods; struct rr_l64 { struct rr rr; uint16_t preference; uint64_t locator64; }; extern struct rr_methods l64_methods; struct rr_lp { struct rr rr; uint16_t preference; char *fqdn; }; extern struct rr_methods lp_methods; struct rr_naptr { struct rr rr; uint16_t order; uint16_t preference; struct binary_data flags; struct binary_data services; struct binary_data regexp; char *replacement; }; extern struct rr_methods naptr_methods; struct rr_nsec { struct rr rr; char *next_domain; struct binary_data type_bitmap; }; extern struct rr_methods nsec_methods; void validate_nsec_chain(void); struct rr_nsec3 { struct rr rr; uint8_t hash_algorithm; uint8_t flags; uint16_t iterations; struct binary_data salt; struct binary_data next_hashed_owner; struct binary_data type_bitmap; struct binary_data this_hashed_name; struct named_rr *corresponding_name; struct rr_nsec3 *next_nsec3; }; extern struct rr_methods nsec3_methods; struct rr_nsec3param { struct rr rr; uint8_t hash_algorithm; uint8_t flags; uint16_t iterations; struct binary_data salt; }; extern struct rr_methods nsec3param_methods; extern struct rr *nsec3param; struct rr_rrsig { struct rr rr; uint16_t type_covered; int algorithm; int labels; int orig_ttl; uint32_t sig_expiration; uint32_t sig_inception; uint16_t key_tag; char *signer; struct binary_data signature; }; extern struct rr_methods rrsig_methods; struct rr_srv { struct rr rr; uint16_t priority; uint16_t weight; uint16_t port; char *target; }; extern struct rr_methods srv_methods; struct rr_cname { struct rr rr; char *cname; }; extern struct rr_methods cname_methods; struct rr_mb { struct rr rr; char *madname; }; extern struct rr_methods mb_methods; struct rr_mg { struct rr rr; char *mgmname; }; extern struct rr_methods mg_methods; struct rr_minfo { struct rr rr; char *rmailbx; char *emailbx; }; extern struct rr_methods minfo_methods; struct rr_mr { struct rr rr; char *newname; }; extern struct rr_methods mr_methods; struct rr_dname { struct rr rr; char *target; }; extern struct rr_methods dname_methods; struct rr_aaaa { struct rr rr; struct in6_addr address; }; extern struct rr_methods aaaa_methods; struct rr_mx { struct rr rr; int preference; char *exchange; }; extern struct rr_methods mx_methods; struct rr_rt { struct rr rr; int preference; char *intermediate_host; }; extern struct rr_methods rt_methods; struct rr_afsdb { struct rr rr; int subtype; char *hostname; }; extern struct rr_methods afsdb_methods; struct rr_x25 { struct rr rr; struct binary_data psdn_address; }; extern struct rr_methods x25_methods; struct rr_isdn { struct rr rr; struct binary_data isdn_address; struct binary_data sa; int sa_present; }; extern struct rr_methods isdn_methods; struct rr_px { struct rr rr; int preference; char *map822; char *mapx400; }; extern struct rr_methods px_methods; struct rr_kx { struct rr rr; int preference; char *exchanger; }; extern struct rr_methods kx_methods; struct rr_dnskey { struct rr rr; uint16_t flags; uint8_t protocol; uint8_t algorithm; struct binary_data pubkey; /* calculated */ uint16_t key_tag; int pkey_built; void *pkey; /* extras */ int key_type; struct rr_dnskey *next_key; }; extern struct rr_methods dnskey_methods; extern struct rr_methods cdnskey_methods; #define KEY_TYPE_UNUSED 0 #define KEY_TYPE_KSK 1 #define KEY_TYPE_ZSK 2 int dnskey_build_pkey(struct rr_dnskey *rr); void dnskey_ksk_policy_check(void); struct rr_ds { struct rr rr; uint16_t key_tag; uint8_t algorithm; uint8_t digest_type; struct binary_data digest; }; extern struct rr_methods ds_methods; extern struct rr_methods cds_methods; struct rr_dlv { struct rr rr; uint16_t key_tag; uint8_t algorithm; uint8_t digest_type; struct binary_data digest; }; extern struct rr_methods dlv_methods; struct rr_nsap { struct rr rr; struct binary_data data; }; extern struct rr_methods nsap_methods; struct rr_hinfo { struct rr rr; struct binary_data cpu; struct binary_data os; }; extern struct rr_methods hinfo_methods; struct rr_rp { struct rr rr; char *mbox_dname; char *txt_dname; }; extern struct rr_methods rp_methods; struct rr_loc { struct rr rr; uint8_t version; uint8_t size; uint8_t horiz_pre; uint8_t vert_pre; uint32_t latitude; uint32_t longitude; uint32_t altitude; }; extern struct rr_methods loc_methods; struct rr_ptr { struct rr rr; char *ptrdname; }; extern struct rr_methods ptr_methods; struct rr_sshfp { struct rr rr; uint8_t algorithm; uint8_t fp_type; struct binary_data fingerprint; }; extern struct rr_methods sshfp_methods; struct rr_spf { struct rr rr; int count; struct binary_data spf[1]; }; extern struct rr_methods spf_methods; struct rr_cert { struct rr rr; uint16_t type; uint16_t key_tag; int algorithm; struct binary_data certificate; }; extern struct rr_methods cert_methods; struct rr_caa { struct rr rr; uint8_t flags; struct binary_data tag; struct binary_data value; }; extern struct rr_methods caa_methods; extern struct rr_nsec3 *first_nsec3; extern struct rr_nsec3 *latest_nsec3; extern void verify_all_keys(void); extern void* nsec3_validate(struct rr *rrv); extern void *remember_nsec3(char *name, struct rr_nsec3 *rr); extern void perform_remaining_nsec3checks(void); extern void *check_typemap(struct binary_data type_bitmap, struct named_rr *named_rr, struct rr *reference_rr); #endif tobez-validns-f423245/rrsig.c000066400000000000000000000362641314110214000160360ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" struct verification_data { struct verification_data *next; EVP_MD_CTX ctx; struct rr_dnskey *key; struct rr_rrsig *rr; int ok; unsigned long openssl_error; }; struct keys_to_verify { struct keys_to_verify *next; struct rr_rrsig *rr; struct rr_set *signed_set; int n_keys; struct verification_data to_verify[1]; }; static struct keys_to_verify *all_keys_to_verify = NULL; static struct rr* rrsig_parse(char *name, long ttl, int type, char *s) { struct rr_rrsig *rr = getmem(sizeof(*rr)); int type_covered, key_tag; char *str_type_covered; struct binary_data sig; long long ts; str_type_covered = extract_label(&s, "type covered", "temporary"); if (!str_type_covered) return NULL; type_covered = str2rdtype(str_type_covered, NULL); if (type_covered <= 0 || type_covered > 65535) return NULL; rr->type_covered = type_covered; rr->algorithm = extract_algorithm(&s, "algorithm"); if (rr->algorithm == ALG_UNSUPPORTED) return NULL; if (rr->algorithm == ALG_PRIVATEDNS || rr->algorithm == ALG_PRIVATEOID) { return bitch("private algorithms are not supported in RRSIG"); } rr->labels = extract_integer(&s, "labels", NULL); if (rr->labels < 0) return NULL; /* TODO validate labels, see http://tools.ietf.org/html/rfc4034#section-3.1.3 */ rr->orig_ttl = extract_timevalue(&s, "original TTL"); if (rr->orig_ttl < 0) return NULL; ts = extract_timestamp(&s, "signature expiration"); if (ts < 0) return NULL; rr->sig_expiration = ts; ts = extract_timestamp(&s, "signature inception"); if (ts < 0) return NULL; rr->sig_inception = ts; key_tag = extract_integer(&s, "key tag", NULL); if (key_tag < 0) return NULL; rr->key_tag = key_tag; rr->signer = extract_name(&s, "signer name", 0); if (!rr->signer) return NULL; /* TODO validate signer name, http://tools.ietf.org/html/rfc4034#section-3.1.7 */ sig = extract_base64_binary_data(&s, "signature"); if (sig.length < 0) return NULL; /* TODO validate signature length based on algorithm */ if (algorithm_type(rr->algorithm) == ALG_ECC_FAMILY) { /* * Transform ECDSA signatures from DNSSEC vanilla binary * representation (r || s) into OpenSSL ASN.1 DER format */ ECDSA_SIG *ecdsa_sig = ECDSA_SIG_new(); int l = sig.length / 2; if ((BN_bin2bn((unsigned char *)sig.data, l, ecdsa_sig->r) == NULL) || (BN_bin2bn(((unsigned char *)sig.data) + l, l, ecdsa_sig->s) == NULL)) return NULL; sig.length = i2d_ECDSA_SIG(ecdsa_sig, NULL); sig.data = getmem(sig.length); /* reallocate larger mempool chunk */ unsigned char *sig_ptr = (unsigned char *)sig.data; sig.length = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr); ECDSA_SIG_free(ecdsa_sig); } rr->signature = sig; if (*s) { return bitch("garbage after valid RRSIG data"); } G.dnssec_active = 1; return store_record(type, name, ttl, rr); } static char* rrsig_human(struct rr *rrv) { // RRCAST(rrsig); // char s[1024]; //snprintf(s, 1024, "SOA %s %s %d %d %d %d %d", // rr->mname, rr->rname, rr->serial, // rr->refresh, rr->retry, rr->expire, rr->minimum); //return quickstrdup_temp(s); return NULL; } static struct binary_data rrsig_wirerdata_ex(struct rr *rrv, int with_signature) { RRCAST(rrsig); struct binary_data bd; bd = compose_binary_data("2114442d", 1, rr->type_covered, rr->algorithm, rr->labels, rr->orig_ttl, rr->sig_expiration, rr->sig_inception, rr->key_tag, name2wire_name(rr->signer)); if (with_signature) { return compose_binary_data("dd", 1, bd, rr->signature); } return bd; } static struct binary_data rrsig_wirerdata(struct rr *rrv) { return rrsig_wirerdata_ex(rrv, 1); } struct rr_with_wired { struct rr *rr; struct binary_data wired; }; static int compare_rr_with_wired(const void *va, const void *vb) { const struct rr_with_wired *a = va; const struct rr_with_wired *b = vb; int r; if (a->wired.length == b->wired.length) { return memcmp(a->wired.data, b->wired.data, a->wired.length); } else if (a->wired.length < b->wired.length) { r = memcmp(a->wired.data, b->wired.data, a->wired.length); if (r != 0) return r; return -1; } else { r = memcmp(a->wired.data, b->wired.data, b->wired.length); if (r != 0) return r; return 1; } } static struct verification_data *verification_queue = NULL; static int verification_queue_size = 0; static pthread_mutex_t queue_lock; static int workers_started = 0; static pthread_t *workers; void *verification_thread(void *dummy) { struct verification_data *d; struct timespec sleep_time; while (1) { if (pthread_mutex_lock(&queue_lock) != 0) croak(1, "pthread_mutex_lock"); d = verification_queue; if (d) { verification_queue = d->next; G.stats.signatures_verified++; } if (pthread_mutex_unlock(&queue_lock) != 0) croak(1, "pthread_mutex_unlock"); if (d) { int r; d->next = NULL; r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); if (r == 1) { d->ok = 1; } else { d->openssl_error = ERR_peek_last_error(); } if (pthread_mutex_lock(&queue_lock) != 0) croak(1, "pthread_mutex_lock"); verification_queue_size--; if (pthread_mutex_unlock(&queue_lock) != 0) croak(1, "pthread_mutex_unlock"); } else { sleep_time.tv_sec = 0; sleep_time.tv_nsec = 10000000; nanosleep(&sleep_time, NULL); } } } static void start_workers(void) { int i; if (workers_started) return; if (G.opt.verbose) fprintf(stderr, "starting workers for signature verification\n"); workers = getmem(sizeof(*workers)*G.opt.n_threads); for (i = 0; i < G.opt.n_threads; i++) { if (pthread_create(&workers[i], NULL, verification_thread, NULL) != 0) croak(1, "pthread_create"); } workers_started = 1; } static void schedule_verification(struct verification_data *d) { int cur_size; if (G.opt.n_threads > 1) { if (pthread_mutex_lock(&queue_lock) != 0) croak(1, "pthread_mutex_lock"); d->next = verification_queue; verification_queue = d; verification_queue_size++; cur_size = verification_queue_size; if (pthread_mutex_unlock(&queue_lock) != 0) croak(1, "pthread_mutex_unlock"); if (!workers_started && cur_size >= G.opt.n_threads) start_workers(); } else { int r; G.stats.signatures_verified++; r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); if (r == 1) { d->ok = 1; } else { d->openssl_error = ERR_peek_last_error(); } } } static int verify_signature(struct verification_data *d, struct rr_set *signed_set) { uint16_t b2; uint32_t b4; struct binary_data chunk; struct rr_with_wired *set; struct rr *signed_rr; int i; EVP_MD_CTX_init(&d->ctx); switch (d->rr->algorithm) { case ALG_DSA: case ALG_RSASHA1: case ALG_DSA_NSEC3_SHA1: case ALG_RSASHA1_NSEC3_SHA1: if (EVP_VerifyInit(&d->ctx, EVP_sha1()) != 1) return 0; break; case ALG_RSASHA256: if (EVP_VerifyInit(&d->ctx, EVP_sha256()) != 1) return 0; break; case ALG_RSASHA512: if (EVP_VerifyInit(&d->ctx, EVP_sha512()) != 1) return 0; break; case ALG_ECDSAP256SHA256: if (EVP_VerifyInit(&d->ctx, EVP_sha256()) != 1) return 0; break; case ALG_ECDSAP384SHA384: if (EVP_VerifyInit(&d->ctx, EVP_sha384()) != 1) return 0; break; default: return 0; } chunk = rrsig_wirerdata_ex(&d->rr->rr, 0); if (chunk.length < 0) return 0; EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length); set = getmem_temp(sizeof(*set) * signed_set->count); signed_rr = signed_set->tail; i = 0; while (signed_rr) { set[i].rr = signed_rr; set[i].wired = call_get_wired(signed_rr); if (set[i].wired.length < 0) return 0; i++; signed_rr = signed_rr->next; } qsort(set, signed_set->count, sizeof(*set), compare_rr_with_wired); for (i = 0; i < signed_set->count; i++) { chunk = name2wire_name(signed_set->named_rr->name); if (chunk.length < 0) return 0; EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length); b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(&d->ctx, &b2, 2); b2 = htons(1); /* class IN */ EVP_VerifyUpdate(&d->ctx, &b2, 2); b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(&d->ctx, &b4, 4); b2 = htons(set[i].wired.length); EVP_VerifyUpdate(&d->ctx, &b2, 2); EVP_VerifyUpdate(&d->ctx, set[i].wired.data, set[i].wired.length); } schedule_verification(d); return 1; } static void *rrsig_validate(struct rr *rrv) { RRCAST(rrsig); struct named_rr *named_rr; struct rr_set *signed_set; struct rr_dnskey *key = NULL; struct rr_set *dnskey_rr_set; int candidate_keys = 0; struct keys_to_verify *candidates; int i = 0; int t; named_rr = rr->rr.rr_set->named_rr; for (t = 0; t < G.opt.n_times_to_check; t++) { if (G.opt.times_to_check[t] < rr->sig_inception) { return moan(rr->rr.file_name, rr->rr.line, "%s signature is too new", named_rr->name); } if (G.opt.times_to_check[t] > rr->sig_expiration) { return moan(rr->rr.file_name, rr->rr.line, "%s signature is too old", named_rr->name); } } signed_set = find_rr_set_in_named_rr(named_rr, rr->type_covered); if (!signed_set) { return moan(rr->rr.file_name, rr->rr.line, "%s RRSIG exists for non-existing type %s", named_rr->name, rdtype2str(rr->type_covered)); } if (signed_set->tail->ttl != rr->orig_ttl) { return moan(rr->rr.file_name, rr->rr.line, "%s RRSIG's original TTL differs from corresponding record's", named_rr->name); } dnskey_rr_set = find_rr_set(T_DNSKEY, rr->signer); if (!dnskey_rr_set) { return moan(rr->rr.file_name, rr->rr.line, "%s RRSIG(%s): cannot find a signer key (%s)", named_rr->name, rdtype2str(rr->type_covered), rr->signer); } key = (struct rr_dnskey *)dnskey_rr_set->tail; while (key) { if (key->algorithm == rr->algorithm && key->key_tag == rr->key_tag) { candidate_keys++; dnskey_build_pkey(key); } key = (struct rr_dnskey *)key->rr.next; } if (candidate_keys == 0) return moan(rr->rr.file_name, rr->rr.line, "%s RRSIG(%s): cannot find the right signer key (%s)", named_rr->name, rdtype2str(rr->type_covered), rr->signer); candidates = getmem(sizeof(struct keys_to_verify) + (candidate_keys-1) * sizeof(struct verification_data)); candidates->next = all_keys_to_verify; candidates->rr = rr; candidates->signed_set = signed_set; candidates->n_keys = candidate_keys; all_keys_to_verify = candidates; key = (struct rr_dnskey *)dnskey_rr_set->tail; while (key) { if (key->algorithm == rr->algorithm && key->key_tag == rr->key_tag) { candidates->to_verify[i].key = key; candidates->to_verify[i].rr = rr; candidates->to_verify[i].ok = 0; candidates->to_verify[i].openssl_error = 0; candidates->to_verify[i].next = NULL; i++; } key = (struct rr_dnskey *)key->rr.next; } return rr; } static pthread_mutex_t *lock_cs; static long *lock_count; static unsigned long pthreads_thread_id(void) { unsigned long ret; ret=(unsigned long)pthread_self(); return(ret); } static void pthreads_locking_callback(int mode, int type, char *file, int line) { if (mode & CRYPTO_LOCK) { pthread_mutex_lock(&(lock_cs[type])); lock_count[type]++; } else { pthread_mutex_unlock(&(lock_cs[type])); } } void verify_all_keys(void) { struct keys_to_verify *k = all_keys_to_verify; int i; struct timespec sleep_time; ERR_load_crypto_strings(); if (G.opt.n_threads > 1) { lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); for (i = 0; i < CRYPTO_num_locks(); i++) { lock_count[i] = 0; pthread_mutex_init(&lock_cs[i],NULL); } CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id); CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback); if (pthread_mutex_init(&queue_lock, NULL) != 0) croak(1, "pthread_mutex_init"); } while (k) { freeall_temp(); for (i = 0; i < k->n_keys; i++) { if (dnskey_build_pkey(k->to_verify[i].key)) verify_signature(&k->to_verify[i], k->signed_set); } k = k->next; } start_workers(); /* this is needed in case n_threads is greater than the number of signatures to verify */ while (verification_queue_size > 0) { sleep_time.tv_sec = 0; sleep_time.tv_nsec = 10000000; nanosleep(&sleep_time, NULL); } k = all_keys_to_verify; while (k) { int ok = 0; unsigned long e = 0; for (i = 0; i < k->n_keys; i++) { if (k->to_verify[i].ok) { if (k->to_verify[i].rr->rr.rr_set->named_rr->flags & NAME_FLAG_APEX) { if (k->to_verify[i].key->key_type == KEY_TYPE_UNUSED) k->to_verify[i].key->key_type = KEY_TYPE_KSK; } else { k->to_verify[i].key->key_type = KEY_TYPE_ZSK; } ok = 1; break; } else { if (k->to_verify[i].openssl_error != 0) e = k->to_verify[i].openssl_error; } } if (!ok) { struct named_rr *named_rr; named_rr = k->rr->rr.rr_set->named_rr; moan(k->rr->rr.file_name, k->rr->rr.line, "%s RRSIG(%s): %s", named_rr->name, rdtype2str(k->rr->type_covered), e ? ERR_reason_error_string(e) : "cannot verify signature, reason unknown"); } k = k->next; } } struct rr_methods rrsig_methods = { rrsig_parse, rrsig_human, rrsig_wirerdata, NULL, rrsig_validate }; tobez-validns-f423245/rt.c000066400000000000000000000024231314110214000153230ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *rt_parse(char *name, long ttl, int type, char *s) { struct rr_rt *rr = getmem(sizeof(*rr)); rr->preference = extract_integer(&s, "RT preference", NULL); if (rr->preference < 0) return NULL; rr->intermediate_host = extract_name(&s, "intermediate-host", 0); if (!rr->intermediate_host) return NULL; if (*s) { return bitch("garbage after valid RT data"); } return store_record(type, name, ttl, rr); } static char* rt_human(struct rr *rrv) { RRCAST(rt); char s[1024]; snprintf(s, 1024, "%d %s", rr->preference, rr->intermediate_host); return quickstrdup_temp(s); } static struct binary_data rt_wirerdata(struct rr *rrv) { RRCAST(rt); return compose_binary_data("2d", 1, rr->preference, name2wire_name(rr->intermediate_host)); } struct rr_methods rt_methods = { rt_parse, rt_human, rt_wirerdata, NULL, NULL }; tobez-validns-f423245/soa.c000066400000000000000000000044321314110214000154620ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr* soa_parse(char *name, long ttl, int type, char *s) { struct rr_soa *rr = getmem(sizeof(*rr)); long long i; rr->mname = extract_name(&s, "mname", 0); if (!rr->mname) return NULL; rr->rname = extract_name(&s, "rname", 0); if (!rr->rname) return NULL; i = extract_integer(&s, "serial", NULL); if (i < 0) return NULL; if (i > 4294967295UL) return bitch("serial is out of range"); rr->serial = i; rr->refresh = extract_timevalue(&s, "refresh"); if (rr->refresh < 0) return NULL; rr->retry = extract_timevalue(&s, "retry"); if (rr->retry < 0) return NULL; rr->expire = extract_timevalue(&s, "expire"); if (rr->expire < 0) return NULL; rr->minimum = extract_timevalue(&s, "minimum"); if (rr->minimum < 0) return NULL; if (ttl < 0 && G.opt.soa_minttl_as_default_ttl) { ttl = rr->minimum; } if (*s) { return bitch("garbage after valid SOA data"); } return store_record(type, name, ttl, rr); } static char* soa_human(struct rr *rrv) { RRCAST(soa); char s[1024]; snprintf(s, 1024, "%s %s %u %d %d %d %d", rr->mname, rr->rname, rr->serial, rr->refresh, rr->retry, rr->expire, rr->minimum); return quickstrdup_temp(s); } static struct binary_data soa_wirerdata(struct rr *rrv) { RRCAST(soa); return compose_binary_data("dd44444", 1, name2wire_name(rr->mname), name2wire_name(rr->rname), rr->serial, rr->refresh, rr->retry, rr->expire, rr->minimum); } static void *soa_validate(struct rr *rrv) { RRCAST(soa); if (strchr(rr->mname, '/') != NULL) return moan(rr->rr.file_name, rr->rr.line, "MNAME contains '/'"); if (strchr(rr->rname, '/') != NULL) return moan(rr->rr.file_name, rr->rr.line, "RNAME contains '/'"); return NULL; } struct rr_methods soa_methods = { soa_parse, soa_human, soa_wirerdata, NULL, soa_validate }; tobez-validns-f423245/spf.c000066400000000000000000000041701314110214000154670ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" /* XXX * We need to add the following spf-specific policy checks: * - record not too long (DNS name + length of SPF+TXT < 450) - rfc4408, 3.1.4 * - record should match /^v=spf1( |$)/ - rfc4408, 4.5 * - maybe check for other syntax features * - there should be an identical TXT record - rfc4408, 3.1.1 * - there should only be one SPF per DNS name - rfc4408, 4.5 */ static struct rr *spf_parse(char *name, long ttl, int type, char *s) { struct rr_spf *rr; struct binary_data spf[20]; int i; i = 0; while (*s) { if (i >= 20) return bitch("program limit: too many SPF text segments"); spf[i] = extract_text(&s, "SPF text segment"); if (spf[i].length < 0) return NULL; if (spf[i].length > 255) return bitch("SPF segment too long"); i++; } if (i == 0) return bitch("empty text record"); rr = getmem(sizeof(*rr) + sizeof(struct binary_data) * (i-1)); rr->count = i; for (i = 0; i < rr->count; i++) { rr->spf[i] = spf[i]; } return store_record(type, name, ttl, rr); } static char* spf_human(struct rr *rrv) { RRCAST(spf); char ss[1024]; int i; char *s = ss; int l; for (i = 0; i < rr->count; i++) { l = snprintf(s, 1024-(s-ss), "\"%s\" ", rr->spf[i].data); s += l; } return quickstrdup_temp(ss); } static struct binary_data spf_wirerdata(struct rr *rrv) { RRCAST(spf); struct binary_data r, t; int i; r = bad_binary_data(); t.length = 0; t.data = NULL; for (i = 0; i < rr->count; i++) { r = compose_binary_data("db", 1, t, rr->spf[i]); t = r; } return r; } struct rr_methods spf_methods = { spf_parse, spf_human, spf_wirerdata, NULL, NULL }; tobez-validns-f423245/srv.c000066400000000000000000000034331314110214000155120ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr *srv_parse(char *name, long ttl, int type, char *s) { struct rr_srv *rr = getmem(sizeof(*rr)); int i; /* TODO validate `name` (underscores etc) http://tools.ietf.org/html/rfc2782 */ i = extract_integer(&s, "priority", NULL); if (i < 0) return NULL; if (i >= 65536) return bitch("priority range is not valid"); rr->priority = i; i = extract_integer(&s, "weight", NULL); if (i < 0) return NULL; if (i >= 65536) return bitch("weight range is not valid"); rr->weight = i; i = extract_integer(&s, "port", NULL); if (i < 0) return NULL; if (i >= 65536) return bitch("port range is not valid"); rr->port = i; rr->target = extract_name(&s, "target", 0); if (!rr->target) return NULL; if (*s) { return bitch("garbage after valid SRV data"); } return store_record(type, name, ttl, rr); } static char* srv_human(struct rr *rrv) { RRCAST(srv); char s[1024]; snprintf(s, 1024, "%hu %hu %hu %s", rr->priority, rr->weight, rr->port, rr->target); return quickstrdup_temp(s); } static struct binary_data srv_wirerdata(struct rr *rrv) { RRCAST(srv); return compose_binary_data("222d", 1, rr->priority, rr->weight, rr->port, name2wire_name(rr->target)); } struct rr_methods srv_methods = { srv_parse, srv_human, srv_wirerdata, NULL, NULL }; tobez-validns-f423245/sshfp.c000066400000000000000000000044731314110214000160300ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" static struct rr* sshfp_parse(char *name, long ttl, int type, char *s) { struct rr_sshfp *rr = getmem(sizeof(*rr)); int algorithm, fp_type; algorithm = extract_integer(&s, "algorithm", NULL); if (algorithm < 0) return NULL; if (algorithm != 1 && algorithm != 2 && algorithm != 3 && algorithm != 4) return bitch("unsupported algorithm"); rr->algorithm = algorithm; fp_type = extract_integer(&s, "fp type", NULL); if (fp_type < 0) return NULL; if (fp_type != 1 && fp_type != 2) return bitch("unsupported fp_type"); rr->fp_type = fp_type; rr->fingerprint = extract_hex_binary_data(&s, "fingerprint", EXTRACT_EAT_WHITESPACE); if (rr->fingerprint.length < 0) return NULL; if (rr->fp_type == 1 && rr->fingerprint.length != SHA1_BYTES) { return bitch("wrong SHA-1 fingerprint length: %d bytes found, %d bytes expected", rr->fingerprint.length, SHA1_BYTES); } if (rr->fp_type == 2 && rr->fingerprint.length != SHA256_BYTES) { return bitch("wrong SHA-256 fingerprint length: %d bytes found, %d bytes expected", rr->fingerprint.length, SHA256_BYTES); } if (*s) { return bitch("garbage after valid SSHFP data"); } return store_record(type, name, ttl, rr); } static char* sshfp_human(struct rr *rrv) { RRCAST(sshfp); char ss[4096]; char *s = ss; int l; int i; l = snprintf(s, 4096, "%u %u ", rr->algorithm, rr->fp_type); s += l; for (i = 0; i < rr->fingerprint.length; i++) { l = snprintf(s, 4096-(s-ss), "%02X", (unsigned char)rr->fingerprint.data[i]); s += l; } return quickstrdup_temp(ss); } static struct binary_data sshfp_wirerdata(struct rr *rrv) { RRCAST(sshfp); return compose_binary_data("11d", 1, rr->algorithm, rr->fp_type, rr->fingerprint); } struct rr_methods sshfp_methods = { sshfp_parse, sshfp_human, sshfp_wirerdata, NULL, NULL }; tobez-validns-f423245/t/000077500000000000000000000000001314110214000147745ustar00rootroot00000000000000tobez-validns-f423245/t/issues/000077500000000000000000000000001314110214000163075ustar00rootroot00000000000000tobez-validns-f423245/t/issues/21-nsec3-without-corresponding/000077500000000000000000000000001314110214000241155ustar00rootroot00000000000000tobez-validns-f423245/t/issues/21-nsec3-without-corresponding/Kexample.sec.+008+48381.key000066400000000000000000000006021314110214000302100ustar00rootroot00000000000000example.sec. IN DNSKEY 256 3 8 AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg273Tp4oRpnmnmgizDFtLQh nIv1Mr3AuwSWVIDeavuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90yQwf C53hxyH10GzGnAx4Sutrdkh1w4HM1nMBdlTMa0g9yxjJ0vm/T7qHzj+3 dTUi84s8Du2mfMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB/QUuoY2F yThfidT+nhOQpzftVtLcta0E0Uv3PcVDp1d7vBXsAEYGHr54r2vb3eXd OTmoFyh/byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01u8SJYP6ULwx0 mZ0p5BmoMH8= tobez-validns-f423245/t/issues/21-nsec3-without-corresponding/Kexample.sec.+008+48381.private000066400000000000000000000032471314110214000311020ustar00rootroot00000000000000Private-key-format: v1.2 Algorithm: 8 (RSASHA256) Modulus: 1k6+cu1N1CN90iqofey1vu8jpsmWDbvdOnihGmeaeaCLMMW0tCGci/UyvcC7BJZUgN5q+6LJYgC1+/DLR/cRgi/xizmQOIqzw8TWT3TJDB8LneHHIfXQbMacDHhK62t2SHXDgczWcwF2VMxrSD3LGMnS+b9PuofOP7d1NSLzizwO7aZ8wPqejL6V5nYi5fuUVxrxLMM2aFQ9ORe4WsH9BS6hjYXJOF+J1P6eE5CnN+1W0ty1rQTRS/c9xUOnV3u8FewARgYevniva9vd5d05OagXKH9vJ6FSU+rWAMQfSYFGVZtQepsacrKiXPR1HTW7xIlg/pQvDHSZnSnkGagwfw== PublicExponent: AQAB PrivateExponent: LOxwy9Km3/NYqre6fjsilhW3GX1kcRiSdXFYBBr3rMtUojKvgJsTH9uUeWZvTbTdne4B6yHiqSKRA3Eki79k8i9uqMq2SsP4ju8yJZHLmzjezIfJoHrQ6BxyFcMZoWPzdZkKFKmFwrHpxjjbvFcHvfiAu025Pta9C2o/rZXYC7V3BWQowqYBfukdpZkCEhzFzEtC1ROXN4jPJBwNIma52QTLH6jK5BOfOJ5DhS1SF+r/EkuvXnylApVfjPfUIC8ocVvpn5WLoabWL+eURIi6MvVT59ppzc6WRUT2PxDskT2WUWfw3zq5B7JCM8/qfYIDUHvt1h6JcJHTAOz9Hr2f4Q== Prime1: 8UNey2U7voMhZmVUMpH5C8q7+hp6PQ6dUYd+hjaQVnsDOLPBT+zZf8R3str7pY/xlOOHy+DxYmZ0e17OumSOXTeQR4VSdsr/tpWc/qd2jd1I5N58R4G/yZHgTm8pm6VRb7NwZ7Eg6o2z0G2UEykFeberyg4U6SHBDP6DZNvGrQk= Prime2: 42XeoQUBshFkTYekdeqPfGqC1YXsK0URLGAbPbk8HlOiG7ueVmUnsAS47lyuEJPzIUgqqBbDM+CCdW8AvPJFDXa09l4akfCrLRyAdkreGj3bgmUs5wUFbDZyOHvRFSxdUI8LOcAhXthy86l+wErKwm6sWfd1oPGvMmC1qiSsW0c= Exponent1: JpdjK1+3DcNF7W4Z6LjmwFceeGQR14Bl86ubtnY14k9s9X3zVwiIxeI0T1yt0g7TUsCOcTM7CUVgLne8053QE+MWZgpSZYQVISyPX0CEOy8BQPLBqGJ9vg1idslbO3VXMGngegWgQUSHVbihbesq4AxcI0bbW2s1yRFRDSoGfpk= Exponent2: NbR7bd/21I1S+RSN/ONW2/VzzOYCLv3y3l4cUOmMj0UFRjN7Y8AkLWgQHQt6eKPYigW3PVeS5o+hgAalT/qP4GwmtQDomYsTgmX22Pk5l00AqL0oa6895p69PyXO7Yc6yqnd5te/idzo2S8wpk2DsYPd5KmS+F3cGLPKc9KRekU= Coefficient: ev+8Aj3u6mICRe6Y0NqYTGrXSBMDXf92dI4+CZtwy43cyTvvZSABWvlLTTXf8XAlnnPxszSpG7+e8bQk4A7ZIagcDFSUjzwtVoLqKqbyLPMNjJKqvGW2iTwfpXAHTadd9EmvTPsEVCJnZAvkyn9XQ49phL9IkFzj9kmSrGqnN4Q= tobez-validns-f423245/t/issues/21-nsec3-without-corresponding/dsset-example.sec.000066400000000000000000000002471314110214000274450ustar00rootroot00000000000000example.sec. IN DS 48381 8 1 99477B577BF885AB2512B8DCA052D7B71DD968BA example.sec. IN DS 48381 8 2 E5411AAE0758711B164730F9069CCFA3CAB00391FDD76D04EB3E8610 CAA09E93 tobez-validns-f423245/t/issues/21-nsec3-without-corresponding/example.sec000066400000000000000000000011241314110214000262420ustar00rootroot00000000000000$TTL 1d $INCLUDE Kexample.sec.+008+48381.key @ IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL IN NS ns1.example.net. 1.1.1.1.1.1.1.1.1.1.33 IN NS ns1.example.net. 6.5.4.3.2.33 IN NS ns1.example.net. 9.8.7.6.5.4.3.2.33 IN NS ns1.example.net. bebe.meme IN A 1.2.3.4 tobez-validns-f423245/t/issues/21-nsec3-without-corresponding/example.sec.signed000066400000000000000000000351701314110214000275220ustar00rootroot00000000000000; File written on Fri Aug 24 16:33:53 2012 ; dnssec_signzone version 9.8.3 example.sec. 86400 IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 8 2 86400 20120923133353 ( 20120824133353 48381 example.sec. QySkSzvLPglLtsg976XY0GAdDCzZY9IEiVrn PAsFloXokhd3sYDi+/Wg+XNNPasoqvUv75c9 JYbXyV9ZF0axe7TVvCmynNi2fn5xvfU3MbiX bQqkoJq708xLtxkDjkKj4wo7aLfNXqItdvlG 8MBNI7lUMd9V1EAp1+sKz4oCbAm67dUZsJTs NNQewA2NTkZG8SLU12ueBoEm3SFIkDaGf3pr BqFKnKo7Dpi5quPydRyZv23lDkAFv86eMBky 7Ftz5JSnTrxQ96J5idVzc+8V2VJJLCMps/Lg 0f8EWXU13oy8hVNHgsbMkMgwuhK0TpoAQ3Xu 12I+iB9gXmOB7S1TWw== ) 86400 NS ns1.example.net. 86400 RRSIG NS 8 2 86400 20120923133353 ( 20120824133353 48381 example.sec. jq61ICTW2ofwSICLNMF5DiPO1wH6Y8t/oDO6 5Rz07pV02fSbEZXHpap4MLne0ikOqKPtFhsP qdircIdp9SccoXq1biKu+6yw0sGRwbR82Foq 4LIgz9yoSr0W2bUICSaa7SZDtnqpTj9tyVVx 9hFWM1DemqyU9k6wi3Qtvqyge9NRH2IbQstr Z6IhlpKlxeNR9P+H0aoYEoqfYIb8rSlv9KFq wB6HeBCgBl0rJ/EpHQI9P9SZzgvgVjzAgWzb yXCmwkDUoFNDaIt+6rbWIWxTO3NETVOPcCRh fWFJpahmKqy+7sQOdXYtOkUp4T48bMttktMN jGx0TDN6hDUWPOGKrA== ) 86400 DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; key id = 48381 86400 RRSIG DNSKEY 8 2 86400 20120923133353 ( 20120824133353 48381 example.sec. CxJvtfEuhQr694uCQg6fyz2sAg+TqH242DnL BSidvv9GzKZdHiZs+iFfcrGC4nJ3pTeWMv5/ zp2AXXkpJeCdW5Gy1xy9aexDRJuUMaFzE4xN v/QTdDzBWJBujDNM1C/HstntlQvOGLLTFGsY JCfVguYs0qqSPNd9fbDs7/edhMDe3f6v68+O UISrEgfy2PJpGeg5idX+63G4GE0OOa08dwUw LJQAGpobUjk3TjSh08jllQ21iQIdUV1pxfrC qBu2HH8ZMlSpk4ZoTsDKCNGy5VMQcRxtOOa6 9kTcmhNakfxnK+24Wu+xjqmmIWBPKxtmhYfw IlzGSu2uuGd7PvwovA== ) 0 NSEC3PARAM 1 0 1 94CD 0 RRSIG NSEC3PARAM 8 2 0 20120923133353 ( 20120824133353 48381 example.sec. N5gosx8Suslg27+3wPYAP8gXeH91Wc4ebH5H mZMkEL5b0ODgSvVgPhwTRRE1/SJGzXGWXSpW VopGKMh6SLBNAmfi6gsRtIfPutJA6hmqRtqK JiKEi6Sy3gRLKPJC1Hd/v8K2rslSoCFFsive w5cZBonS85f7n+BA9VglfQmPqux2/LvykcGS /tVGz5zZXWRdPPapj5e+TKrBfVglmcaIL9uk c4uMHtSkdwlKrXV2SCPK6H9meYIsEg8SvIXN Kx2Wfo3hvD9XINYRKwsN6FGFYrOvHpdJI/Mz QUZ70+nUQU4sbV3Y4yoHhI9Y8Dn8khdCqjCg ynbFt1GVrA0QobO9WQ== ) 9.8.7.6.5.4.3.2.33.example.sec. 86400 IN NS ns1.example.net. 1.1.1.1.1.1.1.1.1.1.33.example.sec. 86400 IN NS ns1.example.net. 6.5.4.3.2.33.example.sec. 86400 IN NS ns1.example.net. 0A8475SNU6T5P84AMC4I7KAEAMKCMIAF.example.sec. 604800 IN NSEC3 1 0 1 94CD 1F02V227102AEBUICGPQNPFSMSQ56UNC 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. mipK0k5i2YVpsDosay3tcOBgvykaBn9gaDJN /otEJTXurcfGkRria5C3AsTrq68PIhM9Ct5v bJxgaz0ab1hBHhDe8AZNVzrqrYWmmSgpNrBk VJTx3YnYUuO25MYEEh00/1/JYyHwaGdtjkoD KAwAUt7NqlLZjEHWlZUap+2sxeq1T6l6owDu xt/FNpb8QdUXYK5lsaqCWbNTHWQ3F8n49h1Y ve+m5NtbFL8+7qxrBRSC68eBTPrQfsAym4oB yU05KTFLgHgI7CrexI1dyx+mb19LA0IVKGas bo8lD20VQdiGuEflZj04rihXmJYGU/rNrV4r BhyABAvc26GMfGIa1w== ) 4H7F6LT6O2L8EJJEK17S0MPTF3G1GMS3.example.sec. 604800 IN NSEC3 1 0 1 94CD 6MMR4M238C6KQ7OL4J0HD33VSF2RBFE6 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. lX7thD4OK1v7YDU4waKvTR/YZN0c/jpLcZRh vEw/wVY6o2ZjC4DPmFlhHNDGcNil1Dtwxxnq iO4T6iNZOWWnnGy3WprLlO9hN6eZvC3c0jio uDynQyHytpwNIUtLSiHEqhNZUUt2f4BK0C6o oMFepT/+dKBuyK+FWWkjVswrhmPbpTvnKUOh ob2ONOh1UcOhjtTjl8kr51DnDe6/xOACCi4L a8UvTLRROvWUoQt4U7A8n4svrc7oYTh+lIfb I/6NYX6loVa9g1hiipx+Kn7VkcGGSTWP5lFv jx3nl9QyrqZYUMeCyF4FgYv2R029bxRJM4xN e03+Kwof3LuK6RiRhg== ) ANUH4A3TCIVO884LMD5SA3S1563VKCOG.example.sec. 604800 IN NSEC3 1 0 1 94CD B23STANUG8J6J7Q86S978IDEOHR9SKOK NS SOA RRSIG DNSKEY NSEC3PARAM 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. z8HofxVlX+519QE5aW0uywdOA6O+YP8y5Yr5 wJlyyLefw5Fti0dmU7qGzR5NoOxTfyH+lJDb 7IPB5DaA4OI3wA6XCHJ1CVrNZJ7kKOt35L0N vR1cq89V0wISlfVSMa4Lh6qOvfjEFcpZOziQ +G9s2hYdKQIxHEAmX35H+ZK3yDuWKgGvZCiP wARqDipOzAbsgMUXUFT4/q1YhXENU44yxMGv QoZWskJ5bfrHWvZY/PDPQX18JziMM5zkL+sJ 32HtIl2Ji3bPboqbGKrfXg35v6LR2oNl56Bq TTFFmGwUr0GOhJhtJOHxtxJ7gc6JBkn6MdG0 Rm41tHPCdsJqi2eYZA== ) B48FHI6PGSEKSCPQHI53K69GG9QPT86F.example.sec. 604800 IN NSEC3 1 0 1 94CD BUA7DPQPLLPMOFP3570HUGOCO0PMK9TI 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. ByAqe7JjTyKwuudzVHqZTQCtJLT3NSlKVGvQ EcpOVPr6f4VXHCpJ2U0uw1SgdzZgw/trIo0z MWY0MU94NDPZ0jt0G4Bz9CXF+MJSOmXF/G8D +DEvC0rdeAi3tMupIGMyAkkeL3hLiyo7FCBx SsuqWu0FQ5Gd2PTYUXiSX3ZG9NlTtDgjHtPS doAfO5ZtIJyLXUK6hWgEdNrfJOM/yDh7AS0y L7oHhk7xoGz+6U2ZoiScEIZ/wg2Ry02fvRgl CdkfQUAWctgpeBybCkImdlE18Ww3jPmknTcw fFpIsMGvdHW/yh7YMPibf9brn+l53DC52wQF hXENXf1Igy5KfMIgDQ== ) B23STANUG8J6J7Q86S978IDEOHR9SKOK.example.sec. 604800 IN NSEC3 1 0 1 94CD B48FHI6PGSEKSCPQHI53K69GG9QPT86F 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. YpjhuKP/CxZi1+/xsnYlq3Hb6KmxjXu7NaZ7 wL2+m1f5ffB8cu+1VMdMjXd9rA87KM+nZmIH ZgkM13BjscZYfZrD1QxTHZOpK98DsP0BVjab V3YxS99SrpWIWbsSGSnGuVnTIFg4Rc2Q7UY0 cPz2aPbTSjaYtmE+b4DS5KtZpsQUOc/mlPU5 1RiMkMOJqSnflQY922C43Xg/DaywBWaI18b1 gyL5wMyZ2OU+I1EVK1e/Hgp3xTU+VZFfH981 ooZvbHxTqvR2RPN/CiRmkb1j8OR8rtzQlAUq zE/N2G225694CXjbhnuxtMQDnARZ+YY59efI qRVe3R3RVwiIvnxubQ== ) 1F02V227102AEBUICGPQNPFSMSQ56UNC.example.sec. 604800 IN NSEC3 1 0 1 94CD 4H7F6LT6O2L8EJJEK17S0MPTF3G1GMS3 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. Sl0o9shH2wSZ11t342nNF8umWjmCc6aFTPab mhRnFDzzG2d++Cx4dXMsasDtUVspKQheiowA j6HZZSGYEQfmW8XFs5Hf4h0NVkQ83i3euXGl S1zbM0DiaGbNueIPSEyUBOyR1zzaBjzyhf6P axvora+y5Yb/UeiFQgvZY6JKBib9RHT61Dpk 8C30CK+KpBRIAa3nu+oESqP+qe+UDF6Gia8t Mn/8BMP+j070A38lrMFjfGmKq5QzMKP86Jnl dG88wXSmUe1EzvUM7Y/djimPvGfSfIFl7J8t rhQ3Cfs/Etu92HfQEqAhCg94BCv95RJXf9rj 6P2IRl7fn7tz8DPtcg== ) 71FH7088MFQ3GHCT8F0NKT9PF3BT46CC.example.sec. 604800 IN NSEC3 1 0 1 94CD ANUH4A3TCIVO884LMD5SA3S1563VKCOG 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. bFgJbtvnx6+ICYygvHrxhuCgZxcgUFA24pQl XwVUJqVgP+t8AfJ0GNURvoli4sxAa1ujJH/1 pdDrSTUSswqBClKM+n0C5Z1ZVEDdGLMsjxfH hRcnUaup5dwC2gwvxUg7ZYxUjxeCiLOc2UEA 7A/ASY/qwtMunGeXKFycY93k0F6udeFqnIFG jqR2yAoi271PbTkj7osSIJZJGi5bGIGlKDpu ht30LBfG243IlZeAm2nxg2vE9d4Nd+ZRlMJ0 8H9vahBubbT0yfJiREnILL14i4FvST++5i1y iaSRJPH2rMUp4oSsTvh8W07LjiytOG8IJkyY T1A2UFL/DOBxD2O8nw== ) IR5OEOOO61L2NLSFRK4OLKUJ6FEARD1Q.example.sec. 604800 IN NSEC3 1 0 1 94CD K9KP0QD9J3T0F3DH2LQPPB37CPPNP3PF 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. scrCa9zRBY4h4gHoe/esvDALkI7c6x6vXY4F pA7AnTb+L5WCrfp6tXiINwQ1Uvv16Olut162 QHdAe7GW1XQGdbuJ8tzBtQ9YkS6DvArSYYjb KiHMFND1dvy5UBc7BWJwM7ysLwdjEfiYkKBs WIZ/bfE3MbT3qRou/Kv8WQa33ELlkZ7x6sEs 5Era4soZ7SRzN4jba5r9TBwJoP9VQn7uNl2r h0hFclD4grfUcMZRcun3voVoVmpY/72xStsc r7btSUfDrzbcJP9W1WYcPDbsmyobY4QrYSCO VUzBP17DjEzIMztg+u5R7FhClb9lZ6qhrikW KtcOq3+nKs2JauRM4Q== ) BUA7DPQPLLPMOFP3570HUGOCO0PMK9TI.example.sec. 604800 IN NSEC3 1 0 1 94CD DGRBPEHGU29PPOAAQS0TK0K8KJLI60CF NS 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. EveB6krVUhecm3eWRh55oiDuHOfceimuJSAy 4KNd59B/+8FBB7U6KyaLm9YGZDP5d3wyP5Py 4G8z6j7vdTGbLTFsHyOxHwU1MGEqZU4vIB7N LX3P42CjD9FKFfTLS8ig0HJaxa/wYRMoxvxa fIPZZxuC/NR6ULLr6t7YIWp+rktew0vXAaPP tgmfEU9zAMqYsnKhyTttTT543btuXfHBg9th csf9dEz+p/lq1WZbyTTR4hs7ZkRYLA6TCI9q vxee5Hsfhjv2k1B7YA1AFCikAt3xqbxcuhir KpW66JXjbrp5ZxONejbYb3SLdY3PpWg2Al2W WHSV6e0cVZ47QsIFzw== ) K9KP0QD9J3T0F3DH2LQPPB37CPPNP3PF.example.sec. 604800 IN NSEC3 1 0 1 94CD MQAMDNGOIK8QUBPB4GDEG0EVOK91DQJ6 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. UFg9mb+GA3lmzuN/bJUdHf1o65i729zK0NUZ wQGscZD8q6vY+cPuaCGZxPBdIe0Jaf2XXzjp rJVyLwbdYVIR4IuoUZJLQbCfGOrBxp5BHTf8 ybft2+7foWAAQc8GNvhYKkmEpHdyfUWLrj8x Z4U+NP1fdBvO43TN0upQyeYTNa6E4umgQtYa zkMXeeQWf4+vf0Ue14rCEtCOFN2BDksL4mJF c93c1MfRMkTYX/2L7dtAfDgwcywdU+ndqXJv XC60MFEJfj/7oHO3LUQd1XdkNqg4gnyx6TgN zBcUXgN40FUZzRTHf5sXikmhm1Jm5Akaaune NB0mJ4DVzw8XLdDy2A== ) MQAMDNGOIK8QUBPB4GDEG0EVOK91DQJ6.example.sec. 604800 IN NSEC3 1 0 1 94CD PFQHTQGF3T3O7NQ37E7APPJS4E7G6FQI 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. aREhBMyCg3PaF9cbN2jS8Imj3GrfwrM2C3gU zVcJqD1SxPOGwr0UQq+IJxp2jf/4gKyGIU1V TQ2jFkdNLuF4tHtu4OQCAYwG7ngtawm/bT5J R7ecSVRQOmowEZa9/VbF8qN8EuTmB7L9wB2W 2Efj6moE/Yt0SLJ5UIbRoKN5mJZaxjzWOif5 F+xE7yi2JVOve4mbAkxV/cqYInksWedvrKZt SMBkIYbritHml3EHhI4MkDzAyDhw6rgY6P8I tWCgVZf/8NSTW8J89hon9y4Z5CZuQHZigdkx DVmcd6tsNyPlTP8HT4D+z5SaSD1GFKONjk5Z vYu3LXMlw2OT+8UsXA== ) 6MMR4M238C6KQ7OL4J0HD33VSF2RBFE6.example.sec. 604800 IN NSEC3 1 0 1 94CD 71FH7088MFQ3GHCT8F0NKT9PF3BT46CC NS 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. gH3QQQEbhWs3lNZn7yL+BMg8jOeILxZCMW4e 0iOBAfWpMxyxgvv9Jy3X9SQxui3zso6CfaoU av6bMupDNYvGsRb2e9I9K3KQKv48wI8Z7UN+ /z1RqXy7izL4MX7Df4EYnKvhi0eLGI4hBJLq my2AR4wswQiPG1tnBDa7lbx+o85GtHlX62lO MD8lS5CvkSxDMBb5bChR5DYl8NChdtaSMxRD yH7DZ6CI6t7ICUTKQs2aV8S6OTHmUQvDyA3U KThFvxPdSv9Cf+FAQzN9kwNSGC4gxjJYQtjA XjEIc+2ZPtOYI8+YJpAlNtR0kcy9TO5M9ioZ tEvquxTTQooWNuxdTQ== ) DGRBPEHGU29PPOAAQS0TK0K8KJLI60CF.example.sec. 604800 IN NSEC3 1 0 1 94CD E7Q5FM6A5MAMV8HQ7O6A8F5RIF1VJGMO 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. xH7j5GQt3bah8ezTmXZ7/LsWLHw2PDCrmBtA bEuqpKS/O7HvwVkQ1tQp1xznzpifDye2TqKH tnEY6sWJ+hbByDrP87j5oP6ZuRTnzCtwUU6c qqfEUV0JrAptkx+kxC4kLGjdB1OvaAiXvRg0 fhBaY458MLwQh7AxFsqv9Jd4KtJeVtm7PcWK VoHPckh2LdZJQyiUl7+5zUKhsGBzEqU7BZck OLPd6ccVJrNkOXfyrsYHj5NXILFtjJ/+avaY kiTYYp8ix9bSLG6LBbWuaDNcjgGV3hI2Woo2 onBRmHmuklKgmmmbZ+YRT94FZnkrQRtUlRo1 nRLQN21PBXCOfwYQAA== ) GGTEST9KCG7P1MNV2U653M6CIGD9Q6UJ.example.sec. 604800 IN NSEC3 1 0 1 94CD IR5OEOOO61L2NLSFRK4OLKUJ6FEARD1Q A RRSIG 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. vAQghXrUpaoGUONOUjKRSxBIno5udi5R9GhP L/ocMnuUYtIjtkPqFNmuIFpqMKOy34aox/TD SPuZjfb4+OMcdHw0Zz9FT6U/jw2B2aAWcrDf oU6HasH3e2lCUZizwiaCPPhFMuBdZjuwMqHN BMCW9JfsJ9ohKl+OJ7i/eS0MgAWU7/o/hmAl NRA4Q9fCUlivMQ+ZW+GUBLDzZh3tDMsIXhTK EenhqSZdL563ZmRnxe9hg2+rjp7T42UxtzUu MCt71MGnp+Q4ki8RjubLyDsjNbW9oXs02EwT B7Exydd4GHGXBiYdUt2fFHp1pJ5sgObvSoue FTw3xBWZ+TCnuohK/A== ) E7Q5FM6A5MAMV8HQ7O6A8F5RIF1VJGMO.example.sec. 604800 IN NSEC3 1 0 1 94CD GGTEST9KCG7P1MNV2U653M6CIGD9Q6UJ 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. NtTit77tk2WR/L0n3LcBnzceSfceR0y8bJjx 65oUXd+y+nu+c8I+OxmRDeoZHcHFvjH7TOpK /bET+/KUbs/43wMYsq5pIRAq6iY+pNZnnkOQ 8P4lhKm15dpFb4dO1y3rXQxhT278BMoRDrMH sOTveerXFOVI7hi7dSXsZp34to7hhdVrsF36 u00ogWJERVIZll3sCQOvKWyfFI8f8M69vWw1 o0U4OR3iWmz9L0zgIgxxSHHKnBZmW7cP+zW9 D746pMchP2TAYB43LZAMotU6jPLgWCcF0olz 73KJdziRJnko4ARx+iMgiWOUw0ujvCwK5kDo lTmrDPe6/z8aXM/roQ== ) VJ5SSNKSNS2CP5O6DCDDHK8HLH6N7CVC.example.sec. 604800 IN NSEC3 1 0 1 94CD 0A8475SNU6T5P84AMC4I7KAEAMKCMIAF 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. nP9dmjAs6A4GdtsD9Xk3S0WOt5Tg9cSXJQDT Ff+bd95AJKUeDRk0L71iUa60CYAHfDLI60gp M5JgO0YgCloLzV9UFvkDj7Fe+v7Ptyl9mdEk e7KwLBSVJyRsKMbgB+BgvenXEOH9hIiG+8CE uokdOvUEERaUYk3zaoA5SScFGoVy6v9GwCcq adUC16d5/WyNuaO2InVl2ug8dX1WtnZzdl09 evjhKiDiLABJ4Z1sLvkJsaNrwFpYn+Xkdv/W MIb08A9FypXXavAV3zJJZyB2eyQG2Ae8ozNs r7H06agUsiZKKMYtusq8FI7ISmgHPKbOu3ZZ dT6l4pFLmuXimm5LmQ== ) PFQHTQGF3T3O7NQ37E7APPJS4E7G6FQI.example.sec. 604800 IN NSEC3 1 0 1 94CD PII3ACEVPP84TH3B1FCEUBN9E8R1PQT6 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. t3PvXIfG9zqm90xrzWhYYcvSB8ZO26ia3c71 uXs+3XS94BJF8cnvecAq26YTmbwCkm4y6AQg 1P3VmM5fZqHHq5eGthdSMgACpGYk/1KL+ZtU qJ08LbtGFLS/Ai1YNOu+xVFj7Z1D27rAghGb 30z+qjkkgNKgF8RrtUrQtuZZHYljjypJ0bhU ehZitu87s0tLIGZIK8EvZ1lkAr+RcdOau37x HGIYSX262YOd7QZ/XytwhpnxjU6z99EefOKf sP9e5U1Q76czO9iptn8m17lkEKIFEEP8jUtF KGR1Qsb6PgDkAV82giZDxgFlq4WarIk6olu0 K03HV9skBS5BV2HqOg== ) PII3ACEVPP84TH3B1FCEUBN9E8R1PQT6.example.sec. 604800 IN NSEC3 1 0 1 94CD UB3H790SAMOQSDHHGOFHG1SBHU35K00O 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. 0RfXq4uTIqZJQzcGQ4s1FzIyafMn8Y9gO7zp Lf59a81Wr7feYG+KuOXc9sJC8Kk1Aerd1bSv bAmskxHxBI2cjjI4S8JDSGVezymeqMsopoEH c8jiACBjc9rCx2Z97YcXElo8PxE9AkC/a6/V PHXGr0aS3P6QB1O9AHE1rIv5t9mrATJkE1TF CH/ravS0ZaSZKPCLw7zSDObT9K4OazvRJHFO VAqd1rX8J5SHBs3ss9p3kBfnedaMNb2GLfjo Tky+WTIYoHexC2s4Kxdfj/8wWqlhw6JIcO9X g7Tc500A4/58YU7JqmLfu7a3H0kVF2oXwxkA KPlfulSsPGFYjB+5ng== ) UB3H790SAMOQSDHHGOFHG1SBHU35K00O.example.sec. 604800 IN NSEC3 1 0 1 94CD VJ5SSNKSNS2CP5O6DCDDHK8HLH6N7CVC 604800 RRSIG NSEC3 8 3 604800 20120923133353 ( 20120824133353 48381 example.sec. kWKeBzW7N07cmtm7TtqzJfPJOcxNHqr7nQpJ XqyRe2SvNlaUJpxqgTOQn3SjrsG4GUA5+j6Y Y/MjScGeSME0xIWiPV1ZBGnm/9mB8FEePK58 PvBLa7SlKj2v3mvlMlZQzJa657NtV5hbaVcx JP8YbK2W4zTGS8htg2VZMvRSfSV8gQwgKQlB BGeIeM+xfYkrxvklRfLl6+ogZlJVfPH71SLO PiEXrvfxU0HWbvej1HsNXdQDjv3Ix5vd8xZ9 QW4pyl+BHe22+Dx/TpAAoSXGdntuKuZqPF6P bpBZrMZcqdPlODnEUBgzGB3ChaZvaf4BlHzs vYqwsj87D5atXL3pOQ== ) bebe.meme.example.sec. 86400 IN A 1.2.3.4 86400 RRSIG A 8 4 86400 20120923133353 ( 20120824133353 48381 example.sec. vIeL1Bu8xiDbEn25Uard5kbWnI44qm7zMm7c ZRTHlvfBlEfo0uAqdOEsABmIDuj6bYfqifHC 6YpsPU246RKOLwZ+FGZn9hTiWkixCu4gi/Cg ynKCgRNprJdvRTiGTQ5glS2q0wNwn6SSgBAD F5W6wu/R6k2MHCzJHoR45xLwwsDBqPAvPMlB NgrtQh+L++zhvC5bw78WBnLY6h2wxlgby/6O qwiYbHborqhQLzIYmneOluceptx5gk9F5B10 8QTG8wDtACj2TcKUT5vQ8+ZzmC8l3CNKVoKO B2PrrtfNEaCNfYIjfW5d9feZkjxxqLSzrMTg FZT6ntGLpEOxDRgYxw== ) tobez-validns-f423245/t/issues/24-delegated-nsec3/000077500000000000000000000000001314110214000214615ustar00rootroot00000000000000tobez-validns-f423245/t/issues/24-delegated-nsec3/Kexample.sec.+008+48381.key000066400000000000000000000006021314110214000255540ustar00rootroot00000000000000example.sec. IN DNSKEY 256 3 8 AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg273Tp4oRpnmnmgizDFtLQh nIv1Mr3AuwSWVIDeavuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90yQwf C53hxyH10GzGnAx4Sutrdkh1w4HM1nMBdlTMa0g9yxjJ0vm/T7qHzj+3 dTUi84s8Du2mfMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB/QUuoY2F yThfidT+nhOQpzftVtLcta0E0Uv3PcVDp1d7vBXsAEYGHr54r2vb3eXd OTmoFyh/byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01u8SJYP6ULwx0 mZ0p5BmoMH8= tobez-validns-f423245/t/issues/24-delegated-nsec3/Kexample.sec.+008+48381.private000066400000000000000000000032471314110214000264460ustar00rootroot00000000000000Private-key-format: v1.2 Algorithm: 8 (RSASHA256) Modulus: 1k6+cu1N1CN90iqofey1vu8jpsmWDbvdOnihGmeaeaCLMMW0tCGci/UyvcC7BJZUgN5q+6LJYgC1+/DLR/cRgi/xizmQOIqzw8TWT3TJDB8LneHHIfXQbMacDHhK62t2SHXDgczWcwF2VMxrSD3LGMnS+b9PuofOP7d1NSLzizwO7aZ8wPqejL6V5nYi5fuUVxrxLMM2aFQ9ORe4WsH9BS6hjYXJOF+J1P6eE5CnN+1W0ty1rQTRS/c9xUOnV3u8FewARgYevniva9vd5d05OagXKH9vJ6FSU+rWAMQfSYFGVZtQepsacrKiXPR1HTW7xIlg/pQvDHSZnSnkGagwfw== PublicExponent: AQAB PrivateExponent: LOxwy9Km3/NYqre6fjsilhW3GX1kcRiSdXFYBBr3rMtUojKvgJsTH9uUeWZvTbTdne4B6yHiqSKRA3Eki79k8i9uqMq2SsP4ju8yJZHLmzjezIfJoHrQ6BxyFcMZoWPzdZkKFKmFwrHpxjjbvFcHvfiAu025Pta9C2o/rZXYC7V3BWQowqYBfukdpZkCEhzFzEtC1ROXN4jPJBwNIma52QTLH6jK5BOfOJ5DhS1SF+r/EkuvXnylApVfjPfUIC8ocVvpn5WLoabWL+eURIi6MvVT59ppzc6WRUT2PxDskT2WUWfw3zq5B7JCM8/qfYIDUHvt1h6JcJHTAOz9Hr2f4Q== Prime1: 8UNey2U7voMhZmVUMpH5C8q7+hp6PQ6dUYd+hjaQVnsDOLPBT+zZf8R3str7pY/xlOOHy+DxYmZ0e17OumSOXTeQR4VSdsr/tpWc/qd2jd1I5N58R4G/yZHgTm8pm6VRb7NwZ7Eg6o2z0G2UEykFeberyg4U6SHBDP6DZNvGrQk= Prime2: 42XeoQUBshFkTYekdeqPfGqC1YXsK0URLGAbPbk8HlOiG7ueVmUnsAS47lyuEJPzIUgqqBbDM+CCdW8AvPJFDXa09l4akfCrLRyAdkreGj3bgmUs5wUFbDZyOHvRFSxdUI8LOcAhXthy86l+wErKwm6sWfd1oPGvMmC1qiSsW0c= Exponent1: JpdjK1+3DcNF7W4Z6LjmwFceeGQR14Bl86ubtnY14k9s9X3zVwiIxeI0T1yt0g7TUsCOcTM7CUVgLne8053QE+MWZgpSZYQVISyPX0CEOy8BQPLBqGJ9vg1idslbO3VXMGngegWgQUSHVbihbesq4AxcI0bbW2s1yRFRDSoGfpk= Exponent2: NbR7bd/21I1S+RSN/ONW2/VzzOYCLv3y3l4cUOmMj0UFRjN7Y8AkLWgQHQt6eKPYigW3PVeS5o+hgAalT/qP4GwmtQDomYsTgmX22Pk5l00AqL0oa6895p69PyXO7Yc6yqnd5te/idzo2S8wpk2DsYPd5KmS+F3cGLPKc9KRekU= Coefficient: ev+8Aj3u6mICRe6Y0NqYTGrXSBMDXf92dI4+CZtwy43cyTvvZSABWvlLTTXf8XAlnnPxszSpG7+e8bQk4A7ZIagcDFSUjzwtVoLqKqbyLPMNjJKqvGW2iTwfpXAHTadd9EmvTPsEVCJnZAvkyn9XQ49phL9IkFzj9kmSrGqnN4Q= tobez-validns-f423245/t/issues/24-delegated-nsec3/dsset-example.sec.000066400000000000000000000002471314110214000250110ustar00rootroot00000000000000example.sec. IN DS 48381 8 1 99477B577BF885AB2512B8DCA052D7B71DD968BA example.sec. IN DS 48381 8 2 E5411AAE0758711B164730F9069CCFA3CAB00391FDD76D04EB3E8610 CAA09E93 tobez-validns-f423245/t/issues/24-delegated-nsec3/example.sec000066400000000000000000000010531314110214000236070ustar00rootroot00000000000000$TTL 1d $INCLUDE Kexample.sec.+008+48381.key @ IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL IN NS ns1.example.net. sub IN NS ns1.example.net. test.sub IN A 127.0.0.1 sub2 IN NS ns1.sub2 ns1.sub2 IN A 1.2.3.4 tobez-validns-f423245/t/issues/24-delegated-nsec3/example.sec.signed000066400000000000000000000113161314110214000250620ustar00rootroot00000000000000; File written on Fri Aug 24 16:21:37 2012 ; dnssec_signzone version 9.8.3 example.sec. 86400 IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 8 2 86400 20120923132137 ( 20120824132137 48381 example.sec. tbjigL7HBI1uY1R5m/QrGVGYv0pWNz0TJiMl 5s600fiDV/0t4eZO0sLsa14gNWSycaHzZpeH AA29ZV07g+i/WE2BrNj00JzqfGeX3r8hd+LP vTF7pHAG4syGweqokn9F0ePG/HvW3263i3eN OuFJS7yeo1ey0REsCpkaMvmiTGYy4Ns/J3ft kIT92X7p9Ok4ECm2jvYUykXSa8oChWK65EIQ 3VbMn+X7od686gw8disrBIgHYSlWO5cPHIe+ T60PqGB9RM6INT+8x8t1hyYDgZcWlL9J0bM+ QNp24ug1E3nKNgtg8Uf9jvA4HGzRxuB4L0PH RCLY5Mv64LoNcuGmPA== ) 86400 NS ns1.example.net. 86400 RRSIG NS 8 2 86400 20120923132137 ( 20120824132137 48381 example.sec. uZ3XcCp2Ko/NqC184GE+3Vl0kaxFRs1QkpAB cZRS3DvTlFTJQFpAOpBD3YBiP4QTz6weJh9W seg0/ykNlfxzRJjLTMijsAK5M3CEIfIA+1hV 5AiqEXIsD1VvwB4bmeMZY2HgYteyfP9waNmS KE6hZG4VV4lHMdfxy6ovsi6UOGQrfA6+RdZ4 rRbMrQy4TofLPYWFA18TwcJRND+KMiLrbEB0 nsE7wtw09E6Fo/p9rfOJSId9zpkivSywvN60 dx5lH3RDM7dRKedLT26uWodoc+sm5ksma4b3 lVpkvVuRYsjx5380MC6Q3Ffi5lgGg+S6U+0x BNsl65g/cBi52Mx3sg== ) 86400 DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; key id = 48381 86400 RRSIG DNSKEY 8 2 86400 20120923132137 ( 20120824132137 48381 example.sec. vMI5/h3OOEYXPyz2EuTd1UTuOXArx80fDXR3 aqAg0VXxuDj5aCNNtrumGac8VQJSbcOFS6en zavsQbdF4GynuqVouq0+Cg+AKqbkf91mwoRo 9FfYjD+FiCH3AsTgY1sivgx96jxbUJrwlheV Aq0sRNt25oejEnytF7zkxg4gfAmwszym2iy9 eYUCo5J7lMd5PGWOeTaWM6B1dhTu3db70GNg s994rEqv9OM87d4XS9U+CrCbwQbj8VtHjUWv ne5eSVqIh0RgMkPaLISYE2MUG2JNcs6eqYuq z4LgGJAK3EE4QzsMGs5tmIK7rLbdIwUpLhlH gwW2y4E10Hz7KLOjAA== ) 0 NSEC3PARAM 1 0 1 94CD 0 RRSIG NSEC3PARAM 8 2 0 20120923132137 ( 20120824132137 48381 example.sec. TMvS8oUX2NkG/VZ1/LFh5NzGNgmuj1KORpjQ 6xLuuZ5EFvV97L5lG/QIeqDYBaeYbbxx6PuO q35aV3BRxcGkoDlWRC2cFyR3RNzeTjj1q50n o3RgqtMkvJE/gyl1/oXL4IjSnlw5xYdYGa7n G2mGQdc/0vh/De8VMh/n0Dq2WbuJ6vqsv3+i M3oiMrapG91EYnAcFB4ymBbkbuBqTwu4Gwkf dkweQRkufWI/d0WP8ziP6g3pX6uqJjwvDd4h wcLgQgajZ7wOzfnsqS/v+CMc1Hu4B44PN7BB 50IKaviAkYCftfyTIy1FSYnAt4MHFrrQBKzX c9ymqDL681D6zTNQtg== ) test.sub.example.sec. 86400 IN A 127.0.0.1 ns1.sub2.example.sec. 86400 IN A 1.2.3.4 sub.example.sec. 86400 IN NS ns1.example.net. sub2.example.sec. 86400 IN NS ns1.sub2.example.sec. VT6TVPSQUE085J73EUKCPVB32N894AUB.example.sec. 604800 IN NSEC3 1 0 1 94CD ANUH4A3TCIVO884LMD5SA3S1563VKCOG NS 604800 RRSIG NSEC3 8 3 604800 20120923132137 ( 20120824132137 48381 example.sec. eaQxYQX+q0DDG03cLYyG9L+WmleExeZWQLb4 rBCuJO1rRkzxtC3SAD6MLQ2NVpiv9c0IbbNQ EUCDXaA4/McY+CemogZV0pumI/xhzJ5Pd5k8 s8jxY0JNaaQ5cHDpUjyu6sWOTn4BwcZJaPtn fBESTP7cy6uVQWRXiT5TJ33bBk2CeFCgMxD9 x5yvl5fWH+ZBl7AVYXamh4TsU5l8kL+HD19v vauj4kQVEapBaaUEN3oS7S5lkUJ01ANHf39L D36sRF6cZ2BEjiv3axl5IW4uQVnmo46XSP9Y dX+0gjLFwfzUnt6bKO59pfZ1kAQnkpjvXC/h DFcnQ1TZMn+MjSimNg== ) L2BLRUARIR23VEOTUN998OLLATNAI6EE.example.sec. 604800 IN NSEC3 1 0 1 94CD VT6TVPSQUE085J73EUKCPVB32N894AUB NS 604800 RRSIG NSEC3 8 3 604800 20120923132137 ( 20120824132137 48381 example.sec. AU3924oCXsSm2yxkSzikdMHrKBgOCnTPQ8QQ Cv/+ROYGWedvkf5jivUuqRi4wqsx+dK6UAPB cmxb3zmebGfbzZtO1FI51z9tGSFPvahvTVcK LkMlbzDmdcNFUpl/npagQLz5FTumi8gD2Ozl dCdPATDlpoL1Won8t2rBIqPGaClahCHeub+2 FwAuWzjiNMsSAqUpIwHbUrf03AEYafVsacnI 1t6qELwFMIa2UUDXGsFSR4BIfAvDK3wFq/Pb i4nzKyINGmCPTaUphh2+uLQ8CIUAArVtgAj3 WcIGO8p8fHE3R9CneWANo6jPEjURzMxFLUjA RD31yV95Xj5SLwAGSg== ) ANUH4A3TCIVO884LMD5SA3S1563VKCOG.example.sec. 604800 IN NSEC3 1 0 1 94CD L2BLRUARIR23VEOTUN998OLLATNAI6EE NS SOA RRSIG DNSKEY NSEC3PARAM 604800 RRSIG NSEC3 8 3 604800 20120923132137 ( 20120824132137 48381 example.sec. kTRt2QfhcT+N+2MyDWz1kFpu0fpqa8AyXH7l GDgMUjILF6dSwSTH6OCYYk9HIrdleNwq352I LerDlaOOszwVrdyGnSFnyT0MYhXFEFUVDibl svZlpePqbHnMkCEWMGmZHa9k10xNa8e6lUd+ 8lpUhuNSdi7GihEmYo0ZNlDv3913cz7iqNmg 0dZk1Vs5GFZGZp5R5y36zBgS8TS+OiYNXL+9 YSsJukXnW93WcEUSvT5saUoxWD24rP41w6ro 9n9J5XUgNmfaLMFj0AiaAtlVz30q3Nbv5v2T w18A7ybrH2AiuSoRvL8ISQyIrA8P0pDIyftA 5e4wKXX9LZ/1E9laWw== ) tobez-validns-f423245/t/issues/25-nsec/000077500000000000000000000000001314110214000174635ustar00rootroot00000000000000tobez-validns-f423245/t/issues/25-nsec/Kexample.sec.+008+48381.key000066400000000000000000000006021314110214000235560ustar00rootroot00000000000000example.sec. IN DNSKEY 256 3 8 AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg273Tp4oRpnmnmgizDFtLQh nIv1Mr3AuwSWVIDeavuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90yQwf C53hxyH10GzGnAx4Sutrdkh1w4HM1nMBdlTMa0g9yxjJ0vm/T7qHzj+3 dTUi84s8Du2mfMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB/QUuoY2F yThfidT+nhOQpzftVtLcta0E0Uv3PcVDp1d7vBXsAEYGHr54r2vb3eXd OTmoFyh/byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01u8SJYP6ULwx0 mZ0p5BmoMH8= tobez-validns-f423245/t/issues/25-nsec/Kexample.sec.+008+48381.private000066400000000000000000000032471314110214000244500ustar00rootroot00000000000000Private-key-format: v1.2 Algorithm: 8 (RSASHA256) Modulus: 1k6+cu1N1CN90iqofey1vu8jpsmWDbvdOnihGmeaeaCLMMW0tCGci/UyvcC7BJZUgN5q+6LJYgC1+/DLR/cRgi/xizmQOIqzw8TWT3TJDB8LneHHIfXQbMacDHhK62t2SHXDgczWcwF2VMxrSD3LGMnS+b9PuofOP7d1NSLzizwO7aZ8wPqejL6V5nYi5fuUVxrxLMM2aFQ9ORe4WsH9BS6hjYXJOF+J1P6eE5CnN+1W0ty1rQTRS/c9xUOnV3u8FewARgYevniva9vd5d05OagXKH9vJ6FSU+rWAMQfSYFGVZtQepsacrKiXPR1HTW7xIlg/pQvDHSZnSnkGagwfw== PublicExponent: AQAB PrivateExponent: LOxwy9Km3/NYqre6fjsilhW3GX1kcRiSdXFYBBr3rMtUojKvgJsTH9uUeWZvTbTdne4B6yHiqSKRA3Eki79k8i9uqMq2SsP4ju8yJZHLmzjezIfJoHrQ6BxyFcMZoWPzdZkKFKmFwrHpxjjbvFcHvfiAu025Pta9C2o/rZXYC7V3BWQowqYBfukdpZkCEhzFzEtC1ROXN4jPJBwNIma52QTLH6jK5BOfOJ5DhS1SF+r/EkuvXnylApVfjPfUIC8ocVvpn5WLoabWL+eURIi6MvVT59ppzc6WRUT2PxDskT2WUWfw3zq5B7JCM8/qfYIDUHvt1h6JcJHTAOz9Hr2f4Q== Prime1: 8UNey2U7voMhZmVUMpH5C8q7+hp6PQ6dUYd+hjaQVnsDOLPBT+zZf8R3str7pY/xlOOHy+DxYmZ0e17OumSOXTeQR4VSdsr/tpWc/qd2jd1I5N58R4G/yZHgTm8pm6VRb7NwZ7Eg6o2z0G2UEykFeberyg4U6SHBDP6DZNvGrQk= Prime2: 42XeoQUBshFkTYekdeqPfGqC1YXsK0URLGAbPbk8HlOiG7ueVmUnsAS47lyuEJPzIUgqqBbDM+CCdW8AvPJFDXa09l4akfCrLRyAdkreGj3bgmUs5wUFbDZyOHvRFSxdUI8LOcAhXthy86l+wErKwm6sWfd1oPGvMmC1qiSsW0c= Exponent1: JpdjK1+3DcNF7W4Z6LjmwFceeGQR14Bl86ubtnY14k9s9X3zVwiIxeI0T1yt0g7TUsCOcTM7CUVgLne8053QE+MWZgpSZYQVISyPX0CEOy8BQPLBqGJ9vg1idslbO3VXMGngegWgQUSHVbihbesq4AxcI0bbW2s1yRFRDSoGfpk= Exponent2: NbR7bd/21I1S+RSN/ONW2/VzzOYCLv3y3l4cUOmMj0UFRjN7Y8AkLWgQHQt6eKPYigW3PVeS5o+hgAalT/qP4GwmtQDomYsTgmX22Pk5l00AqL0oa6895p69PyXO7Yc6yqnd5te/idzo2S8wpk2DsYPd5KmS+F3cGLPKc9KRekU= Coefficient: ev+8Aj3u6mICRe6Y0NqYTGrXSBMDXf92dI4+CZtwy43cyTvvZSABWvlLTTXf8XAlnnPxszSpG7+e8bQk4A7ZIagcDFSUjzwtVoLqKqbyLPMNjJKqvGW2iTwfpXAHTadd9EmvTPsEVCJnZAvkyn9XQ49phL9IkFzj9kmSrGqnN4Q= tobez-validns-f423245/t/issues/25-nsec/dsset-example.sec.000066400000000000000000000002471314110214000230130ustar00rootroot00000000000000example.sec. IN DS 48381 8 1 99477B577BF885AB2512B8DCA052D7B71DD968BA example.sec. IN DS 48381 8 2 E5411AAE0758711B164730F9069CCFA3CAB00391FDD76D04EB3E8610 CAA09E93 tobez-validns-f423245/t/issues/25-nsec/example.sec000066400000000000000000000011241314110214000216100ustar00rootroot00000000000000$TTL 1d $INCLUDE Kexample.sec.+008+48381.key @ IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL IN NS ns1.example.net. subA IN NS ns1.example.net. subb IN NS ns1.example.net. subC IN NS ns1.example.net. myMX IN MX 5 mx.example.net. tobez-validns-f423245/t/issues/25-nsec/example.sec.signed000066400000000000000000000130441314110214000230640ustar00rootroot00000000000000; File written on Fri Aug 24 15:30:38 2012 ; dnssec_signzone version 9.8.3-P2 example.sec. 86400 IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 8 2 86400 20121220000000 ( 20120820000000 48381 example.sec. qzY4pxbPjaFEQyE960A1GD918TUlhq4RoJ+B QT5pkYo8RvqsN5g2MnfCegfe6ZS2/kwTMmWC XLFyP4bglatyq6YpSb/nCNLsp7GHvkA1lkzb VhvenUbYIvOjUXx6ME165fZbpP0NaUETvG6P LKncqB2ts+Ru7ZsXZqBeAokxvc0Nf3q7JKHO SHIV97zEeGxEbUqnbAVkjJzDeaUuIK6BBL0d 2cRpi385lVcAbDk0byH9l7nVzVeSf7NO06lX j4Nr7kWvDrp3+8G0ArawsjwuSf8++B8fqxPH hjvfw5hpvsKt99muko/gTsL/N3x7bAH9QQRe U+jSnD27HBChCJSFXg== ) 86400 NS ns1.example.net. 86400 RRSIG NS 8 2 86400 20121220000000 ( 20120820000000 48381 example.sec. thEwFRgijT/clJZq37540NFYrb/qPEMXdiuM z1QsNXzNumsuVmPyxTwv0YFOEh1yMesFQGhf AEVS+V9AoE+xA/r+eM64p+OMrxHmd476jyAi eEGUOiNx9sZBEIYXB8tr0RRadWzoRtovpJ72 S6mJ2vBT9BIHFt14BVbQayLwf9mqpD4zQ5MU gL33OxNXRdSsxRIxTyeC9RSSUd5hmCkNxjdX k2ZbY4AlCZPcFOcdI8ZhLWd1mBD+e3xBwPwn OILFQ/VpL5BCTB8Zw4yGAX8W0O2g7eXITD1p /WVKj8ssLW8mlEjBvTC7SBPiPo0T+wt7jJUT kcQz/cwfgGcGBgY0oQ== ) 604800 NSEC myMX.example.sec. NS SOA RRSIG NSEC DNSKEY 604800 RRSIG NSEC 8 2 604800 20121220000000 ( 20120820000000 48381 example.sec. m3GzdLzAPvf5ZUUWISV5cKGyNgDUZSbtKm2K vZ3Pm0vcBTvanrVsi4cyG9lpr0P+LnrRUgZ+ KgoBK3WG24vtLmPRHxdmRctYQ0HsxfEq474N ifwQzaHenv70OTy4luViH1fbBtyUUH1AFeJ7 28Jj9gf6bJ0ZdUNPg0nU5uxqUiP98dEHn6JX MMBGRMWrKzLM0QF8BP5P2BQ89JHnHVxDrzog CzG9Uf1+bbd4j4QVvWjk3m7Wqf4Cb/fezMsm lyme5u4yo3phrPgYCWWCgd+IssU7dNaxMnWE uaycDuVSRmBotgfm03ANUiEbKb9arcfukSbg IgGDyvfpvTzcpYi7cQ== ) 86400 DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; key id = 48381 86400 RRSIG DNSKEY 8 2 86400 20121220000000 ( 20120820000000 48381 example.sec. G2GT1BOwgV/uTbJf93jmUvl7bmu9I9gaV3B9 Iol/FeOE8/GQhpKYCM6zF6gT8iZtFJ37IYgD tF5Zi+9nWE6HfvVtB6cltAL5Ud0Tkzuwf2XY XsqnwiBmFlkJJgzNG7po0gkCWWrUpv+kg0Mn 0JJfmSOvo3srOyEg42pAWcEJ7dvAz/DgcOCk ef9i4cxlRRtgWE4a4QkHH/V7pFDAOEvWkXg3 RUih5VIFM0POxnqgS/QRbca2Zm6FyCgkbHR1 QF+ojRSKGVKkE2VbIcPX7yUcBagg6WdkWjri ZHZlwgF0bzbBNTc61MYiSK/PyDQpS1/m2JPd OVidiTu6ajWJpUo6jQ== ) myMX.example.sec. 86400 IN MX 5 mx.example.net. 86400 RRSIG MX 8 3 86400 20121220000000 ( 20120820000000 48381 example.sec. iDUsHGQ4Zj9vEDUsojq08tVxOG6s+wjs3Qtf DFXVPeqXmThdaMIVALzUyJYwnU0a4RNaM0lQ FcFiK3y8fGuvMYQVUhheKBDLc0MmAht9CjJi faUNJaNSTw/rjWtduJidzEaWUk5lh75YV3hc YPk54jEbgTYTEJKCbfgDfRVShxAk64TM++Sh xKSSW+4s2jKr98coYCcWYsHE6WlJXi0EJuDb o84YG0MKoaURNcvEwWBwHhpxLnzT+7Yg7/AN 2bmogQLy40Yr8bS9DiyBZikXJt01Bj+2sTrw t4JIxBPCPy08YayZzYcMLJ2M4FL0f633bWzX 4CPKb0ZLimqsAPXbPQ== ) 604800 NSEC subA.example.sec. MX RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20121220000000 ( 20120820000000 48381 example.sec. ljtWqo0kh1F5NZ1vNGaLipgKCxEQ+c5deq0I 0wK8xOUSCjT5q8Ac8tIX6B50NIjw65YpOfQu wzPVJM8PSsBA6eZuKIBKKy0MzD+X+eirunvS wpJ6PHix8C4/eChrNZlEJs4AX6Q6nVuCH4b4 rIDClNiOTC7cXiWSK3FWgCzWpgWpG5yusRdb EzDCyb5UTfnzcCZdjBRjXRA1c22nODgIlgS2 rqEJqn2o79CU8bYMx/LCQ96CO9y4XyVwAayK ekSo6f7w7YPcwb9aFURN2mQ7ZP1sGxWUifVx zpLE7aqM4fhlanG8OGEyvCZd2uXbtkdlw2m9 LGN/2omLoKgBK77JCg== ) subA.example.sec. 86400 IN NS ns1.example.net. 604800 NSEC subb.example.sec. NS RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20121220000000 ( 20120820000000 48381 example.sec. t68GfTtpxY7WZ8TVWBEEQdcsORVdG8a7hgL2 MMQgMW5K2DmdURAW3mEf8m8uXU2AwKJ+xCWL /LXVfkxqFMVI4dyn6YGLbCyVv8RggATIt6b1 saEFTvByo2WThWnJU3r8Sq4LV35NurjruZ/o DJVhTc//zPSSIQpUrz2kuUcOsL+djG3hJi+/ TB7CsrLGdEaD9elTwwAk9lvy0ZvfVhN63w0Q BPMtSRPkARNfsHLJS6m8zutcUIbAPBF7FZDp PUly5LNvZYbUQvFwo7A8JaZBUOBjFZ1apagt FV3dBVtRXuBIBraFwJjUuKIApX177uYpxD8l kDTfWeD/JD95z3a9Gg== ) subb.example.sec. 86400 IN NS ns1.example.net. 604800 NSEC subC.example.sec. NS RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20121220000000 ( 20120820000000 48381 example.sec. LJZFwPB4Aw4dLfqUnjmv3zeoKm/3ZZyHRusN NniNNct8zaH7rqfTZHQoSBMH//YyyeJwQ7uO 7YIRIJvIi3z1iM2FpxuHihtUE9fIHPOGpjo/ t42bh611Lod+OReiukOaUOkhavg0wMfYEX99 Bw2V+Sk5z4UrLwJd/slQYjow4ZnFIubpJhqt gw0fsygW6wb3XN9zs+nNo0XD1ksdQOyKu4tA ZmYXWYCEbw/BIg8BDw3TnqUxbV44namLTSUg 97rA/90Nh/s1tsDQ3RbL7iaCbBH8ylSyCz5m av1L+WK51LUJNgzm/fNJvI9kFzUG8s9oespe f+r2hqgomotK4WdxMQ== ) subC.example.sec. 86400 IN NS ns1.example.net. 604800 NSEC example.sec. NS RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20121220000000 ( 20120820000000 48381 example.sec. twkPkw069EOqYcUugvM2qD7+/Yk51+91WRnz Cq8AR8P4KlaBvahWg997haey4q8wV1rXsAXu lMc9iNgmX6TaIiHoq9kMXumELWzE8Oxa/ymH vvQnMOk2j0zcKh/7lyGeTX7cpSvXhz450XH3 3EfQeb6BLzlwyXgfnx/kGLS/lIez66Py/92v 2M87By7Gx69dv1vbBleeVxsYKmKe+sal7Ayl ZPP9+NlOqZqDBrCXvwOmn+ScfCbeYxgMzmcf 2LMBEGxpDHRfBuV35hOzOVCce47CCip1Xian Jmnh1A3dqZJXCrxFZidvAYVm7jEtAI8FS1OL VjBf8zzsLfQKiMpeGA== ) tobez-validns-f423245/t/issues/26-spurios-glue/000077500000000000000000000000001314110214000211725ustar00rootroot00000000000000tobez-validns-f423245/t/issues/26-spurios-glue/Kexample.sec.+008+48381.key000066400000000000000000000006021314110214000252650ustar00rootroot00000000000000example.sec. IN DNSKEY 256 3 8 AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg273Tp4oRpnmnmgizDFtLQh nIv1Mr3AuwSWVIDeavuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90yQwf C53hxyH10GzGnAx4Sutrdkh1w4HM1nMBdlTMa0g9yxjJ0vm/T7qHzj+3 dTUi84s8Du2mfMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB/QUuoY2F yThfidT+nhOQpzftVtLcta0E0Uv3PcVDp1d7vBXsAEYGHr54r2vb3eXd OTmoFyh/byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01u8SJYP6ULwx0 mZ0p5BmoMH8= tobez-validns-f423245/t/issues/26-spurios-glue/Kexample.sec.+008+48381.private000066400000000000000000000032471314110214000261570ustar00rootroot00000000000000Private-key-format: v1.2 Algorithm: 8 (RSASHA256) Modulus: 1k6+cu1N1CN90iqofey1vu8jpsmWDbvdOnihGmeaeaCLMMW0tCGci/UyvcC7BJZUgN5q+6LJYgC1+/DLR/cRgi/xizmQOIqzw8TWT3TJDB8LneHHIfXQbMacDHhK62t2SHXDgczWcwF2VMxrSD3LGMnS+b9PuofOP7d1NSLzizwO7aZ8wPqejL6V5nYi5fuUVxrxLMM2aFQ9ORe4WsH9BS6hjYXJOF+J1P6eE5CnN+1W0ty1rQTRS/c9xUOnV3u8FewARgYevniva9vd5d05OagXKH9vJ6FSU+rWAMQfSYFGVZtQepsacrKiXPR1HTW7xIlg/pQvDHSZnSnkGagwfw== PublicExponent: AQAB PrivateExponent: LOxwy9Km3/NYqre6fjsilhW3GX1kcRiSdXFYBBr3rMtUojKvgJsTH9uUeWZvTbTdne4B6yHiqSKRA3Eki79k8i9uqMq2SsP4ju8yJZHLmzjezIfJoHrQ6BxyFcMZoWPzdZkKFKmFwrHpxjjbvFcHvfiAu025Pta9C2o/rZXYC7V3BWQowqYBfukdpZkCEhzFzEtC1ROXN4jPJBwNIma52QTLH6jK5BOfOJ5DhS1SF+r/EkuvXnylApVfjPfUIC8ocVvpn5WLoabWL+eURIi6MvVT59ppzc6WRUT2PxDskT2WUWfw3zq5B7JCM8/qfYIDUHvt1h6JcJHTAOz9Hr2f4Q== Prime1: 8UNey2U7voMhZmVUMpH5C8q7+hp6PQ6dUYd+hjaQVnsDOLPBT+zZf8R3str7pY/xlOOHy+DxYmZ0e17OumSOXTeQR4VSdsr/tpWc/qd2jd1I5N58R4G/yZHgTm8pm6VRb7NwZ7Eg6o2z0G2UEykFeberyg4U6SHBDP6DZNvGrQk= Prime2: 42XeoQUBshFkTYekdeqPfGqC1YXsK0URLGAbPbk8HlOiG7ueVmUnsAS47lyuEJPzIUgqqBbDM+CCdW8AvPJFDXa09l4akfCrLRyAdkreGj3bgmUs5wUFbDZyOHvRFSxdUI8LOcAhXthy86l+wErKwm6sWfd1oPGvMmC1qiSsW0c= Exponent1: JpdjK1+3DcNF7W4Z6LjmwFceeGQR14Bl86ubtnY14k9s9X3zVwiIxeI0T1yt0g7TUsCOcTM7CUVgLne8053QE+MWZgpSZYQVISyPX0CEOy8BQPLBqGJ9vg1idslbO3VXMGngegWgQUSHVbihbesq4AxcI0bbW2s1yRFRDSoGfpk= Exponent2: NbR7bd/21I1S+RSN/ONW2/VzzOYCLv3y3l4cUOmMj0UFRjN7Y8AkLWgQHQt6eKPYigW3PVeS5o+hgAalT/qP4GwmtQDomYsTgmX22Pk5l00AqL0oa6895p69PyXO7Yc6yqnd5te/idzo2S8wpk2DsYPd5KmS+F3cGLPKc9KRekU= Coefficient: ev+8Aj3u6mICRe6Y0NqYTGrXSBMDXf92dI4+CZtwy43cyTvvZSABWvlLTTXf8XAlnnPxszSpG7+e8bQk4A7ZIagcDFSUjzwtVoLqKqbyLPMNjJKqvGW2iTwfpXAHTadd9EmvTPsEVCJnZAvkyn9XQ49phL9IkFzj9kmSrGqnN4Q= tobez-validns-f423245/t/issues/26-spurios-glue/dsset-example.sec.000066400000000000000000000002471314110214000245220ustar00rootroot00000000000000example.sec. IN DS 48381 8 1 99477B577BF885AB2512B8DCA052D7B71DD968BA example.sec. IN DS 48381 8 2 E5411AAE0758711B164730F9069CCFA3CAB00391FDD76D04EB3E8610 CAA09E93 tobez-validns-f423245/t/issues/26-spurios-glue/example.sec000066400000000000000000000014671314110214000233310ustar00rootroot00000000000000$TTL 1d $INCLUDE Kexample.sec.+008+48381.key @ IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL IN NS ns1.example.net. sub IN NS ns1.example.net. test.sub IN A 127.0.0.1 sub2 IN NS ns1.sub2 ns1.sub2 IN A 1.2.3.4 spurious.glue.optout IN A 5.5.5.5 spurious.glue.optout IN NS ns1.somewhere.else. spurious.glue.optout IN NS ns2.somewhere.else. glue.optout IN A 5.5.5.5 ns2.real.glue.optout IN A 6.6.6.6 real.glue.optout IN NS glue.optout real.glue.optout IN NS ns2.real.glue.optout tobez-validns-f423245/t/issues/26-spurios-glue/example.sec.signed.no-optout000066400000000000000000000175711314110214000265470ustar00rootroot00000000000000; File written on Thu Oct 4 15:32:03 2012 ; dnssec_signzone version 9.8.3-P2 example.sec. 86400 IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 8 2 86400 20121103123203 ( 20121004123203 48381 example.sec. P7sNgb7duV7fy3Fe8e/8F4SivSNyUEjuEIc6 5ZmS6evSHGuqYW97qUAMnSNZGMeEzFTMX2Cv Gy3Zt84kHWo0mejuSBVqRhOLpA2WqZLBN7B2 u4hV9c/S/joi7Br9EsgXbIxyZ5DVx7BvDWGK zhCni3jYbWKrgqB12Or0sGaARAsk5ZmbYwdx 1iGmIchkPBafHvx9Y53GDoBfaSlFk5/lESqy FneiwOheVl1iVoORCjfhoPuQb2Ot4GHZW8am xBRzEO0aWOWg08Y52rossU1qEPrR8c6ef5AV C1B71i4kku/+RDbyNyV40q8RbO0WGiOLMR8z JmzPqoibmc6zEYed1g== ) 86400 NS ns1.example.net. 86400 RRSIG NS 8 2 86400 20121103123203 ( 20121004123203 48381 example.sec. OHcOzztD6b+FsImevSTkviScJMtf5FQ76Upu +o8dbdiEl04rtHmhYuIpZttWkJyNeZafBRMh Se1MfCnJsy5Jw1sGVSR99M8XDiJUELRPn69A DCycw/x0dVmDsqlyZYSPdQmHoipmPrvhBpDt MghbiDPMuCEx6fmtymGghgkaYr1Dvy3IfEVc vjNuCczsZ29LDQDmeG/vpS08GkfMEzA0RrJV u4qdNcuJQc2RwtEAg/pMQ0b1LN+dp5+f6zem eRul5bjmindkPwvmo7nYRrlj3YMyvilQkUmR xH7xwiWHxhiw2IsdR6lWKYYQMGYcmn2idR3f FGcEgSnqQu5aT+Pg0w== ) 86400 DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; key id = 48381 86400 RRSIG DNSKEY 8 2 86400 20121103123203 ( 20121004123203 48381 example.sec. aTLyK5dtPgmLkdo5aujXbWPtaPqvieMX0U60 FhGr9xAqeTkyguyyA+iUHXuGtmzstjkODMwE vDTNeYGzbu8Ep9et7GKexS/DrrmVLXDacveu 3mgjIr9HmlCD80NRo5YJh6NN/vGq/ue0J0z/ oD46JTe31wAlXhqk7xyEewG3FzMD65bVzCaw KqiB3WQWzItVVXfwb27rW+HjwysaqJQRoLqX bBqB2mt45xPHOFJl/5TMziHgWWUFULjK7nov J2A8OhAEMezjqJINRLHjn6Oi0DjflHrhCzyM 06aMrCHwffgXYBLM9qkDOG+nDlYqdOghuHDJ R7uU8fr8EMElsORKgg== ) 0 NSEC3PARAM 1 0 1 94CD 0 RRSIG NSEC3PARAM 8 2 0 20121103123203 ( 20121004123203 48381 example.sec. F+Qa4worI07Cv6mDGOuK45+mzFOZ65DTzSMY EYOWqNwIVgEZFUD120/c5cYkkMpgFICpImM9 aFgg0XPyhkIzevXeoxqn8s8eACDQc/O0m6PA dcvB+jckO8YeEiJuDK6FbEwOMRmL81EzJ8Q4 UoUxOq3Uwq/8FcqGNVgJdodkWJyU++IlPz37 p2dplxOqbwV6sN+91SUs0mNFW5tDz7O72EK1 Zk7cXyU+qZs0O5lMf8S045LZJ6UMcP9Ccdu9 EOP3zRRWNDmRGJFVfKns8UDz+4ViwOORrhP3 SFPr9hVzX9PBegYtsDED0HYh2hsbEnkZzmEr Q4o6RpCjxyfu0ARIEQ== ) ns2.real.glue.optout.example.sec. 86400 IN A 6.6.6.6 spurious.glue.optout.example.sec. 86400 IN NS ns1.somewhere.else. 86400 IN NS ns2.somewhere.else. 86400 A 5.5.5.5 test.sub.example.sec. 86400 IN A 127.0.0.1 sub.example.sec. 86400 IN NS ns1.example.net. ns1.sub2.example.sec. 86400 IN A 1.2.3.4 sub2.example.sec. 86400 IN NS ns1.sub2.example.sec. 5RORN4V6I2EUE59S86LSVBHNQNFH97BN.example.sec. 604800 IN NSEC3 1 0 1 94CD ANUH4A3TCIVO884LMD5SA3S1563VKCOG A RRSIG 604800 RRSIG NSEC3 8 3 604800 20121103123203 ( 20121004123203 48381 example.sec. X93YGUwDjl2i02qXZxJFL778dX0zjtn80Esd 1CJJx9FYUf7RNsUfD38A23C7SZQ3URCggx6t waizI4Ktax8sXoxtHuMtH+3hZ4asBcGuWYOn V3i4Zb4Z7LkqJg96gbC1Cn6R0JhTRcCfvfYI tjav2vEhvu8dNi/UObZXSGrpWOeVq2Fc5jpy eE4KkzHrlYwamdoucqjAdjWk3Icp5C05wWMU dmt+FUmN3qnq2FYYW/Z5007uFAG5M7uLk96r vqDyRXXMbz8NOOgLycM6qRVDfDvtuck4gJ/K ex8DDGeJsQlRTcmixf+JCBytZYOYN5HOrsGt NwBpiwuBZ6GepD4JzQ== ) ANUH4A3TCIVO884LMD5SA3S1563VKCOG.example.sec. 604800 IN NSEC3 1 0 1 94CD APFMIN8EJ96AD54VGTECHRPKHBR336EQ NS SOA RRSIG DNSKEY NSEC3PARAM 604800 RRSIG NSEC3 8 3 604800 20121103123203 ( 20121004123203 48381 example.sec. S2Ap4xcQkfIrgV4vCHD5DWlZjbhm/dI5vRpM V9eRKVOEMb2Z+dWibFeP92P0MPFu4eCl57+J qEoYlv3LX/o73oTEyZu6Kr3rs7S+qlwHtQ9a 0XPuIC4qvywYsrCHb3ROakqT6ORiIDrvxCKe 4aqZEvurYLLzTVynNsKjjGVSoBUHLW1iwlD0 Zs1l+CEh1ZrRfkRprliWeEfsJGsR/u2Ib1Sx vvx09zow5ENcNZpW7+2cQSmv4aRrVjWkOcuk 3aTaGZ5+5k2Go4NAMSkM0p2ww2J8T9GPIzPl Msdp6T4xNEjfS+tVxJe2PsgWmpNduPwbcYui SSUR+0UQvnSPqLtYcA== ) glue.optout.example.sec. 86400 IN A 5.5.5.5 86400 RRSIG A 8 4 86400 20121103123203 ( 20121004123203 48381 example.sec. zxAtBQAmpGGPBA9oV/LXhBuyU7lhnb9exQwk mP0nnP2a7+lLXXv6CZXeY6Jo0aOEuAmSNzVn bOEG4YMVap54sFQXuFpRDe/DqZbOIGRkmM17 YurbyHrYMADIrYbLcx/4jS9pZf5PMPK2Cf6f rOJAT1fEeOI+fv9qohKLK4YpB/+8as/vFtEx yquwJIsTFTTrcfempRixov01QTAVU1xAA6W+ a4xRjdycWdExHzIeclNs6fSCnYZWbIsy+oh+ unjIrLDeaoXDHROGIrPVRQcWLz+BiomkEAF5 AcBGmHh3qeTG/p1Sg6lroVscKUP8uXcAZB2w Q3wA4VSXWaNEvdQXeA== ) APFMIN8EJ96AD54VGTECHRPKHBR336EQ.example.sec. 604800 IN NSEC3 1 0 1 94CD CVL763SGK0IM3JISN2KLQBK8I5TLP0U7 604800 RRSIG NSEC3 8 3 604800 20121103123203 ( 20121004123203 48381 example.sec. Hla9zHjP0LnuI3iz7kqsJODjh2OW9SKgDKEx V/oFmIt2iOnuhhKaMF2pLMcHsjQDH3EZ2PyG Yn8om+d3J5pZbRPq8gIT5oa5P8IZwhGLZ85Q O7B6b87ZGbQic6Sd160f/N2AGWrV/3zqZjKg tSmWVHDORBRqW1zk3SVfSBFhwVUolGLTJT1y umZ+Q0573h53hmDcCrJplQ0Sdqj+OjzRcQ1R djyW+aFfFk64/U8/v5BOwdBE0VdvRCf0/U8S FTIJezTh5Gm/xVRJK3YIjjhy18mhBkBGN9hU FtWmtFIgeoSya8ptnXlOqEWe21YyreZsTEvz jcilieFLC++F7ZV8fQ== ) CVL763SGK0IM3JISN2KLQBK8I5TLP0U7.example.sec. 604800 IN NSEC3 1 0 1 94CD L2BLRUARIR23VEOTUN998OLLATNAI6EE NS 604800 RRSIG NSEC3 8 3 604800 20121103123203 ( 20121004123203 48381 example.sec. ZauqBlEOHvFQxV5Cu6ViTN7AtKrnBdh7AOnd DPUjkcJ81sIhsx7VHr0OXwUGkV0f95pzKX16 RjyaIQb0uuPyNQA8UrC/YtFdVP8xAWEMlVF0 hHDZbbo9/MA/I6s9A8m7TplJfdzmFY399ldo IwkyEXsbiV5A8LyGBJaTB41+S/HT02Z4jvc2 4NhLBnBQwvUwm7IifMepi+ICwgxxjNdz6iFy 8ppDV8zN4mqIiNIPCp2DTrS/ShNlvVe4BnBt S+bL/C2QahJucqBa7yD3tB+cDXhmvB/vYZ/d F9WR4c7v9u4azBvKR9eIYaX14TOsuJjsAl2m uONcluxWl/nQxqLSGw== ) L2BLRUARIR23VEOTUN998OLLATNAI6EE.example.sec. 604800 IN NSEC3 1 0 1 94CD NHPEGCSN6DFGI1PTTF76JD8LO1UTM457 NS 604800 RRSIG NSEC3 8 3 604800 20121103123203 ( 20121004123203 48381 example.sec. r5vQV2X8d7SFXUWEmU2xyj8R0QhJsUEkGMCb YkwbKWrHDzO2u1tcN/t3Q5Ku+6hwF/iU0wrR 2KGL49B3NEix6qoU4CqmrJIE/UNhXWv2yywB qtqKz+TOi5hefAGYl5AaQoBauXk8TF6f/3fs 4lvriiIhXN6AWBPPC5+HojLQOegXOhD50AG0 M0ME50BkcRTnDZdBFXr6FVDZrq5i7lp0Y2EC v0vpjZI+meSdRIVJKWqN0usTDQWzZfhGN7PP W8/hKmTcKCnXoYeardkqHDTQxRWKfl6ufKW8 AfL2fviA/LnDNhUpC+18C9w+60p4OIMG/W5B fak1/AxWGKxtCs/iyw== ) real.glue.optout.example.sec. 86400 IN NS ns2.real.glue.optout.example.sec. 86400 IN NS glue.optout.example.sec. NHPEGCSN6DFGI1PTTF76JD8LO1UTM457.example.sec. 604800 IN NSEC3 1 0 1 94CD VT6TVPSQUE085J73EUKCPVB32N894AUB NS 604800 RRSIG NSEC3 8 3 604800 20121103123203 ( 20121004123203 48381 example.sec. hmn39+fFO2mUMT1THTg2R8NivZQQDQ+Fi4qM 2G2z1bDKWbQrvALTMsW8rqiOnT3OX1kac+an ieTIILFRCMUVGl3o9ovYNmv5L1dANd8z/GTi TGdxMj8Y2Y/ws2AHrtJgHN7Osyw3/XYlU95Z MXlxdhmFHAV/KqGP3dlUco1No9fKHD0yAkP3 NOodY+v/36j8htvcwlkYiaQ+7rvR7+kqpE0m IxVL/lM96q9h+iiNC9/TfcMNQK80khLAYIxC aNYgajETpcNVEoTkBg2tAIv1ksUNazjEAebS ZIzHBDYqb14vwZS+mw44j4BU9Q3/9edQPTdN JjLxIM15ZzLR8tjcoQ== ) VT6TVPSQUE085J73EUKCPVB32N894AUB.example.sec. 604800 IN NSEC3 1 0 1 94CD 5RORN4V6I2EUE59S86LSVBHNQNFH97BN NS 604800 RRSIG NSEC3 8 3 604800 20121103123203 ( 20121004123203 48381 example.sec. FmzSC680qWWTQEvrlcTYt0uXccc6teAwYMCY 93MVf5eorAwJ9ijqH38A/O6bygfZu6ptTG1q SA/yJ3XPMuRIhE7io8xdj9nWCh2+liNG+CBW NpYdb2pXaoO/wVVxR2QYCsSx7BtFsyuYK/mG 7Fuz+1464uHHK88j7u0icFZ3YlpPIG8Qu2CS 2lzFxz3cPXF+fzTVJHwkqh7MIvcwMRoGGLDj ceHTqxukg4a/0ebA/sz3yzUFpTOrh8PmFiU7 ari44J9QXlDwjhPWz1hpdz+YFnSxpPHjpmva UIsn6kUYrSMHPfsYoEebyAj5NYLUaU1mHN1G FuINGo4eUd8Sg9StWQ== ) tobez-validns-f423245/t/issues/26-spurios-glue/example.sec.signed.nsec000066400000000000000000000146471314110214000255340ustar00rootroot00000000000000; File written on Thu Oct 4 15:35:51 2012 ; dnssec_signzone version 9.8.3-P2 example.sec. 86400 IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 8 2 86400 20121103123551 ( 20121004123551 48381 example.sec. ZIjIFvlb+zoh+E7I63N+n2OBwyia/aR5K1FI FSNfvkCQ2vYOqEZLZYirGyAAnkx7iymnkz4x yLOK0R7wONt+nhJip3urYicYBzmF1NajyKSN k5rKk+04ShtAiQzc0oq9ujoONxYfZMauHUeD TzKiG/tJaOo6V89RCfx9PYa831nyxm8JdGe1 xlncxyTCzut+em3qFTzuYS5mAIOZ25SktQen 8s+hWfI08oz/zY37wiASOwcDST6t7zG6x9wm gWj9srFTx1Kh632ToDWgUzu9JDodzxgAP80/ xU2qCptj8dnQQ/5B/KpR47kxfKr+1WXxQ1Rh Qx8Qj+9sRahzJ1NPcg== ) 86400 NS ns1.example.net. 86400 RRSIG NS 8 2 86400 20121103123551 ( 20121004123551 48381 example.sec. EbM06z3JKpv1rRXMdkKE7QSaRMgek0zTFHoI qDLl+GLswmlf8QuPWjJ8HOuahWQEY610a+96 0zhRX+aL3IIH06iFEI8AGnQqOphkqwYsL+xo 1iFpmzL/nflflHUlm2c3I8SyrponMHHMYNOk 4ohu20gnVtwaHekB7t55BhvZJ6OpWXiRHCTk ToM5oNc1zrBz3Sv2XLhlU5n52XYcMt9iwBLq KRdKlmWaSAkwx7BtkRUMarqw+atrR+E4ruLd V3efgpfoAe0/wJuUxkzO/LsSLCNXHz2bro2z a5gIi2QCzwNdzhnUo6YOMqkSwKxPcm3TViZd 9Hski6lx7DGdbP8+XA== ) 604800 NSEC glue.optout.example.sec. NS SOA RRSIG NSEC DNSKEY 604800 RRSIG NSEC 8 2 604800 20121103123551 ( 20121004123551 48381 example.sec. GrJ/6KZrpX6Ms4v1Lc0EDiskWLFLQpdz73Ap rEI4aYix72peHobI40RJhb6qN2R7KtH0E/YZ zUmzVdC/OSlhZmadtzdpaEIyORETkCLLU3Hi O2wHoghgcxe/jvkjM46OTQ8+1UEwaESOIwoA 9p6i3jDK138J+q5jTjKqD6IWAUyTZoogZrD9 wlYYNMZJatdXfz5G565Ix6/MpkRDz9Djsmbd E5R4LEL0x5iBA12aBzxxDwqSkg7j4L3O7Ynk 92M+28nr2RPb4bSaEAWal7AJzjoLMwGVW97Y 9T2nMyFz9qAgeFdVwUEtEg4iUuZMj9SSkOi0 68e25IT8bg1caC5NNg== ) 86400 DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; key id = 48381 86400 RRSIG DNSKEY 8 2 86400 20121103123551 ( 20121004123551 48381 example.sec. 08rV3sRhOjAzGTa7QIFeRrF59oYdQwt78UC0 0nuM6yn1fIoA7lPsbTs3UzUoRgKfV95G90n/ t3LD4DoOlVHtMoFVYakSGjnftg0TtUctW3GE g7tK4gnvpokJblUxKZUsdDAvKsTJA+WSE2fS n459KoeLv+6rc+dJZORrSyIXvHtDuLhqPc0B 3J09KPMN6ePd/MpQn7mEZ4/UgxlIiT3DOifO 9YoLiWxYr1kFDdAwBCtspgF85EUPY0TlfOrQ 9zR3XxL+Dno/c/sdAW2cmwguN/TqeFNgPsy0 jpoR1pr3wm4GCNHZwLs9VJyaSul3ySdOAWNT FWiVuAIrT1aXk0AXdA== ) ns2.real.glue.optout.example.sec. 86400 IN A 6.6.6.6 spurious.glue.optout.example.sec. 86400 IN NS ns1.somewhere.else. 86400 IN NS ns2.somewhere.else. 86400 A 5.5.5.5 604800 NSEC sub.example.sec. NS RRSIG NSEC 604800 RRSIG NSEC 8 5 604800 20121103123551 ( 20121004123551 48381 example.sec. mfcjfqL7qTfGt2jki5Ye8QXkcmDrPGEu+0cE 1KQgFQnaw3lzty/MRPeA0EbUfj1latxT1+d2 DHoouDMhmrV1jm4mMB9WQ9QIc0vo/0EgwVUH s1H0+P8i6iHjCRk5WTuBiAwHfsnlSgzCnWgs 9zGK6CLyE5ijZ/Ar7w9lLzIallRce7UyNVui OKWOtE4PG34SarmgvR9dhKIYvnlpYRPr4w+n z9t5tJTJCpQY4dl8G6VI1HOOFajP+gobZbU3 WenNsvKfmjHClMuNw/lLPVIakMKC5SvO7rOb Eo0x1OWcorLU7JXs8CZsX7TV0/tU1/lmpPoa iqbLGD64gNvy5G3lTw== ) test.sub.example.sec. 86400 IN A 127.0.0.1 sub.example.sec. 86400 IN NS ns1.example.net. 604800 NSEC sub2.example.sec. NS RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20121103123551 ( 20121004123551 48381 example.sec. iXx7cENoookUmrYIZeEhQ2ke1nkIDKGpETvr ZfYb5g3oFEa4Mu2LtjolwMs30sMvxgidYxEi cBCzI8ub8W1mWHz4K4poXKUxbkmTKx4M/ThA 223dOMCw7gePN7jzJfpoL/t3X+aeTv8VNY4y qNyQxE23zaas4CqbN3WSFB0K1GVqGraor+2L aA1SLHurwUav6qmjWdv5Qc27+9lPzAzddUEh wCCSD+y0D19XX1XM4LqPnO5UDcEzC0wmyzKD rwkrgcIhkPLOCSWpBEHZtDdXAX2cKAhYG9QA wIZ3i3qME5gqxWlwPjSbAR9tuOSL8+qDpQu5 b6KfRdZ/d1c9AjjiAA== ) ns1.sub2.example.sec. 86400 IN A 1.2.3.4 sub2.example.sec. 86400 IN NS ns1.sub2.example.sec. 604800 NSEC example.sec. NS RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20121103123551 ( 20121004123551 48381 example.sec. qBjgWN8txVSPwGky9zkhie5oysTzIR/8sjP0 ia2NmlskjQe2n2wMJixOpydqtq1VY4Behlf/ IO9k8ANJLLVN1EywN/fTgD5IVItyphd1tCwQ IGOue/0sbjDpVW6Fzp2RyGHmhnCEax6BOr69 DgdXGyBm+vZ92C2vYgTTjyJjKnrigxA0F4e9 PJb9EJMMC+nApnw9Ul5l1MX42av05xAVQWVL oo3yUt6Eh7psbJM8EnyXAy5OzlEtuVUiFfJ+ XA0y5V6aYTO/XZ/9xabi/a4mLHu5GAOK2nlD cGXxlYwY5zuKTq8F0DPRMR5ogIX9gNzceNFW YLCBfpyztA8oxkuwHg== ) glue.optout.example.sec. 86400 IN A 5.5.5.5 86400 RRSIG A 8 4 86400 20121103123551 ( 20121004123551 48381 example.sec. zDX0ZutqbHE/W9KhlxEcVdM8HMk8OtLktbSe S+csQ4EGk9O7vrO0rcTQ9xLIwTpDsOhdXdmw g/m522a3qpDBxeAS1DKvmYqutsSQSqWWKL6p ylAjGv4DxAynw7zQARvTFx+1WiIDXFrUZKWK 7U0g7qMmxMxxgFCa9BSAouXW1WIuLFlYGsKs Zu8frV2OizIjTMHoh8gapur+gyGgCzExhOj+ shIoWz66E60ZMpA9z7gyc7q4BxfBfB5OhSlQ q2UzzUnWTamqmZhzOFP+wnGbNxPsJ0RYZ5qD 5MtxTZ3wM5I4z3r0N+t+zk1BI6182u8BqQ4E pCUyhuojyQjWdiZSFQ== ) 604800 NSEC real.glue.optout.example.sec. A RRSIG NSEC 604800 RRSIG NSEC 8 4 604800 20121103123551 ( 20121004123551 48381 example.sec. pgKlHxSe/WOYKKrDfb1FkKbxPkfW6R+G+zAC drB9rTcfj3dFBC4uZEl0PPlOBD7EJ5Ntvk0X 1BJlYg9EP9wmcRpQXaNZBgy4IzEe40HrEHpG 8lsOlif9YIJ5uE8szYrVBRvyYwrqr/PtSsqe iFw7xuE5s1esucz8xGNL0Ut/z8lTLYWMO+jD k5DvbFqVOihtgSZScgqgNbzdheTTI/sfEGVG e8+N2osTBwA8FWMIsbUyVraEklI82+bLzDLY l3xRcMhpY7e7m2M72nKIrm5StYXmwMTnAWRQ 9U9H+2hAxDTGRQmcb9G5gUhRvb8CecyRQtbW 6pbkGulBb9HKaca1Fg== ) real.glue.optout.example.sec. 86400 IN NS ns2.real.glue.optout.example.sec. 86400 IN NS glue.optout.example.sec. 604800 NSEC spurious.glue.optout.example.sec. NS RRSIG NSEC 604800 RRSIG NSEC 8 5 604800 20121103123551 ( 20121004123551 48381 example.sec. ii1CgKo6PP5Pv+mRyL1icoUaS0gQGa81CxeS LSs3Cd9l1J8qYmxVZllajqe7EPrVeqiTSZnj iQ40Ser1EDcoe08qNOkcSQvlI+cS/tD3YrGw CeVVREXz76L6L2PSJklR1iK9awxTHi/dQDxf 4b0NyBLFNE1/NtrZFzUeqEVnD9HFaiAQP3OD P0MJFSorJM+2NpiTGCcrp/j+fj0pvpuRjWYu BBdvyWR7zAInSV5ihA++nCszIkowhsA0GtAI H8basuZRBbni6WwflxCx12mqhNA8cNOm3Bvu 10vep76LtKQt85gw9LNYZWHrTiBjXg/rH3Ed c0keKnVXlTTdqmQbOQ== ) tobez-validns-f423245/t/issues/26-spurios-glue/example.sec.signed.optout000066400000000000000000000130111314110214000261160ustar00rootroot00000000000000; File written on Thu Oct 4 15:18:53 2012 ; dnssec_signzone version 9.8.3-P2 example.sec. 86400 IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 8 2 86400 20121103121853 ( 20121004121853 48381 example.sec. Ulm/liwXxmglgip/GZchcOR8cAbZhXRnQQyv OavM3mVc+EtL+APaoQTMlhi1Sl09ft8zCxFq 9QN0Z3MXCYYWpkJ5yvOgso+Da5kabYslGTLm bTo2CsW1AFzJJi9sGheT+45otO+JQ5u0kxjC QdebeYcMkdVs8I7tfMklyfgeC7LfNZE4/Ipw 6F4x1HZe+Dqq6KU4VG4wxsiinQehXXGQZQyg C+vQHjs/EATrm5xymihPqRmeFchYUeQ4r1bq is1iVvcfezVRRnKjWZm0siv6WIMWu+asORnV 2GcBLmtvvlOCFc21zUx28dHMFXHFua4DWKB8 cgdYpt43xZ68GVxMPA== ) 86400 NS ns1.example.net. 86400 RRSIG NS 8 2 86400 20121103121853 ( 20121004121853 48381 example.sec. ikpkmIGlWyzehB7usRLodt80omtP0yP37Uf6 Suixfz94dQFXOZRccsJjvmwxK+SWCuODJvD6 4d4sb8dwsxPdrFpfdSELCGZqyCECTb6GvKzy fD1JnU1PujbqimNo+A2TBZAzKyolvh/9IfrN 5J4kXvjCAmssz2yF45hXRblJg3nkNs8nbD4U VbKWzKGWsoV7oDx81hISVjFaOeMJoBMOTQNY LHN9+EJDS7qo20sq6cYcSwCQ5FwpAxX3k8Ef rHCtBz4A6637jmYuSKGWcdwdzCZ/a5Dm7x73 OtLg3bMft2bZSeiCQW6NpmPjIWCsdbACJXnm 984YFW/pTqapEPTpsQ== ) 86400 DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; key id = 48381 86400 RRSIG DNSKEY 8 2 86400 20121103121853 ( 20121004121853 48381 example.sec. si+yguBDcwzghrH0h6R9cPIauscNjlA8j/sl 9VWDkeBi3yVdw1aX7BaE32sQdf2k0FN4A/+Y 00gJAwaMHem1L9wlOKg/cRGqsaz6+VACqAtK 3uvG2RbDAS83VZxU5650CupN/sivmtSj/YWO Utp1HEc8jZCw8LsFudmRTa2p9ps+kHzeC6BO Uy3SolmGnZdESoBqnUAWTrNFaTIwCyLGIIvK TcEIzP3SN1mw1Nt+GIL/ActgPTk0OpUPXvj7 KUoekBMAZcgAebVXuPPSkZq75cC6P2+08+di LK2Fs8wpf31+TBn3daAx7xvRF++nC0EA0GAp omMLBYDUAsDLsWMDUQ== ) 0 NSEC3PARAM 1 0 1 94CD 0 RRSIG NSEC3PARAM 8 2 0 20121103121853 ( 20121004121853 48381 example.sec. YHWYvmnPOvcuBXO7qz75IdG/Ceb+MsyizLAv z9A6QgfUI4x6z4ADbdQblhuZi5mMsnFaNtqV IYRcBEbx754hTEagLNXI/TEN+REF0P5Nhba3 cZm1vY+Dhnfz0ZOVIUuNDEk8S63F2TBaNm4j ezias9Az5E/De2oYaOxRciP2kYoYncUaBMhi HPjStz1jzrC+7YOah6uWfIAcdl3g8qqL2hjd YJdMbEuY90JVhRWzEjBftqxv7w9sgA86ERai 2TGBIpBxAfamCfKra1aQR4Wl2x3NF/RYYfZr lS4/Up0ouPI3TJXM2SGr2eHDQAhA+sGiUhm4 Y4mySTWd7MreJ53tAQ== ) real.glue.optout.example.sec. 86400 IN NS ns2.real.glue.optout.example.sec. 86400 IN NS glue.optout.example.sec. ns2.real.glue.optout.example.sec. 86400 IN A 6.6.6.6 spurious.glue.optout.example.sec. 86400 IN NS ns1.somewhere.else. 86400 IN NS ns2.somewhere.else. 86400 A 5.5.5.5 sub.example.sec. 86400 IN NS ns1.example.net. test.sub.example.sec. 86400 IN A 127.0.0.1 sub2.example.sec. 86400 IN NS ns1.sub2.example.sec. ns1.sub2.example.sec. 86400 IN A 1.2.3.4 5RORN4V6I2EUE59S86LSVBHNQNFH97BN.example.sec. 604800 IN NSEC3 1 1 1 94CD ANUH4A3TCIVO884LMD5SA3S1563VKCOG A RRSIG 604800 RRSIG NSEC3 8 3 604800 20121103121853 ( 20121004121853 48381 example.sec. N1v+1lsRMwY3WJtdMl8Eh9vOV3bdwKwTbnRQ kFtdKpLuvyc3256nlH6SKvWMBGPNxOyd1Qb1 WUdCmT4sLvY2UDzmTsvI6ETszQyntSMsORah osfWPG+0zAA6DnNkUVNDPvoSiimcl4ibuzCX 717pCz7ubTJEX0G2X3cVGZ6/qIQ2SrNWbtED LqBgJtu30w3A7APtxKTG2bAHOejrzSAVy3ms V4iTItdglAMrscloJNCveWTdPPXDlHrQmD3D nRPqA3gIKQzm0Y+ZI3Qzyw9bw9AiCYpMBehg 5gFt/jLTknaG5MCMYGJEXNFO0VbuHKgxAqsz KHpKK/ifUkn7MsJzeg== ) ANUH4A3TCIVO884LMD5SA3S1563VKCOG.example.sec. 604800 IN NSEC3 1 1 1 94CD APFMIN8EJ96AD54VGTECHRPKHBR336EQ NS SOA RRSIG DNSKEY NSEC3PARAM 604800 RRSIG NSEC3 8 3 604800 20121103121853 ( 20121004121853 48381 example.sec. od/Sqj/uWHgRTRs/zJaqqFrtItCSO2feO2XZ z2oTtpyri7PoeppBkfHI7RLU+S3erNsFovxF wCtrf0fyTqlp67uSyp9pDgNUKhpuKSKG+4q0 BcuLBXtQaKdeBD0goq9I1CyUGzvshIb51eBG aREsZjYQNoVRwbNIGgu7g+xnXexQmZPaSCW4 Q/TeJBaHX2HHV8iDwKK3XZepP0E07dpNECSE rKJpok52AeYg7PrNYwEuxA7LTJmrSmS7qCl9 KhU0m0CffxWDnEXkYKX3af3eahWeOZyGOhOP dxIIIQ7c82n/jcqMD4Sh8d3rerPF2U1gCz9u HCdKafHujj9rGn/M6Q== ) glue.optout.example.sec. 86400 IN A 5.5.5.5 86400 RRSIG A 8 4 86400 20121103121853 ( 20121004121853 48381 example.sec. QwYR1fW0291qEsM/oRaB3afMe+6gKpNvd2q9 RRA1y8jbS1X8xpvzJayxSBki/XEbAt5+/ruw z15HPcGBRo5a0To2iJ7rJiSFvUdKHfv1jdNx uRSVx9+RT8RgX2kXEk6SZOzl52fOtmF4KM3y inKh7REsL41ECQLM6ZYqFjDXOkzOjTR/s8V7 8xxAwZScRCa+DXlc2xVPcEMExMTEx+22L5fV HNRYXlJA2O+hsCiBUbiTBp0+rFDGTpG86MWR dgnOwX+brkiwD8AiFw23YfSp9F8y3ft8tAqv f9nXbHa3F9SCR5i1yzkUeVWKEn+by3LS4BLz VpIfeb99nocNo/7Mgg== ) APFMIN8EJ96AD54VGTECHRPKHBR336EQ.example.sec. 604800 IN NSEC3 1 1 1 94CD 5RORN4V6I2EUE59S86LSVBHNQNFH97BN 604800 RRSIG NSEC3 8 3 604800 20121103121853 ( 20121004121853 48381 example.sec. rbDtCPCS5QEJ5ESQimgn8318GRADUtZvCeqv I3hDGB0w9HXpLRkyZ1McyLVIZskK4yXB1Wgg ikfjG/ENVqiZ13XcXE6nZrdBJvMqZpkTmV10 1emVkS9q0x7wVKz9fBrVuznZij4PSZinEv0v leOFmgBe2yMuBWWV9t5o/KxG/2zgW1HU4PZC ue3c/iL1iEKTFaBQ856lvFyY5cqO191G26tn kCW8G8x4FrUiNyB3UgoGt/9jFbqDMHMFrSOg xLPNxPqBcT429qpbP7+d+QnmI7LR6usWus0A UU5w6Xzq+HVD2RSBpZX8ryUKEqXa92EDcfqB xYijmFAKbe24i+b1wQ== ) tobez-validns-f423245/t/issues/29-slash/000077500000000000000000000000001314110214000176515ustar00rootroot00000000000000tobez-validns-f423245/t/issues/29-slash/example.com000066400000000000000000000013311314110214000220020ustar00rootroot00000000000000$ORIGIN example.com. $TTL 1d @ IN SOA ns.example.com. hostmaster.example.com. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL IN NS ns1.example.com. host/1 IN CNAME example.net. host/2 IN A 127.0.0.1 host/3 IN NS ns2.example.org. 1 IN CNAME 1.host/3.example.com. 2 IN CNAME 2.host/3.example.com. host/4 IN MX 5 example.net. host/5 IN AAAA 2001:2010:1::feef host/6 IN NS host/28.example.net. tobez-validns-f423245/t/issues/32-sshfp-ecdsa-sha-256/000077500000000000000000000000001314110214000220145ustar00rootroot00000000000000tobez-validns-f423245/t/issues/32-sshfp-ecdsa-sha-256/Kexample.sec.+008+48381.key000066400000000000000000000006021314110214000261070ustar00rootroot00000000000000example.sec. IN DNSKEY 256 3 8 AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg273Tp4oRpnmnmgizDFtLQh nIv1Mr3AuwSWVIDeavuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90yQwf C53hxyH10GzGnAx4Sutrdkh1w4HM1nMBdlTMa0g9yxjJ0vm/T7qHzj+3 dTUi84s8Du2mfMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB/QUuoY2F yThfidT+nhOQpzftVtLcta0E0Uv3PcVDp1d7vBXsAEYGHr54r2vb3eXd OTmoFyh/byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01u8SJYP6ULwx0 mZ0p5BmoMH8= tobez-validns-f423245/t/issues/32-sshfp-ecdsa-sha-256/Kexample.sec.+008+48381.private000066400000000000000000000032471314110214000270010ustar00rootroot00000000000000Private-key-format: v1.2 Algorithm: 8 (RSASHA256) Modulus: 1k6+cu1N1CN90iqofey1vu8jpsmWDbvdOnihGmeaeaCLMMW0tCGci/UyvcC7BJZUgN5q+6LJYgC1+/DLR/cRgi/xizmQOIqzw8TWT3TJDB8LneHHIfXQbMacDHhK62t2SHXDgczWcwF2VMxrSD3LGMnS+b9PuofOP7d1NSLzizwO7aZ8wPqejL6V5nYi5fuUVxrxLMM2aFQ9ORe4WsH9BS6hjYXJOF+J1P6eE5CnN+1W0ty1rQTRS/c9xUOnV3u8FewARgYevniva9vd5d05OagXKH9vJ6FSU+rWAMQfSYFGVZtQepsacrKiXPR1HTW7xIlg/pQvDHSZnSnkGagwfw== PublicExponent: AQAB PrivateExponent: LOxwy9Km3/NYqre6fjsilhW3GX1kcRiSdXFYBBr3rMtUojKvgJsTH9uUeWZvTbTdne4B6yHiqSKRA3Eki79k8i9uqMq2SsP4ju8yJZHLmzjezIfJoHrQ6BxyFcMZoWPzdZkKFKmFwrHpxjjbvFcHvfiAu025Pta9C2o/rZXYC7V3BWQowqYBfukdpZkCEhzFzEtC1ROXN4jPJBwNIma52QTLH6jK5BOfOJ5DhS1SF+r/EkuvXnylApVfjPfUIC8ocVvpn5WLoabWL+eURIi6MvVT59ppzc6WRUT2PxDskT2WUWfw3zq5B7JCM8/qfYIDUHvt1h6JcJHTAOz9Hr2f4Q== Prime1: 8UNey2U7voMhZmVUMpH5C8q7+hp6PQ6dUYd+hjaQVnsDOLPBT+zZf8R3str7pY/xlOOHy+DxYmZ0e17OumSOXTeQR4VSdsr/tpWc/qd2jd1I5N58R4G/yZHgTm8pm6VRb7NwZ7Eg6o2z0G2UEykFeberyg4U6SHBDP6DZNvGrQk= Prime2: 42XeoQUBshFkTYekdeqPfGqC1YXsK0URLGAbPbk8HlOiG7ueVmUnsAS47lyuEJPzIUgqqBbDM+CCdW8AvPJFDXa09l4akfCrLRyAdkreGj3bgmUs5wUFbDZyOHvRFSxdUI8LOcAhXthy86l+wErKwm6sWfd1oPGvMmC1qiSsW0c= Exponent1: JpdjK1+3DcNF7W4Z6LjmwFceeGQR14Bl86ubtnY14k9s9X3zVwiIxeI0T1yt0g7TUsCOcTM7CUVgLne8053QE+MWZgpSZYQVISyPX0CEOy8BQPLBqGJ9vg1idslbO3VXMGngegWgQUSHVbihbesq4AxcI0bbW2s1yRFRDSoGfpk= Exponent2: NbR7bd/21I1S+RSN/ONW2/VzzOYCLv3y3l4cUOmMj0UFRjN7Y8AkLWgQHQt6eKPYigW3PVeS5o+hgAalT/qP4GwmtQDomYsTgmX22Pk5l00AqL0oa6895p69PyXO7Yc6yqnd5te/idzo2S8wpk2DsYPd5KmS+F3cGLPKc9KRekU= Coefficient: ev+8Aj3u6mICRe6Y0NqYTGrXSBMDXf92dI4+CZtwy43cyTvvZSABWvlLTTXf8XAlnnPxszSpG7+e8bQk4A7ZIagcDFSUjzwtVoLqKqbyLPMNjJKqvGW2iTwfpXAHTadd9EmvTPsEVCJnZAvkyn9XQ49phL9IkFzj9kmSrGqnN4Q= tobez-validns-f423245/t/issues/32-sshfp-ecdsa-sha-256/dsset-example.sec.000066400000000000000000000002471314110214000253440ustar00rootroot00000000000000example.sec. IN DS 48381 8 1 99477B577BF885AB2512B8DCA052D7B71DD968BA example.sec. IN DS 48381 8 2 E5411AAE0758711B164730F9069CCFA3CAB00391FDD76D04EB3E8610 CAA09E93 tobez-validns-f423245/t/issues/32-sshfp-ecdsa-sha-256/example.sec000066400000000000000000000025111314110214000241420ustar00rootroot00000000000000$TTL 1d $INCLUDE Kexample.sec.+008+48381.key @ IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL IN NS ns1.example.net. IN NS ns2.example.net. ; example sshfp rdata taken from rfc 6594 rsa-sha1 IN SSHFP 1 1 ( dd465c09cfa51fb45020cc83316fff 21b9ec74ac ) rsa-sha256 IN SSHFP 1 2 ( b049f950d1397b8fee6a61e4d14a9a cdc4721e084eff5460bbed80cfaa2c e2cb ) dsa-sha1 IN SSHFP 2 1 ( 3b6ba6110f5ffcd29469fc1ec2ee25 d61718badd ) dsa-sha256 IN SSHFP 2 2 ( f9b8a6a460639306f1b38910456a6a e1018a253c47ecec12db77d7a0878b 4d83 ) ecdsa-sha1 IN SSHFP 3 1 ( c64607a28c5300fec1180b6e417b92 2943cffcdd ) ecdsa-sha256 IN SSHFP 3 2 ( 821eb6c1c98d9cc827ab7f456304c0 f14785b7008d9e8646a8519de80849 afc7 ) tobez-validns-f423245/t/issues/32-sshfp-ecdsa-sha-256/example.sec.signed000066400000000000000000000230561314110214000254210ustar00rootroot00000000000000; File written on Tue Sep 3 12:11:54 2013 ; dnssec_signzone version 9.8.4-P2 example.sec. 86400 IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 8 2 86400 20141212121212 ( 20121010101010 48381 example.sec. VaxX0dVGnzFwJN4uz322gewYiKqYyc2p6QYx xF9P8FPZnAbWPRYVJigykQ0o5QZsqU3fSc0s OhoAapQ7KNDE3lNkLY0lVkq9dDDTLt13avVK pFWLw61fdUDyVzggupz9n6rwNNz7/h1iec4Z EEiyCCIOqjH9HXcbHKuLe8DHt/h6AX5y9LPU DThqFjjdaOBl9JeFPOZIkiFmJsrGuStOVeLG bhCX7gt5/DZw4P2TQ8pullyPyjWnd2pjA2p6 WMbiqiMiHZjevzcFEFNb5TCkgUG7RvWPqzhH 6HgUdbd9hcIH4lIoocRfztyDojswd2LGq6LG enJM9fuTSqMMT5CPfQ== ) 86400 NS ns1.example.net. 86400 NS ns2.example.net. 86400 RRSIG NS 8 2 86400 20141212121212 ( 20121010101010 48381 example.sec. AEw1bOH7iWnw2+xOKViKiSCoP+2XBEYB01Lg HBNdnFYIL010c5YUewI+AsyOvxbpwjNIspY8 k45lyXpbhmbE/SSgI79MtRIwG+6YQERx4RS6 fw/9N6t41NhkkcyOfL8P4wMFzTxqq8TJ5Vd5 7CGFqBJLtVtQZvDcRYcSMoVsNFYJFqNEjve8 nPO8bwxd9UwgBVNx5sPJReSdUhb9//DvI1xS nr2UOHduNp4FppeOBhJYh7tjYs/1IbPUp90W iQSiinfNT47sVz1ntSgcrtKTrAJmm7TAqPGk cs9CcrqnN9f1SHU8/9M7nH9qnyGt5QxcbfBF BnGe6lS2mOJnETN8jQ== ) 604800 NSEC dsa-sha1.example.sec. NS SOA RRSIG NSEC DNSKEY 604800 RRSIG NSEC 8 2 604800 20141212121212 ( 20121010101010 48381 example.sec. LyRbBl03MKOn6ZqWwJQoAxFVI15rfNjlmF0w dE1LaX7cm3DwDLlBgqK+Z/Hv+aRKv2Yk4x9c 44eLS2Xcfq5OrqTQPId0UClHkmnm86SHDVgJ jtH2nu4+07FXukt01D6ap6R0nfbbdbPUC7x7 jVoxbFLw0m3rAXFXbewXfNRor4KO7LWf2koK AaMzNxpprfAElaAIX6iJzhgTOTaRLXv6w5+7 y95Ca3zn6xVcpXH3RSV5iyCGgGm/aAYE0sSW XRk4sGJ2zjSUj4RsnNc38W6FRMzAHmkMc1rf kTB2ozJ5dmN/6OQU+V1OVyEK0oTyidTmPEec IHYsORp7Iw2Hx37H4g== ) 86400 DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; key id = 48381 86400 RRSIG DNSKEY 8 2 86400 20141212121212 ( 20121010101010 48381 example.sec. jeH3CRSqBGG5ZvU8q+27/b0JJreGL8rIoIWg 8fS8SvU0MIiOHI9vjFld3EbmYcD6MqdadofW tMfVkb6mAmK25lXkqrggm5jnwsV2AJ17ec0A 4wGZz0WlkldkGsK0s+w0lxMb2bpFNpDI9p4R 3FWLGve6uRThuRv6oxlbPnNAyaz6bXLmu+q3 oBQsDS8GdxrzcupBqC2iVxmDRhi4rKpZf/DZ 0dDdafD5PG4rSUfvXY7Sd0G906dsWHL/2JRi 4q0xEgx5F6Ve7UcE6IaMLYCiu+DCOIVOucC8 SQI/APsfLN3dycXBjYY1J4C+vzh2ig7P8Iks z5tmeRR5vrd54yl+kw== ) dsa-sha256.example.sec. 86400 IN SSHFP 2 2 ( F9B8A6A460639306F1B38910456A6AE1018A 253C47ECEC12DB77D7A0878B4D83 ) 86400 RRSIG SSHFP 8 3 86400 20141212121212 ( 20121010101010 48381 example.sec. bn5KmK2UyUlhF77ZGXCE7EPRln8RMCn1VYYg FMvWuddZu/bwdeQ9V//mkEM3P0KwnfQ+GuAm q2ybXunLDmPcdwuHl3hhU4PIJ6qeFFbguRg9 6dW0JkQt7vN9EGRx6LQbGPX/UaAEaN3x971I Xr0KCThkwR07PRFf5OX8e1FD+Nuyu3YtGwNL mii9xN0gwX/FZHAqnUXxS/1B1M/UY7yZMazN jZDj3X9kIcNH+dM2Pgo2Gkej1VhxrZjbN3fV 0MkJUUxWkmE51pBAg89u1PwMjQqkb2+7e4lj 8+/Tg0JXA4Row46QDOcrq+MSfiHKNM4HiOKs FSxe/7OhH3FfENzelg== ) 604800 NSEC ecdsa-sha1.example.sec. SSHFP RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20141212121212 ( 20121010101010 48381 example.sec. quPG7kmU75o0/us5C5worKfUgWH8O7VXUHRe xPDx0g3yxFicwGa22Uniz7wZzI+AFwL9Kui8 KY+ZGqiKaiuW4OOCj87A4p5OBL6Q0ZMFMoNq Pv2xeKTfO//2DKpqFk1mm9HD7Geh0bsvIT78 pLZeUkzWfY7ms2juDIAuQ4uMa3Q9XCtbQcd2 fl2LBhzoWU/x6NThelMUVq8O9KvTX3F/Svt9 byLncSswcwGBHIcpmQDA/bVMd1yfj9V+uB+U v419X5BoznrDu0YSQj2KoFNUb6qkWezEeWd1 4yEYrogNibIHGxK2A/mEaMQ8bGfuhQvriRZI JQAZsMI+HVzURgUCpA== ) ecdsa-sha1.example.sec. 86400 IN SSHFP 3 1 ( C64607A28C5300FEC1180B6E417B922943CF FCDD ) 86400 RRSIG SSHFP 8 3 86400 20141212121212 ( 20121010101010 48381 example.sec. xZTXovaSXMlmsX5puB+JbEqOqofouS9aluao 89SS79iTZxfA2NQw9CCVTQTowQ7Lc7F4eYqM kAEEYyLk2XdopARrJelgMsNk4u/uGbUV/8/y dB9PwMKZcyDA6HC42LNxGjRo+SYvVXyOzWyu 5aQFP7LknuhEzjZxIXwooAL+Bc9zvnNEeWQT +xcWwlw+0wPucGQh6reAlxL0LqCtGVhGxErB 1l9XXs/0ViJfMLoaRtIasuG1eSfbpCgYdU0s 4i08ovR71q79ixvUI22h+Vbv3KZFgva5w02M flL1xgTINATtO6OpLci5/aTsBciU8jiHuE2N s+4GBci7zrV1mZl4Gg== ) 604800 NSEC ecdsa-sha256.example.sec. SSHFP RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20141212121212 ( 20121010101010 48381 example.sec. e8s85RPO1PL31ANtrK2cXCe2vBLX5NtDCJG+ BICwmZ4y7o72N4P7kN9MFCYzZg33Egh28uXB LxH5QA5mE+kt6KFaCvr7rnL93p82qydRUiku sjFGYIDIINwz9m6p/SxoidDI3nyYvghpllrS sRXV2vrDETLfBUY7RcOQbsCvCwE8j5EwZAmi Q81Ye99Gsf2MlyhcoYVkmBs4pRVpnVqHn+VI d18gPjg8UFdqlL/yLim9Tqk7nARU6jbvGSGx Ldz4QeuCHBKr3gtEx6MXdscxO+cLS4w7Hpws 1mxHtQ+iCpiG1Iz4CUcucdNAS2jTcBE9FcUf CDH43KFjxNSgiFcOWQ== ) dsa-sha1.example.sec. 86400 IN SSHFP 2 1 ( 3B6BA6110F5FFCD29469FC1EC2EE25D61718 BADD ) 86400 RRSIG SSHFP 8 3 86400 20141212121212 ( 20121010101010 48381 example.sec. R4BdW6B06U4U2xVvWNWWZ6VGnHY5XvJrI2/U NJ6j3tWdNP/v3FbK+RpFPZQk26SomY3KF7D8 dhjACC4jxlwQqwQYl5wC3jOnnt1xzqvW44GL r6GSjSwOC0QfDPXNYQ6H8JC1Ea+vGHJa3HKy sre2HEUn3YyxkqhktTAZ+eUxzQ5L5EP3pL+y DdKsVItWy/4LGkNPFBq0AJyE2Rv69TnIKx5Q MYxtTqFgFsO+iUyIK+RlRCq1HITtmg0o7YZN nc66uSLF1Fcy5iAolhC9Q1aX2Vj5j1rfocqh 8Y70QIi1n60PrzisgRrp4qdzG5ad057gJKNz hQ2wcrjurmGLbayv/A== ) 604800 NSEC dsa-sha256.example.sec. SSHFP RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20141212121212 ( 20121010101010 48381 example.sec. hr4HLlCWtcU5yLX0ikTcSKSSafXqjifnUCB6 m9+0bjsA7Oyi8ivA65yNUC0maiIyWkgrgw2t DbMXTFVvmJThu9sGAc5jj5j3PmoqTF1ztKrl jTIMnCgASraV1DWSBgDMV9FrJIZdf3k2leVO ib0BbT774r81pRsw/5OvcMl/8Fnikr+xylXc EOCBIPT052p+k83cQzmSMLZJXE19XhxSGZAB +WbpLIkFYkkFy0Yvokar+NFzDPkE4aG7XiJx WWJMft23q5D9RPD/uxnVrYCVADE8DDmTwziE cvVgv0o6SZTXvI6M4QKzDZuYMoukfjMkFBai SaGkiIbXTG8s/cz1dQ== ) ecdsa-sha256.example.sec. 86400 IN SSHFP 3 2 ( 821EB6C1C98D9CC827AB7F456304C0F14785 B7008D9E8646A8519DE80849AFC7 ) 86400 RRSIG SSHFP 8 3 86400 20141212121212 ( 20121010101010 48381 example.sec. BhuvbNtOY0vfVJYNyIR7SiN4q9/BfBbgX7Jd YQJK7zNxxf7EX7RlvZTrBI0VlRIeW++4MkOP BuQz3U45BiyPe1V/LDhXmsWNtusaPjO3z3NA fV661W1O078f+HYJS5EtNnfo64TNAnSOkd3r 8fQxYy/5NTWI9GLq7Uop4JVuqOYzr7/KN4WG HCvfR3duKHG6DUZ/nCY1cCpFjFvIDZa89EVX 2MUcB06F1rLKQiSZNBVjSy7RtrIlR0nrXLOB 0DIJ6cNZuF+t8+zPe1c5hG574B3SmUyz9VIv A1OXt0i4S2IQ/xmoncHDoVswNlTaWPDz+iEm e4dtrkspArlAfWrBAg== ) 604800 NSEC rsa-sha1.example.sec. SSHFP RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20141212121212 ( 20121010101010 48381 example.sec. KLXCFYreUBGQxpFcEsUKfr9whiNzae/2yjE0 ssFRHqVKgVzHWmBrh2Rz1995d+eeupTZdden RE7iY3ArKd/Gx0Rs2HmMvgJJ/z0auCHNCUaP LCW9WKRFFestBDvuRBHSJ5mt6Y5XLs3521r+ /fRIICwldr6zQjzoPZ1OOik8kujwYTLoQPRM UrEJoMskL+OgrQTDn+pdtwuAXF7hWsUkrEpL w9aqhYcl9C4AQoG8gVMcPmmZLYBhDYnXvT+R 9NJNrdKve2Xsw7pKOYMz54xZo9IjBrnFa+k6 QBH7yTIaT+E/Nuv02Ve2O3L9BQ3HUcIpYeGz LCegEmI1H5+VzqQyeA== ) rsa-sha1.example.sec. 86400 IN SSHFP 1 1 ( DD465C09CFA51FB45020CC83316FFF21B9EC 74AC ) 86400 RRSIG SSHFP 8 3 86400 20141212121212 ( 20121010101010 48381 example.sec. uyZJ8JEIe+1Nwn8umonD3qapuM6DDpyljlUO 1cCWCjoFiIOGqne4f9gQeN7p0eEjc94yVjTP P1XtVSIZYGRe+Yd+zEVqBJmVtT1fqIWxQokT aTiw6NUMP8uztnZANHnFH8EFzzmM2s6tJdbC bAj0VGVuR/a3gk3in3fTdWN1WkNO4rCW5rtZ MpJsCWb1w0/OOPLhgNma1W9+hE8XErxwR/1D tvyog+ccf2WKPoyph5tPBe98b6Eb2vo7f3Im PaasOcIno2yi35TN1NW0Da12cb51qo7vuPxU ISZZXXi5wXWX3lF66nXxnpiZkZ24k+ZPiN41 VPV817T53Wx+U8kDmQ== ) 604800 NSEC rsa-sha256.example.sec. SSHFP RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20141212121212 ( 20121010101010 48381 example.sec. rfOeXJndauKIfbI7Rja0KTZmw0jbpmZNKk7+ mh/QcchF7Ov/U3+vUhIiWrJtzm0w7HtVG+Cv IXidvyDd8yecr/WF9K7BCvOlXd4WcFJCCSze rAOoBZzpbkw7UKJD7cc4Nf0MWH1G4w3SNRAc gZXTXmRNVY10ZT7F42ApTirQMjbbujB2XSgy KYEdFRfcNLnHpUApjl4gv8Yli263IOSuhRaM 67BVNzlX7lgllRyvS1QDh+TPAlLsINuQp2Zw znFS0+gZggYzCDQlLoAAm55sFBOUnrBxIPCf 971T3ThN17hbilS27hJZQJvHf6HSdRm/SN6m Dz+EndqSwlDddtVxdQ== ) rsa-sha256.example.sec. 86400 IN SSHFP 1 2 ( B049F950D1397B8FEE6A61E4D14A9ACDC472 1E084EFF5460BBED80CFAA2CE2CB ) 86400 RRSIG SSHFP 8 3 86400 20141212121212 ( 20121010101010 48381 example.sec. O6bG4RWK53z/hhTf+oxZNuMa08XCr+oGuM5l TN+CxYLDX3y3jKuaR9G1U8XiW6BFxBIKW02G ufGlJTvFvRVazIzgeCnbcJSkeR3dW9aUP3+R zoUQHNiFPy1osIXrx9jYbbPBrR+OdIpKNk3H jcjVtUksHlo4QE2aNbl2jvybpz+ORb6IfxBL Fqxr7bWrMiw2VVTbvVU6FSI0ObIHsJsqnK6b XC7IoGl53mosrJi9AUGQ0NSbcEUOXwbHfQsM avvJQwjbvsyPi1BhXCO2/kU7Jtl4SdCHHr59 06ZB/D/0iaPBacT1NBbmTHWVMCeO4zjK2kgB V+6dc+ouUYupPbt/QA== ) 604800 NSEC example.sec. SSHFP RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20141212121212 ( 20121010101010 48381 example.sec. XJdaTjwHgp8E7Yd9CZl9ixnA9xSyu0qC/GEK BiVR0t4bPGjYG1qM6S8b3DkSXB81sb2hVI3F jEteyPlHPPsKEHsQx4EfwplO9iJH8h30qLBV TmPOCec9kbSvtV+YQp2wB+Yqi7QIlmEHKZrc 3zRMkRC9cjyO4W0YT4zcY7B2Vo5KhDKd8Y2E R144qQAWZ0mI5QW77iz7w0qnZV5IZSLYB6Sc 6PxNuRXY527ywYVhOX9O/2jl+4aDFSovU64P ZdYXeQxu6FZGqjkZWMJXH1gOx/ZY6yT3+Jhn G5EQz0P5qtEQUoEML2t+v8FKXlxEElBiPnFe Q8uMauGefXwnHglZOw== ) tobez-validns-f423245/t/issues/36-include/000077500000000000000000000000001314110214000201605ustar00rootroot00000000000000tobez-validns-f423245/t/issues/36-include/empty-include.zone000066400000000000000000000002431314110214000236330ustar00rootroot00000000000000$ORIGIN example.com. @ IN 200 SOA ns hostmaster 1 10800 3600 2592000 1200 IN NS ns $INCLUDE ; there is no include, and it is wrong tobez-validns-f423245/t/issues/36-include/inc2.inc000066400000000000000000000000741314110214000215070ustar00rootroot00000000000000$ORIGIN inc2 ; i.e., inc2.inc1.example.com. @ A 55.55.55.55 tobez-validns-f423245/t/issues/36-include/include.zone000066400000000000000000000003421314110214000224770ustar00rootroot00000000000000$ORIGIN example.com. @ IN 200 SOA ns hostmaster 1 10800 3600 2592000 1200 IN NS ns $INCLUDE reldir/inc1.inc ; relative to the zone file ; here we should be back to our origin @ IN A 99.99.99.99 tobez-validns-f423245/t/issues/36-include/missing-include.zone000066400000000000000000000002071314110214000241460ustar00rootroot00000000000000$ORIGIN example.com. @ IN 200 SOA ns hostmaster 1 10800 3600 2592000 1200 IN NS ns $INCLUDE nosuch.inc tobez-validns-f423245/t/issues/36-include/reldir/000077500000000000000000000000001314110214000214415ustar00rootroot00000000000000tobez-validns-f423245/t/issues/36-include/reldir/inc1.inc000066400000000000000000000002561314110214000227710ustar00rootroot00000000000000$ORIGIN inc1 ; i.e., inc1.example.com. @ A 11.11.11.11 $INCLUDE inc2.inc ; still relative to the zone file, not to this dir ; should be back to this origin @ AAAA 1111::1111 tobez-validns-f423245/t/issues/41-ksk-policy-check/000077500000000000000000000000001314110214000216715ustar00rootroot00000000000000tobez-validns-f423245/t/issues/41-ksk-policy-check/Kexample.sec.+007+07686.key000066400000000000000000000011341314110214000257670ustar00rootroot00000000000000; This is a key-signing key, keyid 7686, for example.sec. ; Created: 20150630133112 (Tue Jun 30 15:31:12 2015) ; Publish: 20150630133112 (Tue Jun 30 15:31:12 2015) ; Activate: 20150630133112 (Tue Jun 30 15:31:12 2015) example.sec. IN DNSKEY 257 3 7 AwEAAciLWglw17dt8EDAN88BrQYCIaGPifC4pxrizfz3S1cC4XbSyRW5 loj5SSHVveUmmIV90MTEOhGCDUVq/qiYG7NgTNHn3YiqyRU3sirw4SAC Fiwln/ejxFDpQkeAbZMCzU8FQhTIB1K9y7QRiLacI6naULzgP3h4PsdQ SQmw3/TWy973M+lHzwkgVq6ML42L18rGG0sn1KQDNSs/6sd9dcRjPo7u J2OuUsnbu/5N3vWYLciSBUnY27FUvbFLkVIq072wjUMIb0Xc2EgYGRFK yV2MMckLvoD7vPclBE0Krv9fO/B2/KXsbObTgz4m5iQNF45QLU02kmvw B4iyIzIk9O0= tobez-validns-f423245/t/issues/41-ksk-policy-check/Kexample.sec.+007+07686.private000066400000000000000000000033631314110214000266570ustar00rootroot00000000000000Private-key-format: v1.3 Algorithm: 7 (NSEC3RSASHA1) Modulus: yItaCXDXt23wQMA3zwGtBgIhoY+J8LinGuLN/PdLVwLhdtLJFbmWiPlJIdW95SaYhX3QxMQ6EYINRWr+qJgbs2BM0efdiKrJFTeyKvDhIAIWLCWf96PEUOlCR4BtkwLNTwVCFMgHUr3LtBGItpwjqdpQvOA/eHg+x1BJCbDf9NbL3vcz6UfPCSBWrowvjYvXysYbSyfUpAM1Kz/qx311xGM+ju4nY65Sydu7/k3e9ZgtyJIFSdjbsVS9sUuRUirTvbCNQwhvRdzYSBgZEUrJXYwxyQu+gPu89yUETQqu/1878Hb8pexs5tODPibmJA0XjlAtTTaSa/AHiLIjMiT07Q== PublicExponent: AQAB PrivateExponent: d5kDfRXaz/20hikcH0v0j9y9icg8j17P6WzRQ8eHGsERDPfwDBC+AboJLzB1Ky+1TgcWdgJATyisGXYRoSH1gygvKA+LQnH3sbuheZJl79zOtE1L9TepYEd7y4B/2GiXYETWf+Y619Fwpla+nYjIjAcylzF1KLctWVg79peROEXC0zb+IxWQFIBpe7OzTZ1qxG8ymm6uiu9KXH6qQi3BLSarxj5rY+tO8oj0qQNOGkbSVsXFax0arZ0qMRFT5UooOm+2Yl8Q9Z/PC52qwNqkSDZ2QeoYTJx5tDFhuVJxXhioxGIueA4QuCRA4cRL2U5ZnCYcQa10JFE2O4N990eLUQ== Prime1: 5LW1fl8ky4bBaIPg48Cq8bXQIvaK5syFTvzzMopuTeD6PGwOByuzc4u9KLVrDRebjeYfNVkqXIJAHMjolOr4jURWp2Q3FUrewqdgyY2ULSLMmQo0+dHkvjJIs2A/6vNme+MtFms6msJjyzj3EhLf32djvCH+jWStP3Vb/jopYWs= Prime2: 4HlJJB25JSLygHd0GWi8yu0z3FaYhWXnIs8bwpT8er1lH+tsBeYI8ughuX9h19STMRnBhAh0ZlQaKHOrPTsdVOFQJWr6aUbWIAhv5m+ij1IFsQ58DKnsYP0DXiNkR7K4pXO8yzPTo9UfaMCJAKYipENTgpfb43sVBQnDIGr9oQc= Exponent1: aJpK9g9h7swlLT4T31bBWGeFWFhWUxT7a5L5UAZMSMY67OOmztTH8HLbAwFmgshnVtEHOQkc/M59sCybY3DMWSAGWezV3KEvnOucstJUEQi3ds9aR2AeNHcfFRtSYI0ONF9EwdotJZb+uXXGWrfTOIQ681LA7746FqoAdxf20R0= Exponent2: QlFS3Iqzglc60d14vXEGJeXCZpxm3zJmARCzIN+nYBPIZo/FEFEP38PZAtaxb3RsMBtt4rYkvX6nY8AYnTRzy/ntFcDvTl8RL9GOTcQ5gKI48EBZQdyJ63WUoyFNpSkWCDuTUW10X3i9mNMZJsnufh0t9O0sl55rbVue/Frfp80= Coefficient: aLnGdfeRJ3nSjmbby8IDkJ+W+gFGOHd3XAMDSNP9D8kn6B3JyAfY6FDSg0+Bh+F80PFNGsESkYimXlWr3B6NlC0Gq99hPSV8yU2pYHq3TPVB0tWOAkNVIXM9icEH9wshCQH7wD7cPDWvhhgcgo64nYOGYeK6sjTL7XDtRanvbP8= Created: 20150630133112 Publish: 20150630133112 Activate: 20150630133112 tobez-validns-f423245/t/issues/41-ksk-policy-check/Kexample.sec.+007+64232.key000066400000000000000000000006571314110214000257660ustar00rootroot00000000000000; This is a zone-signing key, keyid 64232, for example.sec. ; Created: 20150630133105 (Tue Jun 30 15:31:05 2015) ; Publish: 20150630133105 (Tue Jun 30 15:31:05 2015) ; Activate: 20150630133105 (Tue Jun 30 15:31:05 2015) example.sec. IN DNSKEY 256 3 7 AwEAAaMBYu1QXBi6AII33FKwWpHhOkGMhcVcIWJ73npEFjvDe0jJfLjk ghnij4tMfDI8MPIZ6xwVLYsEshxsDNEJJGdZ1dUvfJDxSCv8Wp0a2Iff xQ5NDRHSpUw27yJoQfI5gUqvor+wGTNCUWx2OU0Y1BOy1whHtVbDl1gt 1R6/8mOZ tobez-validns-f423245/t/issues/41-ksk-policy-check/Kexample.sec.+007+64232.private000066400000000000000000000017671314110214000266530ustar00rootroot00000000000000Private-key-format: v1.3 Algorithm: 7 (NSEC3RSASHA1) Modulus: owFi7VBcGLoAgjfcUrBakeE6QYyFxVwhYnveekQWO8N7SMl8uOSCGeKPi0x8Mjww8hnrHBUtiwSyHGwM0QkkZ1nV1S98kPFIK/xanRrYh9/FDk0NEdKlTDbvImhB8jmBSq+iv7AZM0JRbHY5TRjUE7LXCEe1VsOXWC3VHr/yY5k= PublicExponent: AQAB PrivateExponent: ATf/b1rMdXreihq00QF0i+atMtREI8eekEfwz+U2bVf20gJ/pjo/JsZk4FvACfgdPZIoCdu2rXVph4DfT6jL1t7sDY/9mfcMd2Zge6eB8Kat3QpdDu4qClgkXFTYFLj2lQ5Bm/b+YbQ8fiPlZovp7YGFodmsjfnNvbT7UiOiSKE= Prime1: 1wNWdr5FIrew1NTzpbeClZr5NIIoRBpEPsSDCBZpbRDZ944LcjWgrJpVlG1klkp/cR/zcSzrq+637rva30jglQ== Prime2: whQSB4wqB87wyYrewJLU5qFY5Up/YiZ0iyD4m4OIQMk/K7eXtuqFuSOP4xTR4WAWHIyRixa1F85/eh7y6+9h9Q== Exponent1: XjHZJEYw9Yex0VvFrdjaPX5aJJXM3CEButnOabGf2Cckxl4VR6CU1mj6iv7trSXP9RhBR1idmoIHVHA57832jQ== Exponent2: dtzn9etoSoP5gNYmevbyoZWr5jJsNeardhJpcIVsS5F1uQamSob0A2G+XCuCJ3A72pxU/0SXAM+dz2NpEAr6iQ== Coefficient: egVfeiBCmggrVDolCSvAIg+XEb+YmLcD1SLT5qFLuqCtPKWGDx9lGMbqbx5s2gzeeoAPL1r34pohHNLMCqCNdw== Created: 20150630133105 Publish: 20150630133105 Activate: 20150630133105 tobez-validns-f423245/t/issues/41-ksk-policy-check/dsset-example.sec.000066400000000000000000000002451314110214000252170ustar00rootroot00000000000000example.sec. IN DS 7686 7 1 51B9CD8F901235705C6D353ADA23736AE954B4DE example.sec. IN DS 7686 7 2 9EC80B8BAD67C66954B8FE726E06CA7840282C7F444BE51A916ED11C 36908A3F tobez-validns-f423245/t/issues/41-ksk-policy-check/example.sec000066400000000000000000000010571314110214000240230ustar00rootroot00000000000000$TTL 1d @ IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL IN NS ns1.example.net. subA IN NS ns1.example.net. subb IN NS ns1.example.net. subC IN NS ns1.example.net. myMX IN MX 5 mx.example.net. tobez-validns-f423245/t/issues/41-ksk-policy-check/example.sec.signed000066400000000000000000000123611314110214000252730ustar00rootroot00000000000000; File written on Tue Jun 30 15:31:27 2015 ; dnssec_signzone version 9.9.7 example.sec. 86400 IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 7 2 86400 ( 20150730123127 20150630123127 64232 example.sec. b1Qs5d/0a4IDAvFPVvDKqWpir4189XoPOD4E 804eiNXRLP2ShkEUBPil44+6Ikwup5Im24XU PLnmStjUFHVniicvwbwT/IY4etXR4xNoBHUc BU8LiADPpZGfJ1tC/s/IHLcPbX21OltyYzi0 ++z9gxZGy4vCG5gYCH0vm+Q96fY= ) 86400 NS ns1.example.net. 86400 RRSIG NS 7 2 86400 ( 20150730123127 20150630123127 64232 example.sec. gyqsk3xSnKefnjTOVzJS4sdDFiJ5cPEupSkP +LGXGRDGrclY6V9mkfddQz3MkeCCjujvQNAi NpZllyzFj221se5bHLAVydkT0jhl2jgp8bsL DBk15FGa7SXcwtpXn5rkDvR1/wmS7M/aYnrY 3j5dTSSsOlZQLENWBEtct9QSNbU= ) 86400 DNSKEY 256 3 7 ( AwEAAaMBYu1QXBi6AII33FKwWpHhOkGMhcVc IWJ73npEFjvDe0jJfLjkghnij4tMfDI8MPIZ 6xwVLYsEshxsDNEJJGdZ1dUvfJDxSCv8Wp0a 2IffxQ5NDRHSpUw27yJoQfI5gUqvor+wGTNC UWx2OU0Y1BOy1whHtVbDl1gt1R6/8mOZ ) ; ZSK; alg = NSEC3RSASHA1; key id = 64232 86400 DNSKEY 257 3 7 ( AwEAAciLWglw17dt8EDAN88BrQYCIaGPifC4 pxrizfz3S1cC4XbSyRW5loj5SSHVveUmmIV9 0MTEOhGCDUVq/qiYG7NgTNHn3YiqyRU3sirw 4SACFiwln/ejxFDpQkeAbZMCzU8FQhTIB1K9 y7QRiLacI6naULzgP3h4PsdQSQmw3/TWy973 M+lHzwkgVq6ML42L18rGG0sn1KQDNSs/6sd9 dcRjPo7uJ2OuUsnbu/5N3vWYLciSBUnY27FU vbFLkVIq072wjUMIb0Xc2EgYGRFKyV2MMckL voD7vPclBE0Krv9fO/B2/KXsbObTgz4m5iQN F45QLU02kmvwB4iyIzIk9O0= ) ; KSK; alg = NSEC3RSASHA1; key id = 7686 86400 RRSIG DNSKEY 7 2 86400 ( 20150730123127 20150630123127 7686 example.sec. YQ42WBCr7e4MR51W+d6Awkxdff7tTNiA1qfJ wsst0UiNXKAv504YRcS6B34u4CfG59lWWtcd +xBHU7Zuox5nehsLEkFAneD1YrJLkgVw03nZ NzDNWFvlxfQ2/tJ7vGbjKG2cEwUnbJKl+Kcl JTAc5JzZegfM75M0Z4Yi9NiDjicpHbaICtKJ 5WZ6T5nVFo1nl2xCq2CiXiR1+jGKARUW+btO NzHMApLQszDo7CMgvYJoHy0CHAV1Uc7Ka4zO P3dVYkwu1Puk+gixhNUqo+UhKgLB2JUYdci7 cQ1JR9RzqEXzyZgGpLmXCOEOc8KD2c2dDN5L uvOV40OrWhST/bAQ+Q== ) 86400 RRSIG DNSKEY 7 2 86400 ( 20150730123127 20150630123127 64232 example.sec. lKX35bocQ1iR4VTW0Es+2bZ2qX1ON7OGU1fO Pb0ZqueG2GYgI63VE4Jv3WeOmGg/Tkjvsdb6 bMHVuVpxHvQKRqqzfaQmY7nzoDe53LfSJewj p2TvdhvpPRroEZGXXPmVl46R/p+jlYMJd47T o0oqB/BvQPUS61a5NThagGq6vJM= ) 0 NSEC3PARAM 1 0 10 - 0 RRSIG NSEC3PARAM 7 2 0 ( 20150730123127 20150630123127 64232 example.sec. hNJlc3JuGYBpnYEZQrhqNwrIL2fBegnnR4ii TOW+0Km2maqF5ZZMxBZ7x54gW4T0amXXz89+ uE+l02eknf/FgM81FFOrQvJul0toOzKW9g67 e2VwQAwcw7g6H06cSsypXM/h9wvsNQpoSdx0 rq6qU2ruYM9NmJf+xUzUk38AFUw= ) subA.example.sec. 86400 IN NS ns1.example.net. subb.example.sec. 86400 IN NS ns1.example.net. subC.example.sec. 86400 IN NS ns1.example.net. 93GL7KF6D2G7J2PSLEO2CIA70A3MM4KQ.example.sec. 604800 IN NSEC3 1 0 10 - ( CSLD6RFNKVSKA73DGNI0EOM95Q8DKGBQ NS ) 604800 RRSIG NSEC3 7 3 604800 ( 20150730123127 20150630123127 64232 example.sec. JRhyC3PbmnvYBkXzV5GmIBnj5LJTnrVeC1t3 v6t6o+3udfPZRecHw2cApf/Oed8H9jCeox77 vA13/fLXui635CYAcqXYxVgO4g0au1d1S6lo N2Pw96JXDNhIqyVBVj1Ii2ZOQLWXZ8YgZRQ6 lxgww8m0QGC8FjEnzR8z2liSG88= ) 3ED4GMVJJ0FT4TCFDKNFQ5EPEFSDBPNM.example.sec. 604800 IN NSEC3 1 0 10 - ( 93GL7KF6D2G7J2PSLEO2CIA70A3MM4KQ NS ) 604800 RRSIG NSEC3 7 3 604800 ( 20150730123127 20150630123127 64232 example.sec. B9L5NrHjO/J6FDmv7DjT1xq/f8jiB2WTEXSl bFeUVcTivoyvdyfNNTH+YlzJesqTtQ9GaEPQ ouzw7XbdyvtJ//GD+vrO/7XwfrVmkckQgEVl zPm70TksAkwLzj0uY6WBIGIPq/KJMM14f6El ct5w2KtgvF9sazFP+KMchU5Be3Q= ) myMX.example.sec. 86400 IN MX 5 mx.example.net. 86400 RRSIG MX 7 3 86400 ( 20150730123127 20150630123127 64232 example.sec. lh8vFwFg77gLtLyXbzqzYSlebkzn3yAlXHU2 /hgiyUWYcuZa5E33Ul+ZrUJPCGLaUQs3X+yL p/uk6LP2dnMaf/X1mow/tyYNtIdn0MhTYNqs WmYV1Ga/NSoErtoHYoNgeqV1w0Q/nfhipMdX RekpxVR6RUUt2d3LS8UIH+pEYd8= ) CSLD6RFNKVSKA73DGNI0EOM95Q8DKGBQ.example.sec. 604800 IN NSEC3 1 0 10 - ( JC1M8I9IPBEENK9RDGMN9LQKAMMSQEVV MX RRSIG ) 604800 RRSIG NSEC3 7 3 604800 ( 20150730123127 20150630123127 64232 example.sec. menCNV7RkbVWmfhuPfoYHfHCEtvQmVb3+p/x WYVymu5hXUPQ2+K4Ns0jQ+om4GuTmXmm1DYY IjIXv4jthJoD6jydqN6Hr+tr0ewxr6mHXj3I RizTBuw4zcgPUrIRVQStkMtwyjN4Nlznhg7I txZ14uH1G4U1DgkR2oC6YZsSqi8= ) JC1M8I9IPBEENK9RDGMN9LQKAMMSQEVV.example.sec. 604800 IN NSEC3 1 0 10 - ( NLF2NKFTCGVVRC4C941FOOCD00TPI9DV NS SOA RRSIG DNSKEY NSEC3PARAM ) 604800 RRSIG NSEC3 7 3 604800 ( 20150730123127 20150630123127 64232 example.sec. ggLIoKQYmI9GeBkSccVdE87G1QQwGGO0HlrN dg9Ah5QiWWjZ5icSOU4vyEm0XiqkFCrGEAq0 9L4HMOFuELMa28dAhVxOvZldbXizXUSCbWCS miYFLOIKcQ9IcmzeEgg+uJzHdAyYSSK2Jb+0 YYuoXOhiZwzluj+u2i6kbf6wDY4= ) NLF2NKFTCGVVRC4C941FOOCD00TPI9DV.example.sec. 604800 IN NSEC3 1 0 10 - ( 3ED4GMVJJ0FT4TCFDKNFQ5EPEFSDBPNM NS ) 604800 RRSIG NSEC3 7 3 604800 ( 20150730123127 20150630123127 64232 example.sec. buRQJjfJDIbRFZFr8s7odGSxqnrSHXXN/AAu tbG1k2L7WD+DGYFiRnR5Uia/C2oL186PqBtT R8oDKf/4zr5qOsZz9xYabaBqG98JVXwPTiFk JBoc7sFcwGJ16hj9Zey05aNs1h5RZm6BL8W0 9bRF3qIezckG0VA+U7ASTLNH4ME= ) tobez-validns-f423245/t/issues/51-support-curved-algorithms/000077500000000000000000000000001314110214000237035ustar00rootroot00000000000000tobez-validns-f423245/t/issues/51-support-curved-algorithms/13.example.com000066400000000000000000000011041314110214000262540ustar00rootroot00000000000000$TTL 86400 ; (1 day) $ORIGIN 13.example.com. $INCLUDE K13.example.com.+013+18450.key; @ IN SOA ns1.example.com. hostmaster.example.com. ( 2014012401 ; serial YYYYMMDDnn 14400 ; refresh (4 hours) 1800 ; retry (30 minutes) 1209600 ; expire (2 weeks) 3600 ; minimum (1 hour) ) 172800 IN NS ns1.example.org. 172800 IN NS ns2.example.org. IN A 203.0.113.10 www IN CNAME 13.example.com. tobez-validns-f423245/t/issues/51-support-curved-algorithms/13.example.com.signed000066400000000000000000000041551314110214000275350ustar00rootroot00000000000000; File written on Tue Mar 29 15:52:18 2016 ; dnssec_signzone version 9.9.8-P4-RedHat-9.9.8_P4-2.el7.0 13.example.com. 86400 IN SOA ns1.example.com. hostmaster.example.com. ( 2014012401 ; serial 14400 ; refresh (4 hours) 1800 ; retry (30 minutes) 1209600 ; expire (2 weeks) 3600 ; minimum (1 hour) ) 86400 RRSIG SOA 13 3 86400 ( 20160428125218 20160329125218 18450 13.example.com. 7LfQswmP8B9hr6Bg8nr9o8yd/fe6n86HDhs9 pAByPITSjdqML6Rwb4NOHWvFDZJXVA4mz5Pe TG4JVHiGYU7HCw== ) 172800 NS ns1.example.org. 172800 NS ns2.example.org. 172800 RRSIG NS 13 3 172800 ( 20160428125218 20160329125218 18450 13.example.com. eses1PGFULOHDZbqPt+CMQHdYCIVNdxVMYba YtW3iA9nN4mfvS6jls69J60bqSA4p3w4tD3k v9dnDcFdS+tEUQ== ) 86400 A 203.0.113.10 86400 RRSIG A 13 3 86400 ( 20160428125218 20160329125218 18450 13.example.com. 2QqqZ4i7yq1sCrK82aLm85pTSUgpWR0XsBzi MVFyjcoW75f0ysZKZafO5lFJECKEP8ncJfEP NEMXVuyAUJihSA== ) 3600 NSEC www.13.example.com. A NS SOA RRSIG NSEC DNSKEY 3600 RRSIG NSEC 13 3 3600 ( 20160428125218 20160329125218 18450 13.example.com. IV+0txuv6DNk7kRBUmkk4jorMjXoyi/klFC/ 1g5ZK8/cZuFcKREuIW7bmpvhB4Mhj8yWpLJ9 CVNy339z+Rt/6g== ) 86400 DNSKEY 257 3 13 ( SFycyLoVKBBL0re1qD6sezd/bOM9jwtT/mTT 1KkW0yqIXixXN/szwzm49r6YzlIFHRDXry8a 7aaIKWopkx8WBA== ) ; KSK; alg = ECDSAP256SHA256; key id = 18450 86400 RRSIG DNSKEY 13 3 86400 ( 20160428125218 20160329125218 18450 13.example.com. OsKqN6fhvL4b0XK5TOEpZXrSoC/GcRMlCqIe csfZem7xMmcBjUe333/fJdw0x1QKmA17BoX/ Px88zz24dRW0Vg== ) www.13.example.com. 86400 IN CNAME 13.example.com. 86400 RRSIG CNAME 13 4 86400 ( 20160428125218 20160329125218 18450 13.example.com. CFfxilFg72g3rQerviVCO6jmf8kVodqusejq WETSBiCAfMhcB2+uLsitmaH8LsAiNLNMY7nc 533WnQjsJ4vsmQ== ) 3600 NSEC 13.example.com. CNAME RRSIG NSEC 3600 RRSIG NSEC 13 4 3600 ( 20160428125218 20160329125218 18450 13.example.com. IWqCg2pcOd9kX4waHb8Ij3kWeJxfXGKUBbpf Fuc3bhOJ/rvQ2kPYO305TeZP5Rfcd7+efDEb i8be+VqhOgf7Pg== ) tobez-validns-f423245/t/issues/51-support-curved-algorithms/14.example.com000066400000000000000000000011041314110214000262550ustar00rootroot00000000000000$TTL 86400 ; (1 day) $ORIGIN 14.example.com. $INCLUDE K14.example.com.+014+01045.key; @ IN SOA ns1.example.com. hostmaster.example.com. ( 2014012401 ; serial YYYYMMDDnn 14400 ; refresh (4 hours) 1800 ; retry (30 minutes) 1209600 ; expire (2 weeks) 3600 ; minimum (1 hour) ) 172800 IN NS ns1.example.org. 172800 IN NS ns2.example.org. IN A 203.0.113.10 www IN CNAME 14.example.com. tobez-validns-f423245/t/issues/51-support-curved-algorithms/14.example.com.signed000066400000000000000000000047251314110214000275410ustar00rootroot00000000000000; File written on Tue Mar 29 15:52:22 2016 ; dnssec_signzone version 9.9.8-P4-RedHat-9.9.8_P4-2.el7.0 14.example.com. 86400 IN SOA ns1.example.com. hostmaster.example.com. ( 2014012401 ; serial 14400 ; refresh (4 hours) 1800 ; retry (30 minutes) 1209600 ; expire (2 weeks) 3600 ; minimum (1 hour) ) 86400 RRSIG SOA 14 3 86400 ( 20160428125222 20160329125222 1045 14.example.com. 5FEzZuz1HrgRNTakg4D24h1RrO1Kx9IDzXN6 S/00bsfO5AQ8hxVd2X7XzrYGdqs+gpecBpkl WLG1MrEgzYvRVgPTVY0bL0U7GxmvqAp871WH yuJKB8NFTkgQDA7cA2Do ) 172800 NS ns1.example.org. 172800 NS ns2.example.org. 172800 RRSIG NS 14 3 172800 ( 20160428125222 20160329125222 1045 14.example.com. 9Yol4eoRhw52o7LJqCnTlDlQlFbaHFyTOGf4 3MAPNe5hx2NFCujCg9RxE66l+BE6otDMC+tb hJKVPfb5U8+rpjDna3H1RSjV7MkS4crlzS0k 0rximlQ9x7OIy2wkZ0bw ) 86400 A 203.0.113.10 86400 RRSIG A 14 3 86400 ( 20160428125222 20160329125222 1045 14.example.com. DG685u5rAML7/ga7TnixPiLwBEHFzcGpQeRc WZkPX2W/gJ8VyejkZbWDinYEZIVUeQaRTNW4 RcXBSq7o5wDgTJUSih+fnoLh9Fuzlfch6voG qGKMeWl4i+2eYF7QImB8 ) 3600 NSEC www.14.example.com. A NS SOA RRSIG NSEC DNSKEY 3600 RRSIG NSEC 14 3 3600 ( 20160428125222 20160329125222 1045 14.example.com. tPxJtlAhflaMsTI0zx0vt+R73cmU9zL9ly20 xrhZlRWhScxZ4y8fAIs57rfbl4XCe1Rln6y/ TZ3V0BcpXH2fl3vXxOJqcnsK/RHHxl57va7E v704MwP3Je9qhirfLd6O ) 86400 DNSKEY 257 3 14 ( FWoMjTSsjInt9389me7cymDHNbntmNWejqPI zSsifAs2CdBtfCoN98LvEU1eADIG4kkpKvVv QTYnoiUP/jsFQa6Uz+PmfgKO+PpyNl1fNy+b N7uEPJzIZhen3X6bIwYg ) ; KSK; alg = ECDSAP384SHA384; key id = 1045 86400 RRSIG DNSKEY 14 3 86400 ( 20160428125222 20160329125222 1045 14.example.com. FD2AI0MGo8w5JRfVihohNNsgj1pVrCUxaehv R7DH2eS7STiJFEBFr8e8UO1CiDGXuOGhgoPY CyEay93XJfdHaWBA4iCPctZUkdyA5ZXrYrpT iCkK6GK0MtbyH7W3H4Uu ) www.14.example.com. 86400 IN CNAME 14.example.com. 86400 RRSIG CNAME 14 4 86400 ( 20160428125222 20160329125222 1045 14.example.com. Y8knRqg1Hpta6KZ57zc+eY6XDgIgRLVYWZ0m 7YESOgRTU0oEU8j8NQ+S1RPAZM8migNkHjB4 NKdm9DCMnlD237546++VmZFUZgzGnKW3lQAQ GpTe7MtqMUY40B+TxSIg ) 3600 NSEC 14.example.com. CNAME RRSIG NSEC 3600 RRSIG NSEC 14 4 3600 ( 20160428125222 20160329125222 1045 14.example.com. TnQB0LmuU2Z4WtQDOBslDrIWFguyh4rv17gZ nV8GvUJnn1Wk8/djZv47chNeNK6Rxt+lUaDm E9S6f7eSJiGTAP6N0Mgfg7BmFbmD+4ZOUez2 t5FEl5KRUrPoiHQvOB8w ) tobez-validns-f423245/t/issues/51-support-curved-algorithms/K13.example.com.+013+18450.key000066400000000000000000000005331314110214000302150ustar00rootroot00000000000000; This is a key-signing key, keyid 18450, for 13.example.com. ; Created: 20160302102736 (Wed Mar 2 11:27:36 2016) ; Publish: 20160302102736 (Wed Mar 2 11:27:36 2016) ; Activate: 20160302102736 (Wed Mar 2 11:27:36 2016) 13.example.com. IN DNSKEY 257 3 13 SFycyLoVKBBL0re1qD6sezd/bOM9jwtT/mTT1KkW0yqIXixXN/szwzm4 9r6YzlIFHRDXry8a7aaIKWopkx8WBA== tobez-validns-f423245/t/issues/51-support-curved-algorithms/K13.example.com.+013+18450.private000066400000000000000000000002731314110214000311000ustar00rootroot00000000000000Private-key-format: v1.3 Algorithm: 13 (ECDSAP256SHA256) PrivateKey: X3Mr05PnOJKClnUa14y2CdCCHUjkUNFl6wh1knpRKg== Created: 20160302102736 Publish: 20160302102736 Activate: 20160302102736 tobez-validns-f423245/t/issues/51-support-curved-algorithms/K14.example.com.+014+01045.key000066400000000000000000000006031314110214000302050ustar00rootroot00000000000000; This is a key-signing key, keyid 1045, for 14.example.com. ; Created: 20160302103027 (Wed Mar 2 11:30:27 2016) ; Publish: 20160302103027 (Wed Mar 2 11:30:27 2016) ; Activate: 20160302103027 (Wed Mar 2 11:30:27 2016) 14.example.com. IN DNSKEY 257 3 14 FWoMjTSsjInt9389me7cymDHNbntmNWejqPIzSsifAs2CdBtfCoN98Lv EU1eADIG4kkpKvVvQTYnoiUP/jsFQa6Uz+PmfgKO+PpyNl1fNy+bN7uE PJzIZhen3X6bIwYg tobez-validns-f423245/t/issues/51-support-curved-algorithms/K14.example.com.+014+01045.private000066400000000000000000000003171314110214000310710ustar00rootroot00000000000000Private-key-format: v1.3 Algorithm: 14 (ECDSAP384SHA384) PrivateKey: U2ji19bf3QQ3wqgNm1/PJUcD4Bp17Gb53UIcSCPe9yNd665GOvlRSCQaKbr+IXCY Created: 20160302103027 Publish: 20160302103027 Activate: 20160302103027 tobez-validns-f423245/t/issues/dot-is-single-zero/000077500000000000000000000000001314110214000217425ustar00rootroot00000000000000tobez-validns-f423245/t/issues/dot-is-single-zero/Kexample.sec.+008+48381.key000066400000000000000000000006021314110214000260350ustar00rootroot00000000000000example.sec. IN DNSKEY 256 3 8 AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg273Tp4oRpnmnmgizDFtLQh nIv1Mr3AuwSWVIDeavuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90yQwf C53hxyH10GzGnAx4Sutrdkh1w4HM1nMBdlTMa0g9yxjJ0vm/T7qHzj+3 dTUi84s8Du2mfMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB/QUuoY2F yThfidT+nhOQpzftVtLcta0E0Uv3PcVDp1d7vBXsAEYGHr54r2vb3eXd OTmoFyh/byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01u8SJYP6ULwx0 mZ0p5BmoMH8= tobez-validns-f423245/t/issues/dot-is-single-zero/Kexample.sec.+008+48381.private000066400000000000000000000032471314110214000267270ustar00rootroot00000000000000Private-key-format: v1.2 Algorithm: 8 (RSASHA256) Modulus: 1k6+cu1N1CN90iqofey1vu8jpsmWDbvdOnihGmeaeaCLMMW0tCGci/UyvcC7BJZUgN5q+6LJYgC1+/DLR/cRgi/xizmQOIqzw8TWT3TJDB8LneHHIfXQbMacDHhK62t2SHXDgczWcwF2VMxrSD3LGMnS+b9PuofOP7d1NSLzizwO7aZ8wPqejL6V5nYi5fuUVxrxLMM2aFQ9ORe4WsH9BS6hjYXJOF+J1P6eE5CnN+1W0ty1rQTRS/c9xUOnV3u8FewARgYevniva9vd5d05OagXKH9vJ6FSU+rWAMQfSYFGVZtQepsacrKiXPR1HTW7xIlg/pQvDHSZnSnkGagwfw== PublicExponent: AQAB PrivateExponent: LOxwy9Km3/NYqre6fjsilhW3GX1kcRiSdXFYBBr3rMtUojKvgJsTH9uUeWZvTbTdne4B6yHiqSKRA3Eki79k8i9uqMq2SsP4ju8yJZHLmzjezIfJoHrQ6BxyFcMZoWPzdZkKFKmFwrHpxjjbvFcHvfiAu025Pta9C2o/rZXYC7V3BWQowqYBfukdpZkCEhzFzEtC1ROXN4jPJBwNIma52QTLH6jK5BOfOJ5DhS1SF+r/EkuvXnylApVfjPfUIC8ocVvpn5WLoabWL+eURIi6MvVT59ppzc6WRUT2PxDskT2WUWfw3zq5B7JCM8/qfYIDUHvt1h6JcJHTAOz9Hr2f4Q== Prime1: 8UNey2U7voMhZmVUMpH5C8q7+hp6PQ6dUYd+hjaQVnsDOLPBT+zZf8R3str7pY/xlOOHy+DxYmZ0e17OumSOXTeQR4VSdsr/tpWc/qd2jd1I5N58R4G/yZHgTm8pm6VRb7NwZ7Eg6o2z0G2UEykFeberyg4U6SHBDP6DZNvGrQk= Prime2: 42XeoQUBshFkTYekdeqPfGqC1YXsK0URLGAbPbk8HlOiG7ueVmUnsAS47lyuEJPzIUgqqBbDM+CCdW8AvPJFDXa09l4akfCrLRyAdkreGj3bgmUs5wUFbDZyOHvRFSxdUI8LOcAhXthy86l+wErKwm6sWfd1oPGvMmC1qiSsW0c= Exponent1: JpdjK1+3DcNF7W4Z6LjmwFceeGQR14Bl86ubtnY14k9s9X3zVwiIxeI0T1yt0g7TUsCOcTM7CUVgLne8053QE+MWZgpSZYQVISyPX0CEOy8BQPLBqGJ9vg1idslbO3VXMGngegWgQUSHVbihbesq4AxcI0bbW2s1yRFRDSoGfpk= Exponent2: NbR7bd/21I1S+RSN/ONW2/VzzOYCLv3y3l4cUOmMj0UFRjN7Y8AkLWgQHQt6eKPYigW3PVeS5o+hgAalT/qP4GwmtQDomYsTgmX22Pk5l00AqL0oa6895p69PyXO7Yc6yqnd5te/idzo2S8wpk2DsYPd5KmS+F3cGLPKc9KRekU= Coefficient: ev+8Aj3u6mICRe6Y0NqYTGrXSBMDXf92dI4+CZtwy43cyTvvZSABWvlLTTXf8XAlnnPxszSpG7+e8bQk4A7ZIagcDFSUjzwtVoLqKqbyLPMNjJKqvGW2iTwfpXAHTadd9EmvTPsEVCJnZAvkyn9XQ49phL9IkFzj9kmSrGqnN4Q= tobez-validns-f423245/t/issues/dot-is-single-zero/dsset-example.sec.000066400000000000000000000002471314110214000252720ustar00rootroot00000000000000example.sec. IN DS 48381 8 1 99477B577BF885AB2512B8DCA052D7B71DD968BA example.sec. IN DS 48381 8 2 E5411AAE0758711B164730F9069CCFA3CAB00391FDD76D04EB3E8610 CAA09E93 tobez-validns-f423245/t/issues/dot-is-single-zero/example.sec000066400000000000000000000014571314110214000241000ustar00rootroot00000000000000$TTL 1d $INCLUDE Kexample.sec.+008+48381.key @ IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL IN NS ns1.example.net. IN NAPTR 100 10 "" "" "!^urn:cid:.+@([^\\.]+\\.)(.*)$!\\2!i" . re-root IN NAPTR 102 10 "u" "E2U+email" "!^.*$!mailto:information@example.com!i" . no-re-root IN NAPTR 103 10 "u" "E2U+email" "" . re-non-root IN NAPTR 102 10 "u" "E2U+email" "!^.*$!mailto:information@example.com!i" meow.woof. no-re-non-root IN NAPTR 103 10 "u" "E2U+email" "" example.sec. tobez-validns-f423245/t/issues/dot-is-single-zero/example.sec.signed000066400000000000000000000173751314110214000253560ustar00rootroot00000000000000; File written on Thu Apr 11 21:11:27 2013 ; dnssec_signzone version 9.8.3-P4 example.sec. 86400 IN SOA ns.example.sec. hostmaster.example.sec. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 8 2 86400 20131212121212 ( 20111010101010 48381 example.sec. Fq4k/jiJFok+7glF4Nm0i58I524rmoJ1b6/N At6JVKWl0oja6db3puWnOP8hr+LeVcVWurqu XoV9Gka08da0xwaBmGnLZOalEUgN7b9MOsWu lSGhA/rA44GBdB8DLENt2XaM3EeSQ7IMLBGb ObOmwYrVgJbJpa8Nw3CtyzjqYSzde+BQuN/4 EYyP7fMdS8Uj6vHZq8XxolYeLgQBAmqDRg2X d0rETlT1SUfvAlckb6IIJEJl+qLDHWrebPWK ubVYzRrjTia8AKuo/UIuI2WYzAM7BNchh/7L GSh0HntsdrZ38ZeT82hr/ApfFIXpu/8jrQD+ muqATnMaAaFx10+j5A== ) 86400 NS ns1.example.net. 86400 RRSIG NS 8 2 86400 20131212121212 ( 20111010101010 48381 example.sec. I69J8S4zvi0luZE0va+MOum7IUODu7szp479 k844Mx4L5wb77SPxsiKwgVFtWOmFSgmNM935 ormzCsuAOTvtvm7b2Egov5Qo4yl/JvU3i0mR vLYFgGK0HFWFYM7Fj17ypqwMlAo2WYKYTVTa I9YWebM6saSkT2N19NTwBj1dGsW0CVzJPKo2 +ihnFi8FnoR7phZrEig0Z0U2zUmjgexYnrLU RRTzDtbAuDddRUr/tKmGrjTokpEKN7VzoNQi 5m9hiZQkoPrjui8k0KAckHSAiXKk+foKYrt8 TExvBjWCTHVIVk9JmsIBpyVtX/YLAGAorJyR nHAfTf6Z+YekBJbNrQ== ) 86400 NAPTR 100 10 "" "" "!^urn:cid:.+@([^\\.]+\\.)(.*)$!\\2!i" . 86400 RRSIG NAPTR 8 2 86400 20131212121212 ( 20111010101010 48381 example.sec. eaoY5DkXxp8NOLVfzqayHae7SeokwxAEkDFc Sk6xdRafMXrvJ4WDtfx7rcqq26WBcUXtvvG3 E/1ZXkCVekTjFu9XxYnaTgvoXzps8ybyTQ3a iTaDvttAwX21c7xAEOeqcxUiCQ6Uu6U5Baw8 8BqKc/tYMFv/lSlTK33LiqLjXOMrBWLsRdhP 4rbicl/xFnvFNz+MUMROpmcEVMhF4VWIflHS V521exuvW695/kRuvFzOUuvzP4NKaBVJizI1 RW3x5cx11UsVT5I6Si4h4PMeOcYFfZTCcwYt iIeBB9JcVAD8KDhe4ouMDS09R8o0ceHF4uJl uPbOyTsuLe4MuMB+zg== ) 604800 NSEC no-re-non-root.example.sec. NS SOA NAPTR RRSIG NSEC DNSKEY 604800 RRSIG NSEC 8 2 604800 20131212121212 ( 20111010101010 48381 example.sec. Pj5YE+pnDboIDPF/j1j7kZVMDRFaTN+7CDHC Y7DLCEO4V8t7sQkT6JW116tvmSjBato3fdrc u52IEbVZMvRM1An8uHAnBfvK+Bt44P6s55P5 fsqwi8KR8odCZLPcwsWK1ev0nDSmHk/PAHzd ROOxhbaltxs3hg8UNdk72dAwVFOj1A/etJHJ UMvTuj7bI4fGC1wpMm/jdnbG74lHOfj5e98F 3QZtTEv7ZOMoyrivs23hvjYV+r5miVbdw3LY 7OFtwfabWHaCgaV/zgqNoVgXqeexSIScXbO3 QiLh2QjJWwBgTaE5asUepmw6boB5lhNbJ75l pMhn2BkrtdZyeiP5Aw== ) 86400 DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; key id = 48381 86400 RRSIG DNSKEY 8 2 86400 20131212121212 ( 20111010101010 48381 example.sec. pOw63jF88dUEJt9V6jP5ddD1rUSGEyNn6ih1 Be7GWq2dcrY1ZxgI3fN8fGfCXyB089MdphUy 83TmWcz2KiuD0qRy/F0bK4sI4hk/2eokBVTo 31pIFNxZsANduz2nP9OoceLMxk5TCmm9zipr Bf0Ysrky0BReY2FRUjjaWNV4MuiMEf8ToZ/2 1+Zbqe7RGP0Z/IchDN2hpA+qHizloKTIFOCV sqG2CKHiG3ZcXMWKQaohuCrQyR9ee/vmF8ZQ IrY36SifxcgrT7cycE8NFhIlReLf7M41oYeo erdZHzrGZVGn2ZKCW1spsgpBRXdh37HvdVaV 8NOQSnaXLi1paogk1g== ) no-re-non-root.example.sec. 86400 IN NAPTR 103 10 "u" "E2U+email" "" example.sec. 86400 RRSIG NAPTR 8 3 86400 20131212121212 ( 20111010101010 48381 example.sec. thOK3O1btgK+IxcmKDo2BZx+tHOOhIRFJroj fmTan7U1Gm0ylrIGOpw64N0q1cUrn99g2iNF +p0zXo1k1ZMDXDG59jnzvQvqrq8h7XCA3GH1 ZI4Jts2xmvsmlBRmkGs6BexJHbsu2gA6bOE2 PTfcriQHRxLNe/H2/ysA2/C+uywf3ud6eLtT ztBR5m+m34IBAJ0MIZED0VD4XW7CV8jwSlQo cZXfdX9VYVyM7xCJt1C4BesMSojUGRk5at2Q 4/giW1bXGEqtbJj5xST4HBONnyzhPqK8slsx aVynOT60K3os+1M+Th3nPwPLhMMuXyi4pu+V gFnfeysv3lDLaWSoOw== ) 604800 NSEC no-re-root.example.sec. NAPTR RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20131212121212 ( 20111010101010 48381 example.sec. Imd15dZ1PVf12U8c21QUUD8aAFf3rC/pa9kb Ip/zMGShCDGT2wNd08TEjTHxaSHEWUJU4+9E DdL8S/dU9bEwjrkzH9dmp8VItVfo95rZmPvU jIypT6XdNinTkkeBSkoc1TNmOov/H/8UnzyA ryuXY/+GCyz8Srx3Iv388NxGDgSi89RBxcpJ pEcIwEhs6AGtc7dPc+oAVpqekCkADgF83N10 AwA/yLd1rUpAc/sZphiu5iQHeDUR6DAvhIk1 AN2F7HgVKmtgaVni7MLEQjzqPASN/jAx2mf5 jGBz3jeCiuGhkh8GMhI8g3Hu37q6Noa4FYO9 HLfrFgZVly6NPx3C8w== ) no-re-root.example.sec. 86400 IN NAPTR 103 10 "u" "E2U+email" "" . 86400 RRSIG NAPTR 8 3 86400 20131212121212 ( 20111010101010 48381 example.sec. Sa2e/jOAImtSOP+rJIimYtqs4UzkW0o1QbZJ hbyPlMwNicl6/tWCwlGnGOm+KCRMvo6DNgU7 kVHBMH1oZoHy674XRXP1VsNL24fXe3pTa5fq hVSKfY0sO/GnIZ4emmJ+HCIuKK8ML/U8Y2Si eart9IXhrwGtEPU0/RiU9oUsUWCA8Fd7eKx7 8k1qZCVYSq7uWhVsPpJAlernp1GEqggfc6hz y0q77BnJs/Hg0ZruwV8LhCSaOa3FLUBdXr78 AammfUfkkkoR4hREAgAV1hX/s3sFAkLe0z4y IyCKI38tzWSk9Fnvqh1ciUEK2Twk4+T916R4 iLFczgMHT32MSrWMzQ== ) 604800 NSEC re-non-root.example.sec. NAPTR RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20131212121212 ( 20111010101010 48381 example.sec. h1PxESogvqIgh9qIPVRK6gV+Ku2kczLvfcYx JjosK1sbyJHV3Wi0YJkSAdfmRAx5Xwx/kD4Z Rx3AVkR2vDxS8vHp/W8P7ZBSoc2FBPEHEDcl ip9M9HJRJrAwQAoPW8FRsR5xWQlK3jR5cQeu p6gtHYmX3bEGG9DJ4y9nOlfQJiKiiGzsrw3T p4YyznucIiszk4T9t9MROATvBnb+IqgnZgd/ 70NBHLBRokPSjxlo6urQCuA8c5pAAc6CNlbx bQrYCb1vQkR7HxtLT0D7TMsGk1VM9tDrRKji fdaGZuOcwpE6fyKVKscSSIbrmQyuWodeR5yQ zpWkkaYzGiiayhO5iQ== ) re-non-root.example.sec. 86400 IN NAPTR 102 10 "u" "E2U+email" "!^.*$!mailto:information@example.com!i" meow.woof. 86400 RRSIG NAPTR 8 3 86400 20131212121212 ( 20111010101010 48381 example.sec. CXKyN8XHuH0VoFmiGOBcNs39q8/+qrOF+QAM 78i0OkLLMz2v/aM2lrSOb+Hry5DWh+ot8G9U XI78hnP0ASZeB+8lQvEJIVuOiSEve8rPTPsQ 4tGmsryg85Kj9LUtCTEKCNV6YJaUVqt4mz8z h1f0SEbhqv0e3/7M7sYrWVTfB/kX0Bj8UqkH /05ga8XxMIMxtWsr75zlAZsscb61tn6XVa0B 3MV5O0U1eG1qoFeTuAbvr1DfZK0uF6ECCUyx JX8U2oo12Sxcz0o5L7Qfk0xERIwjxtN4lQ8R 9BdYLztEFxPPNGKKsvhSywLNZzL1hci+gNjq oO7yOXNxALYtmvKjBw== ) 604800 NSEC re-root.example.sec. NAPTR RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20131212121212 ( 20111010101010 48381 example.sec. Xqs0A2TayUWY/kqPFyOy+igaEqv3htnTdXCl C+yxb34UpJ8tBnbOVMchPvgRtfrWyKHdnQYw ovfdVsJ2vjWJ3CaZlji37Hq3+RdMM4I+ysUl mxKYqtb5StmpT2oHVk+YTLzSCcDCKaC3/1gk tCFXBxwmfj7KgnWXUtnO3JnaDKhRPFl2BJXA vWzcRNo1JsLa0HWDbvMe9WlHEgPZLjFV4D49 UgS3MPr+ugzpRe8oMFhwxRb5Jwhg09npoc/n iX9njvRbbFkWz8TpYpBxKd2gDfHmMmaHjorE ZFJZc1f9827L9bZC/ZQ4C0hjgnOVVnBadjSr 3C8ycWv1DYri5E20mA== ) re-root.example.sec. 86400 IN NAPTR 102 10 "u" "E2U+email" "!^.*$!mailto:information@example.com!i" . 86400 RRSIG NAPTR 8 3 86400 20131212121212 ( 20111010101010 48381 example.sec. FyUk9M6UtLK7SWoMR/lzOk3ZGzgvF0EyNR2E IngjzVMpZwgmxmumUgYGnXb7QNqgbv+0hq1O w6KFBLfGxAjM+R9Jl8TqiAsJ+iBUnPgf09aK AefnC7iF6O3ZpoZm3sXCogH6URXb9th0BIhE wIcp0zUBn9K7ZO0DpLT9o9SvOcJ6IyC1q2MX gb/vCD9J1ldIvzIixG4Kf9R7pOz3Skumxxh0 AdDpFaUnz4e8z+Mx1ggiaxu+7xpCyHt9IpqO xNUWXkDnAT7gJdmuRNrfMrZ95l1d9tRBRzdr a2hxjPKzkZZES22JP4bOacBIsmv9oFeWNwVl BTE21qIBdDbNM++aKA== ) 604800 NSEC example.sec. NAPTR RRSIG NSEC 604800 RRSIG NSEC 8 3 604800 20131212121212 ( 20111010101010 48381 example.sec. G7ALxMAtp+ZSLfaGoJ7G1OcEsO1GFI86ogY0 TlSH7RRj+Gq9AEI3q/wJYzmgxTiZyGNsQCHv gd6eetKCFhL7Bh5yyOwYClQVK+mPqLx0iqHt H3bkGiISUenbRBCMyjpb4MD2t0yDd0aXwqcL Pv6oOIKmdhFsZb+F+JvSMjSQjGJ5AWqFxZ9O Ip/VoJ24uO98vcTRaN8lyhRV+vYFfIFbaQOU Pki2DDN7HkOBLLL0XAMbX2B7lM24es0tp3F3 Y97FqegjBsbuEG2qD30FHeom97/cQBtf0MpA YgQbu9OFCi+wmE0CSANMAEecc+c86aMDjjC9 0X3fa5X5yacuZxz9zQ== ) tobez-validns-f423245/t/issues/ds-does-not-mean-signed/000077500000000000000000000000001314110214000226305ustar00rootroot00000000000000tobez-validns-f423245/t/issues/ds-does-not-mean-signed/example.com000066400000000000000000000005531314110214000247660ustar00rootroot00000000000000example.com. 86400 IN SOA ns.example.com. hostmaster.example.com. 1 604800 86400 2419200 604800 example.com. 86400 IN NS ns.example.com. foo.example.com. 86400 IN NS ns.example.org. foo.example.com. 86400 IN DS 45004 8 1 059D592478F4EB97496BB2294520B32A89A196BC ns.example.com. 86400 IN A 127.0.0.1 tobez-validns-f423245/t/issues/lots-of-rare-rrs/000077500000000000000000000000001314110214000214255ustar00rootroot00000000000000tobez-validns-f423245/t/issues/lots-of-rare-rrs/all.rr.org000066400000000000000000000414331314110214000233350ustar00rootroot00000000000000all.rr.org. 600 IN SOA ns1.all.rr.org. postmaster.all.rr.org. 1365591457 3600 600 86400 300 all.rr.org. 600 IN RRSIG SOA 7 3 600 20130410115638 20130410105629 54974 all.rr.org. JXs7cD0b3vbf9y6E68bY/xQ9Hwkb0ZUrgrj0Og9ol4OYaGuHF3fNV7iFBNy5dxGjGCc3jXTNBM0qqlZbRJkw2nF3X2KWjthh8CWE8SwY0EsaQGB48+ooSoZdnkFjK0gwZSjWuWQ1vIZi27hbT08IPXzeNJuROGWx5n8h1LcPR1k= all.rr.org. 600 IN DNSKEY 257 3 7 AwEAAcj3L+4HQwnDi8d/RtzTkQ2C2nhG6loHdSwxRSiJ6QuEnmEG7pAr+k1XdOijUWID3e+X6kGqOkwYy6e6mbjlrTqxqQcjRMOV4e2tsVnRvOqAmVOQBDNs+FUWt9iWkLd5iWeJy6IxfTOjiJf5hJqLYyLfAATggq2YUcAgdzGcCilzeOLUNAD6+dT56hHz7qetituUxMkENlSzA9PAwzdoNWhChkfVzur464m9QPsTzOsn40SpYOnczRcBXvdfbme4n8JLLPR3JF55uFhJRpdyTJ4d+BD01Zd4WkVE1wnKxZXCKX3vlns1jZd9V+tcOtqwNRhOFxxzHosRvgp57QvlMpM= ;{id = 43083 (ksk), size = 2048b} all.rr.org. 600 IN DNSKEY 256 3 7 AwEAAcEpJKnT6f2BpVl7eYdOA/p50n8t6e0CB4Fnaze6oiu/UF/SNY6G08cTJ5q7B8Jj9k4AiAph/FpTF1WkG30kE6JDo1t5M+qESC5IP1niS0vvVOKuPn0xygNZU9Yq2Kw9ifv3aFFM1Iu4G1Oo79EDYn/Id1WMYST9oExCIKJpSyyJ ;{id = 54974 (zsk), size = 1024b} all.rr.org. 600 IN DNSKEY 256 3 5 AQPSKmynfzW4kyBv015MUG2DeIQ3Cbl+BBZH4b/0PY1kxkmvHjcZc8nokfzj31GajIQKY+5CptLr3buXA10hWqTkF7H6RfoRqXQeogmMHfpftf6zMv1LyBUgia7za6ZEzOJBOztyvhjL742iU/TpPSEDhm2SNKLijfUppn1UaNvv4w== ;{id = 2642 (zsk), size = 1024b} all.rr.org. 600 IN RRSIG DNSKEY 7 3 600 20130410115643 20130410105629 43083 all.rr.org. t440YGFURqwrsG6XPr3FXSyF8/O5dQ7IdoN9ctPJBffTJuHKmKs72pmeYHzw905PRpUySYP6dNImhi/REe5y7KcD05ys7UymIlo53F3oJPz9t918UGuFbeMd2/ml7JbkpuZA21zNl4ICiXFjFdM3zqb3lWh4lUO1fOMtzHWB2Qvtr8hrhIhujq5JBTwRPSpDIGl6iVkmLFvuR90+8410QdebhOkuEZno/sb17HprcrU7VpJCJOGU/SHCuzLHnJeBdk5TtGQ0WSo0v9Da27glO4MKkMpCz5JU3vw1c0xJ7Aya+sgrJVuWs5OZTY5WH43QrepqKOMTgpnwH0mxSaHYcg== all.rr.org. 0 IN NSEC3PARAM 1 0 5 dfe3a4ef6152d5ab all.rr.org. 0 IN RRSIG NSEC3PARAM 7 3 0 20130410115731 20130410105629 54974 all.rr.org. wQKmR0Tsz8XSe7ty2OV3aKyWhvNloHvgvj3wxz1IhUdlkWewiecf6+OARygyt+0mUSRuikKV0ZvzjzTooiTZr+vC3YcZN0Sx0woCJkfxGh98KW8bQ53Wt/mVF+/OwIjqiRPS0ZJKtYItIlBrwEWn89RM8LOcO6R0HkOP2AXWpOE= all.rr.org. 300 IN NS ns1.example.com. all.rr.org. 300 IN RRSIG NS 7 3 300 20130410115647 20130410105629 54974 all.rr.org. VFgrYVdjVIJWS932Qw+al8p6gEFyJgsz88wWLfLUYi5ZNa0h8l9Lko4Lh1s2B+45FIEKpDtUurdzY5g6sqec1uGRWdTBhNNghyFeRBAwHA9+0DhLFQQPuRChX4skpHC15Al4cmNGXmw2JPo9LL4sR9TKpeBF6UFU8B9IZcCCgl4= all.rr.org. 300 IN MB mb-madname.example.com. all.rr.org. 300 IN RRSIG MB 7 3 300 20130410115729 20130410105629 54974 all.rr.org. QqpV9ODE4BhOU3GMGkPkPEmIvJxurkRC9eZ+Sgik5f0eeX0z4/XAKNx2mFVel7HefbfOCpJTe6odWWA74ZnxdTxvCoyPsJrp+uSbjs18K9yUj+GOAeiOqGo48+NGcAV76dDktVH21Po2dSN6c+lB0rhhmEEqIf+ah07iUPz0SFc= all.rr.org. 300 IN MG mg-mgmname.example.com. all.rr.org. 300 IN RRSIG MG 7 3 300 20130410115810 20130410105629 54974 all.rr.org. LfXUeTX24jLoOoyW36BrT15XELCDy9J0ov1Lm3DGNF7n1+Krt12NWP+tlhZRcql/LJw9ms49K772ll6LctzjppvPAqipk9DlxVHG0+joQFUEfv9ba1mgmgcMX16uklTwcUtUvLYINLx5+pJd+MnfTJAtlBhS+GYt9j+daUHMuc4= all.rr.org. 300 IN MR mr-newname.example.com. all.rr.org. 300 IN RRSIG MR 7 3 300 20130410115648 20130410105629 54974 all.rr.org. mXAh1voDX9BFxyIJH9N48VXjaaZH123gr0b0pAZJBndzxNsRF/NWe5+ll6moMwsEWzcrdZXv/J2qteDK1GsMjepTXq1jdbLuCaQYZu+1oCUGVjZo4f1A31wY03lZfaQq1XcYDeJPMoB0oEQ11ZZHczpuvrSE28IpOv8CIj4ZMhw= all.rr.org. 300 IN HINFO "SUN4/110" "UNIX" all.rr.org. 300 IN RRSIG HINFO 7 3 300 20130410115710 20130410105629 54974 all.rr.org. HethM0wWVfFoHk+k1H1wEFA2x5t5xGXXa/jWUTRGvdmvdU5DoibykO2ulTbhnWfha4gvufFBG+hh+94UPA2rEiACha0c1oWoaXkUfcGZJdhjJzfP84Y7Zujd+1+Iz8XdDWgCD1Q4VRCsKeHU3zfquVOAC0NEBXoSfpm9Q0nbV1A= all.rr.org. 300 IN MINFO minfo-rmailbx.example.com. minfo-emailbx.example.com. all.rr.org. 300 IN RRSIG MINFO 7 3 300 20130410115818 20130410105629 54974 all.rr.org. no9mgivSgSTU7HW9Tw6A8w171GRVkeObQfDmkYtK6w8/hsaZnP3sxCJ4450ik9S2HG3664dzLDP30Vr2mXQxqRDbFbk0sAbFLAxctGx1FJCcbov91K5OyeT/P5GaNDREjvnI4fPACeBmKOYwl0nPA+x97gfiOKyMojONlqRHnOk= all.rr.org. 300 IN MX 10 venera.all.rr.org. all.rr.org. 300 IN RRSIG MX 7 3 300 20130410115753 20130410105629 54974 all.rr.org. pQQ4jRKH/hvZuHZ4Gzzr8eXAGTSkl8kdae6Cf3iFRth+b/i8A2k3mhDbvMj5vZfr2SCSRQlj8c4Iwav3V/v3KKfJaCUqis/ezS7S2j3yp6ZLD4ovYVkf4eCRDuuyNV24ueOA9Qw3666NsjzgCj/VR1bDE8P3OKFciD6839w7ab4= all.rr.org. 300 IN RP rp-mbox.example.com. rp-txtdname.example.com. all.rr.org. 300 IN RRSIG RP 7 3 300 20130410115643 20130410105629 54974 all.rr.org. nzLrxR5toebeRucvM8pJHDy9gC1VbZho2tsh1YW5JAHs7+NApZhMDrx3Q1YK7YCNR6N7A0s9BNz0GCOjn+8/WjTgmgMboEGGFhzbAyY1feoWesPhA3teSHKGonwbsSSameg0p3zeHb6xsdH1Xy4iipldplknmDNptH6MDD/jigU= all.rr.org. 300 IN AFSDB 1 afsdb-hostname.example.com. all.rr.org. 300 IN RRSIG AFSDB 7 3 300 20130410115708 20130410105629 54974 all.rr.org. EkXQh/xF8BRRTlFBMnGhLiM71DajHFdBozPbnIm4jBoNbfpY6lL177793lRGrVYw3w+VwHIq9G6PTpoqvVdn2MC1nhTVzi3UOeJHJcL1W8YiwMcX9JF42fBC4EdmFosb2iiOjhhDY8YtNxV3sKm2EFXaxF19363L/49Nqu9eAr4= all.rr.org. 300 IN X25 "311061700956" all.rr.org. 300 IN RRSIG X25 7 3 300 20130410115750 20130410105629 54974 all.rr.org. HWpORPHWtudr/A0Fs3+lNo93tDLEeNaAXMBsoA2x+Uw6ZIfst9YtHo97+p/t+im/ujN+ecL2zJY9FwJIa6EOwozzlslTACxUdMdkw19PcSd4pDygKq12OR5gkwnrCKPnP+1Tw7jIdQgxsQ40sKKGOoF4P13DWJqCWKCgfkh3RZ8= all.rr.org. 300 IN ISDN "150862028003217" "004" all.rr.org. 300 IN RRSIG ISDN 7 3 300 20130410115631 20130410105629 54974 all.rr.org. VxgkkyThoBwnvqL/wsp061RXQFcqjTr1MH/TZcACxLJPYfyaVHf7/DsXcl3R+lVbZ1qKjO53zmhpshLBtAztpHKP1fH0s03jG6Vjo8ZpQ+3gCAvgUjmF1qfRBDsfqiwLNSnzvWOsZr1ztHcu6iwvTmzU4RHroSDE8zOnni0TXV8= all.rr.org. 300 IN RT 10 net.prime.com. all.rr.org. 300 IN RRSIG RT 7 3 300 20130410115645 20130410105629 54974 all.rr.org. dzlz4VrEni+LwvW6OaC0KX+/FCT8Z11XxKcQWK6dOG/mKO1/RCtAUrmgKutkXato47aBc7pfkmglvWaX6pA9libUvVZ+9L236IlZFqPkH3wLGwD0aGbdOx7BpR8R+XQ/vaUaYG5aTw4FfJZuMsliAyMkNIOPb946QfMDAtovb6Q= all.rr.org. 300 IN NSAP 0x47000580005a0000000001e133ffffff00016100 all.rr.org. 300 IN RRSIG NSAP 7 3 300 20130410115822 20130410105629 54974 all.rr.org. N4F77O7TdbQ4qZiYQANmgaUO24fEjxIvdHhI7tbWYFTClzGiMt2HEss9GlGIwFXDDhTnnlCJ7tZ5CWK0iJLt+1PDzShwk5IsWp/4a8AbOYpY148jUKAXETpLNRBCMfZDz+svw5mVTnYb3nsQ1rfOc+9PO5swa8vTCU6+TnrKBr4= all.rr.org. 300 IN PX 10 net2.it. prmd-net2.admd-p400.c-it. all.rr.org. 300 IN RRSIG PX 7 3 300 20130410115645 20130410105629 54974 all.rr.org. QI49aymhAWe7U48kAg8w0f2bayZZNS4X2DM1sICBpwqkCBzbzb6Wkb27OavwESkuqFczIgCLefUY6V8sWdpAYxEa6UxXOI4gqmtdU0QCgVC3wrvWl4Lmp16GCsPCNj0QT48LQylM5k3HDa6qkV4ws99QEUF7FyLsf+1Ui7hhEgM= all.rr.org. 300 IN AAAA 2001:db8::3 all.rr.org. 300 IN RRSIG AAAA 7 3 300 20130410115720 20130410105629 54974 all.rr.org. odKMWjUxeqm6MScpuWVEwpGIWVHWcBuvHYObwJ/N0ESe/8dj1/9hM19BbTAlx0T/CGgoZAciMtanVAahicGXGXxwOji1LQNzEsYEKkyNWYf0T6LWgCsK/WbkA1hxNKEmENvH9IwGLotS5zcgErqcIc44ns5jT2V4HwCpm/ylbKk= all.rr.org. 300 IN LOC 42 21 54.500 N 71 06 18.300 W -24m 30m 10000m 10m all.rr.org. 300 IN RRSIG LOC 7 3 300 20130410115634 20130410105629 54974 all.rr.org. FdziErbL/quIRYH9P+u+4kiAnwdB+PuTU21qh12JhusotZDAmAjBpvdHsjcIAIJmK/oR+najm5AKirJCnxj9F6pGdK3xPo1bIinFALYnlJzpHEklpBe8A9AMrfxxFnCCEKxqa2d95Oe8n1NcZGMBTiqBhxDRmcnmlS33FA+YJlc= all.rr.org. 300 IN NAPTR 100 10 "" "" "!^urn:cid:.+@([^\\.]+\\.)(.*)$!\\2!i" . all.rr.org. 300 IN RRSIG NAPTR 7 3 300 20130410115656 20130410105629 54974 all.rr.org. iZH5FWlSU8GIy6VQsUTorMdaRAG3Wbo1irlzrPbRuAQmPCfredI2236MvU1ZhQdy0O7OV9MbXxn6TmLWJWmntceBDj+sCauuMPMmU4+rZAuLhlV/MSspftlDXqnkvC6bzCFfhVDoFyF2zKY4Xs8JKPc6mfDeXUyGyLrgmV++hLk= all.rr.org. 300 IN KX 2 rt1.example.com. all.rr.org. 300 IN RRSIG KX 7 3 300 20130410115645 20130410105629 54974 all.rr.org. a52c4EMSQYVdBtJhi+JcgO3wVx/JuCDYgwQ68mo0LZ9M0fnUGDx1l6somvZMQoi/fbvfzUAZ62oU2UDW9Oz9enIxe5DmyYN+57gDqEDbNg3SoBrVIoOcftFQml6X+JH/grQ21no8hZLP5JXrJ8cHZ8ROhPST8J1NbLUKjp0uHEk= all.rr.org. 300 IN CERT IPGP 0 0 FFsAyW1dVK7hIGuvhN56r26UwJx/ all.rr.org. 300 IN RRSIG CERT 7 3 300 20130410115632 20130410105629 54974 all.rr.org. CcY3yTFCBjK+YQ9ZqZiSuPKUCdezf3n4Ul/UwwUy/39nZRYeU1MXOaAtnAzmNCMqER6/AHwweJ4d+6oSrLsAYoDUBToHwyhMg8at/f4TZ4UZSYGVj1fF3MS1mVdUAeHlN5/ZgVVoFX1nt93i7DIbAUjSKwHHBrTSQFyVb9kNhXM= all.rr.org. 300 IN SSHFP 2 1 123456789abcdef67890123456789abcdef67890 all.rr.org. 300 IN RRSIG SSHFP 7 3 300 20130410115742 20130410105629 54974 all.rr.org. cvXx5xDRh1fhNriUN66qpjmzW+pCFov32WALjEtZHKZ08UHDcw7oYk0bAITGEIa+JCujQ7RkAMgwpbFbyZYoJgV78j+YaEquqfT7ZjZDy8FB8eL9P+HpHqoXtEXLvO2WYsbtU5phSESflzW/8kOvFWduO5IRZPbstE4BdfauVa4= all.rr.org. 300 IN IPSECKEY 10 1 2 192.0.2.38 AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ== all.rr.org. 300 IN RRSIG IPSECKEY 7 3 300 20130410115721 20130410105629 54974 all.rr.org. FwJEQzEu1pZkpnAYZc3cWCCdgVsCyserUhJVeByjaMD3oHvfSbmdIT/IbOYyTrmfSFpwcsdJ6oJ+bNEwIISzaM/puSAjT2sN5+ryoSjaqePldM2/iZdf44N21UhyH7IfxFfryhdzIHdq0jnFkaCX+Y4c76vqpHitlaUYXdv8IDI= all.rr.org. 300 IN DHCID AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA= all.rr.org. 300 IN RRSIG DHCID 7 3 300 20130410115751 20130410105629 54974 all.rr.org. ssk8jk702AJwC7tO6+b8IhgIoiSRjXDLw72EVaiwlOuNR+HV5gATb1FG3Ng/APg6wDWNEy6VRhv7pQQHm/E0gFBAzkUSfCCw/yUX0fVlw3PhC1qs0di4Id3I6sKBK7ZstNzUtoOXfqjF7xvGU60EPA4ZSDvQkCCdvO4Ok5RIdQM= all.rr.org. 300 IN SPF "v=spf1 +mx a:colo.example.com/28 -all" all.rr.org. 300 IN RRSIG SPF 7 3 300 20130410115804 20130410105629 54974 all.rr.org. HHseYzie8UWI+NPBto4pTZAKaT0V3U8iYbwsAb0WYi3MK9FJAFPM8RcUflDGMKjkA0UBEb1udIKbQfRmknK9GtifSnQupEnWhnbHEmbnJ+zAsSS6k0aZ4vgm8GGB29OTqmkETAxYH0X/0FniJw7P9LUU/KnOqs/wnNOFkMQnxgs= all.rr.org. 300 IN DLV 12345 3 1 123456789abcdef67890123456789abcdef67890 all.rr.org. 300 IN RRSIG DLV 7 3 300 20130410115749 20130410105629 54974 all.rr.org. Ddtqn8hfhSHSL9krYFfBPCDPUf6ABrrXwa/xiOzD9MrfnxaIZcGt7HZuVjj1fbXdrklacVTyDMgpLGTJHKn4TnCsgUzBvoCRrHZpCsS8eL2dCBc5EfIMjuIPM2V5/bZbCNdxji0FJQ5lebO/XlSpl51T75iAa1ntN0+RsqYb37A= lsjuf2e6mg5p2lhd4ifn9j1d0tau9v6m.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab p9idn47k3i4hl7uvrsala2cika6iqhrt NS SOA MB MG MR HINFO MINFO MX RP AFSDB X25 ISDN RT NSAP PX AAAA LOC NAPTR KX CERT SSHFP IPSECKEY RRSIG DNSKEY DHCID NSEC3PARAM SPF DLV lsjuf2e6mg5p2lhd4ifn9j1d0tau9v6m.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115739 20130410105629 54974 all.rr.org. otfOdRSrnRxCz9vGEXwFoyxplCw5ZIm8L/fAtf7LBv/uq/WBes1oJ/hGcjNbJ98upD1OSQuP8H8fyZ9+XWOQ5YCdXFnO+oASPjko1eTDWDRE4NvpHuv0G2f73nFRvQDxJKx0k/geYSHMhtpy1jliDY9jMPSbkWaTjTqO1itznYE= ;;Empty non-terminal _domainkey.all.rr.org. ap94ot77hb4828sgce8b1vviq70e9vlb.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab g2l2o193s2lss98gj7rmmktavpqfjvq8 ap94ot77hb4828sgce8b1vviq70e9vlb.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115702 20130410105629 54974 all.rr.org. IOCr90ztV18liuUpYYWwRN+wJ+aLQWTRpo7eb3vShpvDwLQFbQT9AKLQ/av3bCsmML28r5pn4czZC1MEXpTyYPbhTSBSyb8kU5DeauSOU+bjdQpgJppZ0eEQ1iKNRV7MY4mlVPa/jJ5MJuF/jjWAHRovYmgPBOanIXBBUqq3jv4= selector._domainkey.all.rr.org. 300 IN TXT "v=DKIM1; n=Use=20DKIM; p=AwEAAZfbYw8SffZwsbrCLbC+JLErREIF6Yfe9aqsa1Pz6tpGWiLxm9rSL6/YoBvNP3UWX91YDF0JMo6lhu3UIZjITvIwDhx+RJYko9vLzaaJKXGf3ygy6z+deWoZJAV1lTY0Ltx9genboe88CSCHw9aSLkh0obN9Ck8R6zAMYR19ciM/; t=s" selector._domainkey.all.rr.org. 300 IN RRSIG TXT 7 5 300 20130410115828 20130410105629 54974 all.rr.org. KT6xh9I5XLsvNxSfB469KXOv6MFRNAPBjOd25UcgMt+iaTKHzNWqW4dO3XfzJeT+/fi/zDhGsuwcBvd9Hv+vS/G5EWC9zWmkTpGtWONJcWe7sFh6JvBXKEb044vzB0fpYPRCrE3gztgJL+/hMLdo8Kie7bcK6twe4YyZoSkRz/g= g2l2o193s2lss98gj7rmmktavpqfjvq8.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab ibhek6s8u0esfnqpdrm8tuo03rgcfkjn TXT RRSIG g2l2o193s2lss98gj7rmmktavpqfjvq8.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115652 20130410105629 54974 all.rr.org. soUOUj4nUVLWpjbCTaxYP/IwZsCUxDNqEvGEhtcWu3WX24C/nn3B8AFUHgYhzoU59cbcV8KX04DknCBx14iRB6nUGISCXLTDVL2oW7235UFgJf1+SAnPzh0xiqqbMhoC+TONUTIumD8aWOc4nreRCJu6sF3A9l8B4/exFwOsluc= ;;Empty non-terminal _tcp.all.rr.org. k8gq8bbuj67kiblf6eibvia6v06bdjnt.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab kguhs2hk2v7lkk84rksoepthlhstbp3h k8gq8bbuj67kiblf6eibvia6v06bdjnt.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115715 20130410105629 54974 all.rr.org. DKWpBw4n8w4DAL8wJ0iHoKiPc6fIZz89MyVz+92ZGdBkx8+tv+7YtiEWPaTouVu76lJQn+04FphXL3eRNacCljmWgq4KDo63GJQtQPMlUcaj4dY1DL/XjW05So0pZMxpgM2Q2WhpkS7VaqmtVlrnH/dHiB9zPeKCjMVCpN7evwk= _http._tcp.all.rr.org. 300 IN SRV 0 5 80 ns1.example.com. _http._tcp.all.rr.org. 300 IN RRSIG SRV 7 5 300 20130410115722 20130410105629 54974 all.rr.org. l4TKCA0c2PodZZMspzR8UJpYxhvrSiyY7MGeQSWseRW09dj43gEiJoIlxq3AaK0lw4FDzyfWcA2CYRwL3RW2cBSfKyHp4Ubmhm91WPzlIxec9amtVkYq4WrC9h8tfblfceoNyOv48QTew1pw9a/Gah5jnw4de3XNy1PgZkh6HtM= p9idn47k3i4hl7uvrsala2cika6iqhrt.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab rdg0v236pd1v9ol0rhhft0c8a26unhvu SRV RRSIG p9idn47k3i4hl7uvrsala2cika6iqhrt.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115700 20130410105629 54974 all.rr.org. RzjxnjDsBWBSKNIxPaI9yhOWsnleFNaL6iuXPhFF6sZtH3ejL+AQsnQiQO17vBPPzb6AILiBT7MWTF3YkZASEys978HWbHWgWESZDndXypJZe115v+yaU/rKGlx16lxtLbXSDqat+rsRBZdri8L6UwULlKDmwxnNMb57bVnR21o= bar.all.rr.org. 300 IN PTR ns1.all.rr.org. bar.all.rr.org. 300 IN RRSIG PTR 7 4 300 20130410115724 20130410105629 54974 all.rr.org. hqmf6g3txmdk6PuCnQ/ve5Cp7Oyh4Iol4bXNBsyvIZDsWto2UvUq0csquD21Tpo/MIq8BPCXesQMseprR+zZBr3w5qQbQJikvwUt1mx1mqABcPJeDgIPmBeIYys71IaTNdgmKib6rB9xndpeXuBtKJ737f+B0y3avy9eTsHbRfg= 17dh4524ajdqdot2u7ouvoko5p9assdh.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab 2t74lut69cjlkdoikr2lhjnaud9prhqh PTR RRSIG 17dh4524ajdqdot2u7ouvoko5p9assdh.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115813 20130410105629 54974 all.rr.org. BvO6S1ZV58+QmFVFytvs4nRlQ43zaqgEL2/Omuyy3RXqTSSUjrX9wiyJ+ncLiITBXZYtoZHv6Xyr7U6kk/sA8CRVOHA29iyd/kr8yl+0YUEb+p05SSxH014i0AG4UXBaQbF20qGoM3hN4GJwmTHllv6eYB3svPh+27k1bWcc6CE= foo.all.rr.org. 300 IN CNAME ns1.all.rr.org. foo.all.rr.org. 300 IN RRSIG CNAME 7 4 300 20130410115632 20130410105629 54974 all.rr.org. I6BTgHmnZ5VIRywDWAKwf+k6XvuSQyWEAfED1TtK6Vrels39qo8Jc4yDoSzeorAwizNYABPTFpQZucTCkgxn75vTxFKK7aLem5opkw7uZFrGH3y3WoEp7utAtmrHYl5KtaB0u4FL9P2qfj8G2TfmnvwahHSBU4HvKxWcAFyEq/8= a2oddelqgm2q40lr53o246garr6a1lo1.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab ap94ot77hb4828sgce8b1vviq70e9vlb CNAME RRSIG a2oddelqgm2q40lr53o246garr6a1lo1.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115735 20130410105629 54974 all.rr.org. OiYcHnhPg+Y4uA/lNC4SpO/wIPNYxv2AgQDAhDZZTHwEop99sWaTPWTo+l+Eu8gKswB2FRjEgY8kGuTfwSJjXibFuXSTwDs6xQdZfCmIatHnFPuSTV7WUub2L7ry03w6hnL31WzEnIHMESglKw3Wny2QHPfxpm+BArDryQ5lhOc= frobozz.all.rr.org. 300 IN DNAME frobozz-division.acme.example. frobozz.all.rr.org. 300 IN RRSIG DNAME 7 4 300 20130410115653 20130410105629 54974 all.rr.org. Q7y8w/y7BzLtzMI6eTlFj4TqbFfRhHUJMRsj5uY0TFESrHzIdxjanZebsvcfXSwA9KCadXx7jQdmAHtS1eNeuIZrAidQFeu2PWJJ5O/yGbswrmeNlcF46Mwz7qCKa3MzY5//liHZWbvZDM5o2w25+O6pkt2ICkkhlk4DcmcSSaI= rdg0v236pd1v9ol0rhhft0c8a26unhvu.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab 17dh4524ajdqdot2u7ouvoko5p9assdh DNAME RRSIG rdg0v236pd1v9ol0rhhft0c8a26unhvu.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115820 20130410105629 54974 all.rr.org. uOVkY3yt9Lkws8Q/CnWB+T3gO3jgOubKyxL5p8P/0ehX5PoxEs5PQ8/IzLHSX9gkRW6ZZS4veb9Q5PChayVbYcJj7Hla06b/rBvYC7vwxlw66dhKfx1Hd6DwVPrNWz8P4OrIMmIafpmCw+iILMIE2mPMfidn8MDgS0e2qSR3pOA= helium.all.rr.org. 300 IN HINFO "Shuttle-ST61G4 Intel PIV3000" "FreeBSD 7.0-STABLE" helium.all.rr.org. 300 IN RRSIG HINFO 7 4 300 20130410115658 20130410105629 54974 all.rr.org. qFTZmZu71gTIEN9M1ShvWq+xyqGniMreuq2y6weYsSZCy32IQlFHuw8IBgkeqnrgToFFvC8ZQPC+gUp5jyN8WfTKmQLPdJJyuDQhiybQdPQgxA0mg/RYlQiTjVnzZkDkPAymYee4qBxk/gGhJcwGkHVJLZJRc79ydwhmoUVolwQ= kguhs2hk2v7lkk84rksoepthlhstbp3h.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab lsjuf2e6mg5p2lhd4ifn9j1d0tau9v6m HINFO RRSIG kguhs2hk2v7lkk84rksoepthlhstbp3h.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115706 20130410105629 54974 all.rr.org. fYKJ/LZ3dvudYeP6fT+NjTwAdJX3OaYJQ8Ty4zDvnwizhV3usQdgkjL/UoSLUBRCFj9Y4x4C5ZZ+3Z6YSvkTO8vceFwoUl7QNwMKg4/R1yBte9GcH7BesMpG2QTovnXc1CEha4XHTWsGEjrFj1WOmz5kKruImykv0ILlbIjy37w= ns1.all.rr.org. 300 IN A 10.1.0.52 ns1.all.rr.org. 300 IN RRSIG A 7 4 300 20130410115651 20130410105629 54974 all.rr.org. tI8y5xo0zsUSeeh0ZJUuWr2xvbEtN5B5TFMwmOHOU70TNjcBLC1LE+2M9wtjn09mLphY84+YHzAH7PcpJByIwbstWAkHdjzjRpvQYg1UoeA6m/5hypTAU+7UWO99i4ccPKd7pM686zlQNBeDBdoQHVVDutQeXsXJ+BqchraKN2M= 2t74lut69cjlkdoikr2lhjnaud9prhqh.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab a2oddelqgm2q40lr53o246garr6a1lo1 A RRSIG 2t74lut69cjlkdoikr2lhjnaud9prhqh.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115819 20130410105629 54974 all.rr.org. TVwpq/lVeLnHws9G0N4/ksa7xwWjQA5o0OBy/FIdGLZutp9crtQVRlk/03Bzfv2t0BiqIb/PrZtScvG+3X0Wm8JqjYod/akHtrMlpPx/mPE7d6dMpyU2cOSeYrfge4T1VuCHTmjdweo/Hl3JrwEF7fmr18b+RdiD+dS4IIV9QCk= sub.all.rr.org. 300 IN DS 12345 3 1 123456789abcdef67890123456789abcdef67890 sub.all.rr.org. 300 IN RRSIG DS 7 4 300 20130410115708 20130410105629 54974 all.rr.org. YPFdLZvdgZFp49p66slbZF/xp6D4Jm64NCR5ADl3D0OXs8nB64eh78IPIRJb8T55ob70FCSaW7zgBXSVrAeIYDEBHXXYYtaU45uuAtJeDLbo27j1FaSPiXERduc/01nARQOcGrEKRHMOw7rnihizFlfyCS4EWhyh5RX3NP0bLcg= ibhek6s8u0esfnqpdrm8tuo03rgcfkjn.all.rr.org. 300 IN NSEC3 1 1 5 dfe3a4ef6152d5ab k8gq8bbuj67kiblf6eibvia6v06bdjnt DS RRSIG ibhek6s8u0esfnqpdrm8tuo03rgcfkjn.all.rr.org. 300 IN RRSIG NSEC3 7 4 300 20130410115706 20130410105629 54974 all.rr.org. DWDO17UjzuSJCovz7w3vjRfQZR4qqr7qbOUCdcrkni4FnjU5PpF6+B7+dWUBHKwHf9jcH6QBElELoiYwAEuTZ3CZ8ofKNfvWCrekKEr3gUHSbL2Qh0tS3dZrYYm5WzpkZBZZqorjgVX1iAbOYx3KbhvsEBhFB6YSVLKpyXb9KiA= tobez-validns-f423245/t/issues/nsec-chain/000077500000000000000000000000001314110214000203175ustar00rootroot00000000000000tobez-validns-f423245/t/issues/nsec-chain/Kexample.com.+010+35615.key000066400000000000000000000011371314110214000244070ustar00rootroot00000000000000; This is a zone-signing key, keyid 35615, for example.com. ; Created: 20130219194149 (Tue Feb 19 20:41:49 2013) ; Publish: 20130219194149 (Tue Feb 19 20:41:49 2013) ; Activate: 20130219194149 (Tue Feb 19 20:41:49 2013) example.com. IN DNSKEY 256 3 10 AwEAAeYgLpfBmR2u+z7sm3aMjWVTGcfvLFIFBQ3zvplCeVrKPlEi0lN0 FzjLRPHKsQF22TnSFxjsu9DKGxj50f7sX9PsaZNRvOYXdVdnrh5YIJgu 5BcsTtpX+npQAAAqUC0nX+m3jJkvSvdWjtRIYF3ErHiCRam6rMDFGSA9 IupK+Z7TJfz/JRYxObYFoOZysVbTELPQjp+hk3QdSBDiYs5q2KaxFYz9 r18BlMUMmUwVNEDTisiF29iju44qn+pcqcRSUM1Fmse9CSjawltXhA0B /WbhYDQ2kiKO5UQS4Qip3C0sA3KECirCMcJbXEoaIHzXOrkNGJbaCq0b oHdytjdQSUM= tobez-validns-f423245/t/issues/nsec-chain/Kexample.com.+010+35615.private000066400000000000000000000033611314110214000252720ustar00rootroot00000000000000Private-key-format: v1.3 Algorithm: 10 (RSASHA512) Modulus: 5iAul8GZHa77PuybdoyNZVMZx+8sUgUFDfO+mUJ5Wso+USLSU3QXOMtE8cqxAXbZOdIXGOy70MobGPnR/uxf0+xpk1G85hd1V2euHlggmC7kFyxO2lf6elAAACpQLSdf6beMmS9K91aO1EhgXcSseIJFqbqswMUZID0i6kr5ntMl/P8lFjE5tgWg5nKxVtMQs9COn6GTdB1IEOJizmrYprEVjP2vXwGUxQyZTBU0QNOKyIXb2KO7jiqf6lypxFJQzUWax70JKNrCW1eEDQH9ZuFgNDaSIo7lRBLhCKncLSwDcoQKKsIxwltcShogfNc6uQ0YltoKrRugd3K2N1BJQw== PublicExponent: AQAB PrivateExponent: JBU/uQPeIk1hj8hByCDZut2A2VyjMmkfFcT2ScmmhZnYk5hGKle1nG4i7Va+0l/0R6Cthnb4LBDElvH0/2fIzs3u7+6NE/bxqzbSkmd3FOWlVgzYgFvzJmKM3XnFAI9/9oGVRh+oPYgQ9TA0C//emzax/Z8Ln15IRknPw7Tl1wUwfAhUf9FR1FZ1oaD3hKuWx7jsvHCkKAtXoOlmTTBnTRAfVrlWdEONuln/iJuIEkuiTAD5m3jmiMljF1clTb/cczSPZhqPwlx9bqpj8cyePavrrJDIC2aseqs+E9t9oKeDj0Oi7/X083+7AX/XjcD05GohbgLeCAExH98gkB5OIQ== Prime1: 9iaC0LohyI7f4v4F1vwc+mVkeYvg6P7+3h3oC3R8iaE2sAwEFuDEmXXgbhkzvZiUbjGVzaGAj1HcbYzbrYCGsbx+8qWCCHW6e3/5sL7yoflsLF7y4XU7FVl9hsJSRcqkTEHwA1mRFpmy4kBkpzsBbfmNPnqJYIoGwS3lmr58rp0= Prime2: 71WEyVg6cxrInrciL9Ae7qm1ab7RF9sSqdF4UWhQDYPZJ0BimNoQsAa76o+UBM/Qld9NMBXKu8no2ydWnkXb6LraUpFkAxF89MRAkCLlzV6n5ABmwGrLGIcKUp/J2T8Gw3ojxClcCEnskx5295K86835FGbx/xEQdaHVpDXKYV8= Exponent1: NlU11uDfCCgRX0d2/odT1il/Th0EHin7FAhB6hViT/bX3XApjus6Oi18xpCljRoa2V/0kxktCXWmVEAdVWTjVmQnGWRTGY7zBMOw18SuRfaKXBjxP7bivcmtHYvTITijn3mGgxbIIdb3V12jWg56OE43US03Gaod55I79jZJyzk= Exponent2: XwePz/qOSsHpwstocZ+riIwuEizIDTbZNECOC5TlpFgj0ygHfjWnxp0F5F7aIQb7BWdC2MLuWp4TLWFzTSjj5oa6xWohUe6RtQZvtEuG/4KEG03lfqVouvZzrNbxaKdT4i4PIYZimo/vtYK1Lhw/k0mXivhNQj/eTzbRA4CwOPU= Coefficient: AdcUDb/gzCkVid24q5fusFX1qzilGI4BDA9VVvf6XICZWHX3p8L3GB4H/KFNokHLFJtbAVLsi5T/glxyH+eRlfkQMg6EmgsOgTBpiOp3/VzO182qR8gHeVEYSUoRXLYo9UhtGdUF290YBYbhwjJkLEIfYe/lhfwMlzN9va3EUXw= Created: 20130219194149 Publish: 20130219194149 Activate: 20130219194149 tobez-validns-f423245/t/issues/nsec-chain/dsset-example.com.000066400000000000000000000002511314110214000236460ustar00rootroot00000000000000example.com. IN DS 35615 10 1 5293F83B0138B06E62542BF8D41C7AC4176BB08E example.com. IN DS 35615 10 2 B5995969441CEEA4C2114AAE50C40D730B65CFCDB76545AD02F73177 E8BD1A8F tobez-validns-f423245/t/issues/nsec-chain/example.com000066400000000000000000000010351314110214000224510ustar00rootroot00000000000000$TTL 1d $INCLUDE Kexample.com.+010+35615.key @ IN SOA ns.example.com. hostmaster.example.com. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL IN NS ns1.example.net. domain1 IN NS ns1.example.net. IN DS 2629 8 1 422D2A1FEADD36337C719964637CA08EB4C6BECB tobez-validns-f423245/t/issues/nsec-chain/example.com.signed000066400000000000000000000076341314110214000237340ustar00rootroot00000000000000; File written on Tue Feb 19 20:42:21 2013 ; dnssec_signzone version 9.8.3-P4 example.com. 86400 IN SOA ns.example.com. hostmaster.example.com. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 10 2 86400 20130321184221 ( 20130219184221 35615 example.com. fSRKU+K9f0tGSpUVNFtQc0TBufHSMhQ4yWZX fv1+osKrMVHxfluIwlYa5ExqFBvf2EwVvruF 2gk3KGR9WtM62Ub+MsBCRZCZeIrfEZ5tWPRf UHSbi7WwOD7ELQw6yeZLiG+8BRZSove8txHC N0GqaB3FeFRg1BRnErsmutfG/TvNS2ihjeTw IIjELjcHbe79tsvD+JIzSHghWt0b+7dHpD5A Z0mNAhBSgRwtwb2BtrLwJhtRX+spPlM6iy87 6pfADRZQCzAlv4aridie5pQzFG15FLyyfvbF 5/YtMZjuAaBNf+2KqhZbGWQFuPLB9C30Vqa0 qQ7o10OAn3QQGHE+iA== ) 86400 NS ns1.example.net. 86400 RRSIG NS 10 2 86400 20130321184221 ( 20130219184221 35615 example.com. B3H3TYnpWgpc4cqIS79F/GSxSrUTaDdJEtVj Ps4fj0ETKrjBxIkq8r36/srAD72VK8nGuVvW aC90q6hy+T5oRjnDGke8XcOZLTeSsdqSiElL DgEFhKhL80Sxr9sMd2V+N7KzSLlPKsYtAW+O 5ktr/21CSzE0lhDI8b/GO8Hjs9gZwyMzLzlx j3kVtMlsul5aJrCA2WtdKEBXTiFrhr4FU+hY moe3uwrUNR6MHhb+l1IVo2yKCDBD7ZZ1ToGz dl2XuHEWiuOKiUAizTcpnWbdMWzSJMkrKx1/ gXdAq1q1t8VIi9WJs4XyKEDuJG0Ep8BeUTmE 4QbwLrOe1Tabell4eQ== ) 604800 NSEC domain1.example.com. NS SOA RRSIG NSEC DNSKEY 604800 RRSIG NSEC 10 2 604800 20130321184221 ( 20130219184221 35615 example.com. fi1kPn544HwVk3M/BhM0g2oyLrRj6XfS+r14 qbVtMtT4s9Nk7hmtKlqCjSvPRl+ichW9cGRn pfYC6cDkKb6VX6RUqtCfN+A1s+f9iX/TPCkY mo4FgxioOG6ZUNBxsbgYsBjM08VwtOf+4VZV P+NvRpbMvmNRJux2Ftba+wB0GA4Bl/x1jx5R O4EI8/hENXxnc+ak/eJdBRy7yDFgBMVvp2ZI 8nt353uXhq+C/HpB8CmQO290GpUStpQlQ9aW e5usfRplUfHLSvF+YfJGBV+7WxfQa7REIdXw 7wmbHdS0iy4XtyGXVs9/cFipP5l82skYl4zb YZol9Opb28njTmdxtg== ) 86400 DNSKEY 256 3 10 ( AwEAAeYgLpfBmR2u+z7sm3aMjWVTGcfvLFIF BQ3zvplCeVrKPlEi0lN0FzjLRPHKsQF22TnS Fxjsu9DKGxj50f7sX9PsaZNRvOYXdVdnrh5Y IJgu5BcsTtpX+npQAAAqUC0nX+m3jJkvSvdW jtRIYF3ErHiCRam6rMDFGSA9IupK+Z7TJfz/ JRYxObYFoOZysVbTELPQjp+hk3QdSBDiYs5q 2KaxFYz9r18BlMUMmUwVNEDTisiF29iju44q n+pcqcRSUM1Fmse9CSjawltXhA0B/WbhYDQ2 kiKO5UQS4Qip3C0sA3KECirCMcJbXEoaIHzX OrkNGJbaCq0boHdytjdQSUM= ) ; key id = 35615 86400 RRSIG DNSKEY 10 2 86400 20130321184221 ( 20130219184221 35615 example.com. Qx8EkBJQK08TIY9Ftt974UC788Nof2zwmCZM 203uXl/Pm6iDN/FgEigcl2IvtuhxrWiEvNJD dINpepPOkusX9apzG1pSs5rMj8RBxhEv60i1 OfBeC7F/jU6CY6f7JvQ+ULPwvQ2e3/r8P3jY 4ErC2rsxSJpAzKkWUWokNIS9e2VJA8FCpJCI oJbesCGXH7ydDFZ+x6+z60xGRIhK2/MoCzGu WbLRHww77y4q1ePC7v35hh4uoMPTwbtaD1P6 pw3ELhXuHMlh+A/K5v7gVfZWYEFipe/r2YhM dbjGdB9/ZTTiQddFBVll7G4EqhSqTA7+elTV RB9EkLCRntIpYCh9BQ== ) domain1.example.com. 86400 IN NS ns1.example.net. 86400 DS 2629 8 1 ( 422D2A1FEADD36337C719964637CA08EB4C6 BECB ) 86400 RRSIG DS 10 3 86400 20130321184221 ( 20130219184221 35615 example.com. cv4HDaasJ4SKii6DPbfHf+rRy/i4WBxRo4Uz 84B5Ta4tB5LaJF69c8T10mPC4jnwIFvcJ+1G h07mQZdt1FyPLMJM4lOEj9Nj+mKEtf25lRtT 58Rph6n95wwanRvuELtUEjeU+F7vMyCj2aFw NLXHIvyWvtbPCJOrSfyB7TPH+sIltOoMCziF 0kHHiMrVqV9CE8hjq5MgdbyZ2/LdF7vYNza3 btNmSJY0WpmoTyoHu9+bMQQdAKHfUx9u+MPJ jbF77yqBIzEkbV1j4eeQ5NLA6YlXmowuhhxF 8U+dko4h7TRxkmq0ih5XQJVoKnih76Dj7p/2 oHYE204X16iJXqKXLQ== ) 604800 NSEC example.com. NS DS RRSIG NSEC 604800 RRSIG NSEC 10 3 604800 20130321184221 ( 20130219184221 35615 example.com. WWg7EiYoY8Hp593I2i5Mkl2ezg7YuAnq0y75 oymTCuEfGwh4OxbMT/mWNqAFL5Y8f0YoQOOY wZP0m/sGK/EJN7ulNsfQyULY4WsyHIGlKMwT KdyDXJLrmrzlmRnGv7pFb0bo53n3osE0uFfH yMQYOkQRYfqa4yWXF9Nl48dy67frtVih0foy 9Mm76mmJSDUd/jGsYQmaoFGVU/a64rWapVQ9 O/mXPqr6Pw2ZCHecsF4ElMEp41YqG1DfR5QR khTjvTlg4aTKvgX1YuvDhjUygSHit47xn2NC 2WwEZF+vYXT9DIUCMcKdVeb4bjWwUXbWNFqz Ca3jb/mpOpUDFnrRPw== ) tobez-validns-f423245/t/issues/nsec-chain/example.com.signed-without-first-nsec000066400000000000000000000065601314110214000275050ustar00rootroot00000000000000; File written on Tue Feb 19 20:42:21 2013 ; dnssec_signzone version 9.8.3-P4 example.com. 86400 IN SOA ns.example.com. hostmaster.example.com. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 10 2 86400 20130321184221 ( 20130219184221 35615 example.com. fSRKU+K9f0tGSpUVNFtQc0TBufHSMhQ4yWZX fv1+osKrMVHxfluIwlYa5ExqFBvf2EwVvruF 2gk3KGR9WtM62Ub+MsBCRZCZeIrfEZ5tWPRf UHSbi7WwOD7ELQw6yeZLiG+8BRZSove8txHC N0GqaB3FeFRg1BRnErsmutfG/TvNS2ihjeTw IIjELjcHbe79tsvD+JIzSHghWt0b+7dHpD5A Z0mNAhBSgRwtwb2BtrLwJhtRX+spPlM6iy87 6pfADRZQCzAlv4aridie5pQzFG15FLyyfvbF 5/YtMZjuAaBNf+2KqhZbGWQFuPLB9C30Vqa0 qQ7o10OAn3QQGHE+iA== ) 86400 NS ns1.example.net. 86400 RRSIG NS 10 2 86400 20130321184221 ( 20130219184221 35615 example.com. B3H3TYnpWgpc4cqIS79F/GSxSrUTaDdJEtVj Ps4fj0ETKrjBxIkq8r36/srAD72VK8nGuVvW aC90q6hy+T5oRjnDGke8XcOZLTeSsdqSiElL DgEFhKhL80Sxr9sMd2V+N7KzSLlPKsYtAW+O 5ktr/21CSzE0lhDI8b/GO8Hjs9gZwyMzLzlx j3kVtMlsul5aJrCA2WtdKEBXTiFrhr4FU+hY moe3uwrUNR6MHhb+l1IVo2yKCDBD7ZZ1ToGz dl2XuHEWiuOKiUAizTcpnWbdMWzSJMkrKx1/ gXdAq1q1t8VIi9WJs4XyKEDuJG0Ep8BeUTmE 4QbwLrOe1Tabell4eQ== ) 86400 DNSKEY 256 3 10 ( AwEAAeYgLpfBmR2u+z7sm3aMjWVTGcfvLFIF BQ3zvplCeVrKPlEi0lN0FzjLRPHKsQF22TnS Fxjsu9DKGxj50f7sX9PsaZNRvOYXdVdnrh5Y IJgu5BcsTtpX+npQAAAqUC0nX+m3jJkvSvdW jtRIYF3ErHiCRam6rMDFGSA9IupK+Z7TJfz/ JRYxObYFoOZysVbTELPQjp+hk3QdSBDiYs5q 2KaxFYz9r18BlMUMmUwVNEDTisiF29iju44q n+pcqcRSUM1Fmse9CSjawltXhA0B/WbhYDQ2 kiKO5UQS4Qip3C0sA3KECirCMcJbXEoaIHzX OrkNGJbaCq0boHdytjdQSUM= ) ; key id = 35615 86400 RRSIG DNSKEY 10 2 86400 20130321184221 ( 20130219184221 35615 example.com. Qx8EkBJQK08TIY9Ftt974UC788Nof2zwmCZM 203uXl/Pm6iDN/FgEigcl2IvtuhxrWiEvNJD dINpepPOkusX9apzG1pSs5rMj8RBxhEv60i1 OfBeC7F/jU6CY6f7JvQ+ULPwvQ2e3/r8P3jY 4ErC2rsxSJpAzKkWUWokNIS9e2VJA8FCpJCI oJbesCGXH7ydDFZ+x6+z60xGRIhK2/MoCzGu WbLRHww77y4q1ePC7v35hh4uoMPTwbtaD1P6 pw3ELhXuHMlh+A/K5v7gVfZWYEFipe/r2YhM dbjGdB9/ZTTiQddFBVll7G4EqhSqTA7+elTV RB9EkLCRntIpYCh9BQ== ) domain1.example.com. 86400 IN NS ns1.example.net. 86400 DS 2629 8 1 ( 422D2A1FEADD36337C719964637CA08EB4C6 BECB ) 86400 RRSIG DS 10 3 86400 20130321184221 ( 20130219184221 35615 example.com. cv4HDaasJ4SKii6DPbfHf+rRy/i4WBxRo4Uz 84B5Ta4tB5LaJF69c8T10mPC4jnwIFvcJ+1G h07mQZdt1FyPLMJM4lOEj9Nj+mKEtf25lRtT 58Rph6n95wwanRvuELtUEjeU+F7vMyCj2aFw NLXHIvyWvtbPCJOrSfyB7TPH+sIltOoMCziF 0kHHiMrVqV9CE8hjq5MgdbyZ2/LdF7vYNza3 btNmSJY0WpmoTyoHu9+bMQQdAKHfUx9u+MPJ jbF77yqBIzEkbV1j4eeQ5NLA6YlXmowuhhxF 8U+dko4h7TRxkmq0ih5XQJVoKnih76Dj7p/2 oHYE204X16iJXqKXLQ== ) 604800 NSEC example.com. NS DS RRSIG NSEC 604800 RRSIG NSEC 10 3 604800 20130321184221 ( 20130219184221 35615 example.com. WWg7EiYoY8Hp593I2i5Mkl2ezg7YuAnq0y75 oymTCuEfGwh4OxbMT/mWNqAFL5Y8f0YoQOOY wZP0m/sGK/EJN7ulNsfQyULY4WsyHIGlKMwT KdyDXJLrmrzlmRnGv7pFb0bo53n3osE0uFfH yMQYOkQRYfqa4yWXF9Nl48dy67frtVih0foy 9Mm76mmJSDUd/jGsYQmaoFGVU/a64rWapVQ9 O/mXPqr6Pw2ZCHecsF4ElMEp41YqG1DfR5QR khTjvTlg4aTKvgX1YuvDhjUygSHit47xn2NC 2WwEZF+vYXT9DIUCMcKdVeb4bjWwUXbWNFqz Ca3jb/mpOpUDFnrRPw== ) tobez-validns-f423245/t/issues/nsec-chain/example.com.signed-without-last-nsec000066400000000000000000000066001314110214000273140ustar00rootroot00000000000000; File written on Tue Feb 19 20:42:21 2013 ; dnssec_signzone version 9.8.3-P4 example.com. 86400 IN SOA ns.example.com. hostmaster.example.com. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) 86400 RRSIG SOA 10 2 86400 20130321184221 ( 20130219184221 35615 example.com. fSRKU+K9f0tGSpUVNFtQc0TBufHSMhQ4yWZX fv1+osKrMVHxfluIwlYa5ExqFBvf2EwVvruF 2gk3KGR9WtM62Ub+MsBCRZCZeIrfEZ5tWPRf UHSbi7WwOD7ELQw6yeZLiG+8BRZSove8txHC N0GqaB3FeFRg1BRnErsmutfG/TvNS2ihjeTw IIjELjcHbe79tsvD+JIzSHghWt0b+7dHpD5A Z0mNAhBSgRwtwb2BtrLwJhtRX+spPlM6iy87 6pfADRZQCzAlv4aridie5pQzFG15FLyyfvbF 5/YtMZjuAaBNf+2KqhZbGWQFuPLB9C30Vqa0 qQ7o10OAn3QQGHE+iA== ) 86400 NS ns1.example.net. 86400 RRSIG NS 10 2 86400 20130321184221 ( 20130219184221 35615 example.com. B3H3TYnpWgpc4cqIS79F/GSxSrUTaDdJEtVj Ps4fj0ETKrjBxIkq8r36/srAD72VK8nGuVvW aC90q6hy+T5oRjnDGke8XcOZLTeSsdqSiElL DgEFhKhL80Sxr9sMd2V+N7KzSLlPKsYtAW+O 5ktr/21CSzE0lhDI8b/GO8Hjs9gZwyMzLzlx j3kVtMlsul5aJrCA2WtdKEBXTiFrhr4FU+hY moe3uwrUNR6MHhb+l1IVo2yKCDBD7ZZ1ToGz dl2XuHEWiuOKiUAizTcpnWbdMWzSJMkrKx1/ gXdAq1q1t8VIi9WJs4XyKEDuJG0Ep8BeUTmE 4QbwLrOe1Tabell4eQ== ) 604800 NSEC domain1.example.com. NS SOA RRSIG NSEC DNSKEY 604800 RRSIG NSEC 10 2 604800 20130321184221 ( 20130219184221 35615 example.com. fi1kPn544HwVk3M/BhM0g2oyLrRj6XfS+r14 qbVtMtT4s9Nk7hmtKlqCjSvPRl+ichW9cGRn pfYC6cDkKb6VX6RUqtCfN+A1s+f9iX/TPCkY mo4FgxioOG6ZUNBxsbgYsBjM08VwtOf+4VZV P+NvRpbMvmNRJux2Ftba+wB0GA4Bl/x1jx5R O4EI8/hENXxnc+ak/eJdBRy7yDFgBMVvp2ZI 8nt353uXhq+C/HpB8CmQO290GpUStpQlQ9aW e5usfRplUfHLSvF+YfJGBV+7WxfQa7REIdXw 7wmbHdS0iy4XtyGXVs9/cFipP5l82skYl4zb YZol9Opb28njTmdxtg== ) 86400 DNSKEY 256 3 10 ( AwEAAeYgLpfBmR2u+z7sm3aMjWVTGcfvLFIF BQ3zvplCeVrKPlEi0lN0FzjLRPHKsQF22TnS Fxjsu9DKGxj50f7sX9PsaZNRvOYXdVdnrh5Y IJgu5BcsTtpX+npQAAAqUC0nX+m3jJkvSvdW jtRIYF3ErHiCRam6rMDFGSA9IupK+Z7TJfz/ JRYxObYFoOZysVbTELPQjp+hk3QdSBDiYs5q 2KaxFYz9r18BlMUMmUwVNEDTisiF29iju44q n+pcqcRSUM1Fmse9CSjawltXhA0B/WbhYDQ2 kiKO5UQS4Qip3C0sA3KECirCMcJbXEoaIHzX OrkNGJbaCq0boHdytjdQSUM= ) ; key id = 35615 86400 RRSIG DNSKEY 10 2 86400 20130321184221 ( 20130219184221 35615 example.com. Qx8EkBJQK08TIY9Ftt974UC788Nof2zwmCZM 203uXl/Pm6iDN/FgEigcl2IvtuhxrWiEvNJD dINpepPOkusX9apzG1pSs5rMj8RBxhEv60i1 OfBeC7F/jU6CY6f7JvQ+ULPwvQ2e3/r8P3jY 4ErC2rsxSJpAzKkWUWokNIS9e2VJA8FCpJCI oJbesCGXH7ydDFZ+x6+z60xGRIhK2/MoCzGu WbLRHww77y4q1ePC7v35hh4uoMPTwbtaD1P6 pw3ELhXuHMlh+A/K5v7gVfZWYEFipe/r2YhM dbjGdB9/ZTTiQddFBVll7G4EqhSqTA7+elTV RB9EkLCRntIpYCh9BQ== ) domain1.example.com. 86400 IN NS ns1.example.net. 86400 DS 2629 8 1 ( 422D2A1FEADD36337C719964637CA08EB4C6 BECB ) 86400 RRSIG DS 10 3 86400 20130321184221 ( 20130219184221 35615 example.com. cv4HDaasJ4SKii6DPbfHf+rRy/i4WBxRo4Uz 84B5Ta4tB5LaJF69c8T10mPC4jnwIFvcJ+1G h07mQZdt1FyPLMJM4lOEj9Nj+mKEtf25lRtT 58Rph6n95wwanRvuELtUEjeU+F7vMyCj2aFw NLXHIvyWvtbPCJOrSfyB7TPH+sIltOoMCziF 0kHHiMrVqV9CE8hjq5MgdbyZ2/LdF7vYNza3 btNmSJY0WpmoTyoHu9+bMQQdAKHfUx9u+MPJ jbF77yqBIzEkbV1j4eeQ5NLA6YlXmowuhhxF 8U+dko4h7TRxkmq0ih5XQJVoKnih76Dj7p/2 oHYE204X16iJXqKXLQ== ) tobez-validns-f423245/t/test.pl000066400000000000000000000477171314110214000163300ustar00rootroot00000000000000#! /usr/bin/perl use 5.006; use strict; use warnings; use Test::More; BEGIN { use_ok("Test::Command::Simple"); } unless (*run{CODE}) { done_testing; exit(0); } my @e; for my $threads ("", qw(-n2 -n4 -n6 -n8)) { my @threads; push @threads, $threads if $threads; run('./validns', @threads, 't/zones/galaxyplus.org'); is(rc, 0, 'valid zone parses ok'); run('./validns', @threads, '-t1501789043', 't/zones/example.sec.signed'); is(rc, 0, 'valid signed zone parses ok'); run('./validns', @threads, '-t1303720010', 't/zones/example.sec.signed'); isnt(rc, 0, 'valid signed zone with timestamps in the future'); @e = split /\n/, stderr; like(shift @e, qr/signature is too new/, "signature is too new"); run('./validns', @threads, '-t1561789043', 't/zones/example.sec.signed'); isnt(rc, 0, 'valid signed zone with timestamps in the past'); @e = split /\n/, stderr; like(shift @e, qr/signature is too old/, "signature is too old"); run('./validns', @threads, '-s', '-pall', 't/zones/manyerrors.zone'); isnt(rc, 0, 'bad zone returns an error'); @e = split /\n/, stderr; # main.c like(shift @e, qr/unrecognized directive: \$FUNNYDIRECTIVE/, "unrecognized directive 1"); like(shift @e, qr/unrecognized directive: \$ORIGINBUTNOTREALLY/, "unrecognized directive 2"); like(shift @e, qr/bad \$ORIGIN format/, "not really an origin"); like(shift @e, qr/\$ORIGIN value expected/, "empty origin"); like(shift @e, qr/garbage after valid \$ORIGIN/, "bad origin"); like(shift @e, qr/unrecognized directive: \$TTLAST/, "unrecognized directive 3"); like(shift @e, qr/bad \$TTL format/, "not really a TTL"); like(shift @e, qr/\$TTL value expected/, "empty TTL"); like(shift @e, qr/\$TTL value expected/, "funny TTL"); like(shift @e, qr/\$TTL value is not valid/, "bad TTL"); like(shift @e, qr/\$TTL value is not valid/, "bad TTL take 2"); like(shift @e, qr/garbage after valid \$TTL/, "bad TTL take 3"); like(shift @e, qr/unrecognized directive: \$INCLUDESSIMO/, "unrecognized directive 4"); like(shift @e, qr/bad \$INCLUDE format/, "not really an include"); like(shift @e, qr/unrecognized directive: \$/, "unrecognized directive 5"); like(shift @e, qr/unrecognized directive: \$/, "unrecognized directive 6"); # TODO once INCLUDE is implemented, add more tests ## TODO continue main.c at "cannot assume previous name" like(shift @e, qr/class or type expected/, "nonsense line"); like(shift @e, qr/the first record in the zone must be an SOA record/, "non-SOA 1"); like(shift @e, qr/the first record in the zone must be an SOA record/, "non-SOA 2"); like(shift @e, qr/serial is out of range/, "out of range serial"); like(shift @e, qr/there could only be one SOA in a zone/, "another SOA"); like(shift @e, qr/name server domain name expected/, "empty NS"); like(shift @e, qr/garbage after valid NS/, "bad NS"); like(shift @e, qr/IPv4 address is not valid/, "empty A"); like(shift @e, qr/garbage after valid A data/, "bad A"); like(shift @e, qr/cannot parse IPv4 address/, "bad A IP"); like(shift @e, qr/IPv4 address is not valid/, "not an IP in A"); like(shift @e, qr/IPv6 address is not valid/, "empty AAAA"); like(shift @e, qr/garbage after valid AAAA data/, "bad AAAA"); like(shift @e, qr/IPv6 address is not valid/, "bad AAAA IP"); like(shift @e, qr/IPv6 address is not valid/, "not an IP in AAAA"); like(shift @e, qr/MX preference expected/, "empty MX"); like(shift @e, qr/MX exchange expected/, "MX without exchange"); like(shift @e, qr/garbage after valid MX data/, "bad MX"); like(shift @e, qr/bad SHA-256 hash length/, "TLSA SHA-256"); like(shift @e, qr/bad SHA-512 hash length/, "TLSA SHA-512"); like(shift @e, qr/certificate association data: hex data does not represent whole number of bytes/, "TLSA nibbles"); like(shift @e, qr/bad certificate usage field/, "TLSA certificate usage"); like(shift @e, qr/TTL is not valid/, "TLSA certificate usage fallout"); like(shift @e, qr/certificate usage field expected/, "TLSA certificate usage"); like(shift @e, qr/TTL is not valid/, "TLSA certificate usage fallout"); like(shift @e, qr/bad selector field/, "TLSA selector"); like(shift @e, qr/TTL is not valid/, "TLSA selector fallout"); like(shift @e, qr/selector field expected/, "TLSA selector"); like(shift @e, qr/TTL is not valid/, "TLSA selector fallout"); like(shift @e, qr/bad matching type field/, "TLSA matching type"); like(shift @e, qr/TTL is not valid/, "TLSA matching type fallout"); like(shift @e, qr/matching type field expected/, "TLSA matching type"); like(shift @e, qr/TTL is not valid/, "TLSA matching type fallout"); like(shift @e, qr/outside.org. does not belong to zone galaxyplus.org./, "outsider"); like(shift @e, qr/long.outside.org. does not belong to zone galaxyplus.org./, "long outsider"); like(shift @e, qr/outsidegalaxyplus.org. does not belong to zone galaxyplus.org./, "tricky outsider"); like(shift @e, qr/bad algorithm 177/, "bad CERT algorithm"); like(shift @e, qr/bad or unsupported algorithm meow/, "bad CERT algorithm mnemonic"); like(shift @e, qr/bad certificate type 100000/, "bad CERT type"); like(shift @e, qr/is reserved by IANA/, "reserved CERT type"); like(shift @e, qr/certificate type 700 is unassigned/, "unassigned CERT type"); like(shift @e, qr/bad certificate type meow/, "bad CERT type"); like(shift @e, qr/bad key tag/, "bad key tag"); like(shift @e, qr/certificate expected/, "bad base64"); like(shift @e, qr/there could only be one SOA in a zone/, "another SOA at the end"); like(shift @e, qr/record name is not valid/, "wildcard is the middle"); like(shift @e, qr/record name: bad wildcard/, "bad wildcard"); like(shift @e, qr/name cannot start with a dot/, "dot-something"); like(shift @e, qr/name cannot start with a dot/, "dot-dot"); like(shift @e, qr/garbage after valid DNAME data/, "DNAME garbage"); like(shift @e, qr/CAA flags expected/, "CAA without a flag"); like(shift @e, qr/CAA tag expected/, "CAA without a tag"); like(shift @e, qr/CAA unrecognized flags value/, "CAA with bad flags"); like(shift @e, qr/CAA unrecognized tag name/, "CAA with bad tag"); like(shift @e, qr/CAA tag is not valid/, "CAA with bad chars in tag"); like(shift @e, qr/CAA reserved tag name/, "CAA with reserved tag 1"); like(shift @e, qr/CAA reserved tag name/, "CAA with reserved tag 2"); like(shift @e, qr/CAA reserved tag name/, "CAA with reserved tag 3"); like(shift @e, qr/CAA missing tag value/, "CAA without a tag value"); like(shift @e, qr/garbage after valid CAA/, "CAA + garbage"); ## these things are not validated but probably should be #like(shift @e, qr/CAA invalid issue domain/, "CAA bad issue domain"); #like(shift @e, qr/CAA missing issue parameter value/, "CAA missing issue parameter value"); #like(shift @e, qr/CAA missing issue parameter tag/, "CAA missing issue parameter tag"); #like(shift @e, qr/CAA invalid issuewild domain/, "CAA bad issuewild domain"); #like(shift @e, qr/CAA missing issuewild parameter value/, "CAA missing issuewild parameter value"); #like(shift @e, qr/CAA missing issuewild parameter tag/, "CAA missing issuewild parameter tag"); #like(shift @e, qr/CAA iodef value not a URL/, "CAA iodef value is not a URL"); #like(shift @e, qr/CAA iodef value unrecognized URL/, "CAA iodef value unrecognized URL"); ## actual validations done after parsing like(shift @e, qr/CNAME and other data/, "CNAME+CNAME"); like(shift @e, qr/CNAME and other data/, "CNAME+something else"); like(shift @e, qr/there should be at least two NS records/, "NS limit"); like(shift @e, qr/not a proper domain name for an SMIMEA record/, "SMIMEA host 1"); like(shift @e, qr/not a proper prefixed DNS domain name/, "TLSA host 1"); like(shift @e, qr/not a proper domain name for an SMIMEA record/, "SMIMEA host 2"); like(shift @e, qr/not a proper domain name for an SMIMEA record/, "SMIMEA host 3"); like(shift @e, qr/not a proper prefixed DNS domain name/, "TLSA host 2"); like(shift @e, qr/TTL values differ within an RR set/, "TTL conflict"); like(shift @e, qr/multiple DNAMEs/, "Multiple DNAMEs"); like(shift @e, qr/DNAME must not have any children \(but something.zzzz3.galaxyplus.org. exists\)/, "DNAME with children"); like(shift @e, qr/CNAME and other data/, "DNAME+CNAME"); like(shift @e, qr/DNAME must not have any children \(but z.zzzz5.galaxyplus.org. exists\)/, "DNAME with children 2"); is(+@e, 0, "no unaccounted errors"); #like(stdout, qr/validation errors: XX/, "error count"); run('./validns', @threads, '-s', '-t1320094109', 't/zones/example.sec.signed.with-errors'); isnt(rc, 0, 'bad signed zone returns an error'); @e = split /\n/, stderr; like(shift @e, qr/wrong GOST .* digest length/, "wrong GOST digest length"); like(shift @e, qr/MX exists, but NSEC does not mention it/, "NSEC incomplete"); like(shift @e, qr/NSEC mentions SRV, but no such record found/, "NSEC lists too much"); like(shift @e, qr/RRSIG exists for non-existing type NAPTR/, "RRSIG for absent"); like(shift @e, qr/RRSIG's original TTL differs from corresponding record's/, "RRSIG orig ttl bad"); like(shift @e, qr/RRSIG\(NSEC\): cannot find a signer key/, "unknown signer"); like(shift @e, qr/NSEC says mail.example.sec. comes after example.sec., but ghost.example.sec. does/, "NSEC chain error"); like(shift @e, qr/NSEC says ns1.example.sec. comes after mail.example.sec., but nosuch.example.sec. does/, "NSEC chain error"); like(shift @e, qr/NSEC says ns2.example.sec. comes after ns1.example.sec., but ns122.example.sec. does/, "NSEC chain error"); like(shift @e, qr/NSEC says www.example.sec. is the last name, but zzz.example.sec. exists/, "NSEC chain not the last"); like(shift @e, qr/NSEC says zzzz.example.sec. comes after zzz.example.sec., but nothing does/, "NSEC chain unexpected last"); like(shift @e, qr/RRSIG\(NSEC\): bad signature/, "NSEC incomplete fallout") for 1..4; like(shift @e, qr/RRSIG\(NSEC\): bad signature/, "NSEC lists too much fallout") for 1..4; is(+@e, 0, "no unaccounted errors"); # RFC 2181 policy checks run('./validns', @threads, '-p', 'all', '-z', 'example1.jp', 't/zones/mx-ns-alias'); is(rc, 0, 'parses OK if we cannot determine the fact of aliasing'); run('./validns', @threads, '-p', 'all', '-z', 'example.jp', 't/zones/mx-ns-alias'); isnt(rc, 0, 'RFC 2181 policy checks are active'); @e = split /\n/, stderr; like(shift @e, qr/NS data is an alias/, "NS data is an alias"); like(shift @e, qr/MX exchange is an alias/, "MX exchange is an alias"); is(+@e, 0, "no unaccounted errors for 2181 policy checks"); run('./validns', @threads, '-p', 'mx-alias', '-p', 'ns-alias', '-z', 'example.jp', 't/zones/mx-ns-alias'); isnt(rc, 0, 'RFC 2181 policy checks are active (individually activated)'); @e = split /\n/, stderr; like(shift @e, qr/NS data is an alias/, "NS data is an alias"); like(shift @e, qr/MX exchange is an alias/, "MX exchange is an alias"); is(+@e, 0, "no unaccounted errors for individually activated checks"); run('./validns', @threads, '-p', 'mx-alias', '-z', 'example.jp', 't/zones/mx-ns-alias'); isnt(rc, 0, 'mx-alias policy check'); @e = split /\n/, stderr; like(shift @e, qr/MX exchange is an alias/, "MX exchange is an alias"); is(+@e, 0, "no unaccounted errors for mx-alias check"); run('./validns', @threads, '-p', 'ns-alias', '-z', 'example.jp', 't/zones/mx-ns-alias'); isnt(rc, 0, 'ns-alias policy check'); @e = split /\n/, stderr; like(shift @e, qr/NS data is an alias/, "NS data is an alias"); is(+@e, 0, "no unaccounted errors for ns-alias check"); # RP policy run('./validns', @threads, '-p', 'all', '-z', 'example.jp', 't/zones/rp-policy'); isnt(rc, 0, 'RP policy check is active'); @e = split /\n/, stderr; like(shift @e, qr/RP TXT.*?does not exist/, "RP TXT is not there"); is(+@e, 0, "no unaccounted errors for RP policy checks"); run('./validns', @threads, '-z', 'example.jp', 't/zones/rp-policy'); is(rc, 0, 'RP policy check is inactive'); run('./validns', @threads, '-v', 't/zones/ttl-regression.zone'); is(rc, 0, 'ttl regression parses OK'); like(stderr, qr/ns\.example\.com\.\s+IN\s+600\s+A\s+192\.0\.2\.1/, "Default TTL changes correctly"); run('./validns', @threads, '-v', 't/zones/misc-regression.zone'); is(rc, 0, 'misc regression parses OK'); like(stderr, qr/"alias"/, "We parse \\nnn in text correctly"); like(stderr, qr/"";"/, "We parse \\\" in text correctly"); run('./validns', @threads, '-v', 't/zones/ttl.zone'); is(rc, 0, 'ttl test parses OK'); like(stderr, qr/ns\.example\.com\.\s+IN\s+600\s+A\s+192\.0\.2\.1/, "Default TTL changes correctly"); like(stderr, qr/\s+example\.com\.\s+IN\s+200\s+NS\s+ns\.example\.com\./, "TTL without default picked up correctly"); # DNSKEY extra checks run('./validns', @threads, 't/zones/dnskey-exponent.zone'); is(rc, 0, 'dnskey parses OK without policy checks'); run('./validns', @threads, '-p', 'all', 't/zones/dnskey-exponent.zone'); isnt(rc, 0, 'dnskey extra checks fail'); @e = split /\n/, stderr; like(shift @e, qr/leading zero octets in public key exponent/, "leading zeroes in exponent 1"); like(shift @e, qr/leading zero octets in public key exponent/, "leading zeroes in exponent 2"); is(+@e, 0, "no unaccounted errors for DNSKEY policy checks"); # issue 36: https://github.com/tobez/validns/issues/36 - $include implementation run('./validns', @threads, 't/issues/36-include/empty-include.zone'); isnt(rc, 0, 'empty include detected'); @e = split /\n/, stderr; like(shift @e, qr/\bINCLUDE directive with empty file name\b/, "Expected error with empty INCLUDE"); is(+@e, 0, "no unaccounted errors for empty include"); run('./validns', @threads, 't/issues/36-include/missing-include.zone'); isnt(rc, 0, 'missing include detected'); @e = split /\n/, stderr; like(shift @e, qr/\bNo such file or directory\b/, "Expected error with missing INCLUDE file"); is(+@e, 0, "no unaccounted errors for missing include"); run('./validns', @threads, '-v', 't/issues/36-include/include.zone'); is(rc, 0, 'zone with nested includes parses ok'); @e = split /\n/, stderr; for my $rx ((qr/\d:\s+example\.com\.\s+IN\s+\d+\s+NS\s+ns\.example\.com\./, qr/\d:\s+inc1\.example\.com\.\s+IN\s+\d+\s+A\s+11\.11\.11\.11/, qr/\d:\s+inc2\.inc1\.example\.com\.\s+IN\s+\d+\s+A\s+55\.55\.55\.55/, qr/\d:\s+inc1\.example\.com\.\s+IN\s+\d+\s+AAAA\s+1111::1111/, qr/\d:\s+example\.com\.\s+IN\s+\d+\s+A\s+99\.99\.99\.99/)) { my $ok = 0; for my $e (@e) { $ok = 1 if $e =~ $rx; } is($ok, 1, "found expected record with correct ORIGIN tracked across INCLUDEs"); } # issue 21: https://github.com/tobez/validns/issues/21 run('./validns', @threads, '-t1345815800', 't/issues/21-nsec3-without-corresponding/example.sec.signed'); is(rc, 0, 'issue 21 did not come back'); # issue 24: https://github.com/tobez/validns/issues/24 run('./validns', @threads, '-t1345815800', 't/issues/24-delegated-nsec3/example.sec.signed'); is(rc, 0, 'issue 24 did not come back'); # issue 25: https://github.com/tobez/validns/issues/25 run('./validns', @threads, '-t1345815800', 't/issues/25-nsec/example.sec.signed'); is(rc, 0, 'issue 25 did not come back'); # issue 41: https://github.com/tobez/validns/issues/41 run('./validns', @threads, '-t1345815800', '-pksk-exists', 't/issues/25-nsec/example.sec.signed'); isnt(rc, 0, 'KSK policy check fails'); @e = split /\n/, stderr; like(shift @e, qr/\bNo KSK found\b/, "KSK policy check produces expected error output"); is(+@e, 0, "no unaccounted errors for KSK policy check"); run('./validns', @threads, '-t1435671103', '-pksk-exists', 't/issues/41-ksk-policy-check/example.sec.signed'); is(rc, 0, 'signed zone with KSK parses ok when KSK policy check is active'); run('./validns', @threads, '-pksk-exists', 't/zones/galaxyplus.org'); is(rc, 0, 'unsigned zone ignores KSK policy checks'); # issue 26: https://github.com/tobez/validns/issues/26 run('./validns', @threads, '-t1349357570', 't/issues/26-spurios-glue/example.sec.signed.no-optout'); is(rc, 0, 'issue 26 did not come back (NSEC3 NO optout)'); run('./validns', @threads, '-t1349357570', 't/issues/26-spurios-glue/example.sec.signed.optout'); is(rc, 0, 'issue 26 did not come back (NSEC3 optout)'); run('./validns', @threads, '-t1349358570', 't/issues/26-spurios-glue/example.sec.signed.nsec'); is(rc, 0, 'issue 26 did not come back (NSEC)'); # issues about NSEC chain validation raised by Daniel Stirnimann run('./validns', @threads, '-t1361306089', 't/issues/nsec-chain/example.com.signed'); is(rc, 0, 'all is good when all NSEC are there'); run('./validns', @threads, '-t1361306089', 't/issues/nsec-chain/example.com.signed-without-first-nsec'); isnt(rc, 0, 'zone without first NSEC returns an error'); @e = split /\n/, stderr; is(scalar @e, 1, "only one error here"); like(shift @e, qr/apex NSEC not found/, "apex NSEC not found"); run('./validns', @threads, '-t1361306089', 't/issues/nsec-chain/example.com.signed-without-last-nsec'); isnt(rc, 0, 'zone without an NSEC returns an error'); @e = split /\n/, stderr; is(scalar @e, 1, "only one error here"); like(shift @e, qr/broken NSEC chain example.com. -> domain1.example.com./, "broken NSEC chain detected"); # IPSECKEY tests run('./validns', @threads, 't/zones/ipseckey-errors'); isnt(rc, 0, 'bad zone returns an error'); @e = split /\n/, stderr; like(shift @e, qr/precedence expected/, "bad-precedence 1"); like(shift @e, qr/precedence range is not valid/, "bad-precedence 2"); like(shift @e, qr/gateway type expected/, "bad-gw-type 1"); like(shift @e, qr/gateway type is not valid/, "bad-gw-type 2"); like(shift @e, qr/algorithm expected/, "bad-algo 1"); like(shift @e, qr/algorithm is not valid/, "bad-algo 2"); like(shift @e, qr/gateway must be "\." for gateway type 0/, "gw-not-dot"); like(shift @e, qr/cannot parse gateway\/IPv4/, "bad-ip4 1"); like(shift @e, qr/gateway\/IPv4 is not valid/, "bad-ip4 2"); like(shift @e, qr/gateway\/IPv4 is not valid/, "bad-ip4 3"); like(shift @e, qr/cannot parse gateway\/IPv6/, "bad-ip6 1"); like(shift @e, qr/gateway\/IPv6 is not valid/, "bad-ip6 2"); like(shift @e, qr/cannot parse gateway\/IPv6/, "bad-ip6 3"); like(shift @e, qr/cannot parse gateway\/IPv6/, "bad-ip6 4"); like(shift @e, qr/garbage after valid IPSECKEY data/, "garbage-key"); # Verify that "." is 00 and not 00 00 run('./validns', @threads, '-t1361306089', 't/issues/dot-is-single-zero/example.sec.signed'); is(rc, 0, 'dot is zero, all is good'); # Check rare RRs run('./validns', @threads, '-t1365591600', 't/issues/lots-of-rare-rrs/all.rr.org'); is(rc, 0, 'rare RRs are parsed correctly, all is good'); # Stuff containing '/' in various places (issue #29) run('./validns', @threads, 't/issues/29-slash/example.com'); isnt(rc, 0, 'zone with slashes returns an error'); @e = split /\n/, stderr; like(shift @e, qr/host name contains '\/'/, "slash-A"); like(shift @e, qr/host name contains '\/'/, "slash-MX"); like(shift @e, qr/host name contains '\/'/, "slash-AAAA"); like(shift @e, qr/NS data contains '\/'/, "NS-slash"); # DS does not mean the zone is signed run('./validns', @threads, 't/issues/ds-does-not-mean-signed/example.com'); is(rc, 0, 'DS does not mean zone is signed'); # issue 32: support ECDSA and SHA-256 for SSHFP: https://github.com/tobez/validns/issues/32 run('./validns', @threads, '-t1378203490', 't/issues/32-sshfp-ecdsa-sha-256/example.sec.signed'); is(rc, 0, 'issue 32: SSHFP supports ECDSA and SHA-256'); # issue 34: multiple time specifications run('./validns', @threads, ('-t1501789043') x 32, 't/zones/example.sec.signed'); is(rc, 0, 'valid signed zone parses ok'); run('./validns', @threads, ('-t1501789043') x 33, 't/zones/example.sec.signed'); isnt(rc, 0, 'too many time specs'); @e = split /\n/, stderr; like(shift @e, qr/too many -t/, "too many -t"); run('./validns', @threads, '-t1501789043', '-t1303720010', 't/zones/example.sec.signed'); isnt(rc, 0, 'multitime: valid signed zone with timestamps in the future'); @e = split /\n/, stderr; like(shift @e, qr/signature is too new/, "multitime: signature is too new"); run('./validns', @threads, '-t1501789043', '-t1561789043', 't/zones/example.sec.signed'); isnt(rc, 0, 'multitime: valid signed zone with timestamps in the past'); @e = split /\n/, stderr; like(shift @e, qr/signature is too old/, "multitime: signature is too old"); # issue 51: support curved algorithms run('./validns', @threads, '-t1459259658', 't/issues/51-support-curved-algorithms/13.example.com.signed'); is(rc, 0, 'issue 51: support ECDSAP256SHA256'); run('./validns', @threads, '-t1459259658', 't/issues/51-support-curved-algorithms/14.example.com.signed'); is(rc, 0, 'issue 51: support ECDSAP384SHA384'); } done_testing; tobez-validns-f423245/t/zones/000077500000000000000000000000001314110214000161325ustar00rootroot00000000000000tobez-validns-f423245/t/zones/1035-with-include000066400000000000000000000011141314110214000210340ustar00rootroot00000000000000@ IN SOA VENERA Action\.domains ( 20 ; SERIAL 7200 ; REFRESH 600 ; RETRY 3600000; EXPIRE 60) ; MINIMUM NS A.ISI.EDU. NS VENERA NS VAXA MX 10 VENERA MX 20 VAXA A A 26.3.0.103 VENERA A 10.1.0.52 A 128.9.0.32 VAXA A 10.2.0.27 A 128.9.0.33 $INCLUDE isi-mailboxes.inc tobez-validns-f423245/t/zones/Kexample.sec.+005+00516.key000066400000000000000000000003231314110214000222060ustar00rootroot00000000000000example.sec. IN DNSKEY 256 3 5 AwEAAbqjCxtmin71unORku1IrrQx2S49KTmw45jnlNdreCH40YmhDZo2 6CMiVXbq29rvUDW+ZEJqVT5fd5GrA1wEEGbrudd2LDr5AedBK7fYTsZf /LEm32/Bu//KzynrJqyB4HSN3GIPbp3KYyY/Hl7HawOvWAd+tUHgUtes 4trE/4pr tobez-validns-f423245/t/zones/Kexample.sec.+005+00516.private000066400000000000000000000016511314110214000230750ustar00rootroot00000000000000Private-key-format: v1.2 Algorithm: 5 (RSASHA1) Modulus: uqMLG2aKfvW6c5GS7UiutDHZLj0pObDjmOeU12t4IfjRiaENmjboIyJVdurb2u9QNb5kQmpVPl93kasDXAQQZuu513YsOvkB50Ert9hOxl/8sSbfb8G7/8rPKesmrIHgdI3cYg9uncpjJj8eXsdrA69YB361QeBS16zi2sT/ims= PublicExponent: AQAB PrivateExponent: dCr3xt5UZiHdJAIASeFrnI1KeRVoi5gmkg3S/yLNa5fMFLZCGTMD2pqMR7B3mBZM/qa7EPvOgzw42FpxhNyit9y4K8QWkAzr3blNVXnK2OenAqNSn2zManKtaNXo6GCyUqdr0BouHA8c/Ef1rF2dG77t4AxImnvbzzz37O92h8E= Prime1: 4/Rh6A3I3ArSMN1twF3W5Y1Gsth64sJCMcZghELXQshmx9ULOElq7oB8SQwOOlxC24IRroRPc2A7DSTOKp8DfQ== Prime2: 0ZlTPN8Ce8eSJPiyLQaOqmHlZJS4hvDCLBafG5H1N7Jdo+X0jMBYlLyv2r9MD+KQQMXAB3a9rm1Lr+n3q8baBw== Exponent1: XFV2+vnqbEbt0OFAPXVFQIIzKupJDGTHT0YdfjVc4C4wg60l+Ey0xZrBvQznDniklClhZCEv1XobMT3BTL5QOQ== Exponent2: k3BsqjQh1hqkBlffVmb3colcyS0IxPuVS1g6YjWBLsXMsx9usJgZd79nYNQSWFZCrR2uIFH5yjpd9If7zh0afw== Coefficient: qFgbd33HSz3xZa+lgvNYBqnsybf6C/wDWO2RZSSxHtE8C/21VOZhr95VU0NSyWrifa0RueMOYJ59g1tk24uipA== tobez-validns-f423245/t/zones/Kexample.sec.+005+44427.key000066400000000000000000000006021314110214000222170ustar00rootroot00000000000000example.sec. IN DNSKEY 256 3 5 AwEAAeluubFtl7Qtw4TpuZl85abGI+HXO4agqzv1kSLQ5tkYFGdpZyZw QcBU2znMrdw03o6dGOEQi+FeSymycLZmtsKiODsHNwgb6qdxnYm7+n3Z iPwVhMX3gxIG64FORibWcHAyBe5AAhQAZIqveqjnY4gwdKZJSmo9ihXB kKS4yJ6UlopkkSxL1Iq9oXvWrd1ZqjQiSmLF/3juvBGjHVP4CbPiXZ70 UDay6Ysa1to1tHZSQshkRTClB+Dct8er3cZ1y62yOSbPK0SlouSRplbz +ezNyqD3c5zvz6F2AcZ4NqaTZOMWZbOowujQj3FxElaZS+/ughQZKq3O tMN8bqc0tZ0= tobez-validns-f423245/t/zones/Kexample.sec.+005+44427.private000066400000000000000000000032451314110214000231070ustar00rootroot00000000000000Private-key-format: v1.2 Algorithm: 5 (RSASHA1) Modulus: 6W65sW2XtC3DhOm5mXzlpsYj4dc7hqCrO/WRItDm2RgUZ2lnJnBBwFTbOcyt3DTejp0Y4RCL4V5LKbJwtma2wqI4Owc3CBvqp3Gdibv6fdmI/BWExfeDEgbrgU5GJtZwcDIF7kACFABkiq96qOdjiDB0pklKaj2KFcGQpLjInpSWimSRLEvUir2he9at3VmqNCJKYsX/eO68EaMdU/gJs+JdnvRQNrLpixrW2jW0dlJCyGRFMKUH4Ny3x6vdxnXLrbI5Js8rRKWi5JGmVvP57M3KoPdznO/PoXYBxng2ppNk4xZls6jC6NCPcXESVplL7+6CFBkqrc60w3xupzS1nQ== PublicExponent: AQAB PrivateExponent: IG46rDTOm8Cz5jZWi8V3XmkuuQSfB4Aw6f6e8FhXihe3Vfql0whLij3/yxLtoKdTuDqJJ1OWK3RfOubIk/7HK1lAOKsy8RR30FWPjoAoN+3OAz+2F47gjdOaSnemdWTbcCry+fu4jjDTxxTEFM043cXlnuiVxxbPpWAkCU6GyMkWB8i+VsDsuV8Yd/QF8XdobXdAcIZI/clzcy2X1duruF2L6AosZiupLcCL+lLkENCLLN8Fi45soa2IPqGFluk3APNP8mV4DeElNRAV0yD9cNxM87oJZ65/3uOQNwgZVtM+x3DcYVP+wgmzvtJqcnHg3wGFcG+Csb8q0NcQb1Oq/Q== Prime1: 9kXCiZIWsh6eyjJEvW0YEzw5wiBuK1z/C7EQvB15XJxTmjdKS/oH3mZQN+nbj3twMmoegfIMWMO/1OHYvTHD0izHy3P085HUWPUSE9PRLBaWgPFmf3lWwSykeglNHi0qadCCaYENyauh1lV4ygHvnA5noPf2gqCfdtFxTnU8auM= Prime2: 8qchj/P50tEB24DjrTLIqfqIPHas7CWKJ2eLIBUicCJ1l2oUc/ZDT+7YAwl2ule8BdAcQEpD/fo3O8wa0WSQvlBZjCgrqH3lliAMEr7GrbtmccA9VOx22fO5SnwR68Vy1ScALqIawqLPeILX4oZrdN4rhD4Z9v7Dw+RTdioJxX8= Exponent1: WjCoEvu2ZhsCqigItpq6Y2j9+hMoZacUHHMHHu1oYbs6ftLa2cJCmXc8z41MhFp/d2cXrx022lct7MedOYR9I36U2PSpc34nl0CBE1PSWeQX0DcYA30rgWlY/vxjCrcdvkzHRd4mb4H0rer1Zn2ZA7zexLuqwqISZFBFv6b9rmM= Exponent2: lXTXuUC+yViu2jJjCZTT/84uB3/ZNoJQu8CM8q/RzFuNLjvKaTpvb1Zfek9j75aGWtY58GdNxatOReiLRBm7BV2cKjW73kXdGUCX7xvOZ8eba8jKffo/ojL6F6SfrSaqehtRg2eZL/Tz8Pg2XHIK0areBs/xUi7NCWUi+w8dgaU= Coefficient: f9P8enqYy66oBCP06d3+meB0C6i6oMUKiya8FAj3g2rfTFzI07MrBcqDHzuOx0tGHM3EGDzYSwVYFXGvk7Pn8Wm8N1KpfYDQT4VnenKwV3Bo+7142Y4bsZLhTEpewgZUgkBBrFN5Ab22XudONPPXe6OqvY1aRHYVluWcJHjtyPQ= tobez-validns-f423245/t/zones/Kexample.sec.+008+48381.key000066400000000000000000000006021314110214000222250ustar00rootroot00000000000000example.sec. IN DNSKEY 256 3 8 AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg273Tp4oRpnmnmgizDFtLQh nIv1Mr3AuwSWVIDeavuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90yQwf C53hxyH10GzGnAx4Sutrdkh1w4HM1nMBdlTMa0g9yxjJ0vm/T7qHzj+3 dTUi84s8Du2mfMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB/QUuoY2F yThfidT+nhOQpzftVtLcta0E0Uv3PcVDp1d7vBXsAEYGHr54r2vb3eXd OTmoFyh/byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01u8SJYP6ULwx0 mZ0p5BmoMH8= tobez-validns-f423245/t/zones/Kexample.sec.+008+48381.private000066400000000000000000000032471314110214000231170ustar00rootroot00000000000000Private-key-format: v1.2 Algorithm: 8 (RSASHA256) Modulus: 1k6+cu1N1CN90iqofey1vu8jpsmWDbvdOnihGmeaeaCLMMW0tCGci/UyvcC7BJZUgN5q+6LJYgC1+/DLR/cRgi/xizmQOIqzw8TWT3TJDB8LneHHIfXQbMacDHhK62t2SHXDgczWcwF2VMxrSD3LGMnS+b9PuofOP7d1NSLzizwO7aZ8wPqejL6V5nYi5fuUVxrxLMM2aFQ9ORe4WsH9BS6hjYXJOF+J1P6eE5CnN+1W0ty1rQTRS/c9xUOnV3u8FewARgYevniva9vd5d05OagXKH9vJ6FSU+rWAMQfSYFGVZtQepsacrKiXPR1HTW7xIlg/pQvDHSZnSnkGagwfw== PublicExponent: AQAB PrivateExponent: LOxwy9Km3/NYqre6fjsilhW3GX1kcRiSdXFYBBr3rMtUojKvgJsTH9uUeWZvTbTdne4B6yHiqSKRA3Eki79k8i9uqMq2SsP4ju8yJZHLmzjezIfJoHrQ6BxyFcMZoWPzdZkKFKmFwrHpxjjbvFcHvfiAu025Pta9C2o/rZXYC7V3BWQowqYBfukdpZkCEhzFzEtC1ROXN4jPJBwNIma52QTLH6jK5BOfOJ5DhS1SF+r/EkuvXnylApVfjPfUIC8ocVvpn5WLoabWL+eURIi6MvVT59ppzc6WRUT2PxDskT2WUWfw3zq5B7JCM8/qfYIDUHvt1h6JcJHTAOz9Hr2f4Q== Prime1: 8UNey2U7voMhZmVUMpH5C8q7+hp6PQ6dUYd+hjaQVnsDOLPBT+zZf8R3str7pY/xlOOHy+DxYmZ0e17OumSOXTeQR4VSdsr/tpWc/qd2jd1I5N58R4G/yZHgTm8pm6VRb7NwZ7Eg6o2z0G2UEykFeberyg4U6SHBDP6DZNvGrQk= Prime2: 42XeoQUBshFkTYekdeqPfGqC1YXsK0URLGAbPbk8HlOiG7ueVmUnsAS47lyuEJPzIUgqqBbDM+CCdW8AvPJFDXa09l4akfCrLRyAdkreGj3bgmUs5wUFbDZyOHvRFSxdUI8LOcAhXthy86l+wErKwm6sWfd1oPGvMmC1qiSsW0c= Exponent1: JpdjK1+3DcNF7W4Z6LjmwFceeGQR14Bl86ubtnY14k9s9X3zVwiIxeI0T1yt0g7TUsCOcTM7CUVgLne8053QE+MWZgpSZYQVISyPX0CEOy8BQPLBqGJ9vg1idslbO3VXMGngegWgQUSHVbihbesq4AxcI0bbW2s1yRFRDSoGfpk= Exponent2: NbR7bd/21I1S+RSN/ONW2/VzzOYCLv3y3l4cUOmMj0UFRjN7Y8AkLWgQHQt6eKPYigW3PVeS5o+hgAalT/qP4GwmtQDomYsTgmX22Pk5l00AqL0oa6895p69PyXO7Yc6yqnd5te/idzo2S8wpk2DsYPd5KmS+F3cGLPKc9KRekU= Coefficient: ev+8Aj3u6mICRe6Y0NqYTGrXSBMDXf92dI4+CZtwy43cyTvvZSABWvlLTTXf8XAlnnPxszSpG7+e8bQk4A7ZIagcDFSUjzwtVoLqKqbyLPMNjJKqvGW2iTwfpXAHTadd9EmvTPsEVCJnZAvkyn9XQ49phL9IkFzj9kmSrGqnN4Q= tobez-validns-f423245/t/zones/Kexample.sec.+010+01862.key000066400000000000000000000006031314110214000222100ustar00rootroot00000000000000example.sec. IN DNSKEY 256 3 10 AwEAAcZdPacjnWNuQKCF8CPmUW1/NUxI/G7xdbwrU9lOuAD3sw14rLw2 NTzpbC/bubt2aHQ0nc1duoK0x3DjhAURWki/1O1Yvr2ffQRVpWS+WjRK CqTjuPrrdImeKdWEdnDl3l5kQpsxx++EIHrDnqiVhBHJdVB70A/I7i5/ HiD8HgVooR3IXVyxbT4walrarrhHWEBcXcNbvadg2rc492wS86zbSmK8 iV1e7t6U5iBYmsQjc7TVhBT7xqarknECGC8L/9o/R1zfSzSN+ay+dI45 t+jOOLgWp5gmjsI/mXhoO6GqX8rbZoV7/DQyAR5rATJHW1eausJhOgE2 wBJgl6V0XbM= tobez-validns-f423245/t/zones/Kexample.sec.+010+01862.private000066400000000000000000000032501314110214000230730ustar00rootroot00000000000000Private-key-format: v1.2 Algorithm: 10 (RSASHA512) Modulus: xl09pyOdY25AoIXwI+ZRbX81TEj8bvF1vCtT2U64APezDXisvDY1POlsL9u5u3ZodDSdzV26grTHcOOEBRFaSL/U7Vi+vZ99BFWlZL5aNEoKpOO4+ut0iZ4p1YR2cOXeXmRCmzHH74QgesOeqJWEEcl1UHvQD8juLn8eIPweBWihHchdXLFtPjBqWtquuEdYQFxdw1u9p2Datzj3bBLzrNtKYryJXV7u3pTmIFiaxCNztNWEFPvGpquScQIYLwv/2j9HXN9LNI35rL50jjm36M44uBanmCaOwj+ZeGg7oapfyttmhXv8NDIBHmsBMkdbV5q6wmE6ATbAEmCXpXRdsw== PublicExponent: AQAB PrivateExponent: Su1fY2nVgoBb0wakrbrK2TRqunT7PSDh2wD2vCe640qtDJKflLxZIbf+EJnLr17Ll9FkJfWYhNSqXR7jeFKUqtQjJsAV1GSRAXkkb0hjpEqveJc4ATe9Hlpq7OcLIhwCAd+XNS35mqRq7FRF8uH/MATL1mneLog0R8XmaIkzAdFYf8Sz/8v9F719QuUI7554HVbQ4tnzyfu5EannQ5fgvJAOxR6K1j3lWgIddPfXK5XBjRIN+NbQgWtQb9dTRjFpiEUMs1Wv/CcuL26NHc3HxvadVWN1X8nd5389w9kgQr7B/2rk78XLPpkxl624nb8LRlnCef3d/wcPWb5vHO7SqQ== Prime1: 5MYz2oYsBaoOgpz9rhOOMGKyflhpWxWwT5VzW1m8zPPhH89mayRZKXFJM7VkBIAF6hqJoaPmaiU336t/CedpXObYU3zlz9BnvyY0EPUNcEs/eRAlS4rEi7rVlu4gHPZHySv4vlWEH1cWUyGz2kyqrHclUa0zh3DRe39JDQjv0XU= Prime2: 3fiSdJ+xAT5VqeV8/sZ2f4gMXIKWu8DnJS7VVEmG3a1VwZP5bdUosBKzX9yqcCdgpsRhIrQ2GTZNoiF1lG7H0QZXa5UUGOmHwRygk28Idi9oa6ng+JOJ5CgCLht5r0tlhILZ4kSPhLXD3oqF50WqfRRCEUblaWEikpd6mkj7JYc= Exponent1: 5GE4wp3OtJjfg2RVmsHK4GKm7Zo1EsjECa6YSkl7QN71jlvtUmgm2khNW2FpR1TGkr2LR+Hm02/0J0V8vNZXSHbq3e2BPcQ+zYPF1mfL0p5L7v8/O/p720HYl6OAS2lQoHNVDi0wiFjX4IV0liiS+Ti3+KF/H2ZwuWiH9ItHXUE= Exponent2: mfX9F5lgO72Ry2sa/NiJfsHN2SjXBlmxue+3FmR9gCrnTYKmwpDUTPRbqIU1Tt9xQZr6yQh4cZph1LAijxcbz5b3ce6QZwssFz0U/85G7zrI0cyd96zWOwOpJ3P1PiosuvHL0Q6/AUzWE/i/EgAXVfSEMtma7DHsugMJjhRK5uc= Coefficient: COuG9MOOzI/18yIY4sNYvz/9G7GCwrMa48PQKtjj/NOTPb1+z3cuZCM57NYGYOBlEsj7rADSrQ8b/0lJph4qUSEefiDxyk0wGgmvh+QGPxNjMouqgy22Kf65k2NwbunBSo/ZrKpN0N6Pb06BRrKuhVLEw/Tvsfx/IrbhYFILLHQ= tobez-validns-f423245/t/zones/Kexample.sec.+012+50458.ds000066400000000000000000000003071314110214000220360ustar00rootroot00000000000000example.sec. IN DS 50458 12 3 2e40b2a6ccd2760ec70af69d1c144064c8931e53a6b3eee78bdb9e0bafbb9c02 ; xerig-bosep-kufot-datib-vucob-petin-toluc-gubuk-gidyn-faleh-fenor-ferav-lydat-rolib-rirur-rulab-daxux tobez-validns-f423245/t/zones/Kexample.sec.+012+50458.key000066400000000000000000000002321314110214000222150ustar00rootroot00000000000000example.sec. IN DNSKEY 256 3 12 XnGVpOY8yAhHyYXD50FS0oT6ncmCTbL0B8KoEuVraI8cy2Q6TXMlgMA5Vl10vE43EOWMVqRLr/0ETAGGNcvGlQ== ;{id = 50458 (zsk), size = 512b} tobez-validns-f423245/t/zones/Kexample.sec.+012+50458.private000066400000000000000000000002351314110214000231020ustar00rootroot00000000000000Private-key-format: v1.2 Algorithm: 12 (ECC-GOST) GostAsn1: MEYCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIwIhAOaeDNwrAtYS5g7Qtk8qPiAbIl2r33YG1QYBUFXmphAI tobez-validns-f423245/t/zones/dnskey-exponent.zone000066400000000000000000000023021314110214000221570ustar00rootroot00000000000000nz. 86400 IN SOA loopback.dns.net.nz. soa.nzrs.net.nz. 2012012024 900 300 604800 3600 nz. 86400 IN NS ns3.dns.net.nz. nz. 86400 IN NS ns4.dns.net.nz. nz. 86400 IN NS ns7.dns.net.nz. nz. 86400 IN NS ns6.dns.net.nz. nz. 86400 IN NS ns2.dns.net.nz. nz. 86400 IN NS ns5.dns.net.nz. nz. 86400 IN NS ns1.dns.net.nz. nz. 3600 IN DNSKEY 257 3 8 ( BAABAAGwfTiEoh71o6S55+Mdy1qqVRnpKY1VHznrv+wx rPfvRGB5VivFFPFN+33fsaTxJQTceOtOna7IKxTffj6p bBG4a9vtk2FqF551IwXomKWJnzRVKqYzuAx+Os/5gLIN BH7+qRWAkJwCdQXIaJGyGmshkO5Ci5Ex5Cm3EZCeVrie 0fLI03Ufjuhi6IJ7gLzjEWw84faLIxWHEj8w0UVcXfaI 2VL0oUC/R+9RaO7BJKv93ZqoZhTOSg9nH51qfubbK6FM svOWEyVcUNE6NESYEbuCiUByKfxanvzzYUUCzmm+JwV7 7Ebj3XZSBnWnA2ylLXQ4+HD84rnqb1SgGXu9HZYn ) ; key id = 2517 nz. 3600 IN DNSKEY 256 3 8 ( BAABAAGD+q3p2XDCb6SvAbACB/NPdljxhpBx2O9ZnvF2 OYb6kViMJ5dgxYDcFtvL5RW31Bc7UDvseoQPUK1wora3 BtUTylo1xd5PN/lV600mrNGRxfmw77Hen/MXH5GQrjaj O+rFP1xce1/jdyvCciJzrYRcPL9p4c/eGoJK3ZMubiu1 OQ== ) ; key id = 27212 tobez-validns-f423245/t/zones/dsset-example.sec.000066400000000000000000000012301314110214000214530ustar00rootroot00000000000000example.sec. IN DS 516 5 1 E9EAC4E17B2C685DCBF22768F88F53FEACC9E6C7 example.sec. IN DS 516 5 2 C4829C804FA64A94CDAA4DF4B518BC04EBA481F8E9D942BCF6D16C7C 990CDD7A example.sec. IN DS 1862 10 1 79ABD351E694950578C959D64EE5BE8987A5C33B example.sec. IN DS 1862 10 2 9BDEA651EFD16EF8F24F281A2D179B74D63F53FE943A117F7E5BEFE6 BBDEE179 example.sec. IN DS 44427 5 1 5A3DC3A2174039C0879C28713CC99D3939448A53 example.sec. IN DS 44427 5 2 2D6952FA00E1478E3DFF55FF699ABE3E1A27555194375CA1EDB756C3 BD1EB462 example.sec. IN DS 48381 8 1 99477B577BF885AB2512B8DCA052D7B71DD968BA example.sec. IN DS 48381 8 2 E5411AAE0758711B164730F9069CCFA3CAB00391FDD76D04EB3E8610 CAA09E93 tobez-validns-f423245/t/zones/example.sec000066400000000000000000000201331314110214000202600ustar00rootroot00000000000000$ORIGIN example.sec. $TTL 5M @ SOA ns1 hostmaster 42 1H 30M 1W 5M $INCLUDE Kexample.sec.+005+00516.key $INCLUDE Kexample.sec.+005+44427.key $INCLUDE Kexample.sec.+008+48381.key $INCLUDE Kexample.sec.+010+01862.key NS ns1 NS ns2 MX 5 mail SPF "v=spf1 a:mail.example.sec -all" A 3.4.5.6 RP some.mail.box @ TXT "Responsible person" CAA 0 issue "example.sec" ; fine CDS 50458 12 3 2e40b2a6ccd2760ec70af69d1c144064c8931e53a6b3eee78bdb9e0bafbb9c02 CDNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ns1 A 1.2.3.4 ns2 A 5.6.7.8 mail A 2.3.4.5 www CNAME example.sec. _443._tcp.www IN TLSA ( 0 0 1 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e971 ) _8443._tcp.www.example.sec. IN TLSA ( 1 1 2 92003ba34942dc74152e2f2c408d29ec a5a520e7f2e06bb944f4dca346baf63c 1b177615d466f6c4b71c216a50292bd5 8c9ebdd2f74e38fe51ffd48c43326cbc ) _25._tcp.mail IN TLSA ( 3 0 0 30820307308201efa003020102020123 ) c93f1e400f26708f98cb19d936620da35eec8f72e57f9eec01c1afd6._smimecert.example.com IN SMIMEA ( 1 1 2 92003ba34942dc74152e2f2c408d29ec a5a520e7f2e06bb944f4dca346baf63c 1b177615d466f6c4b71c216a50292bd5 8c9ebdd2f74e38fe51ffd48c43326cbc ) delegation NS ns1 delegation NS ns2 delegation DS 60485 5 1 ( 2BB183AF5F22588179A53B0A 98631FAD1A292118 ) ghost NS ns1 ghost NS ns2 ghost DS 50458 12 3 2e40b2a6ccd2760ec70af69d1c144064c8931e53a6b3eee78bdb9e0bafbb9c02 ; xerig-bosep-kufot-datib-vucob-petin-toluc-gubuk-gidyn-faleh-fenor-ferav-lydat-rolib-rirur-rulab-daxux sha384 NS ns1 sha384 NS ns2 sha384 3600 IN DS 10771 14 4 ( 72d7b62976ce06438e9c0bf319013cf801f09ecc84b8 d7e9495f27e305c6a9b0563a9b5f4d288405c3008a94 6df983d6 ) ; and let's have some glue delegation2 NS a.ns.delegation2.example.sec. a.ns.delegation2.example.sec. A 8.8.1.1 ; more glue bugs to catch delegation3 NS delegation3 delegation3 A 1.2.9.253 ; more glue bugs to catch delegation4 NS delegation4 delegation4 AAAA 2001:2010:1::feef public HINFO "i386" "FreeBSD" LOC 55 40 15.258 N 12 41 56.378 E 9.57m 10.00m 10000.00m 10.00m lets.introduce.some.empty.terminals CNAME example.sec. jumphost SSHFP 2 1 123456789abcdef67890123456789abcdef67890 cert CERT URI 0 0 V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBtYXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBpbiBnZW5lcmFsLg== alias DNAME anotherone.sec. ;; XXX BIND does not have those yet| host1 IN NID 10 0014:4fff:ff20:ee64 ;; XXX BIND does not have those yet| host1 IN NID 20 0015:5fff:ff21:ee65 ;; XXX BIND does not have those yet| host2 IN NID 10 0016:6fff:ff22:ee66 ;; XXX BIND does not have those yet| ;; XXX BIND does not have those yet| host1 IN L32 10 10.1.02.0 ;; XXX BIND does not have those yet| host1 IN L32 20 10.1.04.0 ;; XXX BIND does not have those yet| host2 IN L32 10 10.1.08.0 ;; XXX BIND does not have those yet| ;; XXX BIND does not have those yet| host1 IN L64 10 2001:0DB8:1140:1000 ;; XXX BIND does not have those yet| host1 IN L64 20 2001:0DB8:2140:2000 ;; XXX BIND does not have those yet| host2 IN L64 10 2001:0DB8:4140:4000 ;; XXX BIND does not have those yet| ;; XXX BIND does not have those yet| host1 IN LP 10 l64-subnet1.example.com. ;; XXX BIND does not have those yet| host1 IN LP 10 l64-subnet2.example.com. ;; XXX BIND does not have those yet| host1 IN LP 20 l32-subnet1.example.com. sec-00 IPSECKEY ( 10 0 0 . ) sec-01 IPSECKEY ( 10 0 1 . AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) sec-02 IPSECKEY ( 10 0 2 . AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) sec-10 IPSECKEY ( 10 1 0 192.168.1.10 ) sec-11 IPSECKEY ( 10 1 1 192.168.1.11 AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) sec-12 IPSECKEY ( 10 1 2 192.168.1.12 AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) sec-20 IPSECKEY ( 10 2 0 2001:2010:1::20 ) sec-21 IPSECKEY ( 10 2 1 2001:2010:1::21 AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) sec-22 IPSECKEY ( 10 2 2 2001:2010:1::22 AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) sec-30 IPSECKEY ( 10 3 0 some.name. ) sec-31 IPSECKEY ( 10 3 1 some.name. AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) sec-32 IPSECKEY ( 10 3 2 some.name. AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) sec-mixed-30 IPSECKEY ( 10 3 0 sOme.naMe. ) sec-mixed-31 IPSECKEY ( 10 3 1 Some.namE. AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) sec-mixed-32 IPSECKEY ( 10 3 2 soMe.NAme. AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) tobez-validns-f423245/t/zones/example.sec.signed000066400000000000000000004423551314110214000215460ustar00rootroot00000000000000; File written on Fri Aug 4 16:23:33 2017 ; dnssec_signzone version 9.9.10-P3 example.sec. 300 IN SOA ns1.example.sec. hostmaster.example.sec. ( 42 ; serial 3600 ; refresh (1 hour) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 300 ; minimum (5 minutes) ) 300 RRSIG SOA 5 2 300 ( 20181212121212 20161010101010 516 example.sec. ZUaelSGCJvMFzMaQy77tad0kbZp+dbTSPSrC T3STmG8SlLx5XTU+gh9TC9gogFrBe5Yv51an aMUSREyGWgjPeGQkC4nozxnvXsqC1THqjrZz acHk96pKiUeLhCiqXXM3XLT7LS5dIwDQ6SUz b6croHRgfwhbWakKO3Y2fjQjGxI= ) 300 RRSIG SOA 5 2 300 ( 20181212121212 20161010101010 44427 example.sec. VhaLnLhWTPgDn9mxsaHekoDaoO2L2Y7nQ48/ Qf+LphujRkprAUB5p/FP+FCpuC0ZFi+6DEeA J9DB1CRxbrefursnTnM0HIGH8qv1pC5ugCWB i7St+pPPUULdxbasdVlAzEAo9L8uMx+qDl/y WEo/WCrV93FTM91rvLvd/6ZYDTHaIe4Q34xF 5wgZ72UeYwh6yb4iCaY8BT7E85vpLnb3ljn8 Sh7EyctWmJFUR6rHaMliVibGmPaYAjtl6NH9 Lv8V0H8I++EntvLCzmrICcfr/ZHbZUUdvlyh bYOhSCCbR3GEajLJ/isRJP9se5nNdmQKwOtj gpjWyP5KqOZ0a+J9zw== ) 300 RRSIG SOA 8 2 300 ( 20181212121212 20161010101010 48381 example.sec. JeQBLagZYcSSUcjMSKqDTitliweSc++0c/+c MIbUjKIySJjFbCeDX6zaZ/R7xvCC5YR+nUVn byghJZoNR7sATP5a6pT4+7u2oYOuEjryqKZm Qo+KTsbcULnuyQDGMgyDtzQAoZMVSZF88AtC bLKHHgQhsAPl+g+1zGgvFKyoqmzPHuCidSeq y0pX8IITkES+PpqgO9VHC/orfwYiTRDdunoa USPwiXUpRMXwuPH8F0/BHkf0wWnk0/9MkhZb 5Xmltt9L8BU/wO9tFWMMlvVH/CQX4swNxRlX UNDxNBboRczWb4mbnzjJRDm8V3RYlDVIh3fi pcyDncf5QtpJvKCgiA== ) 300 RRSIG SOA 10 2 300 ( 20181212121212 20161010101010 1862 example.sec. JwTWJEU0r+bSc1t5KXDRo+Ykd/EjTmpD25/O 7X14X55IWELlUV1NKHUfGAE7JcK7HUFj4ADx tKMYHU+FQRcbdzYhTLwtWLYy/kol1WHWP2Hn 9iCzY6Lx1ZHkrM23204osCor9q3+DIuTF2rT z6uDBeSF5SHCmft9SmJWFEgI9SH02Y1GDZB8 FtA+EMe3pBG8o8yJOQY2soaTiKG03ZdW9Kl6 De6Wdfg5nDeCN2idqN5l3AH+P773gnMfuaCk kRhfZ2dK++J6H/5EJ1MHd5BZ1TN71r7GSqUh +sLr/Qs68ZaSdNEF3HFLZ8Dt4gW2GvigoqTQ 947r5ge941Cro4uP7w== ) 300 NS ns1.example.sec. 300 NS ns2.example.sec. 300 RRSIG NS 5 2 300 ( 20181212121212 20161010101010 516 example.sec. l+fqpS+kssvC9xvQ06eiXo/j4UdAYdNDET6X rL/UE5RLQMT1F+n4lqFawdGEFisSF9LszgRo xS67wAHx5lrm6cfOwkVsRRL7isA/tM/RYaFS 4M0LqTuoM3pPIUr9qbFfGFRPW0IW198q2KMd pPveE8yc3AlJvaqh2/KzHNPrzUQ= ) 300 RRSIG NS 5 2 300 ( 20181212121212 20161010101010 44427 example.sec. zU6ylvFVb7xbpUbGbCwgA0xRLt/J4iZ+qYSg 93c1IN3tkNEJkcnbkJfTwxG2kpgAdOU782tY lOyNMyT9sujFVSsdMxGz4MB5x2wefaznuJRc ERGwfwxGY2Bdwe4z1/OGQhU/wppuukOR4n3P WihMo2v04TqcY8lNahglBjvKYLPDWRiW1xJI XfQg5A0pha09ykfjaDmMyvUZ1BtnWtk0r8N6 gVXDuaSWc3fqS0lcRew4PW6D37Hr0Dk4uFnx zNHY2QkejV1+FCRhZjVWzX4ycyIEHqXprWed iXnIiNdR2oYfoP8uRaSpoIhYzaXtfSvtXLQ6 KgHjjsi0LC1sb3N52g== ) 300 RRSIG NS 8 2 300 ( 20181212121212 20161010101010 48381 example.sec. uHjuwG8FbPQqBkDSCaL5FIBq7tLnIPII7vGU dLN07Fb8jrCqYKiYtBWXn44JSRnhr+lJsbrh qTUkKmqL/jBSQwwv5nWs+Xq93/FHfzBLsM0b 2YDVTCbFYY0ui0TU2BDmdkCeQbmcQXPI6Oer l5GILqLmlsnW5ka/jBA3j3jUBRFtVM2uTKTZ XUkzQAhA3F63UfnVaZUwA79ix53BvmnefD19 V6yJ2fCs5Prw3jWtvQCz4qDOM+MnNmxeIYZQ jL/iW62FadgScYPSq0pPYYCJbPTMJUnTlfsa L2DRZ7D496e7XvgjP7yui+V9s5E+3/3fOZmw 9hVp2SL65Esw48lmQg== ) 300 RRSIG NS 10 2 300 ( 20181212121212 20161010101010 1862 example.sec. RqC1fn5PA7hDmsv8/ZywJWMGF5NJAsCHZbs/ 0619xJe62kVDzky2pIT7C5XiDRwAdpvZeCh4 0CRYA6ejFqQLai3oVuvcZFSenQJNmRxzuH/Z 2hq84kGz/3bsEL/GQd3zyL9mNO7xgm56dm7m q+UIxNwx8FFOVVUBKSSDjsnCVNTZKYmwIZV3 L2KdaKwOn6Jl4g4ZKuFlKyPadJM8tAO+Gjd6 YJksXWWIiOoqpNwuh/S/9G9iveWxziHM35yu 8Fs3Ty1oYSKnzWSDgfFfnKeGelcgNk/9KB8f 8OHUWAApgWc2qbSxlhrs5McTKyhcdBAnqzbK WjgUVosg4Jnjn6mkzg== ) 300 A 3.4.5.6 300 RRSIG A 5 2 300 ( 20181212121212 20161010101010 516 example.sec. q9IkSE8SR3e6sFKsFyHl82mKw1yDvlnHEUnH T3dHAyymmteFobaCSQqLTf7yWu8yu65kam8c g8vUm+VLDEeqAlXTXqDlNcUhPsIYQbHvdSr/ 4toES5X9eWZL3Qrcjjn5qarpIcz3woiD6d2I CHmeUgyU4ZCfgKp7kX2bmSj7a6c= ) 300 RRSIG A 5 2 300 ( 20181212121212 20161010101010 44427 example.sec. ZKGRCTHYjDBFSHJ2tyeo0kUhJaUdKgpO3CPx EYtOak3I4HBFUn20GvxV6gA04g6wqWUzJlmt 1vzW/x954Fbz5Xz6N3JDFMmNRdXcqFqpGTXL zuGyMA2yo3O3sFUXOl9Yp1P6/LDApHS6teJo Kt8Cibn++ZrcgV9iF2cc8i3e0KJ/14LexPSw d39iokwrc0K5FECT8BhQ1Tv8uuDjOOA5WOQr 9cslS2bR96gcBXHCVF9IA2ZfgUvpbGvYX7gI 93Ke5wWxfT7QQkhP7Ux0ulEsNVXTxbDkqgJV 5CsyxBOKQDWCc5iQ/IgQY2N9BW8sd9lZ+lgl XoFm3smgQQBd9lt4VQ== ) 300 RRSIG A 8 2 300 ( 20181212121212 20161010101010 48381 example.sec. qfWdvC+YOs8XEdMzPOgk3QeWMH5pLTy6Emea k53wChLO5J11ZVGRsILxP7ewn0VFmI+nzD5t QTvhSeaJlotPkgGaL6UOZ1SKQ2TurGbU0zpO /YkSTCGg9trliIPSafs6NEQrXCtyG889H8GZ pCZJ5YhNz22/F9/0vOfGrVlA9ZCLYOOwlx0t Um8cmyzWqOud7Et0AzF1t1D78iPxJ21/E0IE T36lf14IsoJNkcSZcEEg8Rc27vSQsBSUfIFh mjSmLmnHRwsAG26XqJ7enaGw2lq0XDDMzaFI MvdTfsmmUmhXXLUyuLPtYURYkgCvygI4uZas 2xs74kWMFcRY4UxTRw== ) 300 RRSIG A 10 2 300 ( 20181212121212 20161010101010 1862 example.sec. dunBRK95/L3G4kIgV05yUMk4KeM1kuwpmtMe DpMxGCt4sG7M43zmcTN4lvcBPVu+pJUPmiFb 3DnF0+R/9wEpy06s4ldITPCxRZnfNpYZowUk ThrnO6GK3CC7E3Z89l4p9waBb45Ej3igEZ0S 8s4RNQhgKUdEnmx8uR9Qhzg0Ep48saui7vrv gsmf6xLopwcyaIRYaKzhmI8aAeBSE22Dh3hd x/Pp1W60r0ZHUcH9r+p8dpaesbSvRWbhKuBc TUSEaL5adDUVLLfa17+waGlZOFRHX92P83zH ChaLEKBDJt0RRversJ+fzFwRfxELYlOyYzD5 qqVmnfrd+adA7SuQHg== ) 300 MX 5 mail.example.sec. 300 RRSIG MX 5 2 300 ( 20181212121212 20161010101010 516 example.sec. j6ABEspumt737VkKITDnM6TZ3hyGqUsKQDsb yHl2FEoebBXr37+6e/0WvoH1NFovuM1PEDTL lwJvv/YdNHgUmNphP581vUQter9/xMJXLwBR 3BHcV3r1+djzRIJ1m4ZUXQ9Ph+B4hkL08/cy QSiVR7FHEMLS63nVyo/YKhvMLWE= ) 300 RRSIG MX 5 2 300 ( 20181212121212 20161010101010 44427 example.sec. qbcrNIqYGCAMB9+lVjpx+P8yAn43Y19uYbIa YQza9Vf2d7p6cosbcONv0j2WjTTImXbvooot RYyLHrwD9NwBMxhH4KD8am/tsgGouX6Bz7Nx kglq9UbRSRDybtEXbbSRXHh5WqGdifzmvKMT 036OX6FwLoKLOvgHcEx+CyiW9Ype10LIhkpY VMedUPynLpXX8q3wqDOW3dK8XxEMQAr4/FYU pVj4cySRQTygwOfFHpLI5yPsm5VuWNLQ1TKX gLuDZfWLxrBQr/xK3RdVWTACo11JW1BDsRKQ DNjHbcng7SOFzkYzgV+BnMXy8n0gXqnL+718 PffuMjRCkljCibvklA== ) 300 RRSIG MX 8 2 300 ( 20181212121212 20161010101010 48381 example.sec. yf1HatMaCU0CDEaCgtYKYzF4DlpnOBLQTHdX tn3Lh6unhrn39WlHivLzDoWksGuE3HI/z831 iRT7iG85aqRlgQpX8nldszwKQMC7KUh0R9nL dsLZvHhEmUduo8dudHuGEcAjDUw2M0dT2ReR wLZb0wiGowmDTT2u3RhHsSW3hDYf9KVsQBf2 G4ax7Oa2jdc/1y/hFJJGuJ4RmADMKGBKwgU3 LQyvr12onH+SomYv7Wufa+IKxwLVVHRcP1+X yx9vTixTcTJc5iNKxa7bZwVwtK9HRYSxlbF/ 6T4+JX6RFcY0pWwFfvkNl15NPqTZyiYJzdr3 5xcOWMMnvD7oVygz4g== ) 300 RRSIG MX 10 2 300 ( 20181212121212 20161010101010 1862 example.sec. AgetqsB/CZ/UjSj06mTeO1WM1UzfUxmuKIe3 Ls+P1yYJBwv7S03HO62uuuU3c2cvcv2S/vR4 bAeU8cS80cz05xQHMOvyvU5qesJuSM7/x6n1 MV2rnr68KxlFev/ihZTDxY/VNykr0Zh+abNq aYrXROCjMak5XY7GJtxhhC/guZWTHKaYYMW7 7AyD/KJQy3t4horHs1qRMLYVaB/Hmg4wlNwh HMvqfyQpPtKvq6fUX9DBo1WxAmkoJQ8C5VG8 P84IlLD4raAPpmKeb1k+Y9uh3mU5CTNrYluX mgVTyqQljzutS8efQLwU38turMxqgFdABEdT 4Fov31RylTYYHCpq8A== ) 300 TXT "Responsible person" 300 RRSIG TXT 5 2 300 ( 20181212121212 20161010101010 516 example.sec. hOqntsY0coi126BO7dw/eTlLhiVA1DDo7/cY MHxaPAxvLpU2QPkvgie5T1eNwvJoezQPqieW QA21Naq0hH4x4YAPSDVwhDmKQ7bZJm7HeWxE EAA3TIr2tic5FI7kqhHeczvYX9CIB7lMA3Jv kH7xUYJrBLO15f7vrEV7yifJX6Y= ) 300 RRSIG TXT 5 2 300 ( 20181212121212 20161010101010 44427 example.sec. VoRm9hszby6JmfJ7rAhTTvsR3C78pkJVy63a Xi+Bx6q78hXFE9bGKW6qBqKxG2f6j3S+z+Na UL7QtlcYNLKVWgvaQK137pDFZMMWTp7tWYEm Omgxn3+2f+JWT/unaPWcmphlfl7fCEYqSkOs 1YYTnVuDXf91TNo+mOwMVKWu2gg7WR0jp+Ky f1/2jm9jt8zv/0vlbOcMP5DqLU6ajF2Lqh0R e2gr3812E3QigpG92E3Eq3H+mZUKdzuBqHec B2j1iKEqfGpykLkzblvuzEUY1AL6nrOYvxkE 4SnW7B09qh1A3opM0y3XZGm/DY+fjq32PC6A DHTdTuz+ftk6tOMMKw== ) 300 RRSIG TXT 8 2 300 ( 20181212121212 20161010101010 48381 example.sec. V6tkO6CFnsbBXhDYWuEnppbtLN62nD9q8LVw fAv6/jRAfw9+gJw3rUNaFg9sFwjhK4wY7FZj +JbUDX7izurv5udlORXkdMODC874kVdrbJ1q sE0JMu6lrzmi6PopiYeb7AEduXFJzktFIaio dCbhu9ZY3k0s7Z1Aox6cVzYH+KljAgvrsItJ olPKJpPajjZGJeS7LMxIcuLs3+LMfVl27Ehj Z8PBfomJ5AXShwdCJ8BzyD2ue3L0HKnMLG86 +zTPVrjq+d+bxP4YfkYlpHQQ0cO1U0CkVlAz 2yw006HbE5n9hjyLwNu+p51eDWBo57LHrxO/ CkM5kIxNl7fyq2T7JQ== ) 300 RRSIG TXT 10 2 300 ( 20181212121212 20161010101010 1862 example.sec. fC7OMWgo/mj4cPKb19Npao6fPdso8/9zhLjN YAN8D3bTeAoioW3rJTCM6Jejx/KfPaXDyQ3u JeBO5xC5rGuE/RpGphVmJOp/2kFvlamqoP1R PgKfQC7lOcIQlr+LEE5FSUwLRgWsgeQS0waI AiWbdH+X+lFPBl8Els99WWcG95VzzMqC9r5g FB85E3LkLqLWoX+NJNGHVnA4c5M9m/OKBdF/ 4BckVUbGYx0piazHcCEvPQC1vYoxvBw7U6ac fz6vmYzNEBE+YAQi0bCSEjWxWDP/Qhl2UBBU OuyKFo1TteeBnvPSkGU8YludcfYHOMyIlSCS pgCM7uEM5PUAka1zmg== ) 300 RP some.mail.box.example.sec. example.sec. 300 RRSIG RP 5 2 300 ( 20181212121212 20161010101010 516 example.sec. Po+c+7fuZHTa+aFAWg+6Jf7zkmr3qrISwh0n 8sX+b0D1lS51TSH9ehLDSYjzVEJdGpkvun8L CfapnT2cqFvRZ2KN+7UBEbRjCdIYSfLvDWaC 9hqglmtxuKcH6mR3cbBFbB5x3qm3qQBh4CL3 5g/VH3btSpfLA5wq7DKJw4iEHB0= ) 300 RRSIG RP 5 2 300 ( 20181212121212 20161010101010 44427 example.sec. KMiPSeGt1Go/WLm2Gzs3F9SNXtm2dndVRlfl qvgNlyx/fpzNvW6DI0fLeTTTrZZy/nDsRgbr AbEqO7aCV1wQbGb+dZLGyyNp+VUkN4fbzgt4 yH0mYU5ba0e0Uktpnx7PZMdbzfcK6C1riNBi M5B9hFphPcLZp7INI5JmfsZaWIKEOGrSCq6I rKVrt9XA1m0lL3Wo7e3W8bz9xw9WKhObvdv7 Txx3b/ofL/PQBFiM2DLq7aJq+7BzLQ37UxqI mfbup3qpUPON6kKmMmY5PTTg5XdNcOqgTRzs 3eXVJOkiXCaxnhMGZjPJJUOegRSpAguO5avE 3qIoqGFSZy+WXuDzxg== ) 300 RRSIG RP 8 2 300 ( 20181212121212 20161010101010 48381 example.sec. yGFkdmcp30W22O5x3rQ+mIBM0JUZUyAUKN8R 9RK1RAqw4BWmUwH5ZY5srve7QGirPNQSU+sr lUZ5dwOrqqd3wfqfhQsnovfsnXdrDOcpt2Nj VJWnFY8uyUAfSPhhSPgOnzRJtV7WniV8G/vM 6ctiwxQQZKigKEiPMAj61AO9nZgiR/Jp3Xav yg8aeQvdPJ9TQF6xxlcRwfAINO1Ba3twvOp/ t+nEETzM/KLyxy9QRh2WaosxdB8seDOoFvW2 CU/z3ALKzwYtbNjxFNkJBfJqYl3GH+rf/V3X rO0hqk/GptdPtQ0Vi0F9H3adMUYpCavAE9Dm slXrCvKeq6b+16f+Xg== ) 300 RRSIG RP 10 2 300 ( 20181212121212 20161010101010 1862 example.sec. DW/0qQc6HV/qEEjmi7c3blTZAUajQT8Wll45 ASYH4rqfwwTgHt9zSujALbDLuvN4Hi5z6qu/ 2xTGfnXj96YTvjYf7FHBWuCk/TH32bbo30zJ SHK+tWJmeMvUg4WnIgutXlbH0veGw/dYXyn0 UuTX2K1kJvDNl76AaaqfRjF5jMXLQdJ8/115 jRRC2t/xcuPQfzzPmFlTWG8yzjYQ4v2q74T9 6W4r03tbvuLXlfC3+OBbyqQLCIIvgt2nmffW IHuLZZm67TD/XdMbeZ4Skqlx/WjrIs6kOZGf 1f4T+fUmq4SDzbTw7qZ/wpC7a/FMoewKshJz CLI5G6UHTnuq098zvQ== ) 300 NSEC alias.example.sec. A NS SOA MX TXT RP RRSIG NSEC DNSKEY CDS CDNSKEY SPF CAA 300 RRSIG NSEC 5 2 300 ( 20181212121212 20161010101010 516 example.sec. A6DDPO48A6D8JjqHyvCPkPshwnEHzbfIQFtw 2+U+JGmN/b2/73aCZfKoF7sOS/hTv1hOwFX3 OJGMeDATZrQBdpuWEZmsxnJkOXTg+0cSrAsU 9WfsJqPcP+9uy7vyUuNTjCodjqTblFlAugTB r8BpDsXhD805y7/2pY9k1niJ7iU= ) 300 RRSIG NSEC 5 2 300 ( 20181212121212 20161010101010 44427 example.sec. pKsw4iVWwNUEdboHCHS4yeatbMSHHJY+ZTp1 6lJUSVfaT5a0dnQul47LUCXJJ+E/pUl8G9ZA O9XztxGh+4ixHpPDyro8QTkj8FQU/V5dZGFr 56NwBTHGJTI5RgAtIPmPJaeuW6OCfQscGSwE cfatGz+qCc7aK6ePVsFeT5yOD7+yutfmSgzr gpRn+NJLR76NBTf3rzIIisICXens1A2GtKUZ AuWmSRrp+wNBTpvKljRyyCZMd0rjTUCf7ZfM QiEMFBTXUEDZskHWx2fjVi3BtRtIUHXONrNX SAFQKqWDIQbegyQPhC9UWfqHaySU6Y7fj4C1 u2e1kRAnAbeB3pmRhg== ) 300 RRSIG NSEC 8 2 300 ( 20181212121212 20161010101010 48381 example.sec. VW+L1LdmUkZTXASOdkCS6536gjj2cy0aVYk2 nMAJG409aub4yKuwEnZWQZ9w95+RClowHZAA yjTW1vkANKbc/UYsIf3zZw5t6wcVDy31q/rm 7juWmR7vQOmLYlsQfKjki5qBf6OuFwr/h5G0 SNwcJjnAE0puBYzhhpTrcU9YIzkgxJFdnZii 150z9V8EYr57R1HYRoSnVHx80KieBUilWT9V EUkKAqrlKg0fXTYRlLmltWDt5BC8sg1MmbMJ OwpNalmX761h7anEuIvWFSTtGHDDrwa5DDFq fEfV4c1WeqtfIe+wLyqPHrN7X2X0jcZYWOjx eyKHIEi3aUNDdzTVVA== ) 300 RRSIG NSEC 10 2 300 ( 20181212121212 20161010101010 1862 example.sec. Hd8cbN+6kNpmQCAtjTIZC+hv8nqe7uh7bz8/ BczipNlRYc5TQ8pdK0acwWTHZxNjmC9RlKzA PTDGWmQHx2JmDSJ9aZxaA+xMfPZF5jc/Rn4G 0Escxw4wCtITQn12adpm2EVJGp2uSQLm+W12 o9ekxuVrJhKHpjqcYBNdcgDy7xD1pKVCJtKE cTeTAfTb+scRdpFJhjs12DhUdwaAcHAKxnbf EeW4yshT/UdvjD86Vb2BBySrLVtHqt2szk6o 2ed/gMMvcFaaBQ7dVxv5dQcGqb3XjYV5RZ/t RAqCGyo27eBkWdLVzu5WR2JIpgusUwULkNFl vP/trHJpqbLnRUayVw== ) 300 DNSKEY 256 3 5 ( AwEAAbqjCxtmin71unORku1IrrQx2S49KTmw 45jnlNdreCH40YmhDZo26CMiVXbq29rvUDW+ ZEJqVT5fd5GrA1wEEGbrudd2LDr5AedBK7fY TsZf/LEm32/Bu//KzynrJqyB4HSN3GIPbp3K YyY/Hl7HawOvWAd+tUHgUtes4trE/4pr ) ; ZSK; alg = RSASHA1 ; key id = 516 300 DNSKEY 256 3 5 ( AwEAAeluubFtl7Qtw4TpuZl85abGI+HXO4ag qzv1kSLQ5tkYFGdpZyZwQcBU2znMrdw03o6d GOEQi+FeSymycLZmtsKiODsHNwgb6qdxnYm7 +n3ZiPwVhMX3gxIG64FORibWcHAyBe5AAhQA ZIqveqjnY4gwdKZJSmo9ihXBkKS4yJ6Ulopk kSxL1Iq9oXvWrd1ZqjQiSmLF/3juvBGjHVP4 CbPiXZ70UDay6Ysa1to1tHZSQshkRTClB+Dc t8er3cZ1y62yOSbPK0SlouSRplbz+ezNyqD3 c5zvz6F2AcZ4NqaTZOMWZbOowujQj3FxElaZ S+/ughQZKq3OtMN8bqc0tZ0= ) ; ZSK; alg = RSASHA1 ; key id = 44427 300 DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; ZSK; alg = RSASHA256 ; key id = 48381 300 DNSKEY 256 3 10 ( AwEAAcZdPacjnWNuQKCF8CPmUW1/NUxI/G7x dbwrU9lOuAD3sw14rLw2NTzpbC/bubt2aHQ0 nc1duoK0x3DjhAURWki/1O1Yvr2ffQRVpWS+ WjRKCqTjuPrrdImeKdWEdnDl3l5kQpsxx++E IHrDnqiVhBHJdVB70A/I7i5/HiD8HgVooR3I XVyxbT4walrarrhHWEBcXcNbvadg2rc492wS 86zbSmK8iV1e7t6U5iBYmsQjc7TVhBT7xqar knECGC8L/9o/R1zfSzSN+ay+dI45t+jOOLgW p5gmjsI/mXhoO6GqX8rbZoV7/DQyAR5rATJH W1eausJhOgE2wBJgl6V0XbM= ) ; ZSK; alg = RSASHA512 ; key id = 1862 300 RRSIG DNSKEY 5 2 300 ( 20181212121212 20161010101010 516 example.sec. P4ilLbwbloDRSZMw3dHOXE2Zg/dNB6VmDPRN 8jppzAKtKWHnZ83fsPeF35PvK2paDN2kFib5 R+tcXaLVi5h97QacHoPhoqEujX9KdHkLG9yg vuJJvTgMDaKyzZPMTYUifKlzIGD4y4ChixO/ d6HUDFMrh7/5/8kpVRxndGotgSI= ) 300 RRSIG DNSKEY 5 2 300 ( 20181212121212 20161010101010 44427 example.sec. YxpolCqYSlVhnOl82FFEdaGDj9KEkfl3+x0z gHhGZ8Sbaa3MTFE6C2tsYJF3f+wsvKE/q6mH WrGalB7BAaDFOmwRmjfV0DNA0MpN5h42yHJE 5y9GXJt+5V1VXj1LdXKLLWAkNPitnrpNoB0U Ysk4X5tvcq1KrHrRH5FG6qhxaqs2TY5EFhJf HFPnLfSSOoWEADIhwoTCDtQ1EimNA/PXp45f Wh3Sb1TZZnJEXpvO55ZIMkeThZje5eQbhd5E LBol46Olx9qnCenBMuQV4JNt8u5Q+/Kznwll DVTeiRYfPEUYcEMtZrkTu5zbk19lgonPFI1h dBUv5/WqV80cQCq9Kg== ) 300 RRSIG DNSKEY 8 2 300 ( 20181212121212 20161010101010 48381 example.sec. 1TfsvBo16W3Lu9h07C0n1KmRu+tOiwzQYccB hTUWq34DeYLM3gZ1GLRzh4agva7bo9XeNZ+2 F5MoHgZE+DZbGxAVWbPcL1Eg6KB251PtEqFA 4z/Dm8VOLRWohucVwAEQOOLqDoV6pPCTYSRF TRwuUcvwENzfHRNWIergssL1CzybyCmbHZiL x1NI5yZrkioHDFxO8XELJIOqJmBkXiCgEQoH TuBOl43ulF7vu/ZCvHKHTVdNRKacxd2+YXno tlGxXp/9GdJiLqwfNqXb2eYCi9RPwIt59ggW 2v45h/QaiM3QwHo0b92jUusZEtszxTO2AQgy Eq7CncYxzcU6oavH8w== ) 300 RRSIG DNSKEY 10 2 300 ( 20181212121212 20161010101010 1862 example.sec. GJ3J1Iro3+XVgVa6by2QMOOkgrIKK2yaGM/M a48WDa4kfP5GU9ukoScgNTgp4rSB9hcJ1KfN eL+HUCA3/Dk0KrfjlN3TTWcxmB09jchuGQLE mdaas4WLf4PW9kMZaqP3KAddzd/B2cFAkK3+ pVcCinD27AuhjiMmhHa98cNfNowFao9dWp4d GEO9m8y8lsQtinaGSk6TL6r1C8LQe2DOtNX+ vufx3dH/MO7B5iqqENGHNuJFJIhAi1h8Gq3v d4x81B+HwNWDSWYYSFrBYxsKR2EM4v0amywA njeJPrvl/9GH/Pl2tNbyQBbwa/o3g/U+0TCt rThbMAyzhhZ9zLHcmw== ) 300 CDS 50458 12 3 ( 2E40B2A6CCD2760EC70AF69D1C144064C893 1E53A6B3EEE78BDB9E0BAFBB9C02 ) 300 RRSIG CDS 5 2 300 ( 20181212121212 20161010101010 516 example.sec. e+fYaOwAOKNB89dJKd8eKB3wB8zvnzerm6fU zIoeMj3xBnNxsadFJY3IwSjFsA2LhN8G8Nfo EUYyFA/D25gT/FPLjfFxv2227bpEV/sxfMs3 ax6jNEHyuXSxoSQ0XNu2msJc5cdweJHbjcn5 SaeNQCqYIv3K5IOyXrbYBMcD5OI= ) 300 RRSIG CDS 5 2 300 ( 20181212121212 20161010101010 44427 example.sec. Y8Z8cMmZhnW6vLI6aylycsAfrhS4PT9SOvD8 jeNjLdL0EDgQE7+KXnpzVgbEh/NLte4ewmUf UbHsJxUgpmr0+ak5cgSqeII56a4hEHYoseC8 RI/gtcy7BQFwtKZs9c9SjQsCN7j8+gbJASfa PIEaWuciKu2wsJkq6/oOFhB0Gu3232Ty4U0f 4/oeddmd+t9p4sFr1jhWEKajJN+951Ux6cDi IbiCrFhBORncjuXu4fEpgt5wRozrlKWbKqzS ipV7G6jdhgcMv5ejDT2JrcdRcwtvSRWXoNl6 VzbQVw4bwqpEyV9hErN+XhcYEC/vCoSpDfmY K4nkkXXs1XGJl+/Czg== ) 300 RRSIG CDS 8 2 300 ( 20181212121212 20161010101010 48381 example.sec. dlGP8OjPHifuzuJ+VSlO4XSRaG/ZJZTV0sYs uLm7G7bLGn+WPQRJWfQcggo5KBgN23/SoMfR 2xA4+3l5e1RxAss/tCHosnh/EeVyTcUuTzxB 3/h/pwu5x9MtnlJ3Ybuzpp3fFd251f6o9jxT K1GXZ5sT9E45bV22Mss4xppLrNY++e6cYBwx weUA/abG5emxO7N+Y0mV61IkoJnPtORbove7 HxW0EY0fIe0zQviUi9sgxR3aj/+S1ZkAlonW dhWAP4jEGYRP1PIwO0HiAadRdpx1wf9ns3le PRcxl/jVvwVsJc46hgVGiMdasFVuqD2Lot1o proWTh/W00CH5mhBiA== ) 300 RRSIG CDS 10 2 300 ( 20181212121212 20161010101010 1862 example.sec. EhHaPji1zb/BBgFoCHHFKQgLzF+i6ErJYXh6 cw2QLRIEHirWgQ/MmOvAxGti9on56Pwtn1oO D27t84B525KLRj3TJ7CVtlMR6YcJX23pfIrO 9TZV4DPHFKf4lFmHjEy9S3QtEaKJDg+zxpnU 0np89RRFeEXY/2xeDyt1AmyAyEuy/bdZPK3S IQrG8EdG18PAfx+fNlF9DxHgY8gmaeUc7b8S i6WCaOap+W+RFfazMm0NeppxCztBBh3gZsuH nqTCLlF8wxayKgJZgP+i440FwhtnbEZR92IE UVGOiDgb7g6FsgBmquGzXmCpG1gycBK72uLZ 4QrJt3IR6XYZ7Elclg== ) 300 CDNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; ZSK; alg = RSASHA256 ; key id = 48381 300 RRSIG CDNSKEY 5 2 300 ( 20181212121212 20161010101010 516 example.sec. Q/H66+MGtrftHL5uJrHk72G52YySeOsR55YF iO6h9obTrFOHGAmfSQbpl9c6BtXYD4Q0ka4u xN69mHKv3qpfx75lT8X4eAw8dEB7LMSHXSUG VTpoILN/l/o25RZHD0SNTre7l38Y51ldNyyR 0Ow/hPH3bflqakBZBHxhItz1chk= ) 300 RRSIG CDNSKEY 5 2 300 ( 20181212121212 20161010101010 44427 example.sec. aM0wQ2jtoBT4iGTjH2jrhCQ7uND715dnybkj GHkoVu5iq/MUOB+j5u9RlbhWnZhzD2QjG9wm wKJiXeAkcMfP0GhxGiZleIQw5JbAAluiMKh3 aefZ62GRt8cgx7UoF/G1QDhxLfNxtgWCNUo/ d0vqcBfTDlmNKfHfmoRj4nIvYC2HSo0jwGwe eXF0ROzqyVuRjqiSMixqp0HrMf0pzCMu2eSR zpL4gRu2ja70oDWpWbkO9JwqppVmcCLKT4kB bYZoJ4GUuryi5EyrsaL+v53wtd+/Y9Skxv/w qjAz46S4OCGlz+Nueep13x1azQ2VXj9ztAit AAik5G5DcQuxAAjYhg== ) 300 RRSIG CDNSKEY 8 2 300 ( 20181212121212 20161010101010 48381 example.sec. zqO8HvhNJnQMcmfdq+2Xj9eR60eWLVaPn018 ViP7SXl/EILd/T23u9gd6/mI3cL/tYUQMAlC 6IGnVwtC/pe0Hirotkuq/qaTYtRtDw+d5cwJ pnshJKtVbgpPUNsu9K9KyXxld3kkQGhh06XR Pp3WEoJoXfJOsRSzVCarGXrE0UVU3ekpQf4D ofLndCuqDbMzlgPli3xPXhDP9M85fqFdkLel FNyDU25OlznZCbylUszJ9Aziijp+D5+FPV2t Avkj7TngL6y8Ux88FjK8RYy3YqVrKV0G9Izw f07LCR43sLGwUTzcsgLkq+F0MtC6VIbjWLAc bgZrlpLaDd+c9D/7SA== ) 300 RRSIG CDNSKEY 10 2 300 ( 20181212121212 20161010101010 1862 example.sec. awyvSG3Fgti6GD/VOBhWKU7ULLz8YTLimth/ 0w41WpGMwnNYI0Zd4d8cqzjubtFUmxQS9JMU ICxmZohryh7zJYDUHv0lJTKO7ZoACqfwz6Mv /xw0lMvHIdxtx77SbxwOXeLOXehqH7fDo5fL g0fWLZ7AcK/98a92sd/6YOqxnwQxpmg/17A6 MZwNwC4e5os11OGrEkurBV3TJAbg/HeYYacH N2K2dx9ldGeHzuK1js9zrMATaCzUkW66fRLY lZVlVCAgezGCk8hz9+fDxSC29z0Q8qArpwH2 q8PVlkoL9tisnony2JXBRkoAcZRVVC5gk4xe gxlNWk3j+HCBifW3Xg== ) 300 SPF "v=spf1 a:mail.example.sec -all" 300 RRSIG SPF 5 2 300 ( 20181212121212 20161010101010 516 example.sec. J1CgUN17y4TVrVx2Px5NBViQnRwZZ1rif58h xAWraY5kbgB7yw+zocCb1QnCbGTgCelQIh8T buel4rpUeMBz98B/ddmYyuzORK6IAB5fLmlF oNZhHWG48ugKZye7C8ufjmlskIQeRvNl5kd2 fq7t/paVl/zEZ0h0r4uJ8iG6u+4= ) 300 RRSIG SPF 5 2 300 ( 20181212121212 20161010101010 44427 example.sec. QPQCtQuiqPtrebdPeC8ESc9TBfF3zl0rjhFr wlNdlK8r2Fp4L6X7idnbctf8XXDidxNxmGDT /S7B+h8j3mg5oFcGzy3oH7jMp64D6xQnGeLB l4yKn/+ivG/wp2XqZXMTdp0+GJ7wQ20GzGZQ dvhBZd8hbOXLxQhkNBXbxBY08M6I94FJxH+k kGlVUaRQ9GM0qxJ4nCNfyyv/NqtRW3W+m+Pg Fe0xLO5I+imEsv0CIFqB+tqHbtVLUp7dKccE xqSIIF4ygsyZoFdHaw4GWELh1T2IwDL+Nh1r jwAxojherHL6mcWELjYndTVGiZKrbhLthkYM qG7o6+f7IUf5jmzNBg== ) 300 RRSIG SPF 8 2 300 ( 20181212121212 20161010101010 48381 example.sec. v53uhdO0bwgxTAhCJjZ42bUwqB2P9vwoU0m5 6Sj7FsK66ulyw2+vCXJsHcMM2KuuWViag/Wk NfYqWObu0K2yZXgrhPtQ+VYKeiB1WHlI4mtR oFSIlUM3VVwJeUkzeRRyRJkOM+oV59ZIRnVn lQ5skC2Oy9n7xK/XjmxvSady7f1eyB+L9iFU ZMVHTo11KNT5B4T4tb/S5fb6sw1Vcmwyo0FN sCOc2LGwFRcIsqzPWn//HrT1SQSdC9k0wx1D KAg2s4cYl9BVcVtAx++Aj6+ym5dEEmUCyM7Q BSptcl/7fM7cIZv4WcZbbrKuPRQJtIUWHk9l wPvhWuJoLblxN7sqdA== ) 300 RRSIG SPF 10 2 300 ( 20181212121212 20161010101010 1862 example.sec. gRIEs+4ZWNO30DTdZecDsPO95HLIaWdqiqhU moVflYcA80XkyETHzrPHp5VM405LSbGn0eSw ZYD4b4DFpW32JTYKB4f/8VzEPZ+AvXePGp7/ 3YkBu242xZEXBcaqNtsxXnPcgmFKbPb75hVd IkY4nEezPgjcxeDY6Ajnnwrhv8/g1yTX59pz QvCc+IB8V5IOf7jRA6axauQ2CjP0jOBxdJNE qVF4OKnZfaWAv5amGD4uNBn9kRSH/2UpcXJm J73in3qfoWfVaSeUBo+U8RKrUA/n3qBjqWXg ezkT7moL6GrpZh+0OWNtXgL4z3gpmFDZ6Ruz 7cTpzI7N57Qx1ZALdw== ) 300 CAA 0 issue "example.sec" 300 RRSIG CAA 5 2 300 ( 20181212121212 20161010101010 516 example.sec. Tg2gLgMkTTPnO9hug8P6TthqlZ6wnTiBq+Uf 14qlfD5tV2N8MgxSoLtsTxFvTjeGyqUgEAER /vhVAfPWsIuNSytedrfj2EEqeakpdX+b6De3 ZK2jrV4qSl0XQB4qw0ysjmM7stASKavOqsOY Iwf2+42Xcd+YkIbLoqrSDfko30g= ) 300 RRSIG CAA 5 2 300 ( 20181212121212 20161010101010 44427 example.sec. gpg6iv7/pWHCzCF1YBKVzA7ShtvV8vnXNxxd ojv1wlxkyI5LADHaKjdkzjtQq4CF2UIJkRsx VY1y4KC4EW1ACUIDvBDMtN6i8wMLhySsdcjJ kkUoiZc+h5VM664Nezhf1bU+1AT1hx0vC+ol dXqs1w9EPj9i2iId4Pd9tQ3yiwH7KthYLXap DVKxtGb5CzgkRfeZfJABdPs3eH8LWHc84sSk YWD7/T1wjlR6MtAeZcTTrYeq8o1dBtBndqGx gi8q8eCGdeUNAJ33fUWmcuF50IcCAmCm01lk pNRxGOXjmEChnCk/diNW1bAo/11EVATR87Tm LwgrQGG3zYsglEs6bw== ) 300 RRSIG CAA 8 2 300 ( 20181212121212 20161010101010 48381 example.sec. Zdnsv+j/2VJ30qQ7jFzygrzbtiaSbJACPEwD pojI7+IEGeYWQoUdTRiZjg8Tay4iql+b1dao +HOlfIxvl/w+Vp4TgonTtydcYICCKZKZdrYB Hf0GSMJrdaCU5HV/uCTdrww44dXDISYTph4l KTmdeqIuDDk5ZZ28XaqGdCYJg76YorZxzS3e 332BzPBKjcWpWhPzbKXYF1070AgXlvNsboGb JlFdYBNBsMqwsl9PolxURfsEKsnrz99cTAmX iV2xJGYHZjSY3+t7Uqt4VtD/8faeW0kgkMe/ Rktevt+UQJGnqif6dDNgJOLFvtOvb/rZWXNi 6kRM+l0MghRD2t4ldA== ) 300 RRSIG CAA 10 2 300 ( 20181212121212 20161010101010 1862 example.sec. FnjAGBYlAWL7ggOc1aoaCIkF3VC1032MYoVn 6MRBImO7EUnTn3K1Dx0n8AgIcgvMeg9yZh2q tojGJa/mtZK4EOdAOhFu5uRxbnKJkLaNeezA p3opWnDyzjGn7svDJyR3cQOqXK+cboNNhOso xOvTJ0MHrvewpouObAcI0Mlz3mLeZ2G0vVF4 7Bkkd6vIj3yYLAf1Kg1HoDFwvlInz/2ivNhK xULcE3F8UA3b22eXVZELVhHtXrO+c4svKAcN 3OF8JxVNlerqnknf8yth9JA6InizyvkYWBHj RAIdSn+7LzDfK2xHGxNNTZ5U1l0ILujJETx9 ej96BYwhqb1uKmyV/A== ) a.ns.delegation2.example.sec. 300 IN A 8.8.1.1 delegation2.example.sec. 300 IN NS a.ns.delegation2.example.sec. 300 NSEC delegation3.example.sec. NS RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. N/dKyieQ9YnNG5ryp9kgvgZ4AfvdPQmNcSaO FA3qougSU3JVYOQ4bxep5jTEetudM7fhgGwD I7yRzgmc8oohiHZkG7yDIeC6CG98nuq1mWSw xX1AtsxfMHsujDeXf6wNuOsspPXyVBlW2t8D s5urv/DxCx/mG2uUMJCOa1mb8+4= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. XJWlVH5VeNY08IT4AJVGBgTynQtXEfmXrXYx qjE78snQZCvPeHMi1U200oRQm0Zmd2b5S3JZ 8LhEl+4kyBuUQC/cldgf6/3s2PT+usLt2yxA jek+W8y70jKsZDyCE77+o6vP5TNpSl6VyxKe uvUReVYe/i/0elQ3kj1wZHTjt597j3ZIdpgU phKgDpMnubf/oT4jvvJrbDqUwjZZVS8Q9ZNl NLkqbNt3pri/tqt7iQkSeZBN8dZtLk3GrUPT cEGqeqUPDan6N07uUU+/dkJZaCN4cF4a0foD axqfzCZwqTw9cIr+1or0AncRm6571VU/CSuh EejAYmuqnQtGWoLT5w== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. MZN/l5ivOmOOhExQL79guD4yuF1LCMVJZ3PQ RT7SLcldN2kS/NTb/0k0lHR9/1Yq5G4Vc8Lv F5A2Gji1K8V+l1ZQ2m/033/ykTcNO1SO+ivH 5IRStznBsusEGtfRb4FT9Y7mCQJgXyACCFeh 7meti9nykB8ncGNC78QJtPxp+SF4DpUhmSVT OVBxS8RsZJt2AB4iW1cRsv4DF6M1UuuJ1oUG uOVXwkfITlhdLt745l2T8IRZeMrmv7oWS76r UIJmQDevvc8/nCXVFVdfEwQ5j2aE5BEr0DVf zhMJ5hGix+XI/s+kW4b04nyABcYnX3ZNdB0k zg56eg+gdrZiXuMVMQ== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. mgFMIU5xdIzb0jgvbbMeEmWbpLJN6Q3JZ+oG bfAm4hJHf2kAyKJTRf2HEFfNCFb24JTVNAmm jhpcVOxXSQgSD3ffrLEUt2k7qSNjXuCigI9E OvRhoM2fP2F0GqcRVYbTI9Lykf5QrP01w4e1 wG4Ho3FCF65As12coaPO61Uh0xBTnNf/mHfC NAc9PMrhh3p9m0/7H61ZN1IYlNhegyIODuXu fTdp8ajmcku01RQf92W/JacU1dx+1kvqj4dZ aqykIHIOzqjxoe/m9eiVOHd7cegzT+jwB4Yh svv70irBU1uZimJ88ES0PI4vfl+ALKMcf+jj 6Q5apgo7p8DXVUafjA== ) delegation4.example.sec. 300 IN NS delegation4.example.sec. 300 AAAA 2001:2010:1::feef 300 NSEC ghost.example.sec. NS RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. bNEy+yaf6tq+ZH3QnqILlmvI4ldeebL2mbqR z85MyEaz6BTDkarnglIi1X1lBZQcHrdYJ4Zm IMSqzR2Mk05r4uUOvDSosTExbp9HNB1C0SB/ BeJ1uQ9HsJHNDAM4F3f+m3tGQZndW9yG+iAi 5Zs5MJJWvQoFDHcH5GbRjCDogMg= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. pzswCphGA9sNJ0h69aFI6KaTkcNZ51IN1t2q aIR+EE+vjpcSKCVJPJq/UNWcqy3IUjDogL/H T1ez18wmjK7MWmelQty2EXm827Z+CJy7Wbnl OytU5grXG38bVS06wS90YtDLbIww+kfoyJsY k/CqMg3mNA6HsTlmvD42M4tZIRHOUFQ2bQKd nuERZcn0drH88OS7XCbiWkVWNmI0p6Ud432H obKFUJf6U3+B90sPPiCOF3JckzBJ6yJPj18k 8fLbEP9c9zkvb+SOa/SxxftI3E+BtD84Y6zY SowCCa3xSNdgVKpasZAttESD9xLvEC2E1muy GCCB2d1XvqANp2rgLw== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. ZowFOEUjJl8qIdNa2VGuREBPDx2PtBEicdWF giLk7tJNxOgwyf1waNdHiuGsAaE6M5UVDOA2 GfOQ/ip0R62WE5uAifSxpiq0MmV8X1+UonIf bWeNWYwtmq9Y3rAxzHK/3b4P44DxxicQyZSX lDs2XbfhhGVWAUIFNVYNlA+2eDSEUsKfJ27J 7s6AfdFdAAvWEGPolHKJ7glnldElabkxhLR3 5z0VVuJ+zQg8bWmZ+WkwE1Z0tcvtQzH1fH9K VvMLjDnOVhFJtd4fuEpQA0pquEsEyUUvVlh1 SKNk511c07lXNTOZcaVtU7ZTuMmtJdELerW+ LX6+Owt4Cfi38f6Zfg== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. VxyoGuLjUDV2f2ENKsLnFdoU5Gv7+xs3gkC8 6Vf73QLVIwFbVXfwZ/PocbotObAdgIpg9XTv 0NTeKjwu4/3PdeVeHc/+AhNWpdIfi29Fxl5c V3Fyl8IUbDOhaBxNStjddyKcuLCtE14t4Jss SLGFP4oDt6NZlWVXSyOj6Tdhllj6B7ggtFQF lePkeKkSRYsXQPx778roj08/7k7I3BED7irn 4D+mG9cDfB1hK0CIPD3ROfh8ER8rBt1mBT3S FBSmz9F5G9cz4YeWiAMso0zHTOZSt0pAsg6i YUrh9mxA5uFILjI+4U4l+xi/CbC8mquemg8q FaXnwHpcxf2yNqL9CQ== ) delegation3.example.sec. 300 IN NS delegation3.example.sec. 300 A 1.2.9.253 300 NSEC delegation4.example.sec. NS RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. Sa8w0Gtmmmt/koUXa1jM+pR0blfDb8uQjZ5z sWR+Qtm9pUeVi6Im7ZsLF0UvThhPB4M7Cssu e8mZq8djWe24yfoROn/CM3Za+Zt+pN/CBStQ wecdIEwY0NuUTqDpc8eqMiMfi+FQkMwyxO0X SXi+6wfLZMPqa6E1Xko1mHO0VUE= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. GxBmASFjw1z882KzO6qRQuClpk9VCSyJIljM qCqfjKKdGKqLkvcn2DsfsYj3ZbJo5hgJKumR 1DPrHFbRBmjAWrVZ7kXxTTvhZgqekSldo1wf cT+ssNVmFTm+VTVY3Cz8msNjbtv5VLiE5RTI fX370c0+cCK/6svDtnYgw0vj/3bayYxQ5sx/ R/jE8CumJ2FNuGx+6+/kDO7MZsNHJ1glZqTW FCS/2wybR/N8ErEihov35j6Z5NIKAZqG3oXJ g4WjhuHc9fhfZLn3uRVd+USn3SNnjm35UODX qS+kLeFvQvLiWYuiJQTiqPoYQuup3DpILMxo vX9mMUHILutOYGYuFg== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. w2KrHdEoyXYzPAg9cqx8vF1hhc4zdjSvEjIs +sb+ZgrHKPRMrezf6zQKIjfeZ1DyeMN8nKsS cmzUOuDUKoytvX8Xo9FB2nUqU+Y8RRao36FV 4PXOqnmsyHdTAQYFAGaDXqYzQvt3Ev+KRa4I CjGzwVhhuijSskv393NNJVeTKXIR51Etz0DO kdk8SamYpitDoGSLr7oKX3nw6Fv//+faGdk6 zQq+tcj4Gu09nrfe4I2RQDcsMXJODv0RwF9y 64ilGuRZxsN81sM8849uzBUDdNQIxd9Tod+w Gg8P7AFxWyFhhhfO4lTS/OiLCgG1yYT0L2l/ pU5AWah3d8VT1PzULQ== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. kMb4PgqThtSZSJUiBRUeSOJl9S4toailINo8 Fs7wG0yqMzI4jZ3YiI6myWiw36m/y66X8P7d 9eYomaEbO4/1QpUNDtbuBams4KzWVygStswe 2AK0VrZV1o7RhaJfQ5PwWc6tYMyepE4NwqUe 0t1JF/ktw7yXiG9vcy4copaYnqLSnfgotG02 3sc8f7YAMthm4/o9lAtYVCWGwd7YIiLz6CHR kcbfRn61GqNKUOTJU98AEhIqaQ99iIrD9gtA q2p6eP9YH+jR6GqXjKKo93hrcdev0rWPD+Bp xHVStzs6Fu0frnAjzPJCNjxD4TZN9dqp6Ffk CfAF8X41YLSdbVmSHw== ) mail.example.sec. 300 IN A 2.3.4.5 300 RRSIG A 5 3 300 ( 20181212121212 20161010101010 516 example.sec. uBuhc3/9thGl1UkMMxLoI2y0Pck5siv2bm9y 8ZZ+mj5n5CxMtY1dKg1Ie5AnWUklOceXespb eImHlRcr05gVBSAYkH00hANMWgnoTSWp05G9 78/14rMVC9XfuHHYqL9rlqZfRpKTELPYuI4T YReeJL4DG82WN46CGipmhSFI6rQ= ) 300 RRSIG A 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. vHfCAnnCsulD6AXdpDClBtnNThqRSxwC5Wxf Pj8toyQqEvGV3I8bh3/jq6yWv+bjTHBLy6qQ X8Vob50ezCFcdJ6qlwVlVHGjsPSL3wXvaxKs tG3yClwy/UmI2Ey4UUy8KBRrPvOHhn5f+LAe yOM7IfPPDDABkDoLXNJpXLIhUrTjhB01jhvn wcdGmR77QBF5+I9eZsrQC2Dmr4xwOcOWYRwQ 398LmCuZYh10X/A/IEcTm8SxnUwfAOw0Dg2J TRnU6Es1ag0nEU2dOvwVVefqm4F4H3ZeEaZD qZiKvmf8vTWaPF0X0RKwdJVu0sZnQdNFwliN mhVCgnMLtRLm5f6QEA== ) 300 RRSIG A 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. etcmhIlYcyL/MJWcI1HWKYQRKlQN83SJglUw tqMEDQYvC9aIl/EnWp9OMlkEytl8dIdpNMIH +kttjnxmoyY/CFUXXbNKGxc42AZB8NCNeT15 EI3YE2LNP4kG4dYDi/2K/05eel6U6JkuzByW 0vC0DCRqvkI13r+igDp73hVta+Ee9JcfrokV RLO6X0nK4P4a1RxI8OVklVOQ9Vu5fWlxLjd9 ki8MI9V2kNiVvNVyQFb4IW1d9qjZQgsFQIco uL6IMWxR9QCQd9cGRxOD9hodqObsm2E2YYPE /CtMpE6hpAjVm6oSEyby1oHjFH+Mzzv5lfvY AsBXgVPKeK14Q5P45Q== ) 300 RRSIG A 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. Iixa0xKHw5w70HJ7xYdvFk4iJLyMJ/4puisU NQZKnEZqzFEND1HdtplcWI7/GW8QWG+D9Lhr XPCbaPSIT6al1gHmLUpf/nCsI1fL9VY8Wyc1 ZHhsyItDJHwErbXBFo5tWpqM0WDjeFAwJGI6 ZjC1VeRX1FWDelXcVPMP8IZgQ4fbGrdC60Kz Wew2YFEPdiHXmCZ2t6t1lfBdkVKlNqLEWwiD Yjl0liXKOy3t031LLN9z5PJ+gpWePwFpdlgL Od2kmXBTOKqB54J71py1NZagoTrEvXGNna+F MDVkqdOv7ExXbv221atZOF92xIxuzrto7Grp 3c21bdJDbX10e7+Q0g== ) 300 NSEC _25._tcp.mail.example.sec. A RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. UydDK1ifmnSxlnDhmxEwiku23EYm1B6LEeUs AOEFtlkFDCBtn8LUir1HwGsOwRNBTPi0ofN1 VpUdcAF91RQoZdVogjJKKirldqci3CFH+Cop YV6WTOLLSidi+O+lykt3ejflrrEBwuKUcu0M UWfVKWQQcEE+1KIS6A8MGLCtxFs= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. UYRGOZZaoYg0FnsImfKW3p7J0CEMIzYBHYpn PSHvUKIuBVID44uQVNVqJ5KDaO4squ0FgrC4 PKqMjExEcZAi3e57xuXWciHf0uQT60mvXqMT LA94SOC9CYF13Qft+XY0TMB0ufI0BWTuBDK0 qDpYKa9fdviwmLHJnXyrJxYI2kKFE0fOkoaE vGa6B/fSzSzT4xpk1zrsWbfhWM2X6uY/Wv9d KKnVw/S41EshBwsUWKLGqRigyn8/XOI+baoZ We9+JbSu/mbIi5w2TqBndKkFwnb7mKUCDz0Y SLkCeMywApytF3EgQggb68sDP/vApt0YVuy1 oJphlerS+RsWUUSHXQ== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. thTuKDb8SXg2IgbU0MKhtlU1109j9UGeo1OW cJAqAGfNUC9vT0qzYQxmmZiCBDBzsBu95Gtk 9k2cORB/Hvn/CY8Rso72t0Um3ergBfCcA/Dk 57XAb+oDYV0sIBnXOvYpNAO1pIhFAgfMnqUB pKuslPOMyHR+E3lrbGHplPYlDizLqJu89WhC TVU1yHuCxFKte8G8ViRE8RyScNC8ESAQQ3bR HA0Ido9+iy//ZnsLeDjnOicKNo22NS906s7+ DAV1P1BaW2c990zO03dJa3mFAR9p8nbwsGLa MOtXlTufHBjG7WcMq8sVpQSa4HGP85TAxHzP SKalXVqikQeiV5P0Ww== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. jGUL3AKnEao3XDQBPr2ZErCmowkDihF1kPB6 SZfKAI1VisPEFn6kZrucHNAW9842HS3ihvB+ KbIVa00iy70o0O9CHTeGherk9iNwiBI8YEFd rkZotXFk+fxpQ0n8G+nkCSaHLSoXvp+i91Qi /1Zi4hkldcfdblH3mprbZMyFsaxBIPjNma/4 fzYZ0hVl9RA9mHtU2Ef+/uS7X1B4iu5OrRIv 8n2WMz4F1KzLzoPglO2oEoprNMqpDfvxhQ9J d+jEsiyciHPPT1us5hWnPzfQx9POSCUn6ZJz Mzup6QnKCWT9eTJ39BNgUYPK/0I6vypmlb4M eOsytBhJVquQqQl0Hw== ) delegation.example.sec. 300 IN NS ns1.example.sec. 300 IN NS ns2.example.sec. 300 DS 60485 5 1 ( 2BB183AF5F22588179A53B0A98631FAD1A29 2118 ) 300 RRSIG DS 5 3 300 ( 20181212121212 20161010101010 516 example.sec. FFR1I0RCKnQAiZjnbYSa0IChopcJV6xwrejk g2yhwUF55yLgmICr0qC8OyfcctHIzTl6At9Q s6u6wG7mDqCxvD4wv90DbJb4VheGO2rHC3Ie Ie5M6TKqHbcOxGKxPpJSFBiX+hnOwAjcOaez +fT+MPZavgQWjfYgIORMjw4JULo= ) 300 RRSIG DS 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. qGi/8U4Z1lYF54aGwcxLdgZ7vm+14atpACBN XGF1qFQjL1W4d/Vw/19KaPuXsjHJPOmK0Zce 4qS1hosa5wPnJOJBUmUOkRW2tVojpnmkKaSS jbjcQiTlKHcUNPMJrNVrwJHtOMyZjCwzdzFs mnzLa7yW+CNoP6mHd25bErC4iZ6MDi7j6Q3Z +MUi63BbUUNxL6tuCl62m+pr+0ShsCvwd0IN l5+OI8VexQOydES2o8NxoRwR2yE7a0MELM6K AurhtViy95nQ0kOYJ/0sJkTrVsbZ/RHnnlzK czn/6D156tN9pL5O5YYwPWDQRC0Mq4DJMi0j POol+ZTFys1OfnVfrA== ) 300 RRSIG DS 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. 0JohpJrNEFwcDbffWpOAU/L6O3e4zO0aK9aK P5X8BQMj0NHvQGZXE5PMvB2pZLTyi5zq9udg /4Vv10Qbn2AMV9NpIyj30nhsIZrG2ruDjaX6 I6xW+Yp+LeS6ddDekBCFtvgvxP15H3T1kAmc kpfHjCfTnKnoxgOBqaNjYe1YPwo7jXJ+qOVs SZdEglCSJeVTMsj0W/YQdJmwOI+gbWNA78jn TMAgWMbbsG2k7B2VDhYLwJQgZbm9vIhtfJLW JxdEbMCgVB3d5O47Su2nPTXOv1a2QX91ahRn BFxhhCn9/9SHGxe/OuK+XwzxefjfMyhBWI+3 OecSui9MhQtAhwIaHg== ) 300 RRSIG DS 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. YkXhW2eX/F2Y2G4/eH2vJ4PEN24vLCFmbHho RR048doWiquWN1qmVsvtrVxOs+akCqItazVO KyoVAGc5Nc2OM57Rz+4kH2V0crWCrIRZb88I +5/e0RFGe3+CDnhIl1V8U9JqlmFq2QYknjbP gu6QcwUwJbxff2mFWO9RSmm2/ARFMfjMfk0j VVA1o3/e9R18njNijmnDVtVd3fp1aUQCr4R0 C7VbsG7+pEicPaY4B6AjWp19WZQLU56JyTyj E52NU67U3QcED0gQhj3Bz2nivJDKnq2XelzH 0/EC8vV9BdqDBLjMhnXq+Q9jREKBWSNjaPCc ieTw0KM+YQIAtMjfag== ) 300 NSEC delegation2.example.sec. NS DS RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. rljjcD5SsIUxIvEB56UoMLkvV61h2C2x46tD kGH48cphkaCQgZDxYnuYo0FLtMFy+JOnNJZE AcGII1+mH1NgQ2hvPW07TY0DVChq5sbZ0uAf 7jYIpKYC5N4xFM/SkzLtrMWAW8caA71teXq+ /1ChI0L3V1aFLEGyslcw2nSPAPM= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. s8FLFgQBXexonphsXRr+8gW+BY0WKJZx+qHr 38fC9AC3bK3dD1w0jRVyKTE1Se2vwRu7FYbV b1xV3HKuHLtCrgW28UYffKnJLHLeIXgeZlJV 6YufW6iEPJUhl9db6IHnD0rtJCesu+Mcqxjg uAIgq1YlWOGmJ3edYFyZzy3cfOGROmag6g2g 4BlQ6kRtpeQujfl44bPmm30v5FZi+kIH9ba6 RpXOmdbZAJqer3hoBohmD8JABpfT0PqnJSFf fAlojw3WnNE44yUxhuMalER+BgK0u5bkwLYO SvkIEawgYFht1BEG9G0xjI3KOzZZFtZloyaR uiAa1K+46gGjMmPJWg== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. g6N0eggix11si7ZI6TBgO3Pys7fxrsysAQmX HK2Yw1kMAAsLe2kwW0ZmefNCrkkNNR0Ln/wc NfMHBEf5iU8ceXfiF1+3xZdH1U46l4YX1gUD gKL2TQI1A+xG3DHpHLQknhKqtwfPCKQThxsg X3NYYfct3GLkdgbaMzLaTa1UHAaPvxSrfSzG /eWSW6jWLU6VsLXOdNCzR6WTwMev8W1p+YG2 7dyRyfFfA3S9hBrXFINnzvglCGWBryVXnXAE VYFI535zkjT+mSMEATERoRb6hm/XNgzy7Y3l Fj4bIoZFNebYbCD9HmI6GZCuBBVxOSmhrdfC fOL3mu1i2cK5U7vFgA== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. QqcY0N+DmPDaREk+KMd6ivo2xBcUsTEiPVJB gy/7Oq9x3Lzo9NvO2YKF+4HxzGk8GnkEVrmh WU8jFr2R5wfZmDgBCLMitew+jYU7CkI9vYst sNmsF4x0KZSVMlIF6NymdSZGW/2QkVzxZjmF Vgh1cthUGkOl/M2EU0TJmt3GU6bZNw/wW8bh Mjn2dJnR5MQrFHfoXjbQm/SXdcpl5IAiEK6A m30OxVFijBINNJzfkHLhpNT6Bza8trKBnP1J 93hDJz/debKkxxruIMH/409nN8hexlG8Zk4G J9FWOMnSAvyitWAoKB2ykBa4obLyDaAt2NuQ iUt4du7WLqn5dSUXMw== ) sec-00.example.sec. 300 IN IPSECKEY ( 10 0 0 . ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 516 example.sec. MluJokV2J5dK5n5hSqbmf5huLI77QYEnZd82 8JmiDlILat+xFkgGrZlKMIvpGJVLWCgU98cV Z8rO13ZK7gr/ifFmocvgocchTrj+lw4J/aXW b1IHHPkhGeCJy2etKc5H+cln4PEt8h7to7IH +XSN4TNaQnQiUcTESdTAhuF3syw= ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. dr7alfFGSizXT3Vbm+KM8/gD7GNsmxReRIg0 zH0QrY9+kq9fKthsKrHhO3SkWmEACZzv23mA qggE9OpNS7mbOTCP2p3lvNtkbFOTunkYWK4h /EJqgs4J3QACtsU6h5uR5dALFjtODkegEo2v aQ5dV7XPfLK9UOG5v/NKamI1rBPwvLoAFLxL hx2QxLYKfsWjdNvK9YV2Bjw2Tvi9mk4M3EZG bEsvuRVDeT3M6THyt/1vV2yJBPey98dZqiFi Jzwrsufe8/PKT1fCGJVepkFqAzCPOYo8giTG t5rG2R+pfiXwKKTBWZUHt0GOR1JDrh33FR8O bH5mi/m4wh+6+6/lvg== ) 300 RRSIG IPSECKEY 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. BFyy/6BnJVa4IiTFkxiL9XjLHzEsdBp/vBSe ozTHysTnxfcqe9n0eQ4r1HCofwUgmnDnA+TO k0ojN3EK4QY0ksooBVAWSQDXGzhQc+rMeave 92YyEglaNehWsBzM1wz2IXKS/2fLvA62KW4F 87TBO6Ic6TZpNjNrKR/QRjKGXaxyLJ/9zD6x xGWUhGIa5gXoaLx13Zh4VXwCsty6TzNsV7EW elwSCSZmp0XrVz1+99qJ3Z2JjBCuXVA3uW8g yy1POb3bBskf/k3imiMmKz1FvXv5DjloUAUp ERYwByiFOOJXKgpiKoWb7RaAk0+etHrN6t5/ tOHE/G6Qv4ewdwppvQ== ) 300 RRSIG IPSECKEY 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. Cf/VcD01yZOu6S3flMqW9ORT1v8g1NKIPKJ2 Cat56avdz9g4HM9grub+K2he2svt68He4GVU x4Yn6JgHKXHIqD847kwFuOgn+gsUckUK2c8V vIoq2eQd2dwFfk5VAHtWXMEupBEixbBnbr6t Jn84/FIxabYBm0ItZTFjjPUO/RlmT4+7sqif AZl8pUit9cy1hR5tJCc8QGjUQi2m1E7tUhm0 kd3VlbBJYZ7Gm8ky4vgeyQxxp7vbjvD50uCR 0GS6O1CJUqdsk6xJW4O7vV5zbMEREZ2twHl3 9Xq+nD6A6ZDdtUQQ7WrLrjRHLiD98o8v2LN+ VG4MJFijTZqOIn8Bqg== ) 300 NSEC sec-01.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. muTWQdST0SXHIiJGTAvdhxFOHTne1ti82RbM DqXJynyYEgm5NlnmEZn+U+MyPAkjUdsciukW UGo2640qt78WTL1G7WuIWS3KmRD3WTFo61gm DdfMOcxBuyvDl84si6E/sMSjsM/GZJ8Z2BFn hUZB5RlhNbCeC/9O5rP591a84D4= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. W8RduB+y8pfSQ7343Pqa57PgfUqKMAylt13R tsTvudxywnxclvafjl65sREgHuq5ujwfOn0N qTKpmCCmeuUdWoeRLnl9agRdh6INv4u/lTXz y0xcmJeLhaI27IqjYYcsHmhlOy6w0OaL91Gp V4dTsr58H+jbxY6Z01NujZvaa3dC1ZjDDYMH DpyIj1RqNN6gMK+Dfcsh23Ok3LGyQgYw7byo bMmtOi8T6MZ7/kZ8F+iejAr9MiUGKIBQdNVu m7IpwWGJmkOQ6T1fDHLRuhrpyZx/PDl9kwxL XD7+sYke4TAlRiDokIreNR7zwLIqKY69JHx/ GiX2a5hp9PRlYaQmRA== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. YT2sKENrTnNOOGhnRaVcD3YZAGDf04z7y5P/ WcitVjRKx3ow9gIpFiI62yLi7ZQ11Hugqreb HDTY3F5PMuiDK0Fd4F9WkD5M8vJApfVfmrYQ 2hDPbgzs88fHWtTHvReS3rNRk4RLFdvU/YoX zzrdpLqZDJah44eQWprr8WctjBk66slNhGgy T65l032BSi7Qh+fQe3R0IzgqLwxh9WAee2VU 1nLRkszwzNygcfjE8trdf7pwtyauqZY9zqDj sKNsFFabP9pYvHi7dfweR/C7cGcbMLFJVSIp iEit3cMKHoJdU9nOC4AvUCxHXoXcpDByU8RL x9/BWaVFGbGAZePlZw== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. mHxAhUL2naUhz8gY2u68zZm0JDQAE0Nc8IPN dlsMHBA8SdSmZ9M3TwWxoB7/EqylOiT8GDRf QzbYqYgNChWdYc6Sc66czbdB5zPnwcYf4UT2 YXkunPuTXSxWFAha9W78YeNutHIJwJ4Osuuy h3pO8UfJc3oSyDM6SeknxH15RzHs/dr1S/VY NlBByu33hC08VQ49MxJ22I7zQHjCEBcXoB6p LQ0z7JlDpRJimZyHLx3QIoDXXH58TxSrUPwf +faL6nMDGQfJGwYWpK6gThg/ZWFWbeUruZeZ BXjtM4Du9GirSGujpHAG9NAkcBxIvmZ2Y37t jsSwdr45U50mK6LLoA== ) jumphost.example.sec. 300 IN SSHFP 2 1 ( 123456789ABCDEF67890123456789ABCDEF6 7890 ) 300 RRSIG SSHFP 5 3 300 ( 20181212121212 20161010101010 516 example.sec. isolD6Ge9KtgMdZMFeR6SD8eu8gie9LMIGjd 4Hba7ebnUi8d83e9DRfURbOYtZTjPJqmwSrp I0muhs3KaAmT8Sw5GxDp9dtBRYBexV7dDGvb wyFqICy3OfhOTORdumW+pxEKfgdAfsNv9VYJ EZIYm9vfX+qsIANXFH3D++7sNgg= ) 300 RRSIG SSHFP 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. 2D7q1ELbpNl9Ix4KrAizQSFPr7aG7F6OIc/W D0R10gAjkHZhH+t/JpwvzcDqGkd3590cAWn8 9MV+zRkUnR/qj7+POaRb34oBFbYAA8f4mARl BybDjTWxfbF0VTfMfixM1jz/PbJ0o0I3FBdB zUx+g2nYmipcs7DYNAoWik5hfzalREH/fBW1 gQg/BDbn1TvEQC1jVEfQ3YR7VMF/SMm4eoa2 UcbjaBsDN/Mev/Nokv9+BaH34XBIh/lzSF0X mX8MAJZEzzwzgrqwYk4Ocp7EBda5pO55Lc6Y UQxVPNvgsrOpk8JkKlsrt7aD5nPnjWKy602j aaZizMEvU+hpaUGQoA== ) 300 RRSIG SSHFP 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. k+jHq5IPvjzWCPmDKKfd4VWmE8GuvBcHENDU bgMAUw9x6Q4630/KDOR/euZWUS65HPALZdqX PibxJSI6xumkMIUxN2hh2IUrXlyLIVeY+DFg //Jdwo9kC9NZrIcynxiIXYcEQpFE+ICk3qIZ 3rp37ysrX7P8OCNYa3zXT7M305iTkRVTG4Br 313e1OAvM1cWp0fIMo32+UM9yegMMXu2DL4C +cD65Cd4BJtEu7dF4yUe7B2t78HzqZOxyWGK wO+XYaSB/rSOuqTNl/0bL6NA89O7DDWCAJoR mw0N2k+ujDF9gUOFhs9yzAgHbXppC4zocmwQ imYF2t3Bf0u+RVaKwQ== ) 300 RRSIG SSHFP 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. Zjn8vpwvq7lAfqlM1SR474M+d3xffCkiEXaO W+AxUEUAJ+yi9uAF6fsA1wpCbKjaIvPbrZgr kvOczZlBiX0W/3cCL6KhGe7Lsd2YKqGO3TRe cStF9Ylj/KnFFfXnLPDdODXLQChQEEnLTB86 Jk+ZtV6psNwOjSCimSSgc2x26i3rR9VxYIf3 5s0K9XN/D8NR+T3NJx2ejsBzPoxQeJIb32iC EaimzXrnSJqLuDSKezP6aqtz2Jrc/Q+E7XeL 1PJpgG+xBmmIxIf4SijxRTCG2a656lS4hcY8 yl36lzj6QbwQk/EE35SLuyXRjvbowwhALRK7 PcNjz9yClFecgRXxbA== ) 300 NSEC mail.example.sec. SSHFP RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. aMan7ISnjzaeoqSZNWc1qqnAHd/Uuw8Viqwq 2AKYBv2aN8gWkpj5M+61I6RJKXEqoK8PXVMu tzaROubJXbi1qC1gAo6H4sPqQWdJ2MuJ7G7A +VBvKz+U4R5P90g3/mqpBjE4+BGHNkAZ+SKE pZcgPBhzFOsKQlZQ6DWJyJVlG4A= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. jx6Tr9aDQu1NWU+iArkQXSJu/dhsQ/+UuiKU Q5JF83RlPjiqQhFhlyKtlARN3PepXbxOmzkI W3T2Jnd9HDfzy5+b4tJgh6vVDDylDu72G3Ij 7kQErZ0gSQd1FDZSU6LMDDNidUHryWMcQQXT 9286y9ia/zey4ZawbgmdbC+YYVeKZRBkZNM4 F9+vuOm8laYrJwj/waUAAuuvtlc9rGOxb+hE LP4H2PkKVcMbO6jIR6qbXLl87vx7fsqzzPcK RS7HSDAAZhmFKvvOPVMXfk1GZi0F7jxzoTIt Gl4B1rvR941G6VxejaqvXmOA+sLs49drSCn4 lyBW45ylAW/ZW/Uxlg== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. r5wkR1XWQcuQ/bINl2pHKgWDkk64NJZe5N6o EKODsgCysToooedN1kCkkaCNkjb7u7h9+tBG YFJmHFv3Gek0PW2ldT80wMSyVn21HVPmpANX daTkl0EE3NkjnAu7jCC8MZHAUJ1S24dEedGB PJuDwjTlFBt/B6/dOUCVxDW5+xRbC+w6mF1v VLsXhzq1VCb/udhbwoqfQXdztDbBNGRdkyBB tc6F68ceUhRVWqjU2cLBl98wrxD+ZbdIXqyX qwJJb6YtCy7swYb+8nOfVwZpAwcNkeHptDNB zEoDFqn5Zl+vCDIgFozwj9Qp8cCioq1jZzlw vSdWL609KjdlUbN9RQ== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. FQEazIPqzHedFVbV2IVHLqfS538V1bNZr0S9 h4i+jAnWSz8bhyGPcIwY4kw42wbD6J6sffoK NlUS9F/DfoIgCpTwPLYRaq+2QD5lyUDA9uFX 5L7JVgWkZI0dobp33sTelqvxZjcOl7rXO+z0 MoJVJdAr0J5kPP3nz31+EWFL9g4Wu3h7ueFb eF0zA0DYqsgD2G5DtycAwz8M2RUZNbi/Io2P +DvjYLng9eiXJmmQ1HGBC7Vp/9D2OHm73ClM Xa82lu6onm2ScyO5+0sUuNXCDZf+rVgtr3Ac AsBUGjkVFgvLxKaRGZZ4ND/tuQZJrVLxwVfn mwntrMBMVL3khHfldQ== ) _25._tcp.mail.example.sec. 300 IN NSEC ns1.example.sec. RRSIG NSEC TLSA 300 RRSIG NSEC 5 5 300 ( 20181212121212 20161010101010 516 example.sec. r+qJPmXLdfqfW/lGABbtRauhF1ivwtJYgYnL JP6Z2UyGcaThmBnGCBh+ZVqsTF5ye6RqvfBc pVzgLwclRHclZv3gawRptRdKRCC9cVAagAtz oO+jt4Hz7ZmELS4HVUYd58bHYjHqGK3JCpUW Rtzc1MzQXMerzT4kcV4te+0sem0= ) 300 RRSIG NSEC 5 5 300 ( 20181212121212 20161010101010 44427 example.sec. FwiVZ84+pSDj4Ai5nM1IMg8FFMV5Rb9GbLP6 0oyEVx54dKBlc7aet+L/jLeptXdvf3RoU00i C89BgPhXYBqi6IBevANrL4HnI0VLD7cKGQw8 Bh53d5rTXKYlCgvQh5lSLdbTtnUAmhjz8Gbs xob0zTpVuLfKBLfJdibdX3YD3k+jpyvAPfXq 5ABOy8UJIerhxTIHvo2iPa/M/b7EtBD2xPje +4hHq0kR5gdhg+RhNdSTlHE+LTHFy29l1gvQ m32rYOhv+l9NnnzPbVPcpAp/UXIvZ5sSJuNv UFk3bQ1bslh2Kb468PqnBd6uoTZXb6zmkpbP x5BUhkWFBwL/LdvDSw== ) 300 RRSIG NSEC 8 5 300 ( 20181212121212 20161010101010 48381 example.sec. n/Q1maoE9ygqDPu74PBnkZ8te2+yF2Rx099K GUkf/s/bBD4gYYkzELdpF9+qrHcQlh0dpsDt qtOAVwaU80VpYJCTrci3sEWZN+suwsfCVan2 tTj8Q54FCQhbxkqcd9t7YbuyJi4ASVhGQW5n MUdlop3M2nrvI1FadBWuiMe8RAYziiPsA3sb X1vJpl49bgguOzp5d81LT3YrVQnIGuRSqZhH xo+3zkGiBa4oBTf2SGKC1EO7ziul8JVbNmRv EG5UhYBfQGmJ21a6bBftMOqvSKS1jmKIOivI dzVJ7w+KyoUQsH6FHaxDHh8mKkKJJmDxXbGy 3TkgwAq9Lw+qh2IjOQ== ) 300 RRSIG NSEC 10 5 300 ( 20181212121212 20161010101010 1862 example.sec. VNERZktOVwpJwneQu5jisBU3ffMS2MoWqDIt gtFzswwJA1WFr99WpCE8oKPnVY/QmHSZK3ol rcl9nTjjbWx4aFO0UVooNR548Hi/G8nQE7s4 WluaGEMJzmcClTJ1n6JLE0goXb4930Q+Ljmd /TS0Y5+k0UclxSII0TErC8FllJ/N2uqGIx1a aev+HYvwWdnr5tkYE+7ieqLeAjN5sU4zkwyW Cj33djkBkguA9KqqEtVD2SaWBdh1rCRdAt8f bwKK5bV2sU58wERVBKKupiUWPy8dMUeIAEky 5cS0vDQIRTF8f+joTiXYjZeLwsbmTVSInTdz zOjEvwKKAQMtVCVWlQ== ) 300 TLSA 3 0 0 ( 30820307308201EFA003020102020123 ) 300 RRSIG TLSA 5 5 300 ( 20181212121212 20161010101010 516 example.sec. EUrc8WLvZmbuSRmymBPExTiotQIGn+zcIX68 AiUWZKQ0wvltwKM2o6ilQLK8goxcZ5qZOmEb 6hEivCKoRP0ov4yhJcndCJieQ0saa2+5DOZJ mf6BTSyRmO65P6lVANTJpi/fSh/Bxt+qFerF snrmHQSGVjzFBySCg5GhXB/oVP0= ) 300 RRSIG TLSA 5 5 300 ( 20181212121212 20161010101010 44427 example.sec. vVF5lbC0wOSj2ISUul+4ss46jRZ3mmXbf9NY XEQ+ArA+TThi0031cinFCbSU+4ELgDxRw0YT T2AwhFCnEHVYxs9RoynIIiVPbnmNVtDKrGc+ VNjDFcGQ9XikKqw6w1B1dUyRUi+I5rYa/V4C mnDSrynMAgeZOADFbFI/JWo0p8JkPjsVakTi RufzRg+S3ViSaAIheUxDggav2h+BbCa4MTbl 0BIyNDrrGEwLETtDnYu51SQbJgfDam1o576W eaEmSX3vf1hccFJem5ITVrCj+tWZY6MLGhwm DfJSt8Umhwg+TWbQm2hXd0AdAbQVSkucY9Fy TtYfK2gDmtZq6Fs1XQ== ) 300 RRSIG TLSA 8 5 300 ( 20181212121212 20161010101010 48381 example.sec. GTsa2uIy2wS9syW/ErQ5YGemfacsG95datpp CBeCplKsQw/Vh8oqgZRn2r39NaSroEY6rUMQ AWtcl/LUeGsKGMAjJ3QLauiWNFXc5kqlptRL iqlBhNSpMzROXEqpwu6o2C2MF2hFkUEtUnj/ BZxGKbQmn+a3fA10iy9ADXAHQRXvVaX/V6S/ yOtuAL53BC+yDGrLKKivSLW2w7y+iOf8yBA8 Vmolq/p3+M8naHZl8LzmWReRcoBITOUMmIf0 eq0BJ2ddwEAoneGg+168vCASDbTarXpUihDV XlS/EWfpnG9eRSEEyFq+pj4pdb3lLNxLRY1G RWvv8/A3n7H4rhtLMA== ) 300 RRSIG TLSA 10 5 300 ( 20181212121212 20161010101010 1862 example.sec. kdBkuHzOk9CA9UIAvW00ghDCkNTqmpxjqk5E 16e7RaCrKA3UY0Hi5iXAiBkOhwTyGCWgRuQq AWgp2KwYnzs5ZuN5YWBqLVied0klCOWeWmAU mb7IGK1f2veAlTM9db3WLDmSepvmbkdw3F+K JrrqGn/sGYSj3LtXZ1oggHv/9cZWbHfipwZi bY1NfA7matOb2aNhO70Jvym72LFtNVbwanlK sesybPh+dHyRzMAyQLibm7tapJahko1d+KnR L/O426UvkFEGeu3Gm7xhN+hx3TM+URDfc7zR oWvs4rod6IZBIi++ZB/LuO+l3zMIntIy6etY y4ZQr6lSwWqCZQIaFg== ) sec-11.example.sec. 300 IN IPSECKEY ( 10 1 1 192.168.1.11 AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt 3y6xImvMjRqcobreI351nbop04aBtP7o+r0z rNQmy6FqkPiI657FMEdF1cWJ2Q4lA0Pymgq/ BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vc L17OvU1ksLs9/9hhAbYYedmbAAGmAqfICiLB dOPCbhsCUyq8dTa0FaEinyHCJSHJWVZ8dBpb br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 516 example.sec. D+MmZHKbVmQCIkTu8SchY0UjsB8y+UtTC50R Sd/5DekXVogIw+f0QY3PEZXl4cJVBlKS+lRp tHtS5/244I2N+cRSffdHwhBlZpt9iD7S7CL4 yhPVw1oRqhSlNv9rPTiXVwiX6HmCeoxQCSD5 G3vX0k3zSCGGdkqlk0qtO1QT694= ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. xyMK4+VtzkwjdR8ikxuZ8WR5UMntcaS9vZ0J dpMSTk6283PEtwurrITYxkPLNnrQPgp8R9Dt JHUpU2HSMOgYMeCQ/Kn+0/bI3zAuv6RfPzaO s5olCS6EYYn1+cCeowLETTiL/OV2zmtuCRx7 Bbl82788cTEydVlLs+cFT+J4RzWE3f1DW+Gf Jf1o2TQtQKQSZM+USCfLD+Ze0EHkQZkffWgF 5RwLxeeI8AaXDDut/ZVQpEXqFvUMTVa5RlMq QdITIJ3f2xKs0eeeef9xRS3IS6/fD0uEBg1+ MRBMezzbYl//99R2MZVEOOLQ1XeY1m/akTBF OIHxzGEjLuhXEhv9ew== ) 300 RRSIG IPSECKEY 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. DuOUhn590KHaanXsaZkjxlGLnconU8B8QlF3 lmn8GBViqcpegxEMKvqkwIazJDLGsPoDZeaP eSEFGxC13dLJiAeMpTnzzv24EjRTJS+NamJM CKHQDSKqgJkOzmiyUOlPfA3vfZLaPZADrXGR uGFwqPcEH5lkNKfWfr5QT2mjosIZtuAvjnpG Siz6LnaTLiFffin2iWKXkgcjRCYr0cgTDUvt 8bWBwxS4RD1yZIJmHx8UwOptUKrBZnPbbqXZ 3Iqm4NeOzVIKlx19p3MXqUWl5dgPGBr7qUbG r4y1zmnu0DbVKiCfezgM94Y03Rfff7T7dCga dwjuEsRStvRKig2DBA== ) 300 RRSIG IPSECKEY 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. DRKBmqio3VJ+jnJ4F45B2Wf1ZXNRMUDKUwfB ECFhRTBG4fAko58EVJDvNF2j+Hx+MRFjokgm ZKeKZYleu/jo0SbwZjxsk+LZnUmRte7A8uQ/ HVNR7CK070H7gYS4TE+F2IyMd9S5z1GH2e2f VgsMwlA9TSZaqvb3VnvoPNw0IZiwbmw+T6Ie DvMp6pVC91GRc472mbqmfg01GApuAYvGRvLz 1tU+g+tOLQZzxjFw7cHkbd20a0eRBGxTSN9j wmloooDznXy9aiSxBCQ+aYh11hvYMpzoIoMF 1F2mnT3LT3FFgCnbLH2o0P0MpOYvKj55kdrB o/fw2K2jN9bINLrhfA== ) 300 NSEC sec-12.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. XzqRMTJMJ0oSPYwQt6RIOfScmhcQa0iHfbSs Ix5TV/c8lPWuMpanbjWUvsMblw/GypZLiIm5 DjKi2eMDlLNyYNN9DsflkwkPaBbKirWq4vgg d18bhRwqL3Y96x2ks89aiP39AWrau2yZDzX0 y5fJiN2jcSc49EWsdwk2i+Gr6y8= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. N0FMEYPy/Za21InzmzSYAp9OnDF9IEhiCXaz EhGlk3cBFsnuRvXZrtTScoDkUBXuuFncyJMW Sj+WGg17L5UhsX6rwx/EjQF/XGyI/DOLZKB3 c4ll4t6QodCo9Iz7kPXmra8qrdZTRPRgRqzV 6HAk/so2iCidbEaG8gIBfz9YWBRn0VCKG2Wp yqLqs3IlAdR5mJ3haOPM0JWr0kWywXA9YmWA fvxXtq46gepNcVJv7/JXr2b3c6LQX4V3+6mc NhxsDK8KrLZ4KOdgwUWYv0X5mXZ6EE8/rQJe SVrViDzVWGshK2mS3+VJzbZuPkXaRXfxjkcN led8XSLpIlzGhzJdTg== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. MR7kag6aIIFa0Cjm2FaQ429gN3BNaXZOSFer Lfop7SrNbBG1+K4beNuyX8oUUFuxaK/JyQnt B8gZ3Sd4+X+gRQ53gf4AX3qNCsngR7OjucmU 71r38xw37B7VaTmGYMR48byanpvlX2RkINoS utxs2w+O/oKGZsK4VwNrQcQc6ZuvQ5DskIEH lpKwkZejlg7GuLaosnZCRiHmTxehhl6tP3cu hq5cal0gObUPDrZDnV/ii8E4o9alh3TWeUoN 3pvBVlMTOEtjRA4LRw8b2AhDEne/GwNlo96l dDvcMaUL7K6BBFEkauxvL3L1nqzirLqBUKQk OeGbPbQtWjtChxhlyQ== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. mzBFRnRJRVITpu2gG5Z88sxCRVtPxJUvII6+ luYDKgZtmIflXHcpS4CC9zccaGJAuSjuBAgv mDsbN2Wf9s1sC+T/YFQG53zwom7HSakr/A5P LfYMgZTlp76W7/Bd+6AzdhV/LQ5lFUBOd4QU GrTObiRlpTBidCP64780KeJuputoYPx5QOUT zxaIRht1HYSvpHYv45tCraBK6ab/1bZKrcAO qVFaKuWeYhgJQ4YNyyAzKke+Acjr3Vu5Uz6n mMyvoiPx8saiDJZs+aonkrEVONYF1ZW31UtW gIAbxJvWPwfoh7Dx79v+TEwtH2nEPknuQdso pV1/AAwEJwMo9ypOlQ== ) ns1.example.sec. 300 IN A 1.2.3.4 300 RRSIG A 5 3 300 ( 20181212121212 20161010101010 516 example.sec. VSulhGHN1NV7QH6uzJ55ApxAjZq+6Qn+DvT4 Y/Kx5c4bw+ZiXErJmJJBmENScT+52Hh3Ki1k x2O2hoIm7v7LSC/+3jlTjEXmPxV6+Cam3s2U apmxZN+B6KlssH/1lgc7qzh6yBDfs+IZaakj tMt+2gUSx3qdajLtXmAnCyiLJLg= ) 300 RRSIG A 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. o47UUbgcUSd9S8zOFs8h3vWTmcuP+cZRD684 UOEtfOrWNGmX3kQZqB4UznyUxALz9gxRRWzX zDK3huPkA0WupVEbYJhqx36EqLMEwryoGqE7 L8upivTohovDeuJRcmz1xq1M+8nSNOr33N9T yEbpiuN744WsnvGM2K/aja4tkMRImuk6Ed7n sFMUBK8+SQxmIVMdGe4laJZLOxVKqXAkmIw+ xs7yDjPs2JWzFD3XFpX5yiQdcGuwFIFbpc1G kdxcs12H/XHvNoVUvMTf1soJTcvaBzv/UMFy KnRSuhCk9JwQQmguULZ7jTgiKVSSpZ9+xr6e xuxUMIuaR45XPUXV7w== ) 300 RRSIG A 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. Ce86aefdf0aMdoDxrkoP3cpUTeZRR6us25Vi 6T/ShoY5st8+0z/gkjraK0/7huNZMkvixVeZ rnsi+g2z1Kvlu9wjodDfiVWUymjrFdNtqscG tsqNfBRnH3Hrzr9ul7txWZFlcnrLSKm5wtNK XJZ5ChH02rFvIgOpyJGj/msvh50j1xmXENrq xLevWMy9dQjqi/iJ2K0dQQCL6w9iKW/ixxh2 Js7F9zYkWYoPp8A+UhrAZep8Q7jE88iymyko EAKIbb7+/+QENqJw7WDx+fZ7eBJkvLNwisU7 SwPT1vYRgDR4eHzRJGPEWWEIGCsRCj3PqOW0 no3CMvdnYisET4I6TQ== ) 300 RRSIG A 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. XFdqOX0w3WgayGkDBihXDKD1zhCBVOeaW3yV J5YJS2mJNgbGUY3QXz7OwSeQs8cD9cHxget1 oIMR+op3H8VY6h3AzJP2EUNWw7Tuyh9wpdpU NRAkRA3vsfT6eBccQIbTWSYFIypdDufT6PHA hMJNvzSa7ljRPTuGiTZCersfvJ0cObNE5R55 Y1qNNcmoFPysCHzZE7sdxmU1AO4IlhuXMA8A /LCXGFiMb5MKzm/qlrukTnUn39t62yEkisuA 9P0jMD5fWey7KyZVS1K2dKqJdfuhF0eUUf7D 5i5wi0s1eOCZGRV7BU24Up91DkMUHCyWQ2y8 LoXhow/oMgADtWMk3w== ) 300 NSEC ns2.example.sec. A RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. kVV6hLZf14IQaAISR/uaacBi1VBjKH46BsYG E9AoKqcBO7Kxu+KEj95yBdea08vzko36kOP/ uWZ9cMXjXCigMojjqFWkv1RhJdMVkQ/IgDPx MCDiHrA+LI4z2YexyDuW/dnDacDDBS8Zv0XG gwMu5+86R/lPpBbC2KIfPXWZbnA= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. VoYzCDJPSLHtbuhrKoX+po/RHHYU2oYly+pp xhL4M3SNRxD7JZ9+dY/irqcGLheiMREuRjA3 rCGp2NbPtLjmMfZkARzhoOTtYNri+p0ka53v a73X8T1xYAOW588ziWLLruqKa4Mdi+Ru+9e3 aNW6AzQC/MGhiP/Wjd1j9ZeGbzyIPq7rFXgI 7keT6XhRkdsGI0jMZmm6YWPRqwJXr0I809Wj GMdVfl3+Z5FHaMQyEXE2LN6pZnUY4817GfLY dAynL077dRtcUOjG7MU9tQx57rx6aNw9I/Qd SjWg5DGWcqAD6hVZB7OutY07HbODFwW2YBKK SD4pO6+t3OUyTimNKw== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. MuiOyDyiepK/LcssFA8yXDEeBQiw+O+45C5J Jzae7DMDqkW/LtZR8BBrKmbp9H0rTs32Bnx+ CD+UKc9IW4q7N6ReWp9/LAEK44SgYa7PEnkm YGWBZqPeWqmzp2UTVipD2n9w87iFXu0lB6Iq 7/nuBd76WBBXULjMq7HppkDyITEo1LowffkS le/rNacTQYmoGjIhjZG6aCIbHSVdzsxT7Keh apXowiGAJST7zzL05055Vfw0VaPx2XyPacGV xlTwZD6og/fH0dphUIPy2Bsad+Im/ce1rmQ+ H3XeUqzVIOWpYJqNzEcythfxfcfDTdPg35Hq Fxo5vKGXe2FteolkQQ== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. Sga51xsZS7XpV6Qgm6bL8HY7xsplIOwKyw6W VTFtZk86lIysiGEOCPkZWJ9kkc6QpytyM/Lp hUfSKU1Swto+laEKt4zGadVFALDb03XL3Mdc RB3qrmZLIDv+8ox8mTrscv/mTjt1PPYS8/gn IwMtuJkFb819ntuIgPoD3WL8ttCCIJkq2KHU +Tv77wOGGoos5OUKtzXw07t3aQwbcNRkYJjr 91YZqRxLL67FSBXKhTRZmpmvC3Mp848en07A 4vgvij0JJ1YL8Zp3aIc24dyf/CZ8HzwzTQuF he33AXb6xjgmADby130rM66bO1dSDo+/2GRU 6p+CttcRRbjk2GParQ== ) sec-01.example.sec. 300 IN IPSECKEY ( 10 0 1 . AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt 3y6xImvMjRqcobreI351nbop04aBtP7o+r0z rNQmy6FqkPiI657FMEdF1cWJ2Q4lA0Pymgq/ BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vc L17OvU1ksLs9/9hhAbYYedmbAAGmAqfICiLB dOPCbhsCUyq8dTa0FaEinyHCJSHJWVZ8dBpb br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 516 example.sec. tG9BDXttAhq/pvqvAtAnsUin46/z66T9yHLH Pt3gzwnIa+r3F5hqGxqmWEhelWUUxvwGJcQh NDscQmWvIY9acwKF58d+2sY4JUOj/wR1ZSWD 9oYSMe1Jnt5smGcbVEEwvc+oyQ2POVYRO9wL KKaodgZ8W5BGgyk4IHYqS6Fp7YI= ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. E810x3vA/rvBht30WgCi7oBxxN6hPlJn8dKY uy1jAC9vl2W3J5A8UhIt89sff8kTGCd3dN9L yrx4PEzRNRKxbCXXF/ZCZdGiG8aA4BiLUTPw tgtDzuqx2RAm6hxRlYw8iERDn5h9tdA625CR 9cnROxhjx3x5F/Y9hcJf4mz4jMKti486DMQB uKENyFFBbSx78ZUtFy0Zo17MXV0xM5GsMSgP gcS3IRgiY72OR43eQ9HXpexGmt3mnQt5xQ6+ QWELLmWNkKcOTZamkeMPnQmwVdh+NGJVLStM xQJflq606f0e1YMj7FMGJnIG5yJZwrT2jrQD 2N8DcDc9H8/wci8sZA== ) 300 RRSIG IPSECKEY 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. MRFDvSNaBDN0uXJHShWHAoe3163OlwKjh5Vv bHPOGmMqChzJT56E2YN1LLNHNOCCePWUqWzI 8KUpSEzHPn0T2v3NoX2D59ZpHWBY1S2CFqxE nQf/qEh34C1N0ue9sDlj9lH0ze2+S5rKbI35 UVjcO94kGKpEcBDPfRDEBcfgoni0qrE0FuFG S0ycAv87e3wkWeF6ISkeuHph6hSyrtol59z+ KdlMTNY3vRvAQPv6oBdmb2Ri6RgINkb6s5ze gCR640JglKzjPDyysJkTOeAUK9TZzNuvlXVu btZkqqSdKpug1ik5WfpQWI1u9RIeSYFu/+ai usucxtivAa/mE1lsdQ== ) 300 RRSIG IPSECKEY 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. iydE1zSvkIyU3ogg44zbiyv8aMcs/o1peWKT 49o38rb1cg5w1dU6Y6SuyHmGI7LThohOhZbI gNewSLV1SOa+40a1sEeKuwyMdqDKMgTicH42 t4P0FKdZIJmMtwbRqV4zW1uB+6FiGQbYwyAE AWMKIbo6MGxKO9kXfYCpjewS3yIhI02WL0V4 lUsw+rupSUbDfhykghy14qBlF4EUCUfIcwZ0 ROm2V6oEF3f8dNYcuSDovgF93qCamn7q0MXe U3lsmz1B3CspT1anuezpvR/kXIXJVpXSi2Ox U35K404MZkLzl7wZNaGR1pwkW2oTsWqPJSQs 79ph+sMC8vi9c+xguw== ) 300 NSEC sec-02.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. YCt3Cz/LoltgpW8xGEYNTIH1tHzuE3BWX057 gEex4Ymi1vVQacfBYMaiDZWg9VeVonQ9kVNP 0q2cpWCIbbwu5FhLqiDQhBE/eQg8eDlY0Gwk CCSZqont4U94Q0NkuL8P2cVH6KMkTyifYa8I 9/YYV8y3QbZvFVWyv0kvOXuUqP8= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. UwuuJi4OO24/1H1+Tve5xkBiisXsvk8rnPac 34/Wpx01PXiKKfSmkCUX7tREYQDqHeMbgNQF OQYIjeLNPVEEKwrAzu6115+H2FKCk8DDnxRr OOAVAQXflDXtZ7op7I7BwvAMsxA0N1r4e/lm tpeStt8Ky4QVICZs/XJ/zqnMwoOa/QJwY/nG Kfs+V5VbuZqQQDBEVLq73l1Zb1r8G/Wj+SNb /d/WBDd8rf+u71OFZKlJgqSd73Q9fQyYtZea cKiGtOpzkh1WT0SnATNhE8TEDDzN+K9ymoSW 8/gggv+W6L8/cvvfFYkAvKhGgdhuzJS2SE6n p16Gl/Yp7jQnmVgnoQ== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. Yd9ttghL3MV3+45CbmglhbEDp9n1qH3lfLs2 HKoNzSCh0AGHFwnNbdAjn0l99dk70v0aYZ7k RVQkYVXqHkHVvQdqYs9FRtIXct4e9bHP2ZKB xAAoRSgKpAiwjhr0MX/nq8j7UacsNB6ndU5R wpAy9LVHJi260ofvyAumJazCYA3z/a1N+sTv O2Wzgkm/qSlx8AKrnTdbOcTnD3Vq/bpRoY0w RFcs4N3qdkILyTBK6X2I5eh8twHouBoeATWX nIs+I3LGvp+H0gAntT2OQGqeMaDQwYaRjBJJ akwoyc6dRN7rhD5Kp8Kpwm/HOJ+I0nW9UZH2 jwrE5q3ghaCkAS24Gg== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. hPq+o9oKOcu4lXZqKZljb5vqEgyXceKdZhSA Cb9iTH9gQOAdl3xPLMebiiugPaQ9loJgZ7dl 115RFqpykpbM62aMs4gL8qB5HXzeoT4tmxyC HHJMiIGfBBAvUcbTUXqC4P50NiFaC7dmmW+E ntAZDbBn6QcsH2La7pPgtoqTA3vANDzvxDfa OSwqXKaTvaYuuMo5I8ITuwygymWup0DtE3PV fc/c7K0vxWFFKV3uss3WV9f1kTD5AzSqh/Q+ rxYyixdPi2LlLmZ4K/7NRBy0KLKxXGQZaBkl rWF0rTpwnJYh2pnfhKJN0RuPBQxUEuMqg2Ul VN8KhJEgxPg+2PzL6g== ) sec-20.example.sec. 300 IN IPSECKEY ( 10 2 0 2001:2010:1::20 ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 516 example.sec. tjylwqmHqeA8Fd9Pfs73MTlpWZRfE0n+WYQP Otr35nqTntkGdy09rAj5Brx1tEWn8DsMDu/h iyLnbOePqYBXhFaCoBNVxR3/IgoTx8iz+exK 8a+RFzJN8JTtZ2F66Bw4NKuywy3wQrUECUDm aSdd48ut7s3venVkYsqWeOUv8YQ= ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. 0zgPGp2mHOVlSqV1eSy1kMr634A/DktQ2O7j 9rwhC8yYq/hfNvyEd/+q3j+femQ9r4KDFucT xDalycVnQ1SVIaF398skn3YcJbUvezIvlG96 +8hsTomnwvBul6dWQoTfeYcTjPch63XOQAz9 lkrenfVdqrR/tD8sEe5fj8NysSPPGZYepXOm lqTHzMRRLkecFKDIgcIGiMbaZID143t9ywek Y7sBRR2e8V57MiKwA1n4K3cssYy8n4g3QoYs scBGpKKYJLAoj8wSfMXxq8ne0vfWOrwkI2WD TkyMpgyI0k0ZW2nwQa+VvSKu7VFDF+O3oKEd 8nNAPLkm74o5Xz21bQ== ) 300 RRSIG IPSECKEY 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. Ggsal8D0dAgBvqf8i510LVt4FrWzK99/tf1E IwJ1zFPGl5vdkDDUkBCDizhJ7suar1wKBae/ 3okQQaS9oYy13BdikijxyyFiL9I3fiZ4YH50 x/ZIDju8whbNxrExYV/xig4MrrkWLcVDBuKt N7ZKYBpD9d1CigZ37YtRzWXL6XdRrPTkDEGp Os4At1yjCsRisbpA35xGCHuy1Pznu7wyIe++ +I9a2j/hJFTOsfeeTnRpNfWzQ2d7PMLglwDf IXpmxsKQKwLgJAgCOZZgLzxUldAZuGIb5/dC KzCcJVNai7IKpn32dOrRT/oTFXPlZBKzA7we H3cXS39r/CtwAksnDg== ) 300 RRSIG IPSECKEY 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. eGibxPy14OhN6qywILDF6U2ZX0Nn6+LyxMgZ E+GUTElgKZVj5MW4Fv/Sc9labsVFPh2jHbbM vShcRFDeN9s2krI2xCUfwftmR3hYXnRoNCN3 lr+ug75ePSXW7K7uo8JTyCc8IgpdrOMgQVMH s9ap9WddvB6wcXUnSWr9PYmmtAkYGvs9VbpZ 84lyxtXpXz/NahrToVmip7xjARVZydq+vTfh WwZJz0NhaJKJdRUDA1kSRF99aqJqnLd21LTe cLmCMEqtpXx17bxMXlaBUb3B7rq/BKJg4czn UKvF78/9rEysIUpju7LxxmLSl6q8dd0dX6R4 mHx+wJiNYMEz2tZ/PA== ) 300 NSEC sec-21.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. N+IOMKdgPX9Rr3i0bbe7pUWq0dck1PoIGnyg FhGPQ5N9kN9SHAzJqiwyA8Wk1go/NrdRpara UwuueTlZhOnWUFTeNZ3zHtBawrQpeVoTfdos Ev666zh0UWfTbY7mXaF4Ypm1xSUmxC4Z/r7d aatMwv60DefxPnsROwlx1HZocgw= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. Ev/1PbSAmIrukwT1clYw49BaCTNH4CpUhA7L jRNDsJ+R84lN57O/TPeB17k6YivRNh6TFNgD SBBhtYnk6YZI4yG23h8E/PwFwSD/bXoYp8gC NgqS7IogNgFsVyI9YorzC2ngWFHHku02CFvI nMdA8jp+/pZwYiTB2QdBSnSCtmwoVhQo5uy6 na4/GXeh78LEPVCdeHXHTLTdhzmqL8tNraIc Esc0OG/548XJ7wzAxUC3AEql4iu7msFFLw0r 5bnv9nLYNF2B1B4+fifOmleJSerlsB+qbXAP ssV+BENJPKKtykXPv0laVw4fDOkkVL/cie+d 8g4qmvKtu4tZesHkcw== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. Kr8agywhkHOZGdA+1m9zYIGkKKwtGaz72FPk l1yg9UMVgIDN2vAj9kYnexefsZ9L4jCopJMU uGD64tXbOeVIWvxdOwwer3GtxSMxVgRhfFlc AcS74bOXC1QNFTRsFBCAxauASH+sAml1CuKC ysZPPWuxg3U28dHqbzalNILf8SwIy8AFsmdu 7VYeSLqt5DslrO+xGTqZpb9L3S30MIz6TpX5 TL20ILVOWno51Hzy3v73qLjpjeuwoXDm8V9M 0tKP58Uh9TPW+XC7WnJ/W1NNJAd5LoZ2Rpc/ xCY0BymxdDre6of2DOLmtwP6DqICJB6lSg/V u8IBAJarrNfATWuPJA== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. pbxReQlDMPgS8HZut3zOBhnpQYVc7aiT15Sl C3mehzUrn5QvRSlQyZrnwLstg0nx423UaWqZ uqIWXSTmkJEYGstT9B/EruBb9bc2PUSpp4vY NcXIWHH8w6vsHUPWVOKPQHDtT5tYtK+6GC2w dnPFtI9E1L3RyQrgPoqYz/5f/31VLyb4R65X rMlSZX1oUO9pmHxwogfoiAyuA88hncerKkRD CR6aVRG3DhEa7xjGn6Hxi7Wo/ZGKtaSNdYp0 KIaiUVIxQhAFIOiuU/9nqDFgTcNw72Btpty2 fREGSFq1bRSTk+CBJXw/UjvLnZdIwJvZ8BxK GrkWE/rSnF+kmxGczQ== ) sec-10.example.sec. 300 IN IPSECKEY ( 10 1 0 192.168.1.10 ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 516 example.sec. AOvxiEY8HYQno1h41Kjg7P/U35XRa/EhJUYk U/PnHwH7/aStPAn0npvZY6pOKGqzZXmGS8Le B04NPpRU2j3/b2hlR81WvMvMU+BAdBtwct69 gd1aG1+za4sgfiB9BQQELznuJVeo3/Zc15AP Z/TVYG6cqZNfLw7JPORTCexavk0= ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. WoLkHtWH5V2fxCwsSXli+Li1sQE8meKwDMCq 6ZnS1r6INL68kWIsvgCOSmt360j2ZK9JvrsM vdfOLy9+wVB75tlYWUS6aem8YwG8bSCvZwwY OgG8BVbZNisutmmRjhUf0unGBRjiXRUWiYDj nVnAO8rSDNWN/TXzqYMGep06pEEiBzKN2Ig0 Mft/6Ar9vm5fAYtDcR0Jo79YByhA51Fr677a 2p7IfVO+koTuK3MFoRLVSZGQrc7ALFu9UEaw JbQkk5IDIlJnU8ae/Bsx+B0wgv+px4rK5i5/ hAdk/1hECjNLI95F6hCPHTCR0Mx+lPOJPD0m TV77HDLGqxBQ0jhIjA== ) 300 RRSIG IPSECKEY 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. GSBxoR9JRcThupcNlgjm/g6XTwyEAF/vHyoK JmwH7DAgfVhwyHjVYw79PkaHGmN/sUwdenPV Bd1GKgOUjvjHXvtO6BQ4+mSEOlCbWlHmOH2y nFSal249NSm9eU4ab3PV7BMFPziGH6o6bhZf Yfe756/4e0rwCKqiFIcD1wlNeGmwVnejPgz4 i73nRVn55r+QgcC6Qby+jeZiNzLXgsLsLr9/ q4G3Jkaa0AAXmOb7XaFpmEXuqROZzCnceGHB 7biLR4U55rC9DgkJPTLSOzuqRn0NwfPs6e6t R/7wClYjUt6XHjBwHqSvLiTLrlv4q65eQWq1 ft/uhKP3iI3tXHa8cg== ) 300 RRSIG IPSECKEY 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. eO944SxxYuWjbMQ9XT7Yc/5C8KuphOPU/9xM CvX0KsZMXIWMEdsjLVyyLTPFYmqpyhA82tWg 3rOhofLSnyOo1ANoHsJ+9dwVAhw41RERhTTQ Jzv38c/YuTyMgoPHfOafHzgLi55/3adxWsD5 FD0CH56K4rBHKTKzpWtjyRqPqiaPCXejKQeT Vk4XYYYpDCoEIx71Vo5TZanr6GKfSNeT89wl wiztTRChDo7GiMQsli1YP48GQGyPm8jRU5JM h6fJg1CaWuoxCTWX/v5+1rxcIjZQx227FVka z9rD3n/xA2bv2DKbLlMBc2nouPIb7C3+3wrG iNRVyhoGksoDY9F1RQ== ) 300 NSEC sec-11.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. XGhMtyCDdm4i3LcU6YgE+Cm9hVbEzUZY08Jb 7wBByMAbO7k/x4PTrgA7Ig/cTKbS1YF+cDad ZjIGhfljB476tAr42DiyXLbq9nYBgk5jLpIr hk2nvvIKOThdhQRAH1FSA1XPWXt+8MRNqv2p vqFUf0EThn2JobC61evB1FYJr2I= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. oP5Ph4R9BnLVI3r3btH6NdWs2hznmWt/O5OG qW2o5ttsVsjllzCV6RscxYrh/UmMCllXIhm8 hMqFPNASCoBEorZ8AY90B3FS7zXw2pl/B628 T1ItaRai837uBdbrv2RQ3JXYqBZEr9hLxlSj PsDjKoy8mkVsDrI472wY+Ym301WrWl0wKDQR 1JS7fGDtRdY0YCnx4n0K3P/04zle77Efmfij dYALh0mlZ7JN71pfSwMapWB/JTNo7O2udWGm rEM/zO3eJH8uXhyTe4CFzAWJM+pbdswWwxRk 7NqHAohC/YkSf88C+aYXijCZlYJ0UdmA7nlE SiJWqelz2nMww+zoVQ== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. QRiKplqddN7ogKMh6qu16OSH371f6+5Cw6OD 6A7kWvsP4s2ie8Fu9WfYyWl1qRNWd4gEYc5A BkJa49zi7qmtDvOoZRD1KFSF6N3vKmwUbBVE c32oxf3kQZxs0Dsp7B056Pv1BE0KaapP45Bb 9jwsaJaO/x8muLsOjokbfsACfY/XlJ4kQGrY z4hwJ7xm3b6SHY46Zv6XRw1TyW2CvHkx/2c+ pg9gCCB6h2Zjn56FRQPHPcZqYMBroK/azY2B 4+GbKTgfA/NqGdw2lf5bBi2fHziJhk6sWkh3 RXRRYTQHMZatoehblQ1YR9Bo1F7U6qq/RI2x Tdbe/4cHjVQCkO7t0Q== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. VaOMaZWd4yo3vG8eFaeErZ1PjSpkKsRHNtqA O4EKRe+0SbypAJzg7MiuXyqFoDh6wrMopq1h MwGE0PrJUnMQYJmtAethsMpBkUtxgqZPaFaH jHUTRhaBK87jZDKQ0R/P5gw/whPQK7DJnwkb +4lj9ZT5bbJyJfvfX2jdl7zLEllK8ShboiqN v7LrrQJECCsCe7PL4f4qyCKW5zY8DZyuu8Gl ifE0+wY+8rFNnJWnRShPBivyy4evVsbgfMFw XRqkW1yY0TGfJA4C6bloanBbREeQ0ENiR0KS EfLjVCQqTn7UR+RMhphqYvNvCYKVIQKk7em9 jb5HCsYAE3E5KB2hqA== ) sec-32.example.sec. 300 IN IPSECKEY ( 10 3 2 some.name. AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt 3y6xImvMjRqcobreI351nbop04aBtP7o+r0z rNQmy6FqkPiI657FMEdF1cWJ2Q4lA0Pymgq/ BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vc L17OvU1ksLs9/9hhAbYYedmbAAGmAqfICiLB dOPCbhsCUyq8dTa0FaEinyHCJSHJWVZ8dBpb br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 516 example.sec. WFKnw31YDWLiuNfHWYZnghyxu1m3supAa1u8 BTroxFvmWai9zunHo0n6JtQD3mwwYxPo9Vgu FXgXuOaB/vnRqIP1gbspgc8CJd2iBMlGeLa7 zCsXe9t8OgGL+8sLCDZpeWJiLmQPEu9+rcgA fNP5eINMWGzZFo0O7hmEcTQ1zWw= ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. dD/tZ1ANTC6FYZcfJlXBC2V8I0pvqs9bkbYm bicN2Tdcks+BlB8NWl/muWsr2/8r08KJpN+8 mZnOpCbLVI3wGjYaHoH4wQHfEo/W//gUGUGb He8R/YMCh3BOjtvzwiuoePRmyyDiWUOKn0or bL3nf6cp/9exLHdNnXe+8NV/A14Y735qGvni k4e6lGYyZ4wexmqzj+QQ3z0glPe/iu1wUHix 9stdCHh28DQI0SxG0U849NurrWEsBkNwA3t2 EHuIIPtPrTADGvOD68tVhxziBGd0SyqsHpWn vbS2QWLzWeKwIN49ePqTYMFp3JNbgR64F+ty 77NbquNRRlKIz9wT6w== ) 300 RRSIG IPSECKEY 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. lr5WSXh3JBrHFzpfHiNTITkFX+z+s36o/WOV gYc3aT+BoWPkFPFGn550rYixJZUM1az7zuGS sTGi7y10bT57dJfw3bNqxLRzCuLO3ppmI4AT 0xfIrrTJqm3KAyXUiXQqJ/e02eR5k3A3ptfv uraQQaMYVzXp6RYNKojysPNleNwwjjxoZQ0M 9VSdU7Mwbu/USQQ/T8vQPOZ+pVAyadBEFB71 7IbyYkcttSIUEn2vNuY06Qo7dpS8xcEdkt3N TP5sY4tOLDAm+Pov0iGCzf5XtxqdnhA/0k0W yxTSwMMHE3gwmjVmw8F+pUfLhEayC6BoUdME 36tzfs4MgRzT52kGjQ== ) 300 RRSIG IPSECKEY 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. psHHwUHzPaXdd73twQNarWkgvihwT4qaZk0H JL36KwsMIXacL4gYhlv4k3Yo8fTk/xz1ea7R ZQo6RbTjotpkwXl3JKL2lBbUQgisUgBNqrm4 bV9xcxxoeJh70xSyNsPKNRlhIiQI7S59lESy LnmLGfM2AxjAVWIvkyAPWkusuKkE29YjQx+h OECKQO266Aln6XWpglT17tUHqwk1pMsrSmYS 8rhP/g9s5euVuGYMh5KA3m8fQWQCs97CVofN hJl4B8RE8ZSCQtYVKYTAcZ8Uxl43IZGajvc0 aYlA/iDmsm1D8Z6N1e8mcsefjJnXYMaOunsd uVoBjKxAnLf+ko4V7A== ) 300 NSEC sec-mixed-30.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. B2rLde15M3+mnWcVSgP536sFS6jp0w2m6C9Z COpIAxg+hFuESbnqC4KTQsjiC6D+r26r9c/F YNy7fPlKTpG3+BfmRKvx0M48XTB7kuMZFSv+ 3bscm8rNon7QzCan7mMaBaK2iE+B7RHJ3yWQ lclS4/ISJS6hOe0mJWQ7MZ5USZE= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. ZRvKcFEP5Ewm4uKrLoE3Jl7hSAKQBPNSClJ5 GKqdQIGEgFVY2wJ9oeWrpnrBeUNKxqAUfsEX X/8WFfkYFuJWVabi8R6MQ6PpLV361jctMXhx zbym0NP86yuOb8RLzzZLR8h1RXWdyKcbSRY5 BJ/bRxHwno1AKvwgSd4bOsi5jypytjaXW08s VeKzZiiqx9CabukMS4KOqLgLBrNzyE/Kjd+l j6SkvSAK+9ABMNWPlv03lnbo3itK7HYUTNVQ DoX1o0MePgvYxh8A24MGZxoZMcHmxNAeUYM1 CZ1GxbkVZ398YkI1NnvscW3DOGjoA739i/ha 4UPgBPBEv6WAdRwGfg== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. 04pyV9O+WCy7anxAcybbvEcSFOQp00Pq49PV 2EwfaZwmATg1BooKXSfHepppnSJJbUAc4pm3 PUJImhSpPQI1Xthqu0N7IGaA48a+ltps0qUu EeZqAWxK/Un6gDt6iguqlQZnMuCPs3vY+VaO ObHw9j7LTmbrSOQ7/wbuZEq/J1/xSU6SkePK pp3A6DXwfhETAx3xX9CfEVYdcicptqdqF+Ci VjLvUoTfeb3UJn5Fw9UNSD6H5UaxD8k7WVNq b9Wy5mfRrRlu0fuHNFmVFLnnM7p2UK0+qDyf 60a9l9V9L04HD1ttW81Hj4eWX3xNEKYl1Tj6 NA3UYQwNU8Nnc5FF3Q== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. beTmIlSaUs2hWD7A+TLnflYGpSTO1f7k1RAK 4b4I8VPQnoErHap5PvXovIqIjyJz7tZgb8ht 6sWcASJmTCm5BO6PVROlf1ZHPmNGrKz7/sVh WnA2WVCtsY+EzJo7sAiOl/zgmiGA+cKGyx4Z 9cTDZnYcg3oQn//ZJOJPFC/FrauNM/rDsEV0 nAaPTP8o3Td/Z/0jbdvSa/w4F8h2V5mVLWZu ieaPH/+xc4hRRHy+ixDZ2U9SXDpQIBJZBFNq PTYL+ywDNrcO+fig3fGNObjpL7bbIeSauBRO d20xkERNHSthmdjnXDdReGxdp7I8NTRTj44T 1EMikumdg7FKVNQUoA== ) sec-22.example.sec. 300 IN IPSECKEY ( 10 2 2 2001:2010:1::22 AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt 3y6xImvMjRqcobreI351nbop04aBtP7o+r0z rNQmy6FqkPiI657FMEdF1cWJ2Q4lA0Pymgq/ BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vc L17OvU1ksLs9/9hhAbYYedmbAAGmAqfICiLB dOPCbhsCUyq8dTa0FaEinyHCJSHJWVZ8dBpb br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 516 example.sec. iWhWTw7iJntB+YHQzcTxoQ+6lzzXXAS6T/w1 JZG3YDQSfh0kHpJfaNGmZH3bA2iHbU/phU/F DSjUCt5zu2aMaCRM4Gol8Au6BqEY3DDKfI50 IaAy3Uw58J8f8pM+PNI49yHrVDc2ldoe1aaR nczvy3ifuq21ZMUQJMzd+l2Sr2I= ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. PNqqrfsn3yiz2jzf8Gf988KbXIQC8szY2KFY LcYgf2+Hy+04TgSglJ5YPGUvotvfgH0n/oeZ W/TRlj3W18zbTko63oFYw56pOVVz6SwRrz0x swo7TP63OmgBrefaSbLW2u7hLsB4oB1MH9zN C72vx+fDX3Pz+VolB4AP11bLZjKILgLydU5p IMJUSWf/DVP/LictbcQkRb8bvZq2LeDZEvyE l0sGfxrgn/0lwtRRx3VOAunOnmV4KrTSwC/8 XJWpqFsEPftILsqscglUK8RuWMsw7ivMClAb GbQbp1m/vfjJAT4RZQ1yU3/Q4qTSe6HX+pKx 15TOhBSlil3I4P6xAw== ) 300 RRSIG IPSECKEY 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. MMoNOaud6z87L6uapJ0VfB3/R/SE1Bkp50qP NQ2TWas4vWgB4woubS0pomneuIyVABpuYvHR es57hgh3XK12OfYZ4c8nh/KmoJXfSNvWSBXq 9orJHkmfDLES3djWR5zdrOSS1xIElYj4QL2S eeV7aKR1MrkyNIUqgqK6Lqdj8oXjREpTq/C+ H7vdw9XgQeWZn5I86cUEhjf1Ugj+w8+hQNSI eoFnQCScI7lLO0Zn5uJg+X74/6JpguluwfAU 8TLTdFISo89fvDkAzZQ5/WWW+XseV8doY4uf uWL/EfOkgSVb4rJuhN4LjaDpNNwKVupXUCgC animCObiB4dhlAfMTw== ) 300 RRSIG IPSECKEY 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. whhkXRVK2O3u1oR1Fvb2m3MIsZNi+6MtMjuK +h+r5RsLVcqhiFDUZrMiqaQomt42NQJNFn5A W0tOTudijAm7EwJyYg+m39LSJ8WJpH3Ek+po P/PcV3nkmDCHWVzYzRixP/QIF9hTjo9SiUAy ++jP3S6LMnfHkGFIxemxqUwO4eotrvhNgVOA A0NA3UYMmbz5zyJcyD+Bsi5IQozB6GfaPtgi SBrmoNm5kBKM2qW2vmCYpKTqK17kwEaVgE6R tawaUy4lZK1Uj9O2vpWwnkJTPoeIYdducoAp Xet/azFBTh3n3DGOuYlk8xzrtYys+/lrgl1F 9D8eBgSO8oRB6i1jrQ== ) 300 NSEC sec-30.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. h6dh0L2hnMjLbqHnfBW7zVcux6WgU+Htbt9i /s1xH3PYPNSB4YkqddSVkBEtFTkgZimOseEM nPGSPPqONAluT7gIAksWCqqUltbck5xLHbww Xv35SLvc2gVtxv3iFpxyid62D4mucIByYdvd l+6WpWU/As4COnT7HqCwTV8y1kA= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. u+WKYXFuvlOUudgJeALAAPscGsRZUM9+O2Z2 XkuEAzxvZPiNxAGUg/sMOP2gVgfCrdMsKPd2 /gWfvNyqwGF6jZHfklOJfnoy4apAa4qVrvYj KyCBKuigzeXjSpGMgohP86e5WbqVFkeV74zz fTYum+1VVrHAMyC1n+96A1Ssr1T8ApOx6Jwt T+3Z2VdxxPBOyNmQLKNzVBcuM6WP/5dlypPk BdyrqJlfZXhqTM8yG3MMOybmhYDLvz7Hmo5l I7rNrib3k3VLg2Pg0r5X3Yoci1LXQLo36N1U fvfApdgkP8XraiBSGIFBBq+Ouy7tDyll1HHa S1IlxGI7+j6g0gxTEA== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. Y+pNKoL+y01pqsQk/R3ofhx8YGTt+PkomQNk 9NRVhI+sJH1opj8mDxSHdiw6UOHyU680eDhU i5jcOZSFvzyk9F08EfC4+Ko9Uyl4QFK/0OtV 0rZ+xoRwOfB3xLlkffOc80dCc2WZQit2u3+R EYguqgNGbzuaN1BNXG42K97xeLiIU0eGv8rl mpHs39Fzcl8JiISeaQ5rkmkvKfpABq0jxbmp IIAJvSkxcuBtHmS54zzyUt+EVTxIRrytZNCq 9rqdOV9C8FTfpMV2iVN2GBpH2jPClq+j8L2N DlDg7FRdR0ydTsudKEqUWhr9562LPL5/kIcZ 4+IdhPjndoN9zuWgRQ== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. LNQxYEE1M3w/XlXaYlh+6TYj0tBmfAYrBAAf Fy+H2k4RX4gn7ep/MJgYOEzYJr9kNaWWADbt 1321oKf+FjQTe6qwYmaRz6Cynp/d6vVSliA4 pRhr8tIsZp8vCtHLgBILFBNFgu8HUtdYL1r8 souiajW0zNsGd6sMCpde1PAjGsJjTM2/O0ry Ddu0QImJmbjsEWWaVx1C51ZOJgbt7zVHtfTN mbpYEf0NKxGID+aM6t3Ih7Ab8yw5GSyYS5c5 uBPn1IEc/JAiEjXDpjhJ2TwKbAi9w9gYny6o 6R+bCy9ogSgtE8WfLcmbX7nqQICM+c5B+YgK prqxsvSaDfi9Ntrjtw== ) sec-30.example.sec. 300 IN IPSECKEY ( 10 3 0 some.name. ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 516 example.sec. n1/3YCfqAJhwmG/+X907lQTAdwoc2m7S+HWY SCB29a4Kum2jTyJ2TP5f67jAEbY+JAnUB2HL xGQ4096yXhXORKlZQ4jbGPZ5TL7AcKzDdaIt EoyMhB5IxYRfoSodaqHxw79CR38PzCWwcMsW spJD3yLzAxAGRN1g3q9unxBLtDM= ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. kHFdQVysC8wtp8X4Vn94KaogvEzjBoxOB/fa NiklxzLxLFtwC4uwTvaZebNv4RLfuwtW1n+T pfIFxMDJ7fog890mD8BKPVZwKREohTPyjuTA tO57EyL64A9Ergqvjb2BxlXEo8q/hqn1PQ2p 53T8wY4Bgd1BWFoB4PcvxNKU+SCcxSt85fyx RsUOnJbY0v1aGkOJYSXFHjr3VeWsc1o8lzxN mMO8qMwLsxbLr1kEq03FNNlFwTmpIKUojIwV 78hI0APghgVxDrHNhKeRppuQlApkcyhDIjJd PEmaIoZ9azP4Otmi03C+duaheiIW3fv9UKzw 7zoZ3Wa+HXM/joa0Kw== ) 300 RRSIG IPSECKEY 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. dQCgAn79u7gPzfdWGaASCzI4A9lsQbeT/wFs io+TFnqtDlhgaBH8OBjsLT9waEAuJYUbG+XM j//s7Qkc8gUwkbWGmSWMRBdXOcLv1yJPqb77 6sGwNhWLyJ+wI442Ng3r6OyJw6oWm/HDwzus aEKwTDip2qPVmP2X14CQuOhri1pNc51vOTg0 m8M2UsOBlmGQ3mHwPgU/zxWHjwJDxf/tYQRP 5w2uMcTdY4kdydmLjaj1vBSln1ig8d5PaXiv eZCYPJj3+ToXtQbR1SCGksnwYTjwehfl4dq+ 60fiEytN8jAhZBqXcd5JWuhsDe+78J55yyzt z+tr0kBa+ClqpOvdDw== ) 300 RRSIG IPSECKEY 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. EV2YvMX367otPE5fj/NlAZdVU+jnKPvEG9np FUxtF9RzEoPTffdGIALsvGTzvQ1MRQrPT1xT dKp5sJ2yd+oAj0wMDVEHnDqcqkATFu9rV2zT V6Ec2ACsGKCzsIvynI1cm3FyaZkRa4IUa/4o iqdYWQbB6lvFNxlyxLsMjX1gkPE0bHYE02xF XArlqnCmbtaXx/EWTFLiOx528p8x8ZD5MN2w K985CA/oxOOhQc1DZ1R47ELad4a3F1/g+2hM V5FvA3bjQ7XJyAgjYFufJSyP0N6HLINIDdj/ xB537dxxShUB11XFzKBtafrCRLFhrQ1Ksauq om5sY0Pm8ZtdTGfm4g== ) 300 NSEC sec-31.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. LwLKdvbnWMZOdQGkhOYN5UmFYO1jv6sCemUt TSVg/ekhh598VJog/uPpkkyc8Z5fWDNXU7qa qodH9o4ybxEKPTQMvNZhHGqEBO1zrFb+82YQ 5YFBbmyHqtXZEoZsUBz83pVqenBJPvhk4fHu I2KzloN1mll+PxwP6ITX609QfLk= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. IiRrrSBHzcSODDc8rl99LDQ9+X42WqVLOTbs aaECCylMz7/d3Md423p7ZbZocZuso0fbC7RS PVPLfZGzAiiPddeb743XoH4oPTrXVShQoTpG NZX8+9hXmaI9VRVjtelRLvR1uq6MFkUQxBR/ FJdVv8Ms7yYgX81DAZ5X7jHJ8g46zfR5vAaY BieizGl0POVYvgO63JI5S6Wes4C4tchMC68k y/FXtQZ+7uOhgpJmr9gpgkHDOa17Bfshu97i eHvaMhUbeL4V9mkGX0lnc7Fs8i9gi4p6rfx2 cuCl/hcgFweMDRRoV9yTOnARECy2eOFeM3Yz bDKUzBWlp67bL4HFTA== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. t4As9gdV+R85vaKPjUKFrHfDNwe5kqREgeoM xWqEo/jVkGBDa60UqzUutLGT7O3zjwZa0Kl1 g4yqCuiW9VhICtUd5Q7gGnWnSGBFqfvQVrae Fww+Pbn9xqmmeTntYtMq/OgUxrk1mdlLxY1B p5RFleFA1OAnTn4ZDGEUWkBuMP4TillZwsKI 4W3qMzLfieOB/gknJn9JLPKj4+hIOzUY/r7t uNEzdpTiGP6/0YlzSjEwxzO3TuN1nrdgmnIk oW0GTuQCfZOah7xAdYe4oZemC2u10wK84PMV X8a8F8xWtUO90if8JEYD9o/BWBeoEUE3+5I1 51VUfzXGG7kVeoaW2w== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. qSr0muO+ZSs1QIC68tsr+U4UlUtYGJ4Ygx/1 PxoHzBTa5U642csRN4SDBL+5J0fl5tTkDYep piPmI/wgy6wnQs8hhCkdPPaeJZZ+YjOtcTr+ 72skfVX1z2aRRg4tWnhhRGNW1hPxYBawCZhQ Ktg7XDCALip1trc9mns2607rKhqCjv8PoHdI O5TQFmr4Xz1RW5Pau5bo/rZr+Qwn7mxPR1M1 NPAuWpLJvQuaMcGq1A8IJstj3JyFLhgbwidz hsu+WeGio80Defl9VVE1COQ3ahlgZuv4iTlT EfQzSv68OKrn0MDRIAcE/ojVdYI7XY6HmCAm bez0AQJM300Jxrr4Pw== ) sec-mixed-30.example.sec. 300 IN IPSECKEY ( 10 3 0 sOme.naMe. ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 516 example.sec. ENm4Dd0+Dx1N/BOYIoqlq1AbugLTxHLeNDyg HXO8zpgL8yTaa1U7dtE04wB4vYx0v4SYpJF7 rFafGsKaPEvRxCbbPJ1K6/cWReYq1droXdPg YmYn2qKB+2rNqMhJsIGLhsFxJys69UJmoLoW +5djG08e62r+UK4EzoE8oz3iGVA= ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. kkk49jmaU9PcciLS1yAK93kLIVXoXrdm0MP8 q0BKwm48RAwia+E0p8HuSNAgMrHWYkSJJHYG QoTwBsMqBaL+6dE9+1woGa77Yu48+orUSC5L 3Asx2tCc0A3ulYS9c9Sh5L3Uu4S8tau98FPG VcijrWzMGN4qIh4BNVxJ+ct7AqSPdsOqK8aj IfCZ4kUaUOYXWQeDPTfowhhk0YXBzf7P/v72 navtsoeiAHCh7BOl502kQZ34XGkWNXnI4Kq2 HmZ5+YdBVVQT87aVSDdZDvErWn8I6VLTaQQ0 8VAog0jCL5DHXpB0ESbdxlWr8PlElTe3eZgr OFlX0SSAwEB21esr9Q== ) 300 RRSIG IPSECKEY 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. OLfBWi8gku1GmuWBRiMYWaH85HxHTfhbx+OB tmzJ6k2cICoyqmJ7Uxrvbl21/Qy2evrQrq90 X+ZS3XbcrAUN6vw6OU9cG88JeinMexRADRjX WzaJx0JN32+9ummvyf+f3G8NtxjYQd5KLR5P lOUv/rm7jHgcslEsTlYE49r+xrr9upoZdJ84 45Qy8mqjy3hcErT0X9jXV+5qscQ4Z9j679rB eLQcLjQ3bW8IeRqgYB2+2PDUb6gcdAkAR83V KBGbIwZeO7k82BIUSNDQIFq1IPP7+cFWdmFR uaZlFWFgZOpSwiy3VIkC+lzktjzWsYUEymQW 6f72cdXioDqTX2Tcyw== ) 300 RRSIG IPSECKEY 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. xj4OSCDJKYoJrSmmtJPj9Gcan9iXkliNoYFt uKA+nBOIRGPq7V1ohNSksdW6fMIKEmrR0MwW mVxxRuKPseU//i2QBCBzQBz9YbmS9/nXx6PP UT8IOG592j8LojLxxp61oH0MB5t/cJUQ4ymd JvVT1NjdpEj268TdaevjnQ+c0uHJVc6XLHxq 1K4FaufpqFI4KDncMJ7EzONGLw0pSP0NZbtw aWP9w2MVBv/pggNpS9ihNVMuEX5KjLsLVKez eMaOdtS2kSt5vNLpwbGwtCRmQSSbb0lTos9o opHrKzFEpULHqCTQ9CHoohJ63XlCU7nojX6s 1gxQHC3ZQXSFhQCpSQ== ) 300 NSEC sec-mixed-31.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. KGljdH6WD8gODIrIGmNRHGdOlReJ5+aK2pxh ACdNe/nb+uJpRflPywuYGA4q11I+6ufcLmB7 FKjRcmbI1Mnh/5DqLNhKu7aszdjUx84/r4Xq szLV8NDmjIyrYmNEiYjl4Z39Az91IFKblqOC e8GTMkAeaVJRmozUpXHE0/3gd1k= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. m09tl6HuH7v4fUkxtw8jCFRFzyVbBLkk0LvP pVZPT/8g7HsLX3wwcD2h9dRkAdYDuJ3VSOM+ tusDIHlKIcPfIK1fjSKv+aHQu3/dn3huRkwb i+rp+ieNrTo66xHds7KzgR3kHtzQp5RUHoqh K1ppHrN4yMm3KZZv7U1g5D/ED2qXxCupoYAk UwRNgpocc3z9fjeaawtaRvUF+Qd+y6eCPU44 f7sjbppSw4+Z6zQKPrsSCuIvs9lYaDHTf4NV +/Ec8CbH7uKrAA8qN1dJ1gUQye9dFnES2VkH tkAyReBxJ0EBTcdiLxf+MYHgE7JTlVILn22S E61hzZPlZzdbHra2vg== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. P40fI/B+2QZe63yXmyj1DiBjMixs2qTzFQsd X+rlEvc4B2xqKjJyTQLSqqKxECXF469z1RaM noQ0nWOXPOiQS+ITy1Nj0RwcwKBnCf4RZGyw +0WUufZqnNfnptSUTxdp1Jh+F6AUAC+EBsTE 6BvnBjXvpvowdF4X/izJ6DvbQfuPMtAHGVZM d3e9DpSrDW7sh0AfB5Qc9XmNBnx5LhskBtJk ZmoNLt0QpnsYyTfGW3zc3e+1o8CKRrxP5KR+ nTIlH16IhLNGQYMi2URRSZcLgCROkvY0U5Jt 7URlDL7dcu74EO6n6YyfszHLXEi4TBW5Rj6p rH6XCaqJuB11JpDRkw== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. MdeBeBKykG4JHZtN/pVHBM4v84pkRcTjByvU egrKgl646PpGE9+sVjagR8DBIh12tjmQCVif wzMmqWLAcwWVPceYOPSFn5A+rRTV1xUmDs5Q 6CT84fUYF2tfr12eMkpwX0A3mEv1np4wMA6x dG6QH80+7dJBisI09dwXWYnPFsJPSn54Ejnx gZxVZ5tQPgDP9O1JsDIwfyVia4Yd+ZyqrC1z H3W2/oraVZ8Kd+0oTzuP7U+J451WGwuQAyi2 616ddcs8PUDth4oFcdIowU6Xrv7AJkgYudEP lFC0F2sFUQL/5gs1bCcseJcEar/gkYm3D6h/ PLn0VINZFSnTYki6WA== ) sec-mixed-31.example.sec. 300 IN IPSECKEY ( 10 3 1 Some.namE. AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt 3y6xImvMjRqcobreI351nbop04aBtP7o+r0z rNQmy6FqkPiI657FMEdF1cWJ2Q4lA0Pymgq/ BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vc L17OvU1ksLs9/9hhAbYYedmbAAGmAqfICiLB dOPCbhsCUyq8dTa0FaEinyHCJSHJWVZ8dBpb br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 516 example.sec. UZyvsV9lD3KguJJfmvxJypmy+h6VqKOoLBGQ 3pWpY4YOSZM618hSq1M87Um8W+hzA7HYK0bw 1UDJrtTz7V6ohTe7Rp3q4ec1fGKLLHYM8OM1 KoAwTSMWafZukf6NmNojHMGJ+auSMhB5xOsU DySe1nmno7NuU45sakWGvg5L+zI= ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. 0iXY8/u0b+OpgoxpGTbVtHmcF6ihlqs3IZXz O5uIozJHxJABSjKKjGZF7f0BY1Ax1VZKvxJ7 x4wSs5hyZ68XOUCD3Zc6Ec8VdUOPA9hZa7AH U0U6/IkEcenLjCl3rPizpQIlfzmO0tbjGM9B zCT4l5C7VfVw46O4ybmdXKm0cL0DTo1v2x3d b3UWDeQlkYEGSCRXS0+GFE56w9EoH8/uS+Ir cBfvULf/Deta4UOd2el2jX6izvkedgtWdI6t qF3yhT65zXQgxmFtLNhgRgu3JHE8rNnTzmpj unto2AYjwDxH9IjhWvOEQCa2w4GiwKq+tT3t tFyCjHw4eq3tZSk3bg== ) 300 RRSIG IPSECKEY 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. I2VIZNkZ3u+CqOu1Pr3Yh3PQH/ODvbD9RS+A +A8TAvl2ULfcXAKq7tcmr5WTL7k+PrMC4+OK ojdROtqsPWtMi82iAkxkCULD9Xm9pVgVJ882 NUkHgoHe+tKijf2RFV3hCGgpxqLjEvoVNB3k mEH283iRRxbQYDIBVTaVtHZgLDs2LzeK96ha NMS67/+hIVCJoXZar7HCR6TeurGytCG//Tnd VuWerWQQLo7sjB2MRtmdjarFt4ZOeQmiS/Hh O2gvsf74MSGSb8K9FJ32GvCT+VIT3iv2Dlad 3l+i8iAiNyPhY3f3UvxvUQVBiHyTP0IU1sv5 EcGJCXZqP/ssqvjRHw== ) 300 RRSIG IPSECKEY 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. KWizoHwBtTqYSl7U2z3BlcpS2Gvb6A0ivojA OaVwhsiZ+v7/2agZyrAaHKCvgl2yq89dC0Hf REprexspi9z1Ru37g8B4p/3MdUsK9JP6Gn7X 8ajHQaqaLNHS9k8LsU0Cf05a0vaH/q8MmKxy XW8cxRqsh/1IGvN8SUaDjlBr+OyRr4YqxPsj JBp6HKkjrLQ1M0St2JBh2IXh8jqyrii6NCM3 H+gCzSDlREqx+nT7oSGcLpw+uAeq1OJ/L24y E+coI82NKozyXv69uDpgr0AMirApmyoeVJCg zSK4RxOvYSv3isKlpqzIRWTA4F6Am3lTIw9J jKmMqt3KjMs19t7pbw== ) 300 NSEC sec-mixed-32.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. ipQjEsGLS43Fv0UrNVpJU6G3kQdY38W8PKuh VgBEPXoyHXuIcOrLhTATdnX9MC/2LfqQJooH G3dwa3Jh5PFN2JcUYATP9NQ1IflqxgjSq2gn WrCKbQI5yUCXRI7WLTXu7wihKM9ptBb6i5zY rYU35dDKPFd3Xnu0LtrrrNX7kQo= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. xC1thQOyAPxxYdZDoiko6pb41+RWZ0TZy4YB zeY49op+rU0q1Q2R+jnlH6Tgbudn2NQpw98V qvE1POZ9yo2YXOIQoaOaWkCTJT2AJQNNyiHq R3kM7uer6dyqGwXn9l3Y4RcCzqdG5+aJlgNC r9Vb3E/tMU/AyV+mz0O3W0fNPN/zZ7VcgyGf TrD8V799AGx2sA/xa3h9cYBxGuGpSJi73ZpI Ear1sUHcBYMWP9HEsJsV672ntIrXSwYkhraN W/9nTHYFgsZvyz4K2TTxLy4etd+PS0+TndLM Q12d6TuAXU3KLDmO8RQ1SXF84LshfDPV92f6 JbckfOa8zKPsAklprw== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. JLD2RhURqgRnBqnNw/W0qobtvg28M4qoaIKZ VJcsKAtw2+tvAiGbFEgN6E7nAlSd6ei0Cj1S tGefXx9B8p1hYHnC9eE/XTzjr97YW8D3DJ/3 F2+PL/PSYENeNzd+otcHKZFUdV1+g9rKgXjZ +N4vX3BXvABuVOQdYwdwXrejz9u/23Qhu9zL jiuigqafYXygE317KgVwga7VVCMgTmPsDQwc ri9V8Sm3jeklaUm/ISx9AQt0FwylPl1qNVHH ZZhoyvKK7Wqr3Hnl+i0tlhoL6k15I7RER9Ht 7CzM6WOEYKUAFwsfJ8govxpeCx1fe5ZxLv88 g+h8Ud1P5zRIdkcGCQ== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. I5ZgJ6QGF3H6T4GJtqCxIZVmOyCEz3dw28pe Aiuay4yVo2rEDEgAVEc1j5jAHWqasI5kNPpY BuIEEFfcEl/1j1wCYbpivh7a691MoWgWAbsP bT8KM/PrRKiV95axgScCT3fsDQedtuJV7XH5 9nPbtf72v8t650ExblZWaZV7fZ4xUi+KINfn Wn2px6hvmEIjlm0h8m/YRBu/ujzw9q5EMW/l kfXp/5t7d20hflEPE3FyYOjc9elrSqBTvYgZ nbFnHy6UG1p3w1eksjot25i8XGElHlvRYXOs x7KG8l62142tPqUrv/i2BgkLSKN3DO0CtdzB KrvBo73gvsVNsLghHw== ) sec-mixed-32.example.sec. 300 IN IPSECKEY ( 10 3 2 soMe.NAme. AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt 3y6xImvMjRqcobreI351nbop04aBtP7o+r0z rNQmy6FqkPiI657FMEdF1cWJ2Q4lA0Pymgq/ BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vc L17OvU1ksLs9/9hhAbYYedmbAAGmAqfICiLB dOPCbhsCUyq8dTa0FaEinyHCJSHJWVZ8dBpb br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 516 example.sec. ucuaYq3+riPlg50nnHLhNfopzI3q9bPyu/Hp OVxsp+Krmzjfxqnzr+XDVLquFQJoOFw/D9nJ /shPPjd81rHiHVZxLpPX9tzV2FMBv+vBcX6C /3K6WrL1qEejArcogPHrM6hdNdwEORueWq4W T+QOTHIagvn2E5gvgu5QJpX5TJ0= ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. P/gQrVcBfPomBi4TtMOPgj++Z9rBza90vAxO 57PYV72687WO+WOz60sxs5QH+NwfSYb9ABjV 5Kv9W1Av4EMMBSXKM/Gw8FiPV5baB21MaHjz Qrf0LFmUWoDzEvaG8tQuwwJbBxvU4vIPzcO8 ngwdY+C1UYOf4qGyMeZ055wKyk+ZA9xLO7Ag sEBtDMe28H4zq3T7WI24wwz7nj/TNf44DEpG +KJNVt76i3YHGtZKmtdEJ19zHMdkPpsGWZBN 6FO66GXJrYtZtdssmNHb8dEMm/JhXt+0jz9Q lh4B3Ywmi9cyj4AsqMwFdNhXM61xTsokahe5 0tJ20+Ig8aOWGwCUwQ== ) 300 RRSIG IPSECKEY 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. DewU0DqTaoYReXPJ1S+/EYaPyxyZFj7+hId1 lhDtLSInAut0p9KaJZQSIJ3RBpZVJMoozoO4 3HmA4CMgBbwIJeGJ3AhaGEPLwpTDVk+PWe4U SZoCdkK7snkyABe72NQ8sNO6FXnsU189WOln eQzRKU00u02qOFX8yRuQGaMtk4KV+Mw9FA0K r8RFTiwTn7V7+8r16uekK7jUcxYhCDvp6K21 jOiFxPblSl7GlcIFAKOWEzh86KbcnvYOovNA P6Izq0NmEDspCCiUoKT/1+TSIqn6coOivMMw wI4/xXTLc8u6CK4XfMM8ch+OlKpewRfXneSY VyMGz/F9huAhpg+HUg== ) 300 RRSIG IPSECKEY 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. cXIFojsz8lrfCktQv9cxZZbPXULytrRYyN5L A912WJz98UCrneLxgcqw7/rTpuBqra77AoUx lz6+qPqxQ6DWPTGcyXzfgw9XQzUtHrqsRd0f 8E+2y5+5+8Jjc45+7lkNa1LzAWCAikZwJii/ OhU3iE5nZeXtUPcrztbLHg/pkKE2Y4NgE8uZ VkK8OfGHDve2gENhD+asBOBR+h9VRaicGo+u B5TA9G/SNSEHbkJGCp6e7XFVaCg8tf/z3o6V Yj46qtjhgwdCof9ajXQ5mM/za/JqQmmWIZDO ysFrEDtrXBYFfJkVz1YhvbPkodDdJkW5zOMJ epBdq0qS1tsN1pvK2w== ) 300 NSEC sha384.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. Xs1Px23rT5bBoLza06WFUJZkRkElWHQXVr+l 2JnIlobHOLhT7cjAIvQmSbwxtF7bW9b96FVY ZoRgBJjvn//nRbs3X6YANeWBEfVeBQxrffWp 6puGiXbCe2RiFPNJ4YXzltcuaNbDi4jYb3KW YTIkjeGmi6AMQmHwGMsebOnZlU8= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. Q6N4jEM6yO7skZ5rt5KnDhmMzcck+5EYu6mr 2kEiicgbeWFnzTg3wcCrnW9KPXLGu5fH34Ol kIj4Ke6P7ev//k/ygscI8KQAmEKH/hV1cOhL 5vMamczhrVp0Z/V5rHc5kIWOJMRo0tQ//ORV alrHTS+itAdAQzF9yR1rC1f6nbRXQofIO2K5 TEWnV6Nwb55ZZ8QZVbJbDxWOJz/bIRquMlJJ JUfB1b5TRLqTj2jvqJaiSBVXV643ZucAfOa5 B1UQnoxWzakMFKEkBRirxr8bw8PXujGu3P5D wNi6aquMAj16nhUow8T7AHJBWvMo8X+pNXTL Yf7RRYjYTSr8a8Z1vg== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. ltspdDOlwncTQ+Gtr4OPq43xdCSnrkGlNvnE vNpgNCI5QXYdythuOFnVvdhOTJJsoo3dVoV9 N98FHLqgCJ2gjtHqPCe/ZfqsVKZ9BF+DHuUU OY5xNooQrWkLxFcKbSwfl3fJgFVqy+eyw0Ii VppS+1WEZhmhI/ib9+kBpd6/eYJkAuoVAzpJ eXbCK9SUMEATx5+ELQtCNyS1qTMVJ+I4+I/4 hpkiCWizgmx0miZhWpWMmffkq8RyUF7NEa0C w9tj+Ls67bFJkzFjPXZa1YWBZcfYCWiGRsdo EzqPW5i78B+h1NECW8tVIHPA8MPZz1dTQUNM wPE76HikvyRfYMewSw== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. uardZlGiJG0zPdms/JRd0M20177k5W2Crf3K zVFlOT0//TjgJY7H3eA4rW7jQXcovVxaELFp NovHObB7mWyNgCsQGbY+RT1eVGXgf0CuFtVN kSjecmt5vIsJJmEzcBCR9M1hpUOj4k6NERuI ott4o8l6FKqk9yu230fj07HAOfpfaRXTaSes Q/rGzNOj393KEWTDZFjUDMz7nkYM1Vhrg0W6 ooGvJIqdvgB2gWQ4j9ehdBAqsepGixFUn2oi Gn23iozFGgtEOlvAs+2Vc5UgsMyu2ekuh5kS NqhYo7U0X2aHiyEcGRCc1y0/X5l9KiTYIeP2 1RgtaE5XClR/mPxTMA== ) sec-12.example.sec. 300 IN IPSECKEY ( 10 1 2 192.168.1.12 AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt 3y6xImvMjRqcobreI351nbop04aBtP7o+r0z rNQmy6FqkPiI657FMEdF1cWJ2Q4lA0Pymgq/ BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vc L17OvU1ksLs9/9hhAbYYedmbAAGmAqfICiLB dOPCbhsCUyq8dTa0FaEinyHCJSHJWVZ8dBpb br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 516 example.sec. sp9cM4vtiPCYR/q/zjEFQMvp4Lae8VwcFoBS zVP1vbXrfLGjECmS29PS9w2EuSgG65ufsjsH ewjCQxXtbhS3GbkqW6T+BczchuTbxVPoeiwJ SpA1Nka3LhheDRznREFNi67LFe7T6WgqX9ji Fay7JIEKjO+dQcZyeFbPDn3GvSw= ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. HH0l3riJtHnVsJ7e5mlYEP2K7gvsHo8H55qb k0itDJkpeCwnIPuXB4iOnoZYtcwecOTES3ir 71J2wcdZFXp/ZDpM+u5ZxRhutSKU6kDk25ug k/yl/nNg8ea++Bzmf6OB+tTZ4yaCySIy5X3R 7uIDisCQ5LJ3wkYCAP8z1h6gMdkJjITHa1+P hsGi2x9QuDOUcxxOPTvmLZyVdgnMN3K0ViUb PTqVqvj5dn7pOLreyQve4/iwaBfxlUtsXO+i wtzsyhb5Bd7y+1vHVbxvKGGY0gIF7cKovgkp NDh75Thkrg4oMJtTrqDRO9A+S0OtxQcN/osK FRxby5ILfQAKeN8oSw== ) 300 RRSIG IPSECKEY 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. flRzj3hURIHk9DLH1t7hTsOmyY4DIlTBP8qF rRGpDnjsbyFBw2+FQfxWaoqAc3hbaYZXyZ87 r1QnZczUZoceroe9Y+45dMhy37xgtI0fNMC8 sKCAX8Ph79yVdhekiBYcWp7XZPjKI3rP2I8M OrOMhBc0OYKk+Eo+RWPdv3TI3Fhbi70phUPV nFJAkDOVdusNwXwPJDVFBXVxT5yvtkgCdlc4 nf/LYKHHnafWNxEhnnnuCR8o8y0PnnL/sc5D U1JFg9+nZRcgIhqffjZ4xOhCkjYYFnQ/1SCR K9u2F6XChf0sZlSrl8BYw3VjGyYRxM5X5R1W VunDRGfcKEVeJbtJug== ) 300 RRSIG IPSECKEY 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. F8yPUuB27JKYxQS9NOMLHulFa9BUPUXfVzum paCTXKJWp2YjOhoOwYj5+oNzelYqhiB5Cn6w oG6eYA3MiD4ZdEHpnw4ogWTN/MNVRIMoMOKx XE/iwM3QRSM7I++0eaIV16VuAKqLukJs3X7O ETsL9snQuMl+qFGkchJ/kGh5+Zgk6t3shsPi LnPIBM16Ts8xyIThJUrJ/mpA05fYx+ZdMyby aJCRAPhUzEcxe0c2scMyHTE0clrMGDdpmLcE ensARJyNuLIT+ikbkGudHTxNqgwxQ+16fZav ERlPx9Q1pSMFKtDFfyaqnSHeYBrB5PLijy7d rt40jwVeWtlVOGr27g== ) 300 NSEC sec-20.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. P4JeTGEPJ0b/373X144T/ZU1TzwnnLrUvsEL l9sR9gT86yKszFKMwIvjBtY3zMvYwTzVR5KF DTEf0xTXK1SGbXzHc4vLtz6/qRtwr7efaa+7 kkeEt/FZ6r++YCUYF3pJ62VRYmyjJp1aWIn3 64qXmpCbXLCTTtugcSmcjK1eGn8= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. s6+Evh5RDlAvlfTNNe9++eRiqH4G8F59coJu vFxHznIuDOBguVPmvVF62ESw+xgi40zw/QCL /Qn6y3tWEVrIvvmzNno97ZZ2r0hafRYxug0Z GDweMrck7Ax0a/mfYyrKII0A5xUZP0BNpNGo KOq9DKeO9M9h3rOkzUt8/K5U1GUjpb0trpWC mwyHpP93vFS6BVzvtwVjxOm4XvX7Chzw7W9S SHN1QLOJCEOAdc3+EA0h/aqIo7Hah7DXWBOX esGcKCEJQfMwuiHQG4u9bLUvyd9tTsiA1J0S iFuvppcsaBgAPw3f8mIvMXGT8L9XXppUl3MC CUvkRDk+GcmXUOvMqQ== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. vcAtprqLVI83SUYywC/qG+ZGOXbif+uIti6K 3Nr5NzTRo9ZrkwrmnWMQPirkSFki6abodNhQ LNIWKjqpssw47wwjJ2HZPLpjGd2VWk0D+Iiq fteggBTkVEfw/mJZ02MUejOzBSVt4pW0y9BU Gwr1461niz+v7WUtYcLUV3DWUwZ2nmXE9qWd tC5zzfYBJYEnkTm7WRYSrOG2GKLZIxS/2D+i SRrY+KaL9hBUcWusK+vFJ3OFEaq3RHOVCBpG +ZyDAVSZAgsn7ObuEiLswuFD753b5ieteBfV 2U5inlw6bHGRSctaq95TMiqKtgbgKyWaDyAN DKaBMdRGg098GH+zZA== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. L4jH5AxKcqyy8U7Di0m7MmmosO9e05fN37ZJ Bwkmg1Gf6k3Nv3nK+oaQyPgusHLnZAO8/V8m LY392PAo6mn5c8Jq2wxZFRV4splx+N6dGt5m bdaWZbUNqtTKgvfJhdPJFIxsJrm/c/iFit1A LFyQnRXFtZJXlH8+akFlYMwNxiY9tL9vbNhg MkjB8kKj38mfZ2cZB4/CN+bFyObjoIriF7jh MAWl62M1TA60zdmCSRGq70ACFZ1ttJxE47mh 35OjlitMeW+9q5s8J7mIq+z8i7Bt+zYAivVx saaJvKaKpXDMit1pnJ0W7UuAGGD5YCixFKXm esrszfQpnoX8JqWTow== ) c93f1e400f26708f98cb19d936620da35eec8f72e57f9eec01c1afd6._smimecert.example.com.example.sec. 300 IN NSEC delegation.example.sec. RRSIG NSEC SMIMEA 300 RRSIG NSEC 5 6 300 ( 20181212121212 20161010101010 516 example.sec. jC5HX6U+DvUztGWPsCcqzRPGCx7618IEcZnZ AXNH3Bs1HgTnP71z7+H5d8Oy7l500MOEA6+M aJ31XH9xYUfrcE8l03i1Fs5qynB0NW22Knm6 I9mipv1L3Z52OPRQdgQGNzOEml81fopAm9u8 B6DZs141OOirem0et1qfozSnCXI= ) 300 RRSIG NSEC 5 6 300 ( 20181212121212 20161010101010 44427 example.sec. w6ukkiN/1Z9sH+8stG6WDsem+0oF/Vd8aD2y QYyP1uX4ICjgYNDMwUDc48v5zJU4zsT/IGXJ zSnys7VqjawHb9j6TouvtaW3lFTC9/Lfez/2 SeeKqbyWCJKQzMIo3YoUG1V8nHbOb7zDqGsk 6QFjPpy/uArLudiIezdc4azqud+JUpDhh80T t7fHRBB3mGTn1HVziwEJiQ6N0YiZEzEEuU4q ltgsQUhwOgbM+ZzKc0wyYeI2rUteO9IGOPgk PBMFTZolO08FA1z9/8ZtGlKvel6eHg5HuXn8 WjfEcj3HPNpE4XFN/aKh/P5inuNocuTZeiUQ BzRwmiwjfRafwMddpQ== ) 300 RRSIG NSEC 8 6 300 ( 20181212121212 20161010101010 48381 example.sec. Ro2XNWTeWt8KuDq6UMwWkcQU+NdboYP5VoG0 ldzWcRyMPGj1EOOT/vhDaehi9wp843nty4bt jIGReezourFpjHBG1TkGXexqLgx+1H74Bl4j XMs9DIKzFlXOkk8W554NG1bdQDOlrbtlM8pL zBO7sI91WbhKpJSABJR3rksNhDlwt+HzbN0G 58+tiH3YLDdEgzs6yBPtkJTVp8N22EtEmesr RppiFOSPlubRZF90c1S44Kw2fBSpYZJ1hdGL NCx2fYO0e+oOF6scvS9DRrxnHyd4PwYfQDyH R4UcoVchhIbh3n0bi8T4F7teUT1LAYQadjpW KrfRqL8aB4nzyUT0sQ== ) 300 RRSIG NSEC 10 6 300 ( 20181212121212 20161010101010 1862 example.sec. Zr1faE3PrEg+05hjB0Rrkbgg4TNuR40PSBIc 7iK8h7ItSP1hhAdUuaKvLAscHHlxfu5OR2AW GpsKIa3LSwdD8eOaSBgzmTCS0tBXrhtoEPn3 e/sFB4uuOyo6NTBHLcbW1d8Fzg4JbvFHDNkw P1sUVUcy5qmaJeKLDWAEwYyksaigvJXDYOqf KEIYBecpm6Yw3Cld4weJBtulA2zS0i5mN1DL SqR/ML1etHNJxOJzRE3ps9IVaIlQye4YGFl2 MaXmI+yS4fvqyc15fqnduo9ZO/Bo4Qb/rHF0 rdCz+sasUPqOvkEG1mWxDiWtMwQH/l5qXPvV 5qjTYcLhRFGHPRaOUQ== ) 300 SMIMEA 1 1 2 ( 92003BA34942DC74152E2F2C408D29ECA5A5 20E7F2E06BB944F4DCA346BAF63C1B177615 D466F6C4B71C216A50292BD58C9EBDD2F74E 38FE51FFD48C43326CBC ) 300 RRSIG SMIMEA 5 6 300 ( 20181212121212 20161010101010 516 example.sec. rgcYP4gQoJrfpOnvqi/eJ8BZwFy7UHQhoptr j8lf0hnxSPAytI84DHpse5o5E3kqJzfemhzV H7B/JZcR2/ELkaBM0HlVLZ2Hj5B9sUtoZo05 W0019NkcsSW42KX4g3XXyniwM61Ibr/NtLvp xxZkGpnECcSxdKvjYc0Qbkbjwrs= ) 300 RRSIG SMIMEA 5 6 300 ( 20181212121212 20161010101010 44427 example.sec. nJQgbeNHvf1819+EGoOqapsmoPdB+rKscTp1 pT260UL4EdvWGeZKuowKUwRHGktKkbk8yjwu eZWH3VedfFUYSAP75IR/jZFQy7bSRK0/u+iV uuwL0Rgbl8n5mGWGJk7/lyiSosfeYklKeBu+ 4JcO8wIjMSpb2+IgY3VEO5ykw66En/YfcM/O OXYpOAiHL8l5kYzTxQYhtquAZtw+TZ89CLiY B7Al2KvM7M6fh7jk84Q3sjMQbUNF3MI2mkzn xfTzZ+gE5D5FrKtMSE2kauVOvjerDsUUz8Y4 O3cp6gldUOwSezlYWA+T84w6Phh9vMUjEBW5 536uxZaQslhKqXWGGQ== ) 300 RRSIG SMIMEA 8 6 300 ( 20181212121212 20161010101010 48381 example.sec. S5Cs6tXyQ/3d53vtCxPuVi8b8w2wKjK4ZFNS ttOHnIDk1hV7xdAIqcbjyRBQjowFdp2huIBP ZWtdNoEFvUEqWTzl9jU4eapLmyAr3HzLvJsY Ajajx0BcRyT+gf04UOe+lnHbsbh3/zPCmqs4 3aYQBnHZNnR+hIvtWYE3sUHQw8jFB9zcR/0a K0MGO4uamGKMI9ixq6bO5YIZ86hROnk9T8Mg r++C2ZI6e7vQrjqSuU/0c+3k1f+YucX/b8N4 0rX7rdsuA97Yw4717y7srrG2eyuc+sBlfHD3 fUS5ZNAF7hCqlgR0PaPJyhrx0VSDW5L8hp8y Yv5jse1Pj6t4zJrQlA== ) 300 RRSIG SMIMEA 10 6 300 ( 20181212121212 20161010101010 1862 example.sec. juY0ypbmPM0AU056OcCLf9TVzKC20tlEE9oo RMDh2qsq4yYccb8kO/H0GerBDgO7PNUV7dV2 ryw6EFvzj0Tg9BWUYymnk1OV2gwRjFNRLCJI mc1akWOUYsZL1NJvkX967bPoDDCZMphO1R0G 7Z47JnYwPjGRAHBVUdZSk33+ENVrpXtFbDJW K5yALboYV4/XJ0/4KNOrteOdNwe+yRVJcxBm GJzI/lsIEZ3ujqDWgqtPCIJfEMU+n1/jAiuX v0vefSuHBlr0oryuUIgT5lkh+oKauzibYeHV mNfYj+VbDFn8RjqtBlyBiUOLWQWooxAhr2Ej h8uTAWMWRp3o5XOnnQ== ) sec-31.example.sec. 300 IN IPSECKEY ( 10 3 1 some.name. AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt 3y6xImvMjRqcobreI351nbop04aBtP7o+r0z rNQmy6FqkPiI657FMEdF1cWJ2Q4lA0Pymgq/ BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vc L17OvU1ksLs9/9hhAbYYedmbAAGmAqfICiLB dOPCbhsCUyq8dTa0FaEinyHCJSHJWVZ8dBpb br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 516 example.sec. o1OyseVi+rnXv5XphFpoyn1S9RA/oBLaMDz1 j6EtIxKzPc9hoECBQh/7FjSTweGkdhMbkaTJ AH//72vBj9kpWbBlU/A+cRkbookTsPJNW84t hfQaZEeVDK6tGxFuLjfu95kJKcncDZsEyhaS JUua7gyEBDy4sfyrLojVCT6jIdE= ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. pK4pQ2/wxYAm2h//CXEp1otFBem3RsL2MOAs 1mMVT4JOKwg/LML0GwrNddfPUEjO7k9Nau6M 1B+Av2iir5zCdYaqi0o1JLKYX9atUEm0wXo8 ZMZ2X8BqoFcfThvnZt6vd3nGc50wDj82tLJv 7YlZm4iNz5qVD1AgWPXcy81U77eT4D14vhUX OpMq6lWzHA9TCXQLtPthLNawJGY6lGYlYGh0 pwWrYhddfNhiKyWOzjnfLrt6axJbqGJ4LJ85 7e5y22AablBRqPCLR28czCWeNgx4hVpPbiIX dcepLQiOUY2WFBsoFzwXWyt/VE68aR7wLRUZ X0nNt/m2XkruNu8X1g== ) 300 RRSIG IPSECKEY 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. vaoSbgs4NxC7/obO43g0MeMpYYoISPjhIH6t WS2u/k4h+Wwpa+dZB3QGGqtl5zAy5A8xd/ph veyY3ElY/CiRwbDcnZIIqVIrhmN8OiQyWl4P +lIlmCWwq7aw1Mp+PtyVdmRx0tKLRVVUGr76 cxXtPYoHBZM9iGDuR/sBp9ne7Qx5xoqy5COY PYZ99ks/6y3ZnHl5QfKEKuLUGIUuop2LLiOs vNHJXORcW2gBsbtIbj29px74u4ZA7vcD9f+d LR1+4PW5PcPuA8dr+r4BX28VhSmhdizqlC6k gO2KbVplKfrmo1dC2ttQoDAYhko+AARt9g9t iEzQnveDN75dlK+VNg== ) 300 RRSIG IPSECKEY 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. oThQbYNemKxbcxmw1LBjlqLe3bZdpe4fd2ho AQBRN9QUpvrOP1eLrDSH6lp0OHXz7nHE26tI biFbLByyCfh/Bi/6VYwdGh9Q1s2g7YbU8Nru +eLuwbgPe0xpyM9TlLN/uRIkCYeQOEdcLrit 7j+vUTCcp6B/o0swUhemn6lxkZLQwouY1A4j zXVUp+9Qqa0ffNtRnPR7Ho+aBY6hx8pBbg2J 89wyQ0tu1a8teHTDIQRnnfy3gwObHFYSGBn6 avIHcxPmlFwMERx0tNJAHIkhp96cliSFGgqt BDdiVvKXmTxxtGNtFPfAyORs8l2h2KE63rTZ UQHwlF1iELN138njUw== ) 300 NSEC sec-32.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. cvjaA3Qs8UpY6JPG5FbfaZX0j5RWXo5jaJiZ wU8Cz2hPpA9L/GvAT5ww+esIlU6oDej4TeH+ gnTcsJ+nZg/+dSAMIuF8G6EEDEHTwdiY6/zX WQqgfA8wMfpnZ+8rpBprseoNH5MDhVxVQ7k2 U4w9u5xXgNhhOtTBM+gKi1B9qyo= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. re9WL+24ilv6l7mqsL6U4stMfiIOjB3YxECL mIfroRgqskpuz1E3/amZm2MrSqilm4Ejdg01 DLypB/3piihQDew/IggKbYvR6fHfPacHt1J2 Mhe57xoFWixS7tWTM2FrWJNq8/LJTdEpOhsR rWk0Dk1jBR6qFljcu8QZoHHt44Hn7h4aEXv5 WdXfKO+1fRMW15QOhbWyU8YvCORfrtXQ32BI 2D35FgEpWI6gLZcs9iW97H1zx8XeMXeLzRBg sLv4fLJ5gJOc9Reoa9uaSOyefHH462Bq7Y4q Fy8zz7lwU59Hruqy050vJ55So5Fb8KY7MMDZ jV7OIJBfupbEvmGDTw== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. wtVkLK9GQZfFEzUGK1sq7o0q/HbxY+nOt9F4 gm+5o41jCQup3t5dkLkfBhsGqbrIAR+xymUo pjIoseU1hKKDRM7pWTd+b51gMyKgmhenKyWS 9RrOt1Q0fChEoVr+XgWE9/HhWRpPRp9dTLVx k6FDiKR/5GxPfJIFQSXXRff6TyBVTdkXYdNQ dZAT6s5p6VkaJPgpvnnHBsNs2new9/v7KuXu jAHPIkhdZDvq8NV5/K166txQLE759/6PVnhH D05wQZFoLa+2WBNKL3jdCiiodmyw9khdxvhl 4f4pG4A6txIptb7QdOc0czbDzOiEqCx99cMl shOZ5LLz4n8vVLOiAQ== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. Cy3wrexPHDOGUJa8ogxhOfvqwUKSshpHVwG/ DkHA/TPDr9pR/MVY2tQU3tsTKMKXgxxkagbh 4fhdimu3dUcAHOTf6OcfFM2D1GPqxBhHgVJJ H6Z6KdGIwMpCap1fgvMkarPaVe484s5owwwG sqbq1/4XtGCCmlDK4KE9zBgYm0zPMZd2ZZOm cV46n9oYoUR97pLO64PrM+dZ1Y+zW1R9QIyg WTo9afOZ/IC64eun5dMw52ZbS6513WX/72Vl AwqMTmfYmwlC29JSgSQVQtZtVs4QMlFcdmQH uiY7lI42K0tn6autonajT94rIT7xbN6t/yF+ fnRPfoMIJ5T5NONFiA== ) public.example.sec. 300 IN HINFO "i386" "FreeBSD" 300 RRSIG HINFO 5 3 300 ( 20181212121212 20161010101010 516 example.sec. HYDUN0tUGAuzK5EPKkYI1dKQ9xu5isKcKIYp bGgrn1M5XLh+jx7oNzGlJxtl3wrfoNNH1Wbx A0qKHanznYIeIiEAdEVy+e5VMRl74D32ant4 guuFPJTVV3lGu6D1RDy+5EzUGEQoTEhKVA40 g22QkfKE6n4sSlmQyxxd6rUUAiQ= ) 300 RRSIG HINFO 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. OQBSWTqQk7yo7xGQEzTEXYqwPNziSwDiWRQk L111w9lAGjLqJmvcI7WhIIjzbtArXWHiCv+b jM8eKLRpsiwpfA2SF9lv9JF9aUMBHxIH9zFI xpW+i7x/xZ8Qa7okflF7woGZeDYoo/Py46o2 PY5XKK/e+sWfW/cN4eNb1heEkR78BcEUQo15 tv84iuEb/L+UuMS3c3U32/jgt9GSpXoX1vdl DQw4X4VJGjRV4XWQVlOTbX6aGFEwGE6VQRj/ i4wyfakpdKML8rnlp/FA2XW/5rEED7qWCK+7 DbLTuuYPBxqLQvMA63KQqsfBiTJ0ZKMR3VTi XFrkYahoAlLv+cIo6g== ) 300 RRSIG HINFO 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. yg668jHohtmU/dhqNYteS4MmACOo1ErZmAzm eR7yP4mX9cBV4s7l+0ro8cFDKGCowr6IoHCA emS6vfHFDmHx3NdIqeJWBDsovCNVCX0RAHcn DNOfTWy2gp0P3kClzegSXl5RVK6F8n+1uzfs GnZGjA5OyNsMByr0DtGfAHvBvcbNC+tGyoxO VVh3hNEzWuu1HbEEpKHVla2SHGEUUCHvGbBh c7NcIc2WZNzIgjqah5vUhgj2fccImxzQfxvC hQaHNcOGQ41GKS1QW42lKiertl6ivqZuhjH5 CYQdyA4Mj9VyvF8tLRXIfDyl4Et7NXLKxTT9 l0OemRyGnWw+BTdHNw== ) 300 RRSIG HINFO 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. bzKDbXyrkazWFhXhWhfsMcWtY6wTcg035fZU 18rgZ1fAHQsfgRmtD5BiFOa+JVW3snT+eLJK 9U9m+vHeSUyQkNbnxrl0s7RSny2oXbNRes8P y+cknM3g2mmr4JNXOlAe+kwm6TdzdH4DuUm2 mK3KfFgtagnWHu/j6wE4tHYEuGAgrX7uYVpO ffalQ1AFO0pyhFmnErk2E072JYSrpAfi/8Fk lE33sBAr4SmFr1KHnJTrO/WVaAAZhRJqUgbx eWkzBXwiWwJPkZ0PDY7aYJeHXLLuNz6gECZz DpY55ofOEFYLNpSo/qZH0DACfZW0cf5MyyHR zMlkokhK/XcmmEv+LA== ) 300 LOC 55 40 15.258 N 12 41 56.378 E 9.57m 10m 10000m 10m 300 RRSIG LOC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. U1RcS2POfW/akAGCD9RNOSr9MtqE8ZL646mQ xFUNJWsgOCnc+w47XqB0ohbTMIDL+JSxiZYk bgcX/9y5OwCR7eyy6drWE8J8Wqs0hbYQXVHk AVb+4hrXY0XwFBc+outY4dxbagT05S33ki4R OlDjwoe6NbGV+jvtSlDzKMWN/oE= ) 300 RRSIG LOC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. dywJbQdmETg/tdyYGELZFrNYPATirURA4JvV d8u+Ejce5X9a2StTHFG8AO5oHVHBob1z/SNp JKFYBECnGxnTTb5MjZ43n0D/hcbX089HArFN pT5MMCNlKlU01W2VrlYyMkMu6/KsyFQK6Mcb Y/7UOu78DWbbePxwijigZmdhPFJM6PYYWLeA 8mJaqX0MmB51o3FtkBEp834s1bxsktFKLI+o QqSgbreLDF272tDleo9LkM8RwqTNBItHf92c 99y+VRg8+cmP5hAADV0ANoFWmZ8LIKum6tJd 48/kUnHjzSTMRbAPt7lGcw9ItgC074mku4WU FywoK4EGwQJ7uH49yg== ) 300 RRSIG LOC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. EdCsT05INrfXrxH7OJu9ZYVOerbeluKqTymi tdatnHH6M85TT4djWnspHnVNsjNSPFy0+56G N2CHHgXsqMW8p1OYAOzwZ+Ba0t2L3tIkeZ0y Fo58ROSBwQFl5nNSX5fZR+VOg1nuAhZR88Zf DM4clTLtCn7zV9TtuBINhqrI0vfXhYBHo5Rh e97ZBVVcJzNMT8b0ehJ9GjTQ/Zy/XW6UVTF4 RinWj4b9nZtxZMDCJD1fqpkQnAu356ja1Q7B VgLLRuSi1rAULkISMJipYNowW0uCSdQK9vCH KIDRskLR5d3DJkmjLSgDbaw3Lqya30/rGSgp y2tgRWdgS2aEpjAv9w== ) 300 RRSIG LOC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. MGe1S9ZySCoiyDHXhtEuRBFqgFfh6d9j1+8V QSzpVZZt/D23ykb0kNovytKFnznYSq2mm5i9 1jGIbRkkTCJUmuKEF6o5BKeG5iIe006tDG+n /2hr81FY58+p3qgY4uaFVcwMAGN5ixuL7J52 QeX8qMrGwnLeS6/USfxyfWtu50nmpgPF7a+J KaeV7Xy9E35eBtp/LZUzubxEsx78ejlBYb5A XCLFT1FmxtRktRyQ4RNSOX54sI9XpUs8xqMr YF3IY0C8atFhXJ42M0pr31SOVJjvF9KAax9Y I5QucFL+ovQLRYgxVrj+o3OM0akoyd6ea3M6 SxLo0XnQrhTkjr8Q1g== ) 300 NSEC sec-00.example.sec. HINFO LOC RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. i6dgTc+9Y4X+JGSuE9o65dgxKLexkwcsLp99 x/h1iHgEkck0Y0i+d7MDGNg6ZeMA3uuaxnGr vSntLNBywTMDGQG43aRjn6jZ/OwL/9e/0YNC wU0PoIsKqg3FKgaPFXGk17dPz5U56Px/nymo zSero2AS1cAXyihClqKZ7EjeAdI= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. WKK7b9fLcJRs/xI74VSpnCf6sVr4gPG43TUu etxbTga8TGGHchOzrLhR+l3LVtHkos2Y1p27 bZtYxApqZThMUZ/3fsHwwjhLU3dVNjVtymcy Au8g2+Km7htzHPJfEsFtlBV1DEjiTnPxx9iS Ayi6Ib4p1Bp2h1AaltgEM/EbzRtqnBkVq2+j JF+DRN74dB1ZSWltzNXhZaWNuHi6C+ccXd+Q A2EVSg5f2O6GzVS+RjueuE6SH/AifFjcU+Wu p6QyQUe2umElIk4kTmE8RWxFOO8JbDBdX4Hx CyLcvGFk9XKGmtVpC8oLilxTNXC0pgLI+/Cx uNvtYbpYweguxAUduw== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. 03EHsunl3E31Z3leZefzCfpwXIw5ZSjvwITg DQJNsSFQ/7xCAozjkuaSbzi26t93/L5ggDdN zK3qAyxslqbCQhc+ILItcsu8YS1AYHce7ATr 6lg5QUij7eZp6mvCAde+0N1kun2pvgHXakBr YM+u1ifjJNBwtMFU6DkDYVMvaWGcq+Y48zT6 p7Wdt02EZFrUWAu4ZOSjksRxpsQrTc9AfEch xMmOEVGuFP2xpVDRYbYE25gSy5qvyoVqgQWm BgHbCDHzR+9BhInrI9yzhUV64ZGq/wZEOtz6 tj2OAh9f5bp3N0rn/BAqh5c6mDfd3S8K5yix MXKlpr8ojAhJNXF17g== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. oNhHACRQ6raBdFx4fpCx+UW6OHPUGGyRd2LN AliBFGKXCXdAED66EJlwjnTTYduegY07zhXu 39DVCsTfNWu3nurjLel1J9LIIGwkspnLnQ3z tZftNUfVr/PjQNoA7q29TY7B/LxHcGDniBZI 0JfOATi2J4iWRd3UJMMOUAY54FGj+dVzPiCU cKEt7WSlHDSq98EEsoPYkZTWrTpM46LvC5KI hgFwpWKbIIzwFNV2C9ykMfLLFRLi3JO4MQbd qbtxkUV+j2T7NbTWml9OY96Vs9oMQjSlKN/v CpPPoRqwXyzpsMt6NfznBYNFWV2VGknXIsXu TDTjFhCaXd5uDEKOwQ== ) alias.example.sec. 300 IN DNAME anotherone.sec. 300 RRSIG DNAME 5 3 300 ( 20181212121212 20161010101010 516 example.sec. IuMBiJ2cfyjxV1O+K18LbL5OuVk6fG4iAogl KxuKZi9biDB7UaH6Fd0ShEcM0rUL6MzcmEbg FovFTTyBL8+O/LhzElse+dGV0hOz/FilEE3m LZzjb+WB6sh64zSRQTV3vzMgJxs/I60JbVtE eKJ5ktnNmcCS0T+0Vdw55dX+j+Q= ) 300 RRSIG DNAME 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. WQTSaB4LddH6Y/sQuvqAawmY7bdhTeY7vZD8 YNUvtgx798+DZWKQHmoWD4KDhvqMO3D3rFbM AvjtZJsamVgHFDVnblBfi1oGKL892nRquFa9 d40XUtKW5d6I6MaYyO6Cnxs0DFNOKC5NUuUE dKWOx7fuuVaXliZqsGzDESKU6mwiOwrvuSqx wf20bNXy+NgWHom36L4dOkBdiOWgcJ7fmI0N XCmVLTRRrzw5E4kIIX1nIysGSW5WyWC6gxz8 9EYBBK5N38eqIHmxwUO9a/8tQcn2PWNqBNMD LFYiuhweentelGwe8E8yajaLfjBZjmr48Jb4 HNI7A+9xbiCjBseGOQ== ) 300 RRSIG DNAME 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. 010KT3MX1e3al35LdCNFqsZT7+TbZerO9AQB DdaiVgmyQw7+UELxrTEyxPS3V0bMzUc3g5jz 2XHzCo/ch5tFN8zlV7KUzQSqKO9+vt15JSNk 2sSW4jJVK3S7KXH5+YRj0EOPL6O21K2KHwef VZItT0jxk2COVl58qYa1PQ9DoFZ/mzWwC/ko jRFwQc6LXFW+kDDzbHoj8JMeRhJOOFUQhRfL QS5P6CruFekgMJRyeIZabQnqfzgk7yw0YAdR 06X7LlxBwsVeS+un4VHs7+kL4TvaFHTfOgpC /d1A5ZEeBSlRF3WrwrcqBNlm/DHb7rkn/w/n osE3j9hC78lfgnm1Lg== ) 300 RRSIG DNAME 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. SIK086vGT9CP6NHhDUzNvbF5e+2Wf3tngnBz wOXyU78O5HqY6c3urVCwJqnZa6FfgKigfRui uc6nvCtIIx5/iQvjxKi+3oGGvLiYKJQlJmbe XOocOddpBKkJ2QEx0VWK6M/1MqrHFtOh5l2A D4R5j5Ximl/8K/P24Ek7WFnCBqlpBSS5s0SQ l0oZo2gvZd+GNkiIxIBt20U400p3suKhglEQ MwdOR/8+XHT2KsqUssmsIYlEPBCBiZsLn0aj /tu6brATslv/qmsqc+HQMJRbJ5YHCRpbMOAl rEWgYFEkxachPaRRIVuQwkcTJM3eTjn+D0uK hdlOiQrBACuchImlBg== ) 300 NSEC cert.example.sec. DNAME RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. SG2SiQMpOH6rJ6ZhQ3EK9bnnGiKL/7LQILSi D4/agyclVc+vMnfVY9waoA+Jt70MFJEBd32p GScUcRu9MkpdcZ0MiCCWwsGG+nrufdq+rxFr +FOX85LZf4v7qp7s0xL1kf6Uol5G6J7rZIcT yZgWGZfl4WuFSAouPQRnHV/eoqU= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. uIRc9Iio/aaMx8R6vVIuIqMq92y/1iS/mYch wupYiy4A2oz9AjQNZbtGNFu8gInyWPdZVfRM gwSVk5Y6xFI303UWSCDSaFpd3VhkcPFToioi scgtUVI7/v72JOBkhxFrB6nukU923E55ya7L DCZ0lWnLh6VMvSe3MtDLPyUDQKfCZQVAlmNn du4S7uWN6vh5CU8aTNwn6A/bOodtOAx3aDjU m/oFGpn46FGuoYTcnjp3NGUFYOTdLlyWb5wa V2pS39lJgUHBs69+93RP3Lgkhc6ZmsBP/J5j vddRQ2kr8sBQ1g768buWyqeE2566mnGi6PoY lqAEpXO9ReqdPgXqYg== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. xw3R+vgGkofS8s1ihzSnMLoKrEEXxWB60hxL cl3uJpaXSzayoXwco2dZaUzq/Wa9xFBPE06b USSpn00JVhPA5UpAWBx1W7aD6pgyXN4Lfpk2 VpjJ/1jjsQEWGZfhvaFnHF2uuPddNaQfWHMX kZDjjpyWC9wLOusy9/7n67vie+SMI68vwqcU pOKlrlTgumJ/HxbTvCEDM2jU5+umyaP4ZvIA mtXSr3r5FUiF5cA5CkrYW0cd5CVivfkHJ9bJ 3wEbUZ4NfImKxHCCgzS37ICNl+yB2ldHTfXy 6Ho3jmteFbvNVRE5IVNrSozcPaGU9xBLZFVg sle3rAROarz3lLDiBg== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. mF729lkzA2S/Yif4OEuROLkcrLzhValIq/Vs ahpCu8/LQOZrexKLlC/d9SFaSlQaB8KjLQeF L0+s+3OvBk+AGcOxDSIlwm08P5lTRM4kvzdY auZpiNS5rIgLEMM62Yla5mMhvvt+Np/lQ4yA ISpdjAWaCjuV1xBs8099uIX49YNKBLloknSe K4MWHIbEagDbxY8qnF2ao89msx7yQQeCun2k ep4OGnZOWOBMJON0x0InrjUOpQC2XjJPgvIE XTkl041j3leC8nvzpcTDvD5IDlVswExmFZ3a inFdWQq97blgbbDItF82MPdrXUSWTAy/qmjR oUdhgjyO878jx8aicg== ) _443._tcp.www.example.sec. 300 IN NSEC _8443._tcp.www.example.sec. RRSIG NSEC TLSA 300 RRSIG NSEC 5 5 300 ( 20181212121212 20161010101010 516 example.sec. c9om8Z+YcSMHdl9Y9JyXsKtmd4s5dJwnWWBI XC32Gr2gbo2myvNacNo0EOzlnDndF23he+57 41VeKKE+jCuHPMzZvieq/INcNXu+wuGytWiQ XTrYQSt3TiejxQdE6OxoxR69RqCyySRBLjDP WT9fXekxVMbSogR0oLjWsuoCREs= ) 300 RRSIG NSEC 5 5 300 ( 20181212121212 20161010101010 44427 example.sec. yQC7jAIX7VS4SSN76lt7Tu0meff3EKGD2RKb hSo0hu9xfRMXlAkxx9W13bnmbg3o5rDD31Wd 1x4xjd408l5eswm8G5IZorNvvlmBJHXE0BSu dOHrmC5WmfyqlqRx8kEMsoUrMqQTqct+QmtP rKAKrXdIoSx1kd/76R2YOrzbHWD3ydChvoLy sfHQEJIPd4tvfuMokWzU/CpMpeyqTzebgGN5 dSB2B++boFu0sfgTTjt/TGlXsgaU1mHBuknz k0MUvaq+f1oDuw85RGo0/sDAKpkqQVUxW/j4 bLv2BhAFhQGaSsv621WDziYWn02wxEccTP/t uc8lah+VM9YF/6NjqA== ) 300 RRSIG NSEC 8 5 300 ( 20181212121212 20161010101010 48381 example.sec. x8TxyxXW/d1su2ijhe449HrUYcjXCLDDlh+/ MwZhh+6O3fdZX/bim/q53XtNCOkoTXl6DMus Lei/xwbIQYo8f1J7rEe7bvv44U7z9XR5cpoY bPIXof3EZiEwsqHSb93/UstNpRsDufUeyv4l cdhJxVM2YLmQJ6v0UjwC452NYg3tTfM8vpMU YAfgBn3ajsSpek2TEkW5nt2kktNkoydpnbuj jZk7Pxmw8KbEPt1PO7n9LI80OA8DRkykhoio 8SaXh/OI4sS4Mt+wG5+lJixMDUIT7m4jDW9n W2skYvPYyaW4fS8Cfp4gwoIJuKpopHpy10oK f/5s380ql82LvP4uTw== ) 300 RRSIG NSEC 10 5 300 ( 20181212121212 20161010101010 1862 example.sec. mU1SJISNmam1aeKgThUF/ejRdU3Ltet3NgDy 50W5MaqpPOSXrR7Ag42R3OziFaxjcbuY4MY6 iOIuQQeXh/PcCORCP81+GWI62DxB5ga7hdcd k2zZHSp1FYgtAWoZ4SflxjOBTkFb79irVLpQ 3a5Z5CyBZka8zZcFr1Y4EgsAvm/4JRB2616E GJgUbcWxZeL6XHlWHIz+bV3lwv4xctFcmBsh SsGvtn/2av1Sq0Bl+PlbvAYrPhm/2sY8Rtbj 5JWCI2Shbr2QUFbp6GlSBbS3oOkeLFz+0L2j dY/CnmRpUHagML3xdd0nhHlMwClFkEEFo5Bm hXIQvYzFz6SpJhaoGw== ) 300 TLSA 0 0 1 ( D2ABDE240D7CD3EE6B4B28C54DF034B97983 A1D16E8A410E4561CB106618E971 ) 300 RRSIG TLSA 5 5 300 ( 20181212121212 20161010101010 516 example.sec. m9FBBhkcIdh9DYhNur12tjTfoz5Qtvq11Kwl oYPz8TiUK9P4wqGa3Ufhf/z5ciaASeMueQaR 8nrGI0y7WD94mHm9Jg2u5BtuZ1z0hJOUuTRk vETishONzRxv8K9N2W3Jv1ygLMwC7Di1o9D8 S0qxYrzkTHmu8bLJj8oPD04+DIQ= ) 300 RRSIG TLSA 5 5 300 ( 20181212121212 20161010101010 44427 example.sec. wVp5u5xaoOntqexU/0tiNrAvPD0KxN5Lq1RG 7PkpEMFgR4uf91jgneoIBiUVpTE4agwTO//q 0Qt1JAnTwPAo2GrHcTDut3ZkvIbK6SQERC5b c+9l1IR6Lt7PBtDW9NqcSiVTh9SzU3plGEtu KqhAPUzIIAm+kKEDpoOI1JTGsTdJwId0ttSi Qt4QA6OFkYfdjWxm4qSsregIrTdhNuDtHTA+ dk9XOmlHlCtlpUnxkTE2uqUors2tk811xkWb aGM+VhFATKRBgNiUt43LkwgCH/Gfordas1fK UsEXIZzAwp7Z3AdY/4PdhO3OAA8uojqHqTp2 QO0xKJ7UnHueEnXR9g== ) 300 RRSIG TLSA 8 5 300 ( 20181212121212 20161010101010 48381 example.sec. C6Y2zTg8SKAQBlW5bqGel+4LbcgHjitoxtH1 gUv5h07NWCuS97gKv7H0jtQu9vyKE0szSMkZ 88tHvFfpVOMfsWxkMiRATJaNP0j4bqlhW5z+ 48hSfMa0X1jljYVhtxEsXrDqTEUhIv8kZuvM 0IpsMDwSWljCFSmf0rspXeCcnpPPJL64I3IX j/EZ52MsBoN3ifSTqodpMxs57xtGfi0lGDJP yvWq2/9Z8BFmzDxvVEPZLvYUCl8w6FbELhgN QD7fpKqM6TmI2xXmsQaEefvl4um5Va+t+e+U mW5T6A+GNYRCNyk4VhBV9bKKPukInMJNolPJ qMbgJ6Gc56V7l3tf5A== ) 300 RRSIG TLSA 10 5 300 ( 20181212121212 20161010101010 1862 example.sec. EC8RLTAf2ga+FZQVmKQmN7gJxHYFXwQ3FUIQ fGYQEiF5O7Nwpl5WPmT4062SEw66EW0mw0Rc Jpq9fXaA2uyf0gWpiuwAlKiLNo/PJNor43Xg JyIO+XqDIpzW0SQGe6sTmCuNciQvwdORR/yA iipYsQW402lR1w8mNF+9MzCJa4w9dHuZQdN1 3WvkatYKhplmXxOEdpZ5FlvV5NYEuJi29Mkr 2J05Zr7HLGZErDerRjcQRtZ2Y5NgDTXsgC26 HB9ODan7Zop0bErddBqXAyTU1p6iS7Mm3eWa 5GwVrB94jFBO502HIMIyZbUrVAq7K1PXMRlu /WzABsxYiy4rXER29Q== ) cert.example.sec. 300 IN CERT URI 0 0 ( V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBt YXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0 aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBp biBnZW5lcmFsLg== ) 300 RRSIG CERT 5 3 300 ( 20181212121212 20161010101010 516 example.sec. RsaoHrajGSkKePvJDvBsaLjVCJO5Mk2VsTZA XfNAWUSi7703MqkMlO13RWdQdEmCx56NxG1x qiS2arILR0fPMo1emt5J0CnZV2FrRk7kbXYG 0kDPmhddvIlvTvF4H2WVd1Nysu2SPH5Ve34F luIsEWYv2B/XmCqY8QFLJXutqNw= ) 300 RRSIG CERT 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. dEOANGqMChlT1sRhgajcl5XbWFT+cPJbITHa V4ekQxaKRT5/PZOQCYtSX5iOF6lorg95bkQb ztIV1IUckp62dBljoQ8123vhZOpSgClDXZqm YsVinJUx3qKO+XvTEGH+vf/b54f8aywQL3Pv ojw10OHBm9b2vDfww/lZRvtB+RygnoGz1prX jt3AKnKhST77NZktFg77aWbbO/WtuWLsxgZf pckBqB12GSES2r6+6JVST6DE4dTOarCeL14z Z/eygkwFOvXBSG8RzakMIDM4JRUrWC5XQvoF WVmZ1CQM4TGKJylgc6UosC+/kEGyYIZeuLd0 iTGYakdsLw++k2XC1g== ) 300 RRSIG CERT 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. ifn21DSpcORCBrZPARt8sL++XfPYx74Ay4Cw nWqm2tARJex/oE6Frm3iR0BZ0EYvhVjOjP+/ IGlA8LXn95iad5/lk6fY20YA3MVfovN8qt6w uSbQDewWIVgfjR31NhPK96YFruTq3p/KwSCQ ekAobJfx9idiN8B0AdhzdvxLdboeABaUmpkm 5e9cC3u3pP0fSAS4GV0ibfSAUNnoMvrTXfmB Bf5nrzx4Weq+AVEa1yltF6UK/P1VWnGAG/Jf PcCYh/XFoTcZfGjso9BGln24vEpkrKd3kklx Hmgw0Ypn0SCM5yhaVRgX2UQtCYFD70BvWrdq p4PfYBm0TZfUnEbQjw== ) 300 RRSIG CERT 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. IFwmeo5tNfQ95J8yoi4gpJJQJ+IUF9G4wjou Be4bQYLqP5Or2y3bDzIJ3rRjFxF5Wst5Ovyk zXwEBShFPuQjBXUDoKtCKICR9/pi3eK1FVff 2xn40PXk8TrfV/xNA9Izfd2T2BmK0m2HBsSW y4SwyF1sQPPFZC3Z3LpR0yeP5Xo8xD/GUn5C FbncyR3ex7XYNpBytb25Eyy8+eImzM2D7ZZW tXucCN1timxMGP1A34zoa63fsT2y3XlD1Ax4 14Vf/Leqmot3h5+85cLbrYbNRAj5SGn2MTO0 dbnGpmbAQrTl5mXQRYXY1VEss+eLb2Wq6Jtb mF1MJKJHgLzEYI0GBg== ) 300 NSEC c93f1e400f26708f98cb19d936620da35eec8f72e57f9eec01c1afd6._smimecert.example.com.example.sec. CERT RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. YTeprqPKiHtg/ynH/YEPVYktL2Ca2/ZErO41 NVUSnK74tUFC6X9CYdnslXOewT9HLmDthr2E 7jBUlu9XdJKbXuoRdx7WDbuGl/Nxcjh3EIDK Qi+sVxLE94YQH7gAeYSj0t/HneLhwoRdPf+t pf7O3SHbb7FuBj+cRjCQZMpHWXs= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. qUEKyNbyf5rnPyUEYv5RU9Piglqs3cdkz/yc by3B+W+bvPa/bUMHXnQE5uaSmQ4eSIhBcDQW z+/TKR7zBOIb/wda1wzjjlI3tL2O65UE5s67 fAJrDByQ0zEreXM2RiP8eIdYnea3TENoMrUQ c/j+Wj1+nEsbesBbfEXVeE730HXMqqCZPRHT Y8XooxSqBlvY6J/RSS7c/sLYBAc6iHNxni34 y5vj5D/mV+yd9hkZiPe5SHuYwsz9wjhbOY84 ndtakY7DfG3txgI9W47+HA4qWZESGm4bvdnF OKYZudwMBP2KS74clPqjPoradLRR3EOf7SLH Y/tgBy62TMYXaNDd/A== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. rwPUoJ+kph5rb8FseqpipqwywBvfyfEGT7JA FMAF5R4tWePjo8O+6b8WPydJv0eck5JYkPX3 DwJcGBbKiFi8OYt/mdBpxrzhyK2RafMPP0Da t/swWv1NplkpCztJVjHb2aNAITdofe++Hm11 NHJE20g4wb47rIzOAaf0fPwb2dsEJhGWGy4W Kb5mpimb26JaKUUy6mmcwfLGo9eLJc5PHA73 iQ3cQ/t5/ffQhIXgS+GvgkSF4NKGCuXfoCf8 4h+brT3IUv8RRQnWrldFEj8n4a309/nomaMg iZNx3UAebt8DUHl3URtXh/eQ69+enMDIniUs bn+t9OXBFl8WOWc5TA== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. acAM4O4hfy0zz348eNtTs/eb/Pjq+loT7iZM XgyRz0dugP8VRSz4vQmHGYY3JvAvpfGQN3GX aAPDc+Gz0bwM53+4QmOfei4OczpZoi8dSID+ fIBS5TnntB0PpCF72pSMR4yyA9D3QY8PFUXg d6rPTE4DGYw5w1vTIZBJjW/wMbF7MsVG+7Wu NGLMFqkX4OSXgeubuWipyL6QkSjMseld3dKM 1IQWDgJeBBhPKOsf1IE/7jVl26/6zISGOOM0 2u8g+DbnmF1uvUXdbmsrCviCary1KJ8h0G6P 8Lh199dYNDdXZat/Vh6xyYgqsov7scSK0yCO P1FRAWUtLq5SEJls1g== ) ns2.example.sec. 300 IN A 5.6.7.8 300 RRSIG A 5 3 300 ( 20181212121212 20161010101010 516 example.sec. oSyWhdoAFyep3WDMhrXyH0m8rvVrdmE9hn60 tbC1Jo860HcyrnCzIx8KqC0HsmTmlZmTuhOh ATOMeUREaloT8ShrhMNJKzgxLJ2FY1kCRS/i CfwFteHCEXCJ198rExdW4yFVQT94IiyFKoXf FYe2Zc8yZFHoIBwhklXBJuiYur8= ) 300 RRSIG A 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. 20kC0SNVgkIOAfd8S0EBlezuw+Lye/EAX7QB 0G7WPlJXOlDnMxqvTsyjaoETbxLSqo2lZ5zV Tz92cULBzIra7F61eXnaaB9jVDk51crpOV2P rU01sYrYpQlPqoC6gXa+o814lglX5ez3nvT+ IzIISSU44yhUIyqSCCVzR5wC69A7QrBzumsf ZI6YvYjqB/s79nPsqzOqxvtpg7GWRYb1OE1m cd9zRQPi9+uVrTDF5WLI/UAA5NzPuY8U20L1 /K08/uqKP3K5rdGRgos8hwmXBmSxwnBSS96I NJaCeIGf96b4cvYDyZ2HQmtS8c1U1iUhPk1d S5+S5TDnLGwL/XCOYA== ) 300 RRSIG A 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. m9Uk+u+ZJZzPph6KNf5vnyfNWrIByvwQRPg4 Qs8veUo7XDiQUxhbZ0282eprW0TVVFtD1q9i QTC68cjnsqHCTKd9+QingWdBr0RwuHSxiPpX 8Zbv4LXnskjEbND15gDJ0GRy9W8UgtWoUyuF 3MSK/PCxFuWVftNGnGWCl4iuDZM+Q9C/o8hQ YI8YK18zgqlOaqSKPqzMiOK1Yobv6direlf0 iYSlWFBHUkm6sgeTihwSPCrLrjVwGqR4Ux3m 4bs+SSy1xIOS2nrGNiu809Lhg9arAzkKg9FB DusYCJHQ5VyP1kGcpWbQNpT7ur1D52rtNO6C PudRbNk47qsanIbRcw== ) 300 RRSIG A 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. Z/yfD2G/sWFbFsDqZC20BIoKSjniE89aiSKl n/hqmwzzx1GgoK/uTDs9LlIdp7zESPifZ5n4 t03pvFxMQgPw5bG5eklQ4Zf/am84DKmIZixz xaUP+SAMjB0IhdpCRBSnC55knBdHlsMC5ryA SdBHOcZ5Df6iX57cpon24fXkI8fqWQ7m1MLR sYXEXs88mFAElh/ARcGIm93T9vwUnk04cxrw QodpUam47Pjp7C7GY1XExtSSdW+h8KijJarR tiYYE1dkOPdT0OjzBybRjbuhjaCa7CPPzGm9 tNMph25m6D3Zv9Eay0cvJHYWnbwOZDxO8w9r QpkYgVpLnMvYRQ4iow== ) 300 NSEC public.example.sec. A RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. QBDT5kIi+hdEXsZ7b7y/ovk5lGRpKiYStdeK 9sKrQvNCC1MLhG8DiT+ssX/66jQEEwZWOBsG R9f+pkm/Y7jImE2KqXfcI2XTaZvmh7bU1wKF 17PpytMMqj7bvmomvTJwaIZvyzBX7x65Vm0j B3M1dfQc8AsXruIGlPMyNDJwExM= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. T5wLuqX6ohtXSEIXifG4Yui0TTkNXRkDnaIV 9yJrRjFk/GqgYhWzwj0e89yAup9eZNKoftVA bdXOCtEhPHL9lPVK2b5NsQ3+E/TSKvjgxbyy OWAZRkucKKJeQWhzPBbTach3bkEvaWC8fSCH K3X4/R0GFQ39qY6bgxIH1KtamqypTp77EkE/ B736JUPhGRX96kgEu+bumR0Z5Nqi5m24pg/5 6k+8OL0o4k+SFMP8va1+lryqtpG7eInWRPQ7 F4X8DNAoqttpsmf5v6tOpkpgoB+0gt4tNTaw 6DQDRX0YCCnCBZEVNQbs04qC8Ij1MhyJSPqO ZOyNSBBNJzdYebkrUw== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. IMXgJDl9M8F6xgSzzFU1GxSpjz6sJ39xRYDj M9ZRXqmIGtZUbVLYiuGksy9oMX3+mXkRdgGc COys/CFeVeJ0slUfT1L3I1ZEpCqi0GpPtcNh muGdvVN0msrbVG3Mfz98vSMg08BJb7r1plPA D0X1bcO+3NGwx09zHGmrZSlhyGfH+rui4nCK U6PAlXNHlany8yfzp/t0IWFS/Ryl2Y6nPxiZ /opY3TJKSIRoXTFgLkxNdiIpyAd8zsbuzq+o hQ0/joZ8cc6Yrs5zpxksSRvdsKAlqj+BWEvC 8zGYKygQcv73OmOizw8SSZH1Nhs9Bdv+DNra ka7jzpkOZeE0bA1Jfw== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. HpKVsDx5dLGlLQEKBKAoMrjHhmjccYQepTsK CDILuW8b/Zpx5wajf95xlcutNHp/nuntr5Eq U4ou8jqCmhV6qPXnMnPDoQsmEN7S/Gmwe9oh X6JdmUOX1UimNalp8BycyBwbc9qhCJyadv+d sKds15udRnbqBDmmPGur51k/1k3cSCMAKzqu I3QytXqThwqRlWlOWb032LfnVYNEz5Abwck1 XeX5LVc54JBKF1R22yofR9YnDAVBHbVjYt0V ZHtWBtqUTlY5W0ehffEHOBf8r+N4aCA7LfmC BQj8tG0xx1zFMPxRvlQh/bC1uRtuH1lChoK1 /ugjjkqZdXRLE9h31g== ) sec-02.example.sec. 300 IN IPSECKEY ( 10 0 2 . AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt 3y6xImvMjRqcobreI351nbop04aBtP7o+r0z rNQmy6FqkPiI657FMEdF1cWJ2Q4lA0Pymgq/ BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vc L17OvU1ksLs9/9hhAbYYedmbAAGmAqfICiLB dOPCbhsCUyq8dTa0FaEinyHCJSHJWVZ8dBpb br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 516 example.sec. KFMeLm5jSyJuu1dYPNjwtFd4Ojx8/o6Rf0BL P0dRMWwSjAs7ncbP3uMOUdTEnVko6EsjWTHT dakYr+D/RHiEgH7r95BidEHI5FXFD5tzCKNY 3Jxo1eLw/TSHF5VPMty0/Q8QgwKs3B2lGiFV 5EMy1Gy7sBki9ZTmkts1anW8tA8= ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. rFbj5Kieh1vU2CxD/xy7bl/xOasrPpapBXsn mMijzocDzvrNbxfB0+sKUxdYGgW60oE0t3ds B8tud5HqfW0XuDeZ2WjpuamefUifeEpU6x8Q oO3Tecgg2NDSn9A1mlBrgfWybrkLNa5jWuW2 wFKyzHTUOSzqnYsC9MHZz09OszWshcy8Rlds hKBnMaXRUOzerwtrRZ0zWpllMfQ104F9hTmS 2O31UAUDzsv2TjQ5/Fj/15F1FBWGYMRjP0/W wdJ7h2d+Fv3XJTzYvH3V/qx3lpEEymfXGirP Jm9IZLMZiVXeqYKS0MIpbJ8SVp7lBW3rTYt5 aCrivAZ9Gt/oGAVGgw== ) 300 RRSIG IPSECKEY 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. ble1OK51ZiXuHX3RfWNBpt5RbG5yM7wWbIu5 yHe5oD56Fagowo+flqjQ/xQXZ/n8UG7Mbd9L 0jq+gg4SETDl752pw3257a+AvZYtQw+e2iyC lKLQEofIMwrfJlqRXk/1HO176pqc+h7XDThQ 4gH/RkH5MSWubmG9z6Zli/hM8ndIxebQ7Wgf 3Gqe2+JVzaG1RBgrtxJ7DOmHWOI5+8WOIdTQ W7XHzjYOY5fqXCSs5Qkr8v6++KKgJgy8Emsr ttnKTP+yUL23M/UDMmYTM6MhetsyRF10rEUS CNCOfSYXyBvEeBxUsSWV01/LRcL8XP1fBt24 YdfTDsfKtfUxYu04WQ== ) 300 RRSIG IPSECKEY 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. U9SWYQdm78OqWlARa9Js+gltOM39ndb12Fw2 3OpXe3J4CKXypDVcJ21pPp/u3eH+ju1BKLOE 53/UUUcwXFBmzpQBzfK1g2n6hF3CeHx6PX3i 1Lq5YPDePqBz4XHRCllgOnB4fkISle0uhRlt MLALW+BAilqVs2JHsi7ooOR5RHbDEadUDJrB tMaIsqRUEkAtvRRB1VDBgyTiU5k4nrXdeSNY 2rcXYkK7DsRh0mhBX5CYHQJyVKtqlqK7WFCF SqrMsWUeQlXkLCt7rhsHbsiP9hkEhm0t+Vnf LCGYQMp5N4TC/UewMq1XBmV7oj4/BdeSIz18 E67MiHX8skvb+NBd/Q== ) 300 NSEC sec-10.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. WfrxxSuFA4fUfSkH7MPqYBLR5Gu0ciFsIaxc 4RvwDP9RemntRt8q8KfAxpngjd+gDpsWFNpl HErdcb9Gim/x9jFyu3yb0cHu8/SAxL1HFZiZ RzG9geX9gQSEgzQVdsDwMxesd4m/5uTdxnm+ hstyplQHPbWzS4hmw3jfBD6qTvQ= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. xtuCY84o2p7fEXud9TFbWA+idFgiKH7EfVZQ JbPxgxCr6K97EcCDaVz3h6p/buhGPzOkjZIy fOkwTD/DHpkcRow7ZzoYOHrFL3fPZTLAg98T E+NxlQkrZQqpfIh3eLM5tuSvJq5kgG4eOc7B 8z0jDArk5CQ0+R+WTD2XhxdYvhBi6qy4SIzv M1ja6Vel4WoEysx7nzEju+SyVG1SYgx28amR Db2q+9HO8G6R2aqUmSMKef/Nn2Ci6nMWjgfb zxGwdMpwNLsSD8zOqni38rUpclrKLYZ6c2Hi 0nED+xlwcZZ30XoWMSKlvuaBP56/s9B3LICY ev8Gv7693c/7s6YEVw== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. QIW+9Mz6a3qTOQ5q1XgSK++F0BM6LExejjzN AUsY1Nhdhak6fmk8eNs6OunhVP4JVnFgaREn jhzjYaQduSnj7kMCcjcu+2s07FjFhO8tUxYa Yk6gNFhjulbySURFna69mBAH8ZG+WZay1oUa uBdcJLD57WkuYhg0jZB4W4BCHU9gjzrQyyG5 nu2CTz4v1efVgY1Dt8/fQHs+jMEipwiuZLdO Nz6bu/orwMfcPWY1HffxB8Nc0exMuDxsdzs4 UiB1D/GTrUjZz0dfwtXqGv2672sDS2PC2d6w Rt1QVl0W7paa57JUy8t+eGL7c8INMybCUlw6 FlG90wVdfSHTff+uWg== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. OtbnEwYt1s9dhM/rkAgWVl3WRPoNYUXJiRr2 IGkTgZK+YABHNf3XX6Y49AB/S1SxAQQEJLme suFsUnxGgxbwC60sgKJP1247NRi5R3XpkY6a 3azOYw7qCE2joQvRmf+nEqzWwd5iRRPQixAk oykADq/LLt+grsoNnNdkqybZvMLJoPY2ViIy 2lJ9E8ArMMfD3dPf5tUR0TTIyBzrvUIi6cx1 gW7gHdvC17aDNPYBMwZgG7umuv2u0CIRqvDo pHdl8WJKJC8xtRCrVjptVmCPeYnx1e2rYfW8 z5T2AqtX3P7+RxB6+si+r4f4/L1zH7JJDp+h aqh3e0PJOUmxXtoPHQ== ) sec-21.example.sec. 300 IN IPSECKEY ( 10 2 1 2001:2010:1::21 AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxo QqJP943gqs4QATtnJWHQ1SDWiRE2aXl7SJoy JAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt 3y6xImvMjRqcobreI351nbop04aBtP7o+r0z rNQmy6FqkPiI657FMEdF1cWJ2Q4lA0Pymgq/ BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vc L17OvU1ksLs9/9hhAbYYedmbAAGmAqfICiLB dOPCbhsCUyq8dTa0FaEinyHCJSHJWVZ8dBpb br2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougs ogj6kPdSSQYZYayHzVnl8NFQ9uCwbRTryepP zZP5Vd2t ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 516 example.sec. goJhatdkze7WqFGplnO28uBT9AHjrsrK54Sb I13110ffVWk/6DaQhNX3GanFXDcbhi1m0N7B MbYFIWZX7y3u24Wyuvak180hUqUdcyuA3G+Q SP9WALt1+7aghjPLWhJ9/igHxC785Cq/Tgf5 +KVMN1RT4pi5l/uZQ5jcKdw6J2o= ) 300 RRSIG IPSECKEY 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. rXrTeN01xY+uebYRE/bhpy2GThFjdfePR+ll vLe9PzN9GauBsaHCIMl3rr+c4pB0FwVtrGzD DGodUkbqikHmkzw6gAhx9nAcEGl7jCJpP3Zy eirRuNTb4HPsXNSniwXSXryMXeBnHanpERsl 4n3bfwvOQlytAqC+X1L0HfvGkSi7DMRGBKK0 yZCHuI11dZehOEVUoBGlWV1o/sBr6YwwLhIG ImwHzEzunvRRC7e9SiY41nIpm3zGwnbsVVj8 kDGQq9YxOgR5ymFbLhCYAOcM7jSBBQRm4Pcv WKMijHXzFO2e0fXf1nOsJH5VnQEQTxBWiyRc D0SCwpkMKHNIK/D3cA== ) 300 RRSIG IPSECKEY 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. T6OZoyEvW0es+JEYsHoM45PIUYcjZjhS8jwy mCDfL04m7fmyjzfUvK8hR2VVxT+2QR6jg1vp DnPFUpVrr0jJnuicU2lCdptTSb2/7jQzlpYa M5b1aaqmlGxCKnSfjWfdeaW4PC/+Oj4yBdPF DXdKHWgFxWPDOuVIkVtKuD2MgG7G/PVOPYw6 S2qMn6BSesM1UM274wiAWC4+n86aY3rkH3Ly fgwMP4q6DktOhygDOK082NANVkoGztcVNaH0 pqL/5UoUtgN/4wndeLh8Lb2LrRz818+uZuad hSyJKB4pN+u1fs/Z1BQfaw5til/PAVh49KNr IWL3nkNOlCb1pXPuQw== ) 300 RRSIG IPSECKEY 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. v1TyfkvJIwEJ76lle7anDNWl1V/l8m0oHlut eihGwNdar6EGmH1uyxNDH9RhGvgUVx29to3p +lWtg1VwYzxXqj+e9TnWOlCfV2MRD856UQ6T htHk16GVJvzfAwx9rX6KMu2lvCxigz+xePwY XJALDOlddHif2fk0CgAlOyH2QSc0K7A99rTr sDaOLYk6qetqRDwe+7XiscNePIc2YFqbbkq5 Isl9qUTYZD8Rli8JiJGIP3Iotywqo21lVTv5 niIgLU955vWfO7QAYbSMubXpyJtTT/wpPXL6 0mjuoJmeKOrTXei+k96gnj0akD6FrRfkzzQr bADlicW9RVcCNxvOPw== ) 300 NSEC sec-22.example.sec. IPSECKEY RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. OHE2OH6FGv4SzBbJAWGFfmrtxr/0BhA2xU+s aYg5idShv1LYS+YL/1VRXgNneOsSgF2iDZpM RAp7liIaKN5ZCZHY09chlwjWFvGUDVqT5J3y GJ7oolFFw8xB4raX2H6nGuwkq4PTEZcl5OoC 42wat+/Dq8kbSEFtL9Bd3ztcGAk= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. C9oAxEQWQLV1BtoUxvPo/ofqPiFVSKObG7Qu 7Dtb/WgmnkhYztsQtXQYw0a9VJ8/VuDKxvW1 Bky41/VgioLz1iQk2/+4aMeyVBpfLVp/+Iz4 lAldSRUkBQt41XGkWLG3a4msXfGxc0wlOhPe fd5RV/R36T7tXCFWKw9C+b63we3G73gCJytj ZWLD2wVP1f7oaWPJWatLiWsfomqnmp5DDUu6 7f8qJ5sNgdRoXIKWXbXX2SBaY8Xm9ot/Nyfb 0jXZGMHhw3rl2LQz3rvR5IGCYTtTWF7yyOQ0 2cyyPkp2/qZNrQF8Cdq5ymSvntSwC5yMx9DC g5jBBZRK5RlrcNnCjA== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. INMHa0l28dAXSr/0Dk4cKSBWQY8ONmDFWbn0 VyoXVPXCrjFtAPu4C1bBdmhgx9poKz4DRN2j WQLepltrq+6+rf+lIEMXj3NkLaoSRv3VTEwT hAKnLv4erWvGAvcWdkzE6FNNOT0T73nwS6Aa o1M5mdg2DRwqx6Nmvz9heBIbgso4ULzi/KIW lI6RjZcIIlQPrYBWBtxB2mQ1PYJMjJGMo99f sq7+LHezKyF0BRktYN0zEUKeV4AYwQmP1o35 o3jDlUlCdusrelEXPykBfNGgtFTTlTo9d+hW OGWVsQhJzYAU+Hm+VslAP5eF7LhYCX56ddJO b3/tyfGjTTyZ1Kaztw== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. ZgP1+3VHbAc4NsPSQqS3Sl81SF5AKHFq0A71 0gH/OoNCNvHQHbtmFH922IQsEPJNQA8cXPx7 yFNfE2zgG00v2/Ua91Qj8WxJgfXePtJhZ8Lg d4bHaGW+tbx7qM53CWrd9vtg9reWVb5/4Xqc +iUbWHN8zEOIbVeSyOK0Z/94Q683urO23C3E vj5coGlSHsFu5NyAl/B02mNZusHJ1UZ59sGj 71nJgRw9Vg75QGDr8XTP/AINRNYq7pvlWdrb pHAEDKVkP7ZwNFzbf75VVY1UAV/sk2Za2sTB qyMBMRzi/svqhnSqYVfN20Glkv+Snq6YZuTT Z21Nnpdk58SsOxxFJw== ) _8443._tcp.www.example.sec. 300 IN NSEC example.sec. RRSIG NSEC TLSA 300 RRSIG NSEC 5 5 300 ( 20181212121212 20161010101010 516 example.sec. bB/mN5odg2j9RXrzTyFdm/IIVLNT2JkHsyUQ gziMnpv3vt5TZryVrkEmInIs/PegcSZFbD+A Q3m4ww0Yoz7f7a6rkqFbm6iUs/khaISrLF2X YwPqlPq2MOCfp2P6LaEgoIvmz8QWLmSk4clv /NbCjL/NgBJqe8RPC7zRymwa9IE= ) 300 RRSIG NSEC 5 5 300 ( 20181212121212 20161010101010 44427 example.sec. d84Fcjnygh05Ll4LdYC14XYZFiXbaZlLEAOg SbwGq+kAGohtW2MfKYSMHOt6ynPLNasaAKTN c3XCL1MuozEIQ9I/+2RyelxYSSMIA7XSHjPS vw9tQr4JHX8xZDoUCzZRht1VBYnPRadiZx0M /Dv+iaDM68bEggsu1PhBDvksx+86Uz6Kbk9C fB5GReS7qpS2jHXgS4xksK3UhUp4zUIql3Xp E1uf5NF231sw3HXIEIBox1BAZyUBj7ShaNOu MQg3eg6moAteUxAjubApS3P4UyHaXISOHnzY fVNEUzpP7ym549S79BG22vhlF6/rxfdFS8hp +ijBTtHpoKUmy9IYIQ== ) 300 RRSIG NSEC 8 5 300 ( 20181212121212 20161010101010 48381 example.sec. mn64tEag097G73PBv6nLmaxqjTmSxYUcK7im niJsDArHlxg7xyP4Bi2jQ7KN644aDc5Ck4PW SvmnuVNfISX7HIOmxT/oc6gHRmfJ15CiBx3y xTLmfrfv5nAk9fLErkEdX1+ET39/7hgu5sC9 qOkVvIDBqF0PuuYcF/lXz95gWjhaQ8PSG7WJ 24PejLukdvCaEp7XuQLiJguoUfIkxDdYPnnI AlNuKyiONntzJuPI96zvQSYQJig69pbHr9k6 7BkuCSbfimYP1g5bveGngxZ+tUQpx1UaHfEV YPH4ve2JQhhRT/4awhD9VoPdMAp+abdDRqRK v85EmPPcLz+6NnlqHg== ) 300 RRSIG NSEC 10 5 300 ( 20181212121212 20161010101010 1862 example.sec. nY6RmMUxCpkOsHMerlf+btKjBbSYCwsfNW9c 7v8zh95f5iFGf1XTRF9TqAugQg7sCAuAPg/t GfMWw8jFAIZnx/SbRxC80EXDs1wcrfWwk8gF HgWq4d7g3p94pTDhAtIovHeIdZBDMb2f2k2a /3Rbrll8RV/QlOBsXlO+lE+T/RNzO6C/Xl0a wwfALpJPHRpDHwK3+0SRVf6Tlg7oAUHWAhsJ +XNrixGalx+DCeB6k6KHvw46hAX1j9EzwM8f 8pAYaJfhsfLAvg2qQPN/14SKx0npeRLvq9t2 RS13BTNWUrHoUJ0FID5JaVIwFS+TLFX5XcaM u1dhgLgOQPN7ZAbLsA== ) 300 TLSA 1 1 2 ( 92003BA34942DC74152E2F2C408D29ECA5A5 20E7F2E06BB944F4DCA346BAF63C1B177615 D466F6C4B71C216A50292BD58C9EBDD2F74E 38FE51FFD48C43326CBC ) 300 RRSIG TLSA 5 5 300 ( 20181212121212 20161010101010 516 example.sec. TS+4QDNXNzLiEd59Gu0osqODeilrR0ewk+4K J76FS/MWdTby5FRuZoO7dlWknyGcJF8mwsKV PLR/N6PCmlLmPhOeN+LNxkYCH8xMWNckHIwM 5rY0Y9zWy1n2oG9c4iObczcA7skeoV7xv4if W71kBgDKeLURupwuXFJs0JEGOkw= ) 300 RRSIG TLSA 5 5 300 ( 20181212121212 20161010101010 44427 example.sec. CBo+fTtF1ypKVYQKHBlv+Z5lSvpFKkGHdP5G cjTWyIZKiWANKJWGK8VhEzvDuOTd3oTPK5L7 OABpgyTlypwrTfzMxtz+0sb3dGKAdGAvFWiF 20KSv5iYcYo8tABNvxcJQUVe2iEoQaNtKZAm Nw6e9Mvzgj6DjhhrpbAOIOQbq8geKfM9mYTQ dCwDiFdK0PKNHeQquJwbTLofDn2ah7AbOX+9 +9OSiORH0drMMbiAvOx1JSRQGgCXYYEXMg1n S3EycAH7uyWyauVNBblPnSAA5wQ6SAzRcpKH C3iYXb70P+1Qwy1AEB3aDdyLKBbi2g4j9bFq pK/pHwt4kVatWUfvZg== ) 300 RRSIG TLSA 8 5 300 ( 20181212121212 20161010101010 48381 example.sec. aEqQxblSO8hE1p5DhgwIcuy3Rmm+yzxwGnUf QQx0RBEzWiIYUoR7BY8hT4q+MRMCjtHkAr7Z g+Yswjgx2/jaPxgxmKSsmQN9ADamEmuIIIFc 42THiAzdwKdd3MTHDQJ9PrBkjIYike3Nc+xC jVxnYH0Hk0MlzfDi9pYn035EXINF3Nda2BfS 7c6xLV/SJpaIPE00p9EIKIdYtNYpczzoImVM YbmIi6B0xoBhfScMi9q3Tarcwrb9B2KIP60K 9n8yVRBVwu6mSsoWw/mGpwiZtwoFZt8tmX0O 5V/sQMkhvP9wWPxGI+NWYeO8Yt+DE3VFnPZM qmO6t8FbVma6nFgp7w== ) 300 RRSIG TLSA 10 5 300 ( 20181212121212 20161010101010 1862 example.sec. HpGtSiqI9HWZZPFPkNCgjxteGZ4p+XrL+9Q1 PZBi9BX4GjSNhQ8kXDzNBjhc9OCMfePxXf9g VukFekCU7n+HSdDVEFnGizSYBmyG0KSktRg4 jG+BrKxmKLLqLN7VpnADQnbzjcRvFILsTrsE 422K2cNlAidZrKiEydOauaoV8Y5XrtHOhckj 7BdpJBTcJhG97AxKm+tRXVAuhwHIvpXf277V t32b/stuRVaY1mixrDhsyTdqOUui5SA6uxHN kMWVjx3QSeFpn7BSSQ1/UBjP3CglE0U2dKwI eCTZpjpS11dkiR/7Hp2juu3FYamF/Yj4nciX /DxrYrURdHXUkyYYcQ== ) www.example.sec. 300 IN CNAME example.sec. 300 RRSIG CNAME 5 3 300 ( 20181212121212 20161010101010 516 example.sec. FZ0ONSWPkz+5Aomi5/TA+T1eVEgF/0UJCraG ZgVCjxw3jO/v3w1ByrR9BpoXPIwf5CA2TkJk gtGvphzFRrYNF3MEhgOdTRbiLfqpcC1L0pDE 6IAvRU1rSoXZRo3W2Uzmr6I+KGm55Un8pF5X v1uFVPw7ziaeHnYAZ0b3TXSRX0s= ) 300 RRSIG CNAME 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. DNnNbCbJQz/+9ExNHu+M6nnVmytMbLLgHlXM w5UjfIbG3EijYDWenUo4ai7K23l3HHCJRZbz jJITPJZdNUVvN3+bB+RSGeoFwCPCfHkkb/yy VeXJIQslaSmcBIpwrnlIu4mztwrSzce7WI6c iKL+K51a8KaqzQX0H9PaEtw7z8KUhSNhO2lV kbiva/NwDlfsWULjo+r2izTXmMgKU4cgdeG3 8RqmpeMSRLP6H/P9B38pfBpvnrBbEpYiK4BV 5GlLdiETYtQWV3iHsLizYCNCkYhs4b55UNWI 02eVy2jpmeYnNVBx00wqiHBjHy5gkTAn2vNc LPagUqrpq9PI1xiY5w== ) 300 RRSIG CNAME 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. BbLte7BZWvbNdj+tYuA4kk+u72ckzBxnBcM/ owhFOtB7IZWKd/696MOq2w0MuD2OSqSm7mq3 A3Wnm/3RN0+OQImy464IpKSmXwfHHI7ruxFD jX79azCcpY6p/BaIzdusSPtIzN/gjpxJnZU2 jTjL2Xx2V3RWoUw+nO3CNJSeH8ltND8hJX8N V+cH1Mu7eRC3oO5cLZeRuS4QILAVFGgf8ZF+ kWkruQzwc4e4eosgNFOg5WC4VXnPfW3cqWk0 sZTs+q2P21YC9cSBTOIgIxCoczMVQW7GhPLQ 8LIea0faxJ6VjB0qHcaKyd+xpR5Jhe8cRLUS +40ORu5rOyJMa6386g== ) 300 RRSIG CNAME 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. HoXdx2zby92ALr23GyTVvTZ2sdaJJQH5TeZd ubz1toQEESDns+8WvS8gkaOWhPaLKLmKIq5E fdWaacrscexINxk6NlMjNRBiu5dkAuVfYA9a xOWo/344pACrqKIoboHt2spQvTdIKAmhFuLY JWV9x3uzXon69k6jcedC+rLumGfJGgodkRim mxn/LNU1NHdaCoD2Bo7q0nGbJwDIq+Re0WFp bMLSYJqFHKyYJVhQhhVPHmYtMAgvCFBwulgj lHU7uUl/+yltjxgkoKnXFS+Bfhe/G84rXBRw UX9AzTSnt1tCo4ItiSSja/kHjkcGlJJ3Vs4S h8KDXRRj/FVau4flxw== ) 300 NSEC _443._tcp.www.example.sec. CNAME RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. oaIvvXFtkyugmxcLgpeo7tNMhTidHaI61vHy qHCZdzZ6L+7vp5sNbZPQevTbAPXhOSPkr5wZ LcoWtRMZtS9NpFvRJkMiV6aJL/rc/o0hQGBh TkCnpViK3vPsXiH8kvJSvtQy28hDHoW1nS+V BjciCsfcXBFqBuJdbz+msoY+B2E= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. iQtijIDg9MYpZaQdctLPcAdUfUHYgS8v9y4M GlpPwfSg/lyns4vY9HF9jhHO/yhVYriiPAX0 INxdKq0D/9te1BgNOKeWRVkV5hJtj282fAfW 7z8P48eTvOZi4vWPrhYU/UzcEw4qKS15Nep0 U++yhyagqPdV0g8GS6q5hobOvZ+lSNkCL/2l GcAWLq9QDK/urxNdpYQx2PB85SmAjGaD6tMD NjToXfttE9MiUUjAscziJ5lcww0WObBDl+6u mEp/F00wchU7mIbbipzpkURSSL0wxQzhgJ49 30aM3Nlw/P2ItyCL6FbcYiEVhJpQB3jCnjKu JptAgu3NkCpLdVJnjQ== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. yJ07XSzPqaco0u/ZfUeYRuVKSrG/nuTxpP2e 4gR2eIE8IXcVOp8J9XACvJ85dnqabRkKDea3 04ZA083dXvhn7JRtOnPbG/4TyTsmahl13/fd 4WL+s+nTMBqqk084BuTClr/spKCgLzRF358X SaQZHtUD+6e8SbOKwDOhUPWp4jn4b7tirgkP ZJ72Y3k1OwMV8JL3eLwhRbGH5iNDZMDfs4gD mLGPSQLaleN/Qekcqzo7Hh1wNBfh3eyTy65I 1WhhHCe/L29cqAWAhw+3Fz/zqwyTSepjkwcQ v2G0jvEJEEYA1bRDqQmKMN586ZbHRVgL2/Mx GSqdZCWmG3xoxn+Tuw== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. rnsv561ekllNQ3HeYnHvQPFzZBnMEpKt2Maa 2lumqNgrYINBhsAWRjCY+O2PQK0PDf+7r61i ijKRb8bJDfvjy9G3YZyo3A6ybQ0tq7iLfDfL H0zLoWyD220CXI5foZDQJJccJrcroFU8t/jN 9oBFAN8xd1mPC7Otd6nEd70fyqH5AM16eih3 K6+EeaB4GKK37kHf8VABMddaDoU9WbwVdrr5 r8NBB78c4jXF3SdyfOqjWhv/Z5ONiuSZQpCa G3w0y1S987knZpghphycTvQtc0cekgvdxR5B 88vBuEoItgAS7uKWJ6bvHxXic7M4N1XzG07D mBIdn4oHHDmqJV37rQ== ) lets.introduce.some.empty.terminals.example.sec. 300 IN CNAME example.sec. 300 RRSIG CNAME 5 7 300 ( 20181212121212 20161010101010 516 example.sec. i96ICBMEwhjWsLMqRNNygtCZwba1Gn/r7wrR ZvMrYzr/HPWRMQwon7/RbEU4kXuQSMpbU+6v vhcm9QN2K0k/lq67efN1JXNGo6P+L8AsY830 0FwqiW4q/ufnyexoQ1i9cJe3pZ4QO56f9Umq Qg+m6JBgVHKn6TCVIp6rVJ16y4E= ) 300 RRSIG CNAME 5 7 300 ( 20181212121212 20161010101010 44427 example.sec. PNhMqeo4gJ1emZy/sNwdkJezO3dORiEvPWC3 EhfIzK1ZagVYQAlo7yfAJ56/Qhsq8+VEcJp8 2tt8J20waiDTbES/FY92Y0i+kSLM11fnZZ9a plG54D4gQnrv1J0BOjMXnYW573kw88aAciaa /XX5mP7JtHdItcTiK3hozmq9cTTsfisChitW S+CqJfiWTRaL0vLDhbfAK/lu5zaCFsTRHXtI 3oQdWjxJANE24OjG83JWWWHc2HBfBdMH0+d9 6kRbUSAoFXxK4uLZDgsXOvDspRhMhZJsq2+z OB3QPZ6g/n6tbFtMx759a4ZZlR7+k9hleHd7 oo377OcIV1iIerIWpg== ) 300 RRSIG CNAME 8 7 300 ( 20181212121212 20161010101010 48381 example.sec. EKWV63NnX9sGZGXPdahDUsw4jcrLDWXJDMiN 3D+UTOH3nUPgm2mA7MbGGXPa5emnpaEnJN8Y NFXTKU+SENXN/fYol03Pm1PKRGbmdbpY8Obi KrYIHEazypviyTSPmmZjcHd8NOxcX0pDdybC 2mrK3v6K0lOinIeOO/fdHc7/IkS6FmU78/r8 49l9+0oI6yenzOYVz9qHGWUGP040eR8h25uo tSNxqvoiNmfz/9hsWKLuwaW0v8mNzeuK4o8J 5wkbjc1hemSLUm05ryA75hx5/U+Jt09lLvxP BhwU7iH+WPTCRO/cxavp/k/H2V9vQynPB9kd Pt/VwXnM/hbJlbjqZQ== ) 300 RRSIG CNAME 10 7 300 ( 20181212121212 20161010101010 1862 example.sec. HZBPL0Wqk8WCcTBsMLdefVVsS2aywUC9wgwE SlDx2kP3+Kuw8udz+s5cPRRj74kiKwholxHK 68/qH3Z+yiLKHXOrlK9gbDROr/w8hyRqgylT QPvVoPtvffRms/kYck9t1ZtgYpYsUF/VToYX pY/WvLyb7HH2xDeaiOW0XMQzMgaLdCOFXz6h rvRbrWG+8LTvPO483RkzkYjgWVbcjaviMm2M Livb6R6hDcDdUAhq7wyHJOmIOmsoho0prbGO o2uMVHhvQSELDSFkweP1iu4C7h57ZYQv+bFZ ZYBgh45wWPj0DazDhqit7X1sgu2qHMPBlhjs LWpRTSFkPO6T/GXoMg== ) 300 NSEC www.example.sec. CNAME RRSIG NSEC 300 RRSIG NSEC 5 7 300 ( 20181212121212 20161010101010 516 example.sec. ByFYkS41yP8gBlLSknKz3pLdIhYnzXFWsI4u Y+U12xBy9+l6MCWwgj/RcSGIB5+1FKFeQ/SX KfXDK7Bnr+DxK7ymPCmNzZBJLdJm8bCLA/S3 YpM9ABg80VbcYW9s5vqXyst8Uf8fvMtal7Zb a6Z5Q+cC9WQO7wrYtWnSS0WRUok= ) 300 RRSIG NSEC 5 7 300 ( 20181212121212 20161010101010 44427 example.sec. kJGdpompkai/KaP9fpyplXN0vqsBqsqig57j fkqKIWhERB2EABBrZF9nAPtdV7axwJEJrViI iLcHU7lN1YQRO4eYUcxAbcLjXFbr9L75MjpL POnvcmaB8eG/aW0H6mjvecacU+DN+ykb5Ef2 C5I64PFluL3iXVN6o1xonKpXIdmnj38HMkG2 zFwlQnhRAfFKlih0hBCL8dtzr8OaHHq20aH/ pOm29fuOyLWUliBTZkyg/q43WMKKbiyLVVNL PXNsicKTYXrQ05oH/EjDkNUtElc+OqJcsRQm FnQgF60rzOfleNBaLDnZTNO5zMJQ2uwVuD2Z II8k8l68zj4p7n6zKQ== ) 300 RRSIG NSEC 8 7 300 ( 20181212121212 20161010101010 48381 example.sec. fblA2SxSL+ZL2oVqUTlbKt4DVZwEbFbxS9U0 s/5QvVmiROWviIRZ7hPXqOTh6uRJYiii+4zz mMBhjFuw1EJovHMabEvYRdYqBhihR8KhRK36 TYi+tP2r6ByP+O6rBJB2BehyYXqKsFceQpv3 LJY7pxBI2RWDsRQdPSU1WDmYVjBX0YoES8IS y4l6Lr0Jdlzk1whzgballdu+ZMlq97g+JvsO arWq7DQBtcgiWs4S7f3fO3PNzE1ltKgsvc2f mtaCD+g+MpjaDLSRXdxmNw0B3MgYQm3Xj1YB gL8SYkzvuj4jK9F35AhvLNGeY0h1UyuQIEKP RmsDN/xIo1C/NY2Xvg== ) 300 RRSIG NSEC 10 7 300 ( 20181212121212 20161010101010 1862 example.sec. c+G1yL4nXJyEfrwW6wewKSi4RzH8PR/LbiXz Xdw3l4s4f8bJI7F5SJ/mdAl8qEoQY23euq/u 8lXTok65b70T/n1y1wSj7WBvhEFOLAlh8RcC kEQ0GHP/qjTM7MPJsDjPjFRXHDwp/2xJcWpE T970VWXOKd6S01/BQj06yk056L3GvRW9hswE Oi31T0VLYFcBZacfX12lxRhxwrKRaRAMLuu3 uyZOf9FK3xO6Rit+5HOFRX3YDgI4+RKL9Fjv +wC/cXGL8nYzUXG4TmtT5kwsheXd5KzphGkW Knl5KyFJ5tCegS01dx1Qiqox4ujHin5kS8K3 bkgejnhECTn7dZMmPg== ) ghost.example.sec. 300 IN NS ns1.example.sec. 300 IN NS ns2.example.sec. 300 DS 50458 12 3 ( 2E40B2A6CCD2760EC70AF69D1C144064C893 1E53A6B3EEE78BDB9E0BAFBB9C02 ) 300 RRSIG DS 5 3 300 ( 20181212121212 20161010101010 516 example.sec. iclGupmUkGsPDWdWkuEDKTkYMqD6kCvpAyqS fZBuDZD4vrpOciINX+iSWzVO4iFNUhzjZRW9 cEbwhA3JDJXcXjDOFQheVWU+2l2+wgsI4LvF ebykSWuJ/bcXZP17uaulK/XUyXZf08iFOBNQ 6MOQK7LtilTg4x7hD5KHsepvm0M= ) 300 RRSIG DS 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. yC8hYQPjoYu1NY0MSWVvsF+ME/+9Qk+CwUkC JbdrnGR/BCQn9c+vOjJyVp8JVFqvTR+/MYrF l/8qNUwPf8ZjWie2MEBb03pTtscY2dZxM4N5 gzWJNeD0BLv9k+z5gIZGchC6P9E0gGiRdGFS L2IayJ6kPl0UQz98VaJH+hdtgH8Lw+K5EATH 9ZIccq6Ea+VOK+51GB4ttvQuIBKqfh4y2nox dJdHZH9iGnXoB8BeQoZsh4xMUdpNMjL+JHRc ZCDazd8EeiDz7x1opJG9LHT4IZ41O7UL3vOP vejFmXoLbQ8s/d+wOhpJbTTEqmaFm3hAJi5I dfru4JX94JRntdguaw== ) 300 RRSIG DS 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. ch+jJnF6K4wSqfo0Rg8kNedNkumPgNL96ULu nqN7R6JA4aZx7wLxFejYWN6ss6aHPFyDMEkT U8TheY6pBpzD88P7iFhPSjIDI+odzAqsUJGk CabrMijcDyX6ednOu3JnFUvLr3SS7s2Qvylb rGVaDLrQDdLJ6oZLMVpGvIIkVFQ5+IP4dhmj Jb9NvhkEomLQVlWynHVvYCjrR8naPmptKVok Lymc6BNeYqNJLS7huwcKWrl1B4rJTQL5BeP7 mRwWxJJoZf4XL7nqO1xiJ5onVTYjunseCBiQ jPmjCV/8c7/arUYrvL8yaFwi6UaRZ5V2MkuV qfJhlSQv8Q8CpBUIKw== ) 300 RRSIG DS 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. RfhRZ5IfOTfltrfRj5WG9YZA9V+nbcUdYRLy Kx+fVPXLQde5rWlATNS8bdxh17H2aWAfbG/q sF+AePm7aSCXSVHRCCgDe5STbsZCumZPU341 0DEx5LEP03YGGMXxu47OjDwFeXmBNY68R1pJ XZqvTBgcofLFW5lIuzgHOvqAfcfoYfdVMZXN 5bHGbPOYTxRLzOozvHs+CPrxVAgfkAbisPxh 9kKT+Y7gzPFEeHv0gn45eyNZYEz0/3u4mL7K dHN7HWzo40SOjwwfjMaqnBlaFWZr13GWinpQ tWqhp4cGIQGyhOexh+nw7oZH1fvpEAuMM/Iv 1EwmI62OiEuAey+onQ== ) 300 NSEC jumphost.example.sec. NS DS RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. B387vqwneeYj2vq2NgMyz7RqY+osCm1GRn9R dg6ucSC+2siErQ5CHZVw6huRCE3GJrIZeHsB fehIs0i4Fn3zCHJbn41nbsvCv9lnWvb+x0Zt RdgcOCaXsZwufczgTCvuzBWv1ujZCoJj4AJm FFETfNSVwNFoXbr2rljhomm90Hk= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. keFijgNnTGMdfPcoBgTfpklCGxi8kIPvi6z3 NrLEP5QKq5EXUzN//M+1NlzaczzIHBjPLRcK vdhMnwU6jwhE9U+/209IolARCahz5C2S7CUc Uv8nugElFvQkHfZN4zOnMWiTJ/l4MFs9lxt6 JCBeNOVt1hoETDKgiphHH1lC1sXCcFaeA4su JCcHy89n1cuR+iirm6yWuclAIvjYsxyJRJTQ CHDvsKDSt1qlaslstw0jrI3guqxmiUKol7PD 7+L9MV+VnNwsR6aHu3DuLWRXaMizg+6lTtp4 ahg4LrhywC41KRCDczMK1ON2emH8uTsJIIc7 ONkHvohOex/H3C1D8A== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. p3djDh0TA5LBwzPvtBmJZsjlAs6DPdlmBTk5 ighk6mxU8WuocwwkqbHS686mdrIlaUEMo/oO RIO4WC+P9jWrkDAFzpYpjqw+zlF/YooKhP3K qXDUxXHcrPdV1UtEv6iz1ps/1YEbTVwACPZt Htpzemt+/C2/ZlFr+fuvJqvTkSjA1EuQufX5 Rjp+gG9iUh3Vw33PutCYaLvSN4ksAWcGb7qv 9P9xExBSLGPvtDtCOK9Wheu2whVigh0s+m9s nbDxbUmbK3AuhnETES+tT+JdnI5fz6UzTik7 e/qHQ4hL2ntopbjdUuxk9K8umzTzSWhf6l17 CfOBN4w9blpdg+7gtA== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. nFdtbKA6VF4Ong9P6CNqLy7KXtfPkJqlaVHK 3ANEcVkKqbcYl6oBJY442RHqHpxUdtn8dvKg xnwePylEozcaY/GI0Oy3bDIcWjFnlIzW04XW NuellO0OC9vQ+o3AX0wgNZ3lboKNkHHEUTdF KOD3gX4z0r1A/D9Lh50e1sVgCGwQj7Bp/Nhb 8m4OU3Kc5UrBOhlS7oC1QWvL2r5HjEcXVCK+ 7HSPSwM3h88f3DHvN2BpPZJpuro6ZRRitenM GG9gZwAt5UxiTFFG4DnriPIxhn2SbqRF0vNJ kwoejT4rTX+/M1Ht4u4e4p3ad/7Vx6rEvlEJ bvU12qtqXIFOQdAtRw== ) sha384.example.sec. 300 IN NS ns1.example.sec. 300 IN NS ns2.example.sec. 3600 DS 10771 14 4 ( 72D7B62976CE06438E9C0BF319013CF801F0 9ECC84B8D7E9495F27E305C6A9B0563A9B5F 4D288405C3008A946DF983D6 ) 3600 RRSIG DS 5 3 3600 ( 20181212121212 20161010101010 516 example.sec. pA1orlZuEjb+1rxkN7qvO6gFFg3ebxgM4CqM TxFhijcBNbdtQ9jR0zOgNgIpb5UsFe0kj//b +VSKaLT+OtS1bwf5cHvRcgIXGpsTRaGOSEle bbaw1Wk9h6oALjbZ9vaoYGFas8NeIddklabr GAcPeJuWdUTlZOPftHhvcKip29s= ) 3600 RRSIG DS 5 3 3600 ( 20181212121212 20161010101010 44427 example.sec. AxvWrRmB91L3EBQaq3IMiAwS1SxB30bbgM+3 xFL1mb0zNUSwV96VlpHGgw5TX3oEXFl3eUp5 KYrxzzkxjZEPwNABysgzaju3ovCJ+w4d5mU6 S0x8mf8HZUOZB0OXqYAeC6Z3B7/cmCfrOCIG 6i3eKZ2vbBJBhGVUDAeEcHblIgeoutbKTHTW YM5+zCSHA2FcIBYxyp+aPQiLBnZrKsOAL3bS hcMiOug8tyBL+qGALIA5BUEViwIYWmDGwRAE SNmsxFTKFNzov9inzZk7THF1iJfCIFBNSoyg Wd0V1DDm3IwH2XWeQfGcQjIMpkvvENHeYcXX 6WeSgcFwCmLysuARAg== ) 3600 RRSIG DS 8 3 3600 ( 20181212121212 20161010101010 48381 example.sec. KDoVg8SMwz86zyQLZY2KzLkFLWPJvni/2BAt jTRpL93pDxHoOl8jLs8eI8zjmkoNbquKlpNe +QHFcspLkLUoiNO/PiJej84Ou2H4rykXUOcM qzk6B7Svy4Iv4eSi6hUUzcWAy3L6jm+fM/Hq k5SCBMH+mQ4BYmmY0VnRbOefj1kd89S1foSl NYH+2U9RRmSf0D4eqIO11aq3RUVcQYFMIlWK r+BjsRcRn1MQhrAKWG/WMkEDWibIYGjMp/Ub dMRCGA5hIzVrBqy22756enNdRsoYmmiidpTW yRCk8APk3cPbR6lPtHdpsjS23lV5fzcsUdXB rwGeYyOe0MNusvJPuw== ) 3600 RRSIG DS 10 3 3600 ( 20181212121212 20161010101010 1862 example.sec. Jgc6PlkpSUz1I2Fj0GRFW3VH19gl7upEMQf8 32hoT0X770oyo6NbvmovwMiBibUQAVRkR4vY R7WlTcCTBn+WS/nueu9/Rdu5BFAT2P5uyDCp OxPS8aFk3PPYvIJs6T/Q+xkM5lgN7qweljwY EBRPgOznpUypN1PIMj1k76lLFhDqgjAoTpVd whnE3mo9sEQRnZtHkGY+5ZcVEjrJzp37/Iie 0UfoRYTUxtK/Odm7Nks9HmNWo8VxASizLafY I1ij2YTLjJiEj6a4V5gd89C+gq9y/dfhats4 /IjF5ImtFpBUGAvQ90+DKCGba1dqKo7+Ub60 8bCo75+TZJYiMWzjkw== ) 300 NSEC lets.introduce.some.empty.terminals.example.sec. NS DS RRSIG NSEC 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 516 example.sec. qtp/vJ/rxl11yZtvFB1AeRt98JPoEiB7iUo8 //o1B4DNTdRjUQoUlWXo6qCppHiT6X+X0jBn QF2SQpvUBuvOu3ycWy3v0nBgVp5ZwdTYb2f9 hko4c/sxmcFlRTQ6pWEfiCoSUxsuWWucWtiQ THEZbUy9AInu/nRAfqC/Nke7/eE= ) 300 RRSIG NSEC 5 3 300 ( 20181212121212 20161010101010 44427 example.sec. afbTauPUX2myihkQu0XMw4bUPe67MGI60HGA ulUmQMgAJTUMdvzsQTj5u+ywfSzJKK2xz+Rn euiGXw16/O/BbEoNC3O2rsyzRa1d+x467U1r X4SZx5QhbRSi7BwmRiaUFJH8e5ZQTwMMws7u fWx5mGFCDTAp+G+lrnDnGB/QD84AS5UqYLi2 Se+ZQyWH69chcTQEFEyqFXtf90T6sGXiKBG1 908uOXbc7bDP6kSSIfbFUebsgut2tOTI3h8r YkDwCwgDfqSSkc3bqRHqEqiEtuucdBcdtZ4G V3bo6rVNGGz4b7Ltrij/lsyergKSLxmn6RGw wDKSoxIN6OBjj1ThhA== ) 300 RRSIG NSEC 8 3 300 ( 20181212121212 20161010101010 48381 example.sec. pam09BNhE3P0spzFLYYr2Cm1vHZ5DXtVQ1cH fdc09RER//D9pzZjkJFZN1XArmUyyaL2epps Zi0mIhroiP+98JdhyjLthpgvyl/3pa8ARVjr /R08qknRfjkyjUBh2/kopZXZ+hEtnuv78dKa 49lbViT6jbL0giz/uaCdFZo4w8sCCb+FBKW8 tlDlKTciKiZlmScNDeFNZxk0C07OwJ3zRwkU F87MgvZ9inslXV4qbbKL92VmF9lK485XLxx1 LlDTCvDRkWf8m9f4uRI3DHk7cVjJRhu9P9HR Sihc3gdVqZIt276vlN0DtVnfFLt97s7QNkHa srPp3F/Q+3pysTfL2Q== ) 300 RRSIG NSEC 10 3 300 ( 20181212121212 20161010101010 1862 example.sec. GtKFam1EVbVXETNxw36NHJLG4czkGlqHbSMz 6/sGtV1XblNJVFMUXTy5WW31QX5rsYpXHIWZ XcTsBLAZqLjhxjYKjnXXGgkOQe/ci7EsNG78 pDO8fDb5CqORIEhcocsoCWXOkHCmopQyXlIv 4Hk/3SwKxMhJXt0Ox3DFhuduaPT/NHXTUD+u vxXpZuc6YrxrpDA28slByf5lAJrpgq6s2Q7E kPcDOAsXmGDmRQvVR1xn0XN+5Pheysxr/zIQ 9XtN/YUrLn7loSmjS9+3oiDIi1Y6eHnCvQJP o0pkkTNnEsmUSfVaXdXXkZ47dwuUIw93V/mD nxxGe2Hc9+F8fRtsaQ== ) tobez-validns-f423245/t/zones/example.sec.signed.with-errors000066400000000000000000000675201314110214000240270ustar00rootroot00000000000000; File written on Mon Mar 21 21:09:05 2011 ; dnssec_signzone version 9.6.3 example.sec. 300 IN SOA ns1.example.sec. hostmaster.example.sec. ( 42 ; serial 3600 ; refresh (1 hour) 1800 ; retry (30 minutes) 604800 ; expire (1 week) 300 ; minimum (5 minutes) ) 300 RRSIG SOA 5 2 300 20121212121212 ( 20110321190904 516 example.sec. JMRbXaDnvv39FoonWE688oliqrw7xe6ZNi1r AQUkgjlZGmuNcCDlarDiQHUu1O2GBizRpv2o nh+TFfgqn7FrT7mPDCj5J04BuLl4x9+CayG3 jgdtZ+UW8UUu6jUO/woEsbmdB3HrVjI/UWGC 7qFMaz+i7IxCkMLTS2Qh65Dq74U= ) 300 RRSIG SOA 5 2 300 20121212121212 ( 20110321190904 44427 example.sec. Iek/aYQDuBxFERq5RvLC991ZBqghy83rWaQl xZBz7qd57A6niAWEeA3K4/pfo8VxTVT4EyNw DHWrwDgrW6UxL8mPV7a41XadM7pRPy0zdfrz 1WXrE4sW8miKmpgJ0F1/1Nvtb1oGlCOjTQph IZj/HDrhGBByswk74Rbdfruffbk1H5jM7Fl9 OzaVA0acR0eU2bZwQGIFRXWMqNAlf39noOYb L1fXmiFiwZvWAHdowkwas3Ud4xN2DsR+7QbG XHhU9xvQ9kI+06/RnS5gjAPqUZT7jVn4ipnt TejDrDnc6Ie3YnhvevSpwEMdbJF74NyF6Cfc kbxB0eE1wGt1+0CF9g== ) 300 RRSIG SOA 8 2 300 20121212121212 ( 20110321190904 48381 example.sec. V67XuvoMw+ah8RND4CPMS8HRDPlgVAYg64Ut zT88oQqHQi03GLYR5DU153G7GbqsI9+k7RKu By3by0VKk6eV8ELiI12D+QObEbfzF5tGf6JL 1MlN7K8UGOZ8rhw90FYwFQrlleSDeBkQbHpk 1I/FEe8/RQZDuuxFTxCm2+VQfC406wAQbQDw 85p265NDEtWdOb4fYNziWuHDy2HPEsX4g1BC Rs/9azG9+JV3DAcIh1OhVqVSVRlKEn5e7DQz g2BO2kuOnSmiwqFdDwtjgHekfeai6kNHkL8F zWBlzMgulNLG0Px71FdtLyOzFV2Pt3Gumald gre9Z+7uX+q2uIH32g== ) 300 RRSIG SOA 10 2 300 20121212121212 ( 20110321190904 1862 example.sec. eSWdDs8UBqO139MIjl1DEzuaMiXxeys4Rmxc 3NNVonB6wF1wOLecYY88fxl5q2En9/Qx5BfW bTYPeRsyy+o1u99xRqP3nhQaSKhqFTuxE+nN YKX0CcrvlD4Z5mGtgbNSSnRiCXeLyYdCgYCY e1EoxSybp+3elsZU59/GBgWDXWybcQ2X+4id ZwdCvIKphJGvgCjg31shT3HRfzloasH/ur+C yzCIDW5VJ0atzI6m14dcYeX67DzrvjwwXHOw IgSYuQJrNBODfhHl5DIl3FNTICah4tJdJaZ7 Qnm8xKmiHcwGuLGIA1BG1psbwA5QUuRwNWmB imQyoXTAgDWVb6blJw== ) 300 NS ns1.example.sec. 300 NS ns2.example.sec. 300 RRSIG NS 5 2 300 20121212121212 ( 20110321190904 516 example.sec. TuA7snYtya2rLvT4a5kUsSufYqU0PvzaKqrs Rbwii1zaCezF+E88GeL3Q8mx2pvpIpxVoiou GniJvvDy+aV2DW1t36Yw3CR0dq/+WPjvGV7I rpQEc0E/ezr9m1bfzKq8+m6tr4clMMgm4wAM f+ydfBQ0l0r8KzVlhsQs0h1eMHU= ) 300 RRSIG NS 5 2 300 20121212121212 ( 20110321190904 44427 example.sec. TGMqywohvD/l4jhHM3dyw41dIu7QqPW1lK1T iXqUuFyRgns4twJicCrMAceWJDnWQKScTNDV M11pcpiQAvIqSC8BiX4ARP14z+UblQixJB8u VzpHAWY9Sz4PCu82su1ZkS6RGXyuzuyk/uYd qykUfrFe5YwrDamnmcPCKMomleWdbXlfYQhW TbmF+ZkIQ4jAlPnA7YCIM3fsEFNjbFhX3FqO uC1JWO6NMrOSHRnqGSieATXKaTzuTY1m5N37 YEIsvZM2xu2spGJ4uZL8iab6gQPBkEjwWbU6 bG6pgJBB2MR70RfknaUDSmc/3RDGtBA+qcFb AsYeT9b3OkH8aVXACw== ) 300 RRSIG NS 8 2 300 20121212121212 ( 20110321190904 48381 example.sec. nQFmWKSC8DMsTfeADlp0EYZh5z3nQ3N4QPl3 CdUbxP+T08z/FD5n6gf0EsGbsP9XAwWk2zCq rlykEcm9K5Y8tI8l4isMuCd3yc5M83/zutjJ O+eoRRPTGWisaaGiHavDxUuBUQ7ZeqNcbX4y RPn3zCkfyB01hFIxi7VBiH8XEZlcSHpanwA3 euMje7SjFk8Tz7o/wrKibo/l7sEycWvOH5nS NmaWboyvOnEGdxfSp+PHTmagN/yYIqNHO6eC SNtnDr2EuPWI+VSyHJDm0s8x3eHWPTO4LEDc fhh/OGTVzanN+Vlkj5x/GNpT0Mth7s+G9Y0v 0zaRM2KbMyJVFpMVlA== ) 300 RRSIG NS 10 2 300 20121212121212 ( 20110321190904 1862 example.sec. X+hqBTENZf9j37ts7EdXWFE9kVB372XNLcFk kPlGB72HhLCgk5qQPId71CgaZ2yTva2hH42r FGhB5DzsLfh1nxRhzcEGvEq49ATuGqsxm8HA XXpE5gEfwnmByLoj0/b7MeIorbANGLGdxgpC ZB/KFz4DQuNeE/CBNVhTLiPiOOqqCVTDcqZx IslFUiLCXS0GZ62ns/W/lqZ5uWomVyhS+KCZ KSx9CmopMLTUBOR5j6zjC/A4ZT6mdCHHotvy N+Cgm6PJYPSF+sNI2zbAYtDGhJevIchQWtCr HQB9KgcqBHOVF206PrTbkld0g9KQkNkZxqkA PkVdUCLWIPLXNO5xbw== ) 300 A 3.4.5.6 300 RRSIG A 5 2 300 20121212121212 ( 20110321190904 516 example.sec. AChk/3WsdJmFRecdw0c5W4Fe4i0KQn7udc0x UuXMXQj75pGfDOIoXL3NgZfCBsQemWg2D60D 61z0aps4NYjGEPy51nLhGWX3K8YG+BhEia5T I54qcxevzkYyG1Bzk5RSrpctvs1Y0CuxwnTt 3kGqArAUxWmxAvia7WqSn13/r5s= ) 300 RRSIG A 5 2 300 20121212121212 ( 20110321190904 44427 example.sec. bdr3QPLEGKOTRWa+8QiuoHpMYbS64feik7ZN ro2B/ueKxRuPnqj8YKaF8sgmWbYWxaL9MLA9 H85BfVYEH3EtU9QajbXy5zpiXki/qz/Zts9w B6/rWMvDhlHFFh+peEAjH9YbNGChcw20fgQI 5OGf1f7PIFFZsm8Gm+kWS6XQkwyLX8kY7//S 4kYtWfVKffYJjAXTflgNAfIJXyDrFvXa1XNe 3lbCsmdDoGNJW4FOo4KaJ2rc3OH39+3BMDk9 Xl4hxjCkNNT3QnITRJ97Vo9DngXsTyFYXK/5 ijkl++xhaDVOgU0QkLwbcITbqO91hqI6JE7U fDmdNHzRL6XgLUwqcw== ) 300 RRSIG A 8 2 300 20121212121212 ( 20110321190904 48381 example.sec. PV2SmMFdLY5MSbSOlpLhxTlEv3p0M5PSbTKZ rdM8Edd6D55uE1YOTcSuugFpwlB7LVzCtONv ucmVUrzGzJUT0JbtlWd/Hx0axCLO4hboedkr EoFnGsEmQv2CwHienE0y2KRyLYqcxGeOiZ2l OnVofupTl7TfmVjotatVMKWurcdE9u5lrk5x RHwYgonNr1Lo+qO+3sCUONVYpLWU72dcPJVt aBUrqHQN8vfreSCKE/ifIH99c5s+N2fgtal/ xiO1c60afq6RMvlDxzm+n7KweVHgRSKeBujL rO8JT/yvMernVM5VvoPFZe2LigEayubRPj41 ZKuxSuNsTB553Au8IQ== ) 300 RRSIG A 10 2 300 20121212121212 ( 20110321190904 1862 example.sec. ixJG2UmtG8MzRs4d3sUB0JTldTzDhrEln8DP rOskf3a6qFgwn1V51TgdDSLmy9YTqE6WXOpn elh6r2CEclgqBd2iuunwKfTN8AxOr16Fr/4e vSrzWcEWN5tQoYs1NHCSR65gDN8cl5Fj/v5k oBWKZRVzsKJuy4hpLhvKWpPCPysqW3DUPi3h 4wGElM0DMrqi+27t3kzQel1/MfT4gBb8vljN w72kwYV5cFYnrVWXjffi7+yTeRJoEuKdGRON 21lVmIHv+9XOkTampgoHPI2x1kkYstOlonKl 8lNoPMCVEv/FTsh2jpQa//lHivCIZ9hOBXIg YN5f0ZvBgvKvtRNrlg== ) 300 MX 5 mail.example.sec. 300 RRSIG MX 5 2 300 20121212121212 ( 20110321190904 516 example.sec. fWO25W4rEgnACvegskuIVnF9GQuoQWIlDGzr 99hkO9/LLKd2tQgIgtEPN1APrkcoonFWzJRl WpmpJuYimWFFMfuJ9jkkEfjYrUzR3K1chgSM gmYvAfMr/d8l6BjiFqRCVLZ8kvfzwjIlEx0S +drySAidQV2u/V7yk5/G+5K5wjk= ) 300 RRSIG MX 5 2 300 20121212121212 ( 20110321190904 44427 example.sec. yix4Opq7le5BrNllC9CROkYuJp3/ntKdNheC ydWk6PyL4OV95oroMXmjqFi+f0jDjNbIIr1O GeIb0gD+BVi4mujA4GX9Uddfv07PgSOcQoxf qfNWgdOm9DwmqK+26U/q8o9ko0cLaKNtJF1U BH25MkwYch+/xV+EX5U0cMdHaTUX3/i8Obb5 rRJZo0GiHKiWwFP7akb2LN3NoFrwGO3rwx/t UEY+LfE98jFpsGB7Me8CI3xAehLV74VYAO3R 73mt4Zj/QeTOxST/bR8bBbPPIyWhBRssfI+7 W7DNVr9gSURySCj13+jv3p208AsZWe37Iiby 4epKfZlPr7c4dVsA4g== ) 300 RRSIG MX 8 2 300 20121212121212 ( 20110321190904 48381 example.sec. ACKBdVN2BJ9a91rHFPIHsycu84g1R6LFOPrt gN4qwL4w3NiNMTRSLpvzhvREcPXgyQjWUBzk 2vCWkAKQcwWyk/evALPsX5FmdB4kUacOygBU M35+Y9P2R9ikbiUk2fF0sUlPi1QXCwEVgDab 2Y6FRMvtXkXSvZ5GPZVx4aG2hQlrzXctTOOb HPsdRNuoAmusjiphFJRCLsB9cD2hqvd37hTj QJGhu60qt2zbG925kxlllCJHcDHhgh4mX1CH +sgFsWcTteTk4t67ypldWu+pzZPjs0ABUAp7 8TEe36KkL9Qn9flCcEycm830oa4apo/9iSca 2a7+kf9dvrbuJAKcKA== ) 300 RRSIG MX 10 2 300 20121212121212 ( 20110321190904 1862 example.sec. K6clO4PPzBKN4ALHsZPY7rNvVnbJ8TiSd0l6 s+jHDNyFFjKD7l5N5ofo9olDpG7csJTQHJYt gM9RZNJibk9Rp2ObSQOVr3DKQEUeFD5x0U4d 5P55/4rWta25POwgbAOxT0sInI8f9dw4Pl8Q 7g+xEVssTdOl8NdUGsgMNqaxqOF5vZczQpmn nHMlUdcDlq1udk3O6FT++IpR3mvm60KVY7Dz xXfth2FCvuTqecBGAfILsNch882ODD5iw4Vg rpT07UDWcPivBC64Nj8pyW4pqKkIk00f1dXI tLbECa2mar7uiN1SkFYrofbbSXAH2Adic4p+ OPjDJiSb0qIhbi3Biw== ) 300 NSEC mail.example.sec. A NS SOA RRSIG NSEC DNSKEY 300 RRSIG NSEC 5 2 300 20121212121212 ( 20110321190904 516 example.sec. NzQ6/OI3Lb97qiSV1GSI2Z+7KZl+d7cfejS4 EEOHNKs3plSwgEzMdaJr2LHfWwyEO3mn7RY5 JiqTXUfoeTXugcn5MZcG1aa3sdskEJEClI8V Dq9HMwFMXxSJ5LeRPdSQA1gXMMuqKOtKXajb DKpCwr3yLYho1L6vuo+bOExelPM= ) 300 RRSIG NSEC 5 2 300 20121212121212 ( 20110321190904 44427 example.sec. idXRv7E4VzNoE6OjxQ4jnqsnvx5pjhrfkbXC JApP8GVpxGLqS/pPaTePaL9OgckwvFsnd2J5 PJstTv26WNGkijxkaNe4t4BNhmQymBksTXqh 0hU9oXyLX52pb1VALcvai/sVWfkANFnk0ss9 GEps2MOsM0Rpnc9lS26JmkgCr+8tUZBWizOq 30YmCPLI931MThIMA8cKaXfZehJ+aUMceUc3 DvPNM47OB5W9Syu4QbAsrU50tNkyNbkMJVmC NmNDQ1Uk0th5fU0rcZykIqCH756YFWzchYBS Jofz8JYNUxUho3+hzSNH5YLvMyquzM05lXeb 6TNi5wjOG9xhW/X/gQ== ) 300 RRSIG NSEC 8 2 300 20121212121212 ( 20110321190904 48381 example.sec. CWmDzJop+g5+bPmvwwuvmP0X6gsd81dw9xH4 RzTVRJ49gt6I6Tx7k/oA1Hs3UFJGt6QSgtVz 7NKSn3X4lXMb1ByhyQsefLCV/vtAO4UxY69L 0DsKso111pIkKxFP7Y/oJKgn1bBC6FMIJ7N7 LkMFzRIl2uetDFq2JIwauFy6BCs/CTaIx7uR tVgGe+TRDLjbPlPtYdESEpb9zKLQUQsIGz+N NfwWbp9R/oWx6lwxvy26JvvJhq8n46lm6ZUy /+zm0qAmE4YhMbHm3qdLesof8qVCI3VAPfT6 AMdqe62eo9WdFa6/9x/wlcJNK43CTloTD9bg 2gAVqJqfknKfR94dYw== ) 300 RRSIG NSEC 10 2 300 20121212121212 ( 20110321190904 1862 example.sec. Q6WeIbTOIMaIMEvCHqGiPwlqvwDH+mlyHgmK 08FvdpG5t6TFB8QPzyMQufN/Ti5e8K0IiAv8 JPUb+ZqLq++72qrgyEhUOFG7+66LIHwcdEaF k08GwUFNpcn2W0/+QuVEVe68xHtluyTkCEFJ 4gHY7kd1zn6NrQCvt4U3KQAAr0suxNZ8mHuD hgO4ECYZBrqmpctNYD++Ny5spyzMzqHjUoin k3qj3XLjXKhfVhrmayjPxOFH1F4YH797JGF7 Yiubt5CH87rFl9jT+rDf7YvIHXwRpvq4xyPJ uS/CRvNCZpDS/0Ma3k7noD1c+m9U7/DeZq+e wwmoFYz1e+d0QEufNA== ) 300 DNSKEY 256 3 5 ( AwEAAbqjCxtmin71unORku1IrrQx2S49KTmw 45jnlNdreCH40YmhDZo26CMiVXbq29rvUDW+ ZEJqVT5fd5GrA1wEEGbrudd2LDr5AedBK7fY TsZf/LEm32/Bu//KzynrJqyB4HSN3GIPbp3K YyY/Hl7HawOvWAd+tUHgUtes4trE/4pr ) ; key id = 516 300 DNSKEY 256 3 5 ( AwEAAeluubFtl7Qtw4TpuZl85abGI+HXO4ag qzv1kSLQ5tkYFGdpZyZwQcBU2znMrdw03o6d GOEQi+FeSymycLZmtsKiODsHNwgb6qdxnYm7 +n3ZiPwVhMX3gxIG64FORibWcHAyBe5AAhQA ZIqveqjnY4gwdKZJSmo9ihXBkKS4yJ6Ulopk kSxL1Iq9oXvWrd1ZqjQiSmLF/3juvBGjHVP4 CbPiXZ70UDay6Ysa1to1tHZSQshkRTClB+Dc t8er3cZ1y62yOSbPK0SlouSRplbz+ezNyqD3 c5zvz6F2AcZ4NqaTZOMWZbOowujQj3FxElaZ S+/ughQZKq3OtMN8bqc0tZ0= ) ; key id = 44427 300 DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; key id = 48381 300 DNSKEY 256 3 10 ( AwEAAcZdPacjnWNuQKCF8CPmUW1/NUxI/G7x dbwrU9lOuAD3sw14rLw2NTzpbC/bubt2aHQ0 nc1duoK0x3DjhAURWki/1O1Yvr2ffQRVpWS+ WjRKCqTjuPrrdImeKdWEdnDl3l5kQpsxx++E IHrDnqiVhBHJdVB70A/I7i5/HiD8HgVooR3I XVyxbT4walrarrhHWEBcXcNbvadg2rc492wS 86zbSmK8iV1e7t6U5iBYmsQjc7TVhBT7xqar knECGC8L/9o/R1zfSzSN+ay+dI45t+jOOLgW p5gmjsI/mXhoO6GqX8rbZoV7/DQyAR5rATJH W1eausJhOgE2wBJgl6V0XbM= ) ; key id = 1862 300 RRSIG DNSKEY 5 2 300 20121212121212 ( 20110321190904 516 example.sec. twpGirC+tYDotLYKaRvJfOaSI+K0RPNTwFpw UXl7l4OKQen1MvmiIo8XI9kY+C+X0oSWnqEk BvGiYkhUF69mNe4N7joDQxKO3uSfuvaoKwV9 qAZ3vgSNl4MT3LROsSsZLlDen4SpSxvkXtLp cKcrJghOvkzhz3iXVrg/w6bXjYA= ) 300 RRSIG DNSKEY 5 2 300 20121212121212 ( 20110321190904 44427 example.sec. k8/IGKAGrXm4nrq8bl1q/wwsGuSNzwqsm9xV CQljrZ8dYw3+fhWJnCHbq5fGXkzSpAGzRl6z MwIzpQa9+seXctjZYB7rwMCXaLGB/Q3a1ALx LBNM7Dg9aCoSff8msyL6d+c2VVy8zDOD1TwR UkLYMxYPt/iOXubTHQjl1ZiB7NgCKCImThCF DySgwHQiKIIx2718uUlbgpmiubEkpFuyxkvZ PwhRBoqITD6THmZT8rNtJPrSNfsq47U5hwRq LSQZqKlzqjdZOW4ZTs3bQ8+AAWTlw8JrtL6F oCJncBW+nIu0bkjLEmdjD4H6xoL7DikgLI1j bD6SAOoebcYMxOx+Ew== ) 300 RRSIG DNSKEY 8 2 300 20121212121212 ( 20110321190904 48381 example.sec. D0bZ2H0Nh67jbc7rJbmie9trcwpAF+S96ldr fTbPKzpEvhBA7nL0X9ZP4Gfzi+c0U/l0O6c/ cFeo+VSKqMkwt5podbGiqEgvUzGpPPnwT2uB sD2N5G34OvuQ9j0wmlKOqO2WmP/i9hJWfon2 FiFqAyVtJJScMnYOgrtx2bWQNCcys3JnA7I/ K2eGfbDRDH5fGGIpCAaIU+XoLACmLLh4v0X5 mQU83+EX9mSQLY6z8eOGr/gTAbW09p9vllcS 8lqEsmubC86aOWcufb7MHEXiMQwytbIXdraY T+wcMehzRzYVmRPe7jRa/ALkNYdUhVzKX1Ol h3e2i935lGUu6ZWOcQ== ) 300 RRSIG DNSKEY 10 2 300 20121212121212 ( 20110321190904 1862 example.sec. POpWaOMkZkn+bz7cfrZ3Qkt1hxW4r8xoAEma LsQF/PuVGjLsvlR1TjmqUuSACJnorx5vFYUT 43LolixZ8vT6Sw+MxMRVHcWdnFLQppmAe1RR g8J9c/9fWmAbo39AoHfX4LpAjGuJ/+R6Cs0y sVNHVS29hhIieJ6GjD2GqApcQ+saNqKBm+4D VxXDroO7NhQgu1XpZBcMSFVozCtdzPgvN+BE afMXOXVYAh51/hRfTVqP6n8fRjrQPCyOQ4NT GO8ILtAu90KGy2GPjng6ZjqlnXEH5CuNC1sh xXf5f0PbyUo++Lx0NNk65Qzi25mDSDTMlMqA OnkowvuLgdmROw9qiA== ) mail.example.sec. 300 IN A 2.3.4.5 300 RRSIG A 5 3 300 20121212121212 ( 20110321190904 516 example.sec. ZY/dLHB6hV62KnA+mpK8bw2l4312JKyOAJky vHCo2R7+lDumTb0wgFSLd/novxtkurnVgUMt K7G1mOLUaqM6hnWKHrJMjivBrDtrfHmPNNe9 Re6SeB1fKPin4+XgrpHUCnuqmIbD0tmsxYq3 DBLGqvYVKCQwyAyouRFiNeIW0eo= ) 300 RRSIG A 5 3 300 20121212121212 ( 20110321190904 44427 example.sec. QWSep452ST8xRmCMptGQuAt/J+mwA8yKUHCR upe4zuXVojch0CcOY5A/ge3cqS4yINxHTTgm HP3MlcoS3uei5w/LfAs8tQpUCWhF4pEZjEuP XpQ6ARi51JkmXBSF5aKDQH2bJ+PTEUmaNmLC n5mApz4Voo9YdS9ufIs2S7dusyOpdTDoDE/7 drMQj6EurENB0a+y5/yxcHR5j8YjSlqtY45k HVz2G2xe0zpopE3mSvIDz0jDUrRsKz3vpx+P DG3VDlMRiensfmO/rfGycDGkvqo4FIm4nl2+ 0UaTINnqhseE3Effz0XDn4glB8KcZJctul6w Ae1iDYc23Z8t6XEVOQ== ) 300 RRSIG A 8 3 300 20121212121212 ( 20110321190904 48381 example.sec. 1gYbEZMy84ynTBpBxjSb6FAdNsOZQtHUVFRs +Xf3yhGKeQRiRxyGzNfT+nGz01LKdICGMcsd dqhjovq90J6beAllwwoyw72cxFPLb1JTBIdf xE1to+HI84luqtgZQ4Tbrcm7Q+HKN9FPkHDG g/dbhfLJNffKj0AWL8aWhxEXj5HxXXP/bW6l yv1iJtf5axrOTUcBCRY/LllnOMNyRviJuosZ Hg1QbaMuNqNueRB/b7ng4TGRP67KDhg9ZQDv VgVa0DeUuCbo6jyYfrC0J653t3IJmICKPJvP TnWhwqYYT65O3BvmGl5zvpxTWw052UCVuUz9 ClrJYpTE4/mpo/elgA== ) 300 RRSIG A 10 3 300 20121212121212 ( 20110321190904 1862 example.sec. Cq59fLZ78qxYgFwlb8RDsRj4nyP0lYUKbafX jnNIz5Kd3I3IhZhT7PN+wcpZthv7h9rM59JO BJE8Qsl0M7Dd/4ncowdqwrGG9gif3yRnSvFs db1NxuRkn+syGXO8zzEdcb9wjK6gCoq8ulLJ b1EylyDyRcR5929/uCCFEIP6WnlDVXmArFMd ol2NTky759aSS6YMsfgAgZnymOKgesTWmg+z Thr5R80zUG97USWbH2qG1SHhIozWkQeeTtnZ 0/cOKaal6+xEao7r7vVLB11NDgrIH2smeMSU QrqFMPAtIxQgQVqk4urc6YTtfe8p1HIDzDVf /7xqj3WpVcLa0+s7rA== ) 300 NSEC ns1.example.sec. A RRSIG NSEC SRV 300 RRSIG NSEC 5 3 300 20121212121212 ( 20110321190904 516 example.sec. PGsq/tTtjx+oeDoZTZhLrWFF+EkQ8MjBpmVF O88U/MqnjY58f1exv1H+ry2rZO76/DZ9hAmT nlBu7mRsodOHxmkj2iAwEQY4wPwtDsYJAqfL iKiLbZ4lhQWq2I/PG7sbBKf40E+OUa2H0SUp umJ8vNd8is6L1RrKQX9Tpk7WTuU= ) 300 RRSIG NSEC 5 3 300 20121212121212 ( 20110321190904 44427 example.sec. bRK1zV4xNg9tPwy6gE5nvTG53O29GWKQn+Ho qOzuN4865me4xP682b9fCkP2YfanyAf1joUm ++OShdVeczfx0NohnRJRg4eQEHG7VSaFrUCF 6YIUXy9xcX9RtHHp0wE4nOe3va5OIWjCM/Yu iCTRNWkh4Q42yXsSTQKlKyXYRZCyJFITfP5T gJ2nZqVM/5V9rkNvAV6KPrZ9AeWmkwrX+t2v A8miQzS9PZKWVrtDhmLkbeHeM+6T2fHALfAJ iwqgI9QBsX+pKyrGvIlfqdeyMs+q/kFntV+L 6X9wOYz8mEK4BMvr//B/1UsFkZmy8+jrvNNG wtt/1B81q7tPA/yF5g== ) 300 RRSIG NSEC 8 3 300 20121212121212 ( 20110321190904 48381 example.sec. uEW8IXojJOkAssm3Lp09z9QIbP8NQgR4QmYN gtAhRvwYES2OvKVCX25fyAl3u8w08GCCj4BC B5WGHLjrPz116EfuDh2nqiLUJt64UekZRbqx mvtM6zTMdOc6ICCKPnyg4eUiXoMkyKhinsz7 KDSzN3W4z3kqXszj7vbbtkz81Ps8g/DU/g9y 5CqEOrd6r/i+A88/w5LL35+M9Gjoyj2U6pCX EQtEp6LPA6eTM+YL56rgOHEWPDb4QI65BBGM mBygA5pSJ1ZPUMTr+BNgGrywZJIRdQevEUW7 2p8+PPHp5Wbm+d0+o08ZzHB8sjgLEKH6mXyV /TF4ufzu7HfTfjl+eg== ) 300 RRSIG NSEC 10 3 300 20121212121212 ( 20110321190904 1862 example.sec. fjMYa4kw8rNtj8y/IRmD3Z7IxRfv8DLS6+Ew uc39UPTVW/c/JqHy/XHu05xdP4SXf6zbF92J p5VjWC408SixMs8gwGS2ihPINY2ptbv+nqBo a+XTB0U4bTb1YrufiNb5jyY7UPLuUfMSeKl7 CHCTY8RlC4G3Ac3pH/b31d2msVzZ+kuO1i1/ lXlkU8olU1jHuzaXOL5+ztjNYad5p7fyI9c7 XpB2hDhrDB9KsMYjk+wxzawx2N9DmqM42X3k O83wTJ4VDcIeZ7fCiRchaaH99hEo0HtaTdCp d/dGkG6Gz6tl4ufGOyQuLpbnfnd+v5D3IDyX CXDWmxtw4xYMcY2mrg== ) ns1.example.sec. 300 IN A 1.2.3.4 300 RRSIG A 5 3 300 20121212121212 ( 20110321190904 516 example.sec. q88manDDkCIzUXoF0BxY71gt2o9s0kTTMGMV MQlKcPDZPckOJfVqbvPlSQXmheOkmOYp4+VZ YFP/JwoMJDOtd6xNlBaC0FYmg8mxwd7uXiwE cbBeqG4SZ/4An7eWiOI8R3J6Y43N0fuG+3nC GndytHwRrmjWT1cHNdew2ShiMHg= ) 300 RRSIG A 5 3 300 20121212121212 ( 20110321190904 44427 example.sec. sRkfaRLf62D7K5bLlC60JkAbkze3ShxCrvf0 VoEzGER/06NXOB6TIL2KDKMnzZw4h2mD+X2D YA7IqO9H9tAbF7TNMiLMdEYUFCL3cPkPchyY MvtseHlT0LRlhwW344Ar8P9S+vkvt/P4uwkN u6Sc0ctDjHtVBpVhMA3rVlxZl8qwYt24XVCZ enxOSQQQH0Nb0TmAS7sHw2927gbC1voW2y9j PakzCXs5y0TKLhAUW2ArE1sTlq0qiTn9JrU7 h0sL7uxku+hFsq2kpx1NW6a89l2pD2aS86Ys IdAY/xVATGWdvV3OLmVBfqXvNWwOuPHVfSmy hyA8kCgEN7TlpHPV0Q== ) 300 RRSIG A 8 3 300 20121212121212 ( 20110321190904 48381 example.sec. bv0FRbTFq9xVa8/jq2dIKmoSh+n55s8nHS1+ wN11khtVqAyUv6fJeZ3GLR3aUluZf+kgkXCs 2e+gL0K+L4/z+9dE2rgeIQU14TsmaAvMN37X ZjcSIwGFtVBr4WvFQLO9VzPe9Gntu2kzG40Y qTKUIyAkME9kIR+ikalKXSX7zOrKj3/rTPBz M1qVFU9FZy8qBCrk2IRvW2029s+kEDyymfIV /OrUFCUskDx/EaczOAzAItiUCIvdJ1FariPK pWFCFzMVXhjX4jhs6F2NgoiK0aofBebU6SGs PA8Ag4l54GGX8hNaGHNmWO+sOk64yHTMgR+9 1gjd4g6hzf9loJ4ljQ== ) 300 RRSIG A 10 3 300 20121212121212 ( 20110321190904 1862 example.sec. sNSj6dl0kRRhG4E5A8V87JEqQX2vW1TBXWuM KuRiYhEfNqGp9Y50ca84Tqgb0sEOnk4EAtzF AMJKEVQS4mAlS9O+R7et/QVJKFLCn8D+wrRD ly5Bb8C7gMbGYMkjnap1eQg4gaNVVpU2tR/W wZGzFCK1fDluY4CPm4a75DNH977uDBV63AuV c0beAhJh8dSHhqRQJm9Rm3pAU8uQv4FRBwXf i8JU8ddvqQMYbEuOkmR17pLKu5127MaO0+No NpFHvjeMNAFYYx7et9IWSGB0o3aoIM2pHLLq JXtC2e2DXiXXQ8rS+C9LRtDAto7USU4xDMPm Wj412ruoUXZfo1Jvbg== ) 300 NSEC ns2.example.sec. A RRSIG NSEC 300 RRSIG NSEC 5 3 300 20121212121212 ( 20110321190904 516 example.sec. TgF67yndlSPf6vetm1VLWWi5C3zRJR2LWMPD FO5Duw1otZGVxIsbq2bM7Qabw5omSG1OWomf GJ6bEthwev7o7eq0DBlDGi1yvSghg36ww96l Zj3EdFgmnp+qxAPfRD3Jk30Q7bp+5e15xxxD R/Pug2q/OIUV4cfURCBmjohfIJs= ) 300 RRSIG NSEC 5 3 300 20121212121212 ( 20110321190904 44427 example.sec. GayKxJJyVoFrEKEEn4YiG0w3F8AAIaXf9HrY ZlSrPCeSlWKvRrPISzeEFz8TMQUOGD3K1n7R fpwH0BCBeoKIxqYPXL/kFcKfb7t7KwgJXJKV wSd015RwXCmUEpdUbhDzBD+Apewcd1D8AUmg MHwRrt06Q7nJdmehrP7jzNLEfBZBEGRF1TOI hgobjVyeplEW7tPgnI51+cTKHJ9zhJ1UKDPp r3RQt7MxdL61SzsGzBSyVcKdcx9tJ1e2NbgY mKPylMk/NOfSKLdQeaC2avtQ5E/IR8o8r4Ua BLkwaH8bFnZ/1dx3I10dylJZMKrXXlcYxS/v BNcKo8DGC62xI2UaNw== ) 300 RRSIG NSEC 8 3 300 20121212121212 ( 20110321190904 48381 example.sec. xuANn6jCFHhuvWqf8/dNcUNTc0uh1046iuEz CjJZ1wgE+oXusIilWDhgTvR/H/bvLjh0phLX mxhg4G3SQvG0Wvvdv2VBo7f5CriIzndJjodc h2W6wqvggE9ijc4q7uDHWwbRM0qN3DkghNWq pbNVeRD0Ci273J6nfP0nH9m0Wes8rX1JnSxq Iw0vMWgD28dOsn9TPpk3kDM3U8zSjYASja12 mZURoF0sXVvp+aC68JTW20/e2yJFF6e+68om GuOeVFUlglKZ6VZAa5goAohruGZbyMFvlJPJ daGhycpybeGcF7fbxpCrNCnwiiBDGKBR1mut MyytVKIFb/iMsw3g2g== ) 300 RRSIG NSEC 10 3 300 20121212121212 ( 20110321190904 1862 example.sec. Z9QQ8kcwWdayNrUuUebNq/Oy2ftLUmc7EGSh 0HWylvMgOWPQlC+NMOF2dowO/NWPY9skwvck tsNrZ0dMtvzt6MAAxC9UsJsQ+iirOB2U/tVI pUAjIdTbxLlMhsmLJOW8xy3MYVBdf3u+IpQK 90/a3Ngwft0Zy6KXBP7BndMXmISWSi+0QWwI 5yF8qBbUx6iwmC5x30TIywBl6yggB7GG4MBv v2CoszyNH5GjtqY3272z6VUd8XB3MyDu4an4 5HCsQ0IKKATmkbPnBS3JhJ1zcEtZkFqiOSw+ wgwWv+2hIpKrq0RR9qX/vYUEYjCADsadjbEE CWO/9GT27DcUegbMrw== ) ns122.example.sec. 300 IN A 7.7.7.7 ; this is outside of NSEC ns2.example.sec. 300 IN A 5.6.7.8 300 RRSIG A 5 3 300 20121212121212 ( 20110321190904 516 example.sec. VVI8nK3F3BfMlyZlEPw1emkSJez0asH/ZvaW OjAgJNg+YlgfwAYFz/zcX0xH/njX037KtCXZ RaF1igpXvcPEW55pS921Qq2aOEY/9HvFdrsr 34jfLPu6PuVPiJLJJELXVjkBwOxXyMARAd58 TggMOlw58KCCd/2h1OLZ4Ky5Er8= ) 300 RRSIG A 5 3 300 20121212121212 ( 20110321190904 44427 example.sec. GeEgzMqBdc+lrdThCik5veRQ0GPERifkCgJB Tb6Asx2Vn4k6+K8kMGl7OxMbGtluoH1nzjYT Ro6QuhPk5ft7pCP0xZPBwOcl0hJsZ+k1oA9K BX7vXXg7qtpYy9RXHhJ58i5dfRN8TsPbMJtf ZrmwQyUMw5HjY0Nc4BPZGbocR2xOBSYBn/A5 3zMFcn0lrKiC0J/TeFtTv8HVCmZ1Bhfn6gTK 0ezQtRQDmEaWEGR7JQas7h1y5+qWrtKVu1eQ 5n0zmamD26sdwBcrbHKqUa9x+bbdz3cfWnze k31jZGwAcMvLAWi1w4kZWvVdxYEd7WkxLYfu TkvjObzS0C9cGtxwcA== ) 300 RRSIG A 8 3 300 20121212121212 ( 20110321190904 48381 example.sec. OuKzAU6DTB88xG8F/UZDDhCopgDqqXBtrCNW UzejdSnlOkWCWyhoqNdDVUmP8RsKyvbHgMll DFsrE8EOU2dFJc94i8uX+VOOQ9XX7I7Figny i1KiFuG5M/BhJJ8yoLhT2c7gG80Tt7oHJpDP 4UEZkBP4Lplna7rySMPubY62zprvV5xIO+gM qwFqL5U2D90nrHl5NDwEw2ruCZYPv684Bmce 5Rslh/6J7VxTjJaVGUr8T81HKnE5Xw1MQ2x1 VtrsCBIRrwL2YxfdRf6j2GR5JDozk49mQUm8 BPIvC69Kijr3JhP1CakJFMfDRCEyj01UjBKz QisQOEDJP4tRVNo1CA== ) 300 RRSIG A 10 3 300 20121212121212 ( 20110321190904 1862 example.sec. Noj04flBhck+sWYKhMYJdm34qfdCUtHZC9a1 iRgEaI4AgKjyJJjbKxXwxlpveoztFiQEnt+e ZZUSVpaR7UmhmX+F8uOlxr50+W9xwrlYpjsv D038kUpQkapSd9ukjte4A5/jCQrrxfxa9R1/ XJ2nHfTJXpHZjujjdj7Uavv5g1c3KaRien75 3zniwYp1rQq+RgCbtqtCYRf31Qc6h9BGt2ul z2GJaGfJH65FHuZtkOy+pT9vEJWc8GK61GVO UaHN6UcR3RtrzCeY/8nGkaDFFYc0YvhD7bOF 7+GB1dhTf/sFR6uC6mlWlirGyTj+JYb8jCMd OwI7kW7fzjgSPB1cgw== ) 300 NSEC www.example.sec. A RRSIG NSEC 300 RRSIG NSEC 5 3 300 20121212121212 ( 20110321190904 516 example.sec. Qak5r5ieUDezQdqLu4FWvQRIP/VG6MdE/ziz HddAkuVa4jlBAarWpt8X6ChABhexVPmK/f4x qORf8qvaVYz0PzvuTHpEgGAiqHpiwK4V4z09 JaSlxDjsGCl41uceNFGfMkH+Q6Gj3dIeJ19f k2DYjZ/t+1nMd01SKJAFsTpmiRg= ) 300 RRSIG NSEC 5 3 300 20121212121212 ( 20110321190904 44427 example.sec. RkQuxEi+JUN9LVxZZ5VBspPxF5U5g5rASBj1 yrDBJQIRdGIDITYeiBP4xw9rAHO9bo83yn30 VNZOWdCqWaG2NOxyfilhURpPlVo1vTmWd7p/ 4xeMcGBs8LsM6t3Z9U1Ecc+sLEgsccHf+363 a6N5+HYIRE0BjvIo75EoJy4UIZrTVrMBJwYZ W0OjWjfQH2ce39q7lc9NshKY/2MZLJ35HHLK 4WI1e+IB7rSPKGTRhLSiwbA4rjharxqv4xvt XUDsphQoMqXYLn4H2d7rkPGKLa1+2BsMYV+v DoBFNysVcIAOJErDpKqBorLLuL8Qi+DKwsZe EDz746YkVj3LoOCRCA== ) 300 RRSIG NSEC 8 3 300 20121212121212 ( 20110321190904 48381 example.sec. oa3kWJRq6dlRomWXjxJAp0xPXkEF9t/3uw+U yAYm72kZfeOCMZcTxQRyUSvT8aDsLxhphq7+ H0R43HUh4GYpGtZXBOcTMUiNIDHxFJYwp5xL pYCvHZ8m2mwDNeEkJ2mWcxYwg8wghxZjf0sG ivB9ufyOCl1V+R4PLkAFZXctUEsZvP05Ukdm NwdTFGcj+RO8vzz1UT82L23hBc/ZBcv7+/2j OiH0j3g/gM2ko0o2G5Cte5746zmvs7MQW1N2 KxDbHxuy8/Aym8Q8CyYEze0VTBZjopiYXmjM taslp9pQUH6lsTA/I0XeWcL+z4Y+L8gGmr6o lHpSE0c/pN5thXjbeg== ) 300 RRSIG NSEC 10 3 300 20121212121212 ( 20110321190904 1862 example.sec. BbEEJ/Su2CoQiuFq1ufsJlJmKQEHOZioW4LF nrQtLPbFMTDUhgxxkog9J8nS6IVrElQaiZLH CjqGaSNXk7YStRpyLpz+Yb/TEt4T6CrBRphU havGpG6IZY51I7msyyHbkJXNXvrYY9uqCvdf 3Qea2x+9bTXhGvg/4r7QcqH1jfbqXyl+yzo0 QyYCNw3oc/MSrwWpDWktpWjMiXnJ8HhVfoqe j+PHuoTiCkL6QniPhrBzWfhzkVg3pH2qSo+0 Oz6YRaL0Mihhn/8dpvle6X74joQ6tdWaxluP 9WqXHTYauei7jT+hDtiB4jqH87tcV6msQbxc sv/EuM7dBcF3vNr9vw== ) www.example.sec. 300 IN CNAME example.sec. 300 RRSIG CNAME 5 3 300 20121212121212 ( 20110321190904 516 example.sec. Wser36d8n6h3zg09EXM+ZeF7aODFbm04YFCf RERKgKV7F+H/Ma4xGSxve7vIoMgSkIqVeFSo 8yLYZV5AxSCz2J9YFMdldW47nW3kPkV8aUw6 kJtPjugDFgJFFN3G7lCBXrUnywMZAhyO62Zm 50VCggbj+13J64ByTEEL47Jmd+8= ) 300 RRSIG CNAME 5 3 300 20121212121212 ( 20110321190904 44427 example.sec. 49nOsxfIImn4sYwc/giAdVJGjnw/sOxGOQhp UMJqwiKtoaADw0s6FMsv5ApDN7QbV10UBuHt Jmy/H9e+5Hbth+/VsAoCKI9HYfiw9qNqHk4q hKu7VBTd1ITgMObglOrPf39Xik3jq6miYCXi lyvXLoyeDl7yKszuDQbyGwGnw9PyMWe1BK/A 24ZO93NRAfQRRvYkH0QLzXPM7sewJbij9MZP 72AlcsB+MfKxgNVzPTS4pyD0H7ER/PMW3ESP eU7yz4ewpOi5rLCsztqHpim7s4ky3ub4ttJO 4J03h46ic2bv4ogsvShR2wFzeAr38B5C3cXc hYuKQOvXPGleGyH55A== ) 300 RRSIG CNAME 8 3 300 20121212121212 ( 20110321190904 48381 example.sec. eoGO0lF77s/0ujZ24CvJ6F45oqryxInpfLA5 B8HROJbU7TJ/hERgl6r3EAAc75uP2yn0TY7R 2Q5Wh+RWsQjh6NwvbLcKpOvX3EpOxg2oSLBb P46G8TiMGCaydR0Xx21Hxk4DmRHTjNu4o56z Y3Gm1eHJ5To1V39ThJMaUvuMFwpSdGgBq8L8 WoOHz23W94tO0AS5QwtCAFpUjSG05rgjBJdL Y/00Q9ry15ZwZXIRizmBoRrZ8eSxW3Dn6J8B kPN7W9z4Z7VVciQuZFfoIk8Mvl8vlCdUqWt+ t/2bcfgrxrlnHhFqOJG31XRjJOVc28FDI85Z KZ9tQTiOxdC7H0d8YA== ) 300 RRSIG CNAME 10 3 300 20121212121212 ( 20110321190904 1862 example.sec. v50k8qrOxI9UowuANOSnAGF00R7yxlD2dNsa HtHONDM89jMMs4S721SVvm9HHxVCieESyuou G/K/u54MwIFA3AgKrV446Ns3M0aZJeOPANap sjfdIqfs0hQwZ3Jth7GMpNGG5rLSmIkn943l 6XrRSewQPoVT3ZD8jeLQKGXY59KlIkra5Hfr fGLiBqpFOpeb7IxHcPed01vjgGgButOAxsFj xiudVrX5FpcgZ5/DX1o//cAdgqcvIoiiWhfZ jJEEQ6Kw4DkwFJKXEhItEtaTaciOIqlQkq5n G2xqghKBxlcl9D15yKTHkozKhLXJJKGAn6p8 oz8iSw3f9iWejBsrfw== ) 300 NSEC example.sec. CNAME RRSIG NSEC 300 RRSIG NSEC 5 3 300 20121212121212 ( 20110321190904 516 example.sec. hNtegxDTYwygt81ZbwX04aHE/M5cQILPAwMH Om9dHodMiddnFQhLTBOxfn16vuCP4UeIRUwH WvqqGElVMyWuGGtJxe7r8IaSm1JeBv4TQ0rd snu2zH8TCY6QlPBi067ukq54po/f85wtreem PrruWM3347d/EVYhA07Pi9Jqkug= ) 300 RRSIG NSEC 5 3 300 20121212121212 ( 20110321190904 44427 example.sec. ArFauCuLgUvbz2ALhiNoqgBiUgZlGeZwk/37 ZwqN59DrExfUxAuFEPmBSLLd4W4KDmyR8og8 RDZ1kWZjKuXB9Vh/Etx6Tkha0bUukEzc9UQk KwF6GUTjdO5MOkMUU9sJO6ecAkWxmfcpvG8z 6wg4BxfL/QfkodMyeTkr93PnZPDhIFA/jRpB mDDCUfXHY40shfR5AaIQwMnVIacd+d7rOB9z k8BSZeex7vzHbKoQGgR93woGq766C5EYhVi5 BivAbtda+QXarXD1VkQKZ4BVtG034iOkGBJ0 v9983Yqu9bvAINvlj9wtOk9Br8mDUKpbdnlM sMCCMaHWvHkUu5qlZQ== ) 300 RRSIG NSEC 8 3 300 20121212121212 ( 20110321190904 48381 example.sec. q6/Bry1OxPs3NSd8gjHVA5dZkKn+khj12ZJY iAQl2KNQZ2g0P8+1T4V4Vs21pdQzVSupIucE BN62FiEuGwp3NEYiYW7E9pU77j0GudveoMyK LsI9G8K27bnsMdJG+wizGNkIbmX+lHhBQNpO sSHyyldubyyJymdPy2mhg93iIofRPM7ljuJ/ W7zZkt29d41/su5Uk8sDMhjgRrw2AC0EPzVl Q/B/SJZ9Rzx/5Dj7QHcG/FkAd4WGQ9XI93SF LMQn6OQVWXRvXYVgTDMNzXV+YKey5ia9bnDL yXKu+BdkrjXyrmbVS+LQ4SEbL+MwjOawCab/ pHbGIhMYL9q2sI+PDQ== ) 300 RRSIG NSEC 10 3 300 20121212121212 ( 20110321190904 1862 example.sec. T1Y1W3dghJKxZzjGnJaoFIuuA0qu8xebm5Vj j8V3W6tdtgnfmIGfHles5wIP8djWMPCYcA4X yco/dhyVW+6xHgW6DtIWFp6w6maoLzASXf4J upwQZaBsFTbu/BPaEna0H8RWV8bo34zdh2qD Uve6XcdosNAkObfLNs7JPBJhEVxwu/ms3Z6h 9IpdoeNDBi3DoBC8GA+m7KW61GnxMd0KGj0H QnK1sS2mZe5lGKCoZDViG4ttTl3ctWoLw5R3 ukb4JEiS3zkuLTMX59PqJ+sw6y3QBgKOSnbv k18XsducRJhqpwfUGOsmAn6/qGw0HC9XN+rO jE94zVw/whela3Q7vA== ) 300 RRSIG NSEC 10 3 256 20121212121212 ( 20110321190904 1862 example.sec. T1Y1W3dghJKxZzjGnJaoFIuuA0qu8xebm5Vj j8V3W6tdtgnfmIGfHles5wIP8djWMPCYcA4X yco/dhyVW+6xHgW6DtIWFp6w6maoLzASXf4J upwQZaBsFTbu/BPaEna0H8RWV8bo34zdh2qD Uve6XcdosNAkObfLNs7JPBJhEVxwu/ms3Z6h 9IpdoeNDBi3DoBC8GA+m7KW61GnxMd0KGj0H QnK1sS2mZe5lGKCoZDViG4ttTl3ctWoLw5R3 ukb4JEiS3zkuLTMX59PqJ+sw6y3QBgKOSnbv k18XsducRJhqpwfUGOsmAn6/qGw0HC9XN+rO jE94zVw/whela3Q7vA== ) 300 RRSIG NSEC 10 3 300 20121212121212 ( 20110321190904 1862 nosuch.sec. T1Y1W3dghJKxZzjGnJaoFIuuA0qu8xebm5Vj j8V3W6tdtgnfmIGfHles5wIP8djWMPCYcA4X yco/dhyVW+6xHgW6DtIWFp6w6maoLzASXf4J upwQZaBsFTbu/BPaEna0H8RWV8bo34zdh2qD Uve6XcdosNAkObfLNs7JPBJhEVxwu/ms3Z6h 9IpdoeNDBi3DoBC8GA+m7KW61GnxMd0KGj0H QnK1sS2mZe5lGKCoZDViG4ttTl3ctWoLw5R3 ukb4JEiS3zkuLTMX59PqJ+sw6y3QBgKOSnbv k18XsducRJhqpwfUGOsmAn6/qGw0HC9XN+rO jE94zVw/whela3Q7vA== ) ghost.example.sec. 300 IN NS ns1.example.sec. 300 IN NS ns2.example.sec. 300 DS 50458 12 3 ( 2E40B2A6CCD2760EC70AF69D1C144064C8 1E53A6B3EEE78BDB9E0BAFBB9C02 ) zzz.example.sec. 300 IN CNAME example.sec. ; previous NSEC should bitch about it 300 NSEC zzzz.example.sec. CNAME NSEC ; this one will also bitch nosuch.example.sec. 300 RRSIG NAPTR 5 2 300 20121212121212 ( 20110321190904 516 example.sec. JMRbXaDnvv39FoonWE688oliqrw7xe6ZNi1r AQUkgjlZGmuNcCDlarDiQHUu1O2GBizRpv2o nh+TFfgqn7FrT7mPDCj5J04BuLl4x9+CayG3 jgdtZ+UW8UUu6jUO/woEsbmdB3HrVjI/UWGC 7qFMaz+i7IxCkMLTS2Qh65Dq74U= ) tobez-validns-f423245/t/zones/galaxyplus.org000066400000000000000000000012441314110214000210350ustar00rootroot00000000000000$ORIGIN galaxyplus.org. $TTL 5M @ SOA ns1.catpipe.net. hostmaster.catpipe.net. ( 2011011400 ; Serial 1H ; Refresh 30M ; Retry 1W ; Expire 5M ) ; Minimum TTL NS ns1.catpipe.net. NS ns2.catpipe.net. A 194.28.255.11 MX 5 horch.tobez.org. $ORIGIN . www.galaxyplus.org A 194.28.255.11 $ORIGIN galaxyplus.org. cvs A 194.28.255.11 v6 AAAA 2001:2010:1::feef text TXT "text1" "Another text" "One more" bigtext TXT "1" "2" "3" "4" "5" "6" "7" "8" "9" "10" "11" "12" "13" "14" "15" "16" "17" "18" "19" "20" "21" "22" "what is the meaning of this" *.meow CNAME www tobez-validns-f423245/t/zones/ipseckey-errors000066400000000000000000000020721314110214000212040ustar00rootroot00000000000000$ORIGIN example.sec. $TTL 5M @ SOA ns1 hostmaster 42 1H 30M 1W 5M NS ns1 NS ns2 ns1 A 1.2.3.4 ns2 A 5.6.7.8 bad-precedence IPSECKEY ( xyz 0 0 . ) bad-precedence IPSECKEY ( 256 0 0 . ) bad-gw-type IPSECKEY ( 10 xyz 0 . ) bad-gw-type IPSECKEY ( 10 4 0 . ) bad-algo IPSECKEY ( 10 0 xyz . ) bad-algo IPSECKEY ( 10 0 3 . ) gw-not-dot IPSECKEY ( 10 0 0 some.name. ) bad-ip4 IPSECKEY ( 10 1 0 192.168.1 ) bad-ip4 IPSECKEY ( 10 1 0 moocow ) bad-ip4 IPSECKEY ( 10 1 0 2001:2010:1::20 ) bad-ip6 IPSECKEY ( 10 2 0 192.168.1.20 ) bad-ip6 IPSECKEY ( 10 2 0 moocow ) bad-ip6 IPSECKEY ( 10 2 0 2001:2010:1::::20 ) bad-ip6 IPSECKEY ( 10 2 0 2001:2010:1:20 ) garbage-key IPSECKEY ( 10 0 0 . AQO/C76MVA5WN743YYeE537SLNffRZvQ9yxoQqJP943gqs4QATtnJWHQ 1SDWiRE2aXl7SJoyJAu7jaUTGKWXzStD2wpkBIJ1IZ+avxf8zxRt3y6x ImvMjRqcobreI351nbop04aBtP7o+r0zrNQmy6FqkPiI657FMEdF1cWJ 2Q4lA0Pymgq/BadXymj/LZXpmCtnTNU6laUUGuxxaf0Fj+vcL17OvU1k sLs9/9hhAbYYedmbAAGmAqfICiLBdOPCbhsCUyq8dTa0FaEinyHCJSHJ WVZ8dBpbbr2pQnZ5ul5NCgkhhcr26IPPiZm2eww6ougsogj6kPdSSQYZ YayHzVnl8NFQ9uCwbRTryepPzZP5Vd2t ) tobez-validns-f423245/t/zones/isi-mailboxes.inc000066400000000000000000000002521314110214000213710ustar00rootroot00000000000000 MOE MB A.ISI.EDU. LARRY MB A.ISI.EDU. CURLEY MB A.ISI.EDU. STOOGES MG MOE MG LARRY MG CURLEY tobez-validns-f423245/t/zones/keyset-example.sec.000066400000000000000000000031641314110214000216450ustar00rootroot00000000000000$ORIGIN . example.sec 300 IN DNSKEY 256 3 5 ( AwEAAbqjCxtmin71unORku1IrrQx2S49KTmw 45jnlNdreCH40YmhDZo26CMiVXbq29rvUDW+ ZEJqVT5fd5GrA1wEEGbrudd2LDr5AedBK7fY TsZf/LEm32/Bu//KzynrJqyB4HSN3GIPbp3K YyY/Hl7HawOvWAd+tUHgUtes4trE/4pr ) ; key id = 516 300 IN DNSKEY 256 3 5 ( AwEAAeluubFtl7Qtw4TpuZl85abGI+HXO4ag qzv1kSLQ5tkYFGdpZyZwQcBU2znMrdw03o6d GOEQi+FeSymycLZmtsKiODsHNwgb6qdxnYm7 +n3ZiPwVhMX3gxIG64FORibWcHAyBe5AAhQA ZIqveqjnY4gwdKZJSmo9ihXBkKS4yJ6Ulopk kSxL1Iq9oXvWrd1ZqjQiSmLF/3juvBGjHVP4 CbPiXZ70UDay6Ysa1to1tHZSQshkRTClB+Dc t8er3cZ1y62yOSbPK0SlouSRplbz+ezNyqD3 c5zvz6F2AcZ4NqaTZOMWZbOowujQj3FxElaZ S+/ughQZKq3OtMN8bqc0tZ0= ) ; key id = 44427 300 IN DNSKEY 256 3 8 ( AwEAAdZOvnLtTdQjfdIqqH3stb7vI6bJlg27 3Tp4oRpnmnmgizDFtLQhnIv1Mr3AuwSWVIDe avuiyWIAtfvwy0f3EYIv8Ys5kDiKs8PE1k90 yQwfC53hxyH10GzGnAx4Sutrdkh1w4HM1nMB dlTMa0g9yxjJ0vm/T7qHzj+3dTUi84s8Du2m fMD6noy+leZ2IuX7lFca8SzDNmhUPTkXuFrB /QUuoY2FyThfidT+nhOQpzftVtLcta0E0Uv3 PcVDp1d7vBXsAEYGHr54r2vb3eXdOTmoFyh/ byehUlPq1gDEH0mBRlWbUHqbGnKyolz0dR01 u8SJYP6ULwx0mZ0p5BmoMH8= ) ; key id = 48381 300 IN DNSKEY 256 3 10 ( AwEAAcZdPacjnWNuQKCF8CPmUW1/NUxI/G7x dbwrU9lOuAD3sw14rLw2NTzpbC/bubt2aHQ0 nc1duoK0x3DjhAURWki/1O1Yvr2ffQRVpWS+ WjRKCqTjuPrrdImeKdWEdnDl3l5kQpsxx++E IHrDnqiVhBHJdVB70A/I7i5/HiD8HgVooR3I XVyxbT4walrarrhHWEBcXcNbvadg2rc492wS 86zbSmK8iV1e7t6U5iBYmsQjc7TVhBT7xqar knECGC8L/9o/R1zfSzSN+ay+dI45t+jOOLgW p5gmjsI/mXhoO6GqX8rbZoV7/DQyAR5rATJH W1eausJhOgE2wBJgl6V0XbM= ) ; key id = 1862 tobez-validns-f423245/t/zones/manyerrors.zone000066400000000000000000000173361314110214000212420ustar00rootroot00000000000000$FUNNYDIRECTIVE $ORIGIN galaxyplus.org. $ORIGINBUTNOTREALLY $ORIGIN?BUTNOTREALLY $ORIGIN ; no origin $ORIGIN galaxyplus.org. muhaha. $TTL 5M $TTLAST $TTL.AST $TTL ; no ttl $TTL not a number $TTL 1z $TTL 1mz $TTL 1m z $INCLUDESSIMO x.yz $INCLUDE\SSIMO x.yz $ $%^&$# something @ A 1.2.3.4 ; SOA must be the first @ NS some.ns.ws. ; SOA must be the first @ SOA meow. grau. 201101144500 1H 30M 1W 5M ; the serial is honestly too large @ SOA ns1.catpipe.net. hostmaster.catpipe.net. ( 2011011400 ; Serial 1H ; Refresh 30M ; Retry 1W ; Expire 5M ) ; Minimum TTL SOA ns1.catpipe.net. hostmaster.catpipe.net. ( ; this will be skipped 2011011400 ; Serial 1H ; Refresh 30M ; Retry 1W ; Expire 5M ) ; Minimum TTL SOA ns1.catpipe.net. hostmaster.catpipe.net. ( ; this will be an error 2011011401 ; Serial 1H ; Refresh 30M ; Retry 1W ; Expire 5M ) ; Minimum TTL NS ns1.catpipe.net. NS ns2.catpipe.net. NS NS ns2.catpipe.net. garbage A 194.28.255.11 A A 194.28.255.11 garbage A 257.17.81.54 A this.is.not.an.a. AAAA 2001:2010:1::feef AAAA AAAA 2001:2010:1::feef garbage AAAA 2001:2010:1::feeL AAAA this.is.not.an.aaaa. MX 5 horch.tobez.org. MX MX 5 MX 5 horch.tobez.org. garbage singlens NS x.y.z xy IN 300 A 194.28.255.11 xy IN 400 A 194.28.255.12 ; bad length for SHA-256 _443._tcp.www IN TLSA ( 0 0 1 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9 ) ; bad length for SHA-512 _8443._tcp.www IN TLSA ( 1 1 2 92003ba34942dc74152e2f2c408d29ec a5a520e7f2e06bb944f4dca346baf63c 1b177615d466f6c4b71c216a50292bd5 8c9ebdd2f74e38fe51ffd48c43326cbcaa ) ; bad hex encoding _25._tcp.mail IN TLSA ( 3 0 0 30820307308201efa003020102020 ) ; bad certificate usage _1._tcp.www IN TLSA ( 4 0 1 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9 ) _10._tcp.www IN TLSA ( x 0 1 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9 ) ; bad selector _2._tcp.www IN TLSA ( 0 2 1 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9 ) _20._tcp.www IN TLSA ( 0 x 1 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9 ) ; bad matching type _3._tcp.www IN TLSA ( 0 0 3 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9 ) _30._tcp.www IN TLSA ( 0 0 x d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9 ) ; policy bad domain name for TLSA tlsa IN TLSA ( 0 0 1 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9aa ) _30._xtp.www IN TLSA ( 0 0 1 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9aa ) ; policy bad domain name for SMIMEA smimea IN SMIMEA ( 0 0 1 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9aa ) 93f1e400f26708f98cb19d936620da35eec8f72e57f9eec01c1afd6._smimecert.www IN SMIMEA ( 0 0 1 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9aa ) c93f1e400f26708f98cb19d936620da35eec8f72e57f9eec01c1afd6._xmimecert.www IN SMIMEA ( 0 0 1 d2abde240d7cd3ee6b4b28c54df034b9 7983a1d16e8a410e4561cb106618e9aa ) outside.org. A 194.28.255.11 long.outside.org. A 194.28.255.11 outsidegalaxyplus.org. A 194.28.255.11 insidegalaxyplus.org.galaxyplus.org. A 194.28.255.11 www A 194.28.255.11 cvs A 194.28.255.11 v6 AAAA 2001:2010:1::feef otherdata1 CNAME a.b.c. otherdata1 CNAME x.y.z. otherdata2 CNAME a.b.c. otherdata2 A 1.2.3.4 cert CERT 3 3 177 V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBtYXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBpbiBnZW5lcmFsLg== cert CERT 3 3 MEOW V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBtYXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBpbiBnZW5lcmFsLg== cert CERT 100000 3 0 V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBtYXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBpbiBnZW5lcmFsLg== cert CERT 255 3 0 V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBtYXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBpbiBnZW5lcmFsLg== cert CERT 700 3 0 V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBtYXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBpbiBnZW5lcmFsLg== cert CERT MEOW 3 0 V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBtYXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBpbiBnZW5lcmFsLg== cert CERT pgp 100000 0 V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBtYXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBpbiBnZW5lcmFsLg== cert CERT pgp 0 0 aha!oho,== ; but this one and the next are fine cert CERT URI 0 0 V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBtYXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBpbiBnZW5lcmFsLg== cert CERT 254 1234 dsa V2Ugc2hhbGwgbmVlZCBhIG51bWJlciBvZiBtYXRoZW1hdGljYWwgaWRlYXMgYW5kIG5vdGF0aW9ucyBjb25jZXJuaW5nIGZ1bmN0aW9ucyBpbiBnZW5lcmFsLg== zzz SOA ns1.catpipe.net. hostmaster.catpipe.net. ( ; this will be an error 2011011400 ; Serial 1H ; Refresh 30M ; Retry 1W ; Expire 5M ) ; Minimum TTL xy*z A 12.13.14.15 ; name is not valid *z A 12.13.14.15 ; name: bad wildcard .xyz A 34.45.56.78 ; name cannot start with a dot .. A 34.45.56.78 ; name cannot start with a dot zzzz1 DNAME x.y.dk. blah ; garbage after valid DNAME zzzz2 DNAME x.y.dk. ; fine zzzz2 DNAME a.b.org. ; multiple DNAMEs zzzz3 DNAME a.b.org. ; fine something.zzzz3 A 1.2.3.4 ; DNAME must not have any children (but something.zzzz3.galaxyplus.org exists) zzzz4 DNAME a.b.org. ; fine zzzz4 CNAME zzzz4.a.b.org. ; CNAME and other data zzzz5 DNAME a.b.org. ; fine x.y.z.zzzz5 A 5.6.7.8 ; DNAME must not have any children (but z.zzzz5.galaxyplus.org exists) - yuck zzzz6 DNAME x.y.dk. ; fine, no induced error @ CAA ; CAA flag expected CAA 0 ; CAA tag expected CAA 45 ; CAA unrecognized flags value CAA 0 meow ; CAA unrecognized tag name CAA 0 x-y ; CAA tag is not valid CAA 0 auth ; CAA reserved tag name CAA 0 path ; CAA reserved tag name CAA 0 policy ; CAA reserved tag name CAA 0 issue ; CAA missing tag value CAA 0 issue ";" ; fine CAA 0 issue ";" blah ; garbage after valid CAA ; commented out things are not validated but probably should be ; CAA 0 issue "hello/world" ; CAA invalid issue domain CAA 0 issue "example.net" ; fine CAA 0 issue "example.net ;" ; fine ; CAA 0 issue "example.net ; sometag" ; CAA missing issue parameter value ; CAA 0 issue "example.net ; =sometag" ; CAA missing issue parameter tag ; CAA 0 issue "example.net ; sometag=somevalue othertag=othervalue" ; fine CAA 0 issuewild ";" ; fine ; CAA 0 issuewild "hello/world" ; CAA invalid issuewild domain CAA 0 issuewild "example.net" ; fine CAA 0 issuewild "example.net ;" ; fine ; CAA 0 issuewild "example.net ; sometag" ; CAA missing issuewild parameter value ; CAA 0 issuewild "example.net ; =sometag" ; CAA missing issuewild parameter tag CAA 0 issuewild "example.net ; sometag=somevalue othertag=othervalue" ; fine ; CAA 0 iodef "hello-world" ; CAA iodef value not a URL ; CAA 0 iodef "hello:world" ; CAA iodef value unrecognized URL CAA 0 iodef "mailto:tobez@tobez.org" ; fine CAA 0 iodef "http://example.net" ; fine CAA 128 iodef "https://example.net" ; fine @ SOA ns1.catpipe.net. hostmaster.catpipe.net. ( ; skipped again 2011011400 ; Serial 1H ; Refresh 30M ; Retry 1W ; Expire 5M ) ; Minimum TTL tobez-validns-f423245/t/zones/misc-regression.zone000066400000000000000000000003021314110214000221330ustar00rootroot00000000000000$ORIGIN example.com. $TTL 86400 @ IN SOA ns hostmaster 1 10800 3600 2592000 1200 IN NS ns ns IN A 192.0.2.1 xx IN TXT "a\108ias" yy IN TXT "\";" tobez-validns-f423245/t/zones/mx-ns-alias000066400000000000000000000033161314110214000202110ustar00rootroot00000000000000$TTL 1d @ IN SOA ns1.example.jp. hostmaster.example.jp. ( 1 20m 15m 4w 15m ) NS ns1.example.jp. NS ns2.examPle.jp. MX 10 maIl.example.jp. ns1 A 192.0.2.53 Ns2 CNAME ns1.example.jp. maiL CNAME ns1.example.jp. tobez-validns-f423245/t/zones/rp-policy000066400000000000000000000025441314110214000200000ustar00rootroot00000000000000$TTL 1d @ IN SOA ns1.example.jp. hostmaster.example.jp. ( 1 20m 15m 4w 15m ) NS ns1.example.jp. NS ns2.examPle.jp. ns1 A 192.0.2.53 Ns2 A 192.168.1.1 x RP mail.box y tobez-validns-f423245/t/zones/simple-1035000066400000000000000000000010601314110214000177310ustar00rootroot00000000000000@ IN SOA VENERA Action\.domains ( 20 ; SERIAL 7200 ; REFRESH 600 ; RETRY 3600000; EXPIRE 60) ; MINIMUM NS A.ISI.EDU. NS VENERA NS VAXA MX 10 VENERA MX 20 VAXA A A 26.3.0.103 VENERA A 10.1.0.52 A 128.9.0.32 VAXA A 10.2.0.27 A 128.9.0.33 tobez-validns-f423245/t/zones/ttl-regression.zone000066400000000000000000000002461314110214000220120ustar00rootroot00000000000000$ORIGIN example.com. $TTL 86400 @ IN SOA ns hostmaster 1 10800 3600 2592000 1200 IN NS ns $TTL 600 ns IN A 192.0.2.1 tobez-validns-f423245/t/zones/ttl.zone000066400000000000000000000002361314110214000176330ustar00rootroot00000000000000$ORIGIN example.com. @ IN 200 SOA ns hostmaster 1 10800 3600 2592000 1200 IN NS ns $TTL 600 ns IN A 192.0.2.1 tobez-validns-f423245/technical-notes.mdwn000066400000000000000000000053021314110214000205000ustar00rootroot00000000000000# validns technical notes ## Data structures considerations - the whole parsed zone must be loaded into memory - some validations work on individual records - thus, whole zone traversal is needed - some validations work on records sorted in a particular way - the "canonical order" described here http://tools.ietf.org/html/rfc4034#section-6.1 - thus, this traversal should be in this canonical order - Judy is a good way to quickly find and iterate over string-indexed data - but it uses normal lexicographic sort order - is it possible to map the names in such a way that the result, sorted lexicographically, will correspond to the canonical order? - if we agree that labels cannot contain chr(0) - this, strictly speaking, is possible - but we ignore that this can be seen in practice - and, if we agree that labels cannot contain chr(1) - same as above - possible, but it's not within "IN" class - then we can reverse the name and use chr(1) as the label separator - we could just use chr(0) as the label separator, but then we cannot use normal C-style strings, so the code will be somewhat more complex - some validations apply to given names - need quick retrieval of all records with a given name - some validations require complete RR sets - need quick retrieval of all records in a given RR set ## Memory requirements and execution speed Naturally, memory usage is much higher on 64-bit platforms. For a 4 million records zone, it eats around 700 MB on a 64-bit platform, and only around 400 MB on a 32-bit platform. It also looks that 32-bit version is somewhat faster than 64-bit one, although I did not do a strict comparison - the tested machines were not the same. ## TODO The todo list is not complete by its nature. - proper manual page - a test for every error message - zone validations specified in RFC 1035 - multiple verboseness levels (`-v` option repeated) - include file support - `-I` option - embedding lua for flexible validations - "policy validations" - `-p policy-file` option - `-r policy-rule` option (maybe?) - better platform support - `stpcpy()` might not be everywhere ## DONE The done list is not complete. - (./) usage() function - (./) options support (`getopt`) - (./) $TTL support - (./) $ORIGIN support - (./) `-z` option for initial ORIGIN - (./) master file support (RFC 1035, section 5) - (./) see whether there were changes to it - `-v` option for verbose - (./) `-q` option for extra quiet - (./) `-f` option (die on first error) - (./) `-s` option - produce validation summary/statistics - (./) nice CPAN module for external programs output testing? - (./) looks like Test::Command::Simple is what I want - (./) wire RDATA format - (./) NSEC3 parsing tobez-validns-f423245/textparse.c000066400000000000000000000653501314110214000167250ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include "common.h" #include "carp.h" #include "mempool.h" #include "textparse.h" #include "base64.h" #include "base32hex.h" int empty_line_or_comment(char *s) { while (isspace(*s)) s++; if (!*s) return 1; if (*s == ';') return 1; return 0; } char *skip_white_space(char *s) { while (isspace(*s)) s++; if (*s == ';') { while (*s) s++; } if (*s == 0) { if (file_info->paren_mode) { if (read_zone_line()) { return skip_white_space(file_info->buf); } else { return bitch("unexpected end of file"); } } } if (*s == '(') { if (file_info->paren_mode) { return bitch("unexpected opening parenthesis"); } else { file_info->paren_mode = 1; s++; return skip_white_space(s); } } if (*s == ')') { if (file_info->paren_mode) { file_info->paren_mode = 0; s++; return skip_white_space(s); } else { return bitch("unexpected closing parenthesis"); } } return s; } static char *extract_name_slow(char **input, char *what, int options) { char buf[1024]; char *t = buf; char *s = *input; int d, l, ol; while (1) { if (isalnum(*s) || *s == '_' || *s == '.' || *s == '-' || *s == '/' || ((options & DOLLAR_OK_IN_NAMES) && *s == '$')) { if (t-buf >= 1022) return bitch("name too long"); *t++ = *s++; } else if (*s == '\\') { s++; if (isdigit(*s)) { d = *s - '0'; s++; if (!isdigit(*s)) return bitch("bad escape sequence"); d = d*10 + *s - '0'; s++; if (!isdigit(*s)) return bitch("bad escape sequence"); d = d*10 + *s - '0'; s++; if (d > 255) return bitch("bad escape sequence"); if (d == '.') return bitch("a dot within a label is not currently supported"); *((unsigned char *)t) = (unsigned char)d; if (t-buf >= 1022) return bitch("name too long"); t++; } else if (*s == '.') { return bitch("a dot within a label is not currently supported"); } else if (*s) { if (t-buf >= 1022) return bitch("name too long"); *t++ = *s++; } else { return bitch("backslash in the end of the line not parsable"); } } else { break; } } if (*s && !isspace(*s) && *s != ';' && *s != ')') { return bitch("%s is not valid", what); } *t = '\0'; l = strlen(buf); if (!l) return bitch("%s should not be empty", what); if (buf[l-1] != '.') { if (!file_info->current_origin) { return bitch("do not know origin to determine %s", what); } ol = strlen(file_info->current_origin); if (file_info->current_origin[0] == '.') { if (l + ol >= 1023) return bitch("name too long"); strcat(buf, file_info->current_origin); } else { if (l + ol >= 1022) return bitch("name too long"); strcat(buf, "."); strcat(buf, file_info->current_origin); } } t = strchr(buf, '*'); if (t && (t != buf || t[1] != '.')) return bitch("%s: bad wildcard", what); if (buf[0] == '.' && buf[1] != '\0') return bitch("%s: name cannot start with a dot", what); if (strstr(buf, "..")) return bitch("%s: empty label in a name", what); *input = skip_white_space(s); if (!*input) return NULL; /* bitching's done elsewhere */ if (!(options & KEEP_CAPITALIZATION)) { t = buf; while (*t) { *t = tolower(*t); t++; } } t = quickstrdup(buf); return t; } char *extract_name(char **input, char *what, int options) { char *s = *input; char *r = NULL; char *end = NULL; char c; int wildcard = 0; if (*s == '@') { s++; if (*s && !isspace(*s) && *s != ';' && *s != ')') { return bitch("literal @ in %s is not all by itself", what); } if (!file_info->current_origin) { return bitch("do not know origin to expand @ in %s", what); } r = quickstrdup(file_info->current_origin); } else { if (!(isalnum(*s) || *s == '_' || *s == '.' || *s == '/' || ((options & DOLLAR_OK_IN_NAMES) && *s == '$'))) { if (*s == '*') { wildcard = 1; } else { if (*s == '\\') return extract_name_slow(input, what, options); return bitch("%s expected", what); } } s++; while (isalnum(*s) || *s == '.' || *s == '-' || *s == '_' || *s == '/' || ((options & DOLLAR_OK_IN_NAMES) && *s == '$')) s++; if (*s && !isspace(*s) && *s != ';' && *s != ')') { if (*s == '\\') return extract_name_slow(input, what, options); return bitch("%s is not valid", what); } if (!*s) end = s; c = *s; *s = '\0'; if (*(s-1) == '.') { r = quickstrdup(*input); } else { if (!file_info->current_origin) { return bitch("do not know origin to determine %s", what); } r = getmem(strlen(*input) + 1 + strlen(file_info->current_origin) + 1); if (file_info->current_origin[0] == '.') { strcpy(mystpcpy(r, *input), file_info->current_origin); } else { strcpy(mystpcpy(mystpcpy(r, *input), "."), file_info->current_origin); } } *s = c; } if (end) { *input = end; } else { *input = skip_white_space(s); if (!*input) return NULL; /* bitching's done elsewhere */ } if (!(options & KEEP_CAPITALIZATION)) { s = r; while (*s) { *s = tolower(*s); s++; } } if (wildcard && r[1] != '.') { return bitch("%s: bad wildcard", what); } else if (r[0] == '.' && r[1] != '\0') { return bitch("%s: name cannot start with a dot", what); } return r; } char *extract_label(char **input, char *what, void *is_temporary) { char *s = *input; char *r = NULL; char *end = NULL; if (!isalpha(*s)) { return bitch("%s expected", what); } s++; while (isalnum(*s)) s++; if (*s && !isspace(*s)) { return bitch("%s is not valid", what); } if (!*s) end = s; *s++ = '\0'; if (is_temporary) { r = quickstrdup_temp(*input); } else { r = quickstrdup(*input); } if (end) { *input = end; } else { *input = skip_white_space(s); if (!*input) return NULL; /* bitching's done elsewhere */ } s = r; while (*s) { *s = tolower(*s); s++; } return r; } long long extract_integer(char **input, char *what, const char *extra_delimiters) { char *s = *input; long long r = -1; char *end = NULL; char c; if (!isdigit(*s)) { bitch("%s expected", what); return -1; } s++; while (isdigit(*s)) s++; if (*s && !isspace(*s) && *s != ';' && *s != ')') { if (!extra_delimiters || strchr(extra_delimiters, *s) == NULL) { bitch("%s is not valid", what); return -1; } } if (!*s) end = s; c = *s; *s = '\0'; r = strtoll(*input, NULL, 10); *s = c; if (end) { *input = end; } else { *input = skip_white_space(s); if (!*input) return -1; /* bitching's done elsewhere */ } return r; } int extract_double(char **input, char *what, double *val, int skip_m) { char *s = *input; char *end = NULL; char *stop; char c; int saw_m = 0; while (isdigit(*s) || *s == '+' || *s == '-' || *s == '.') s++; if (*s && !isspace(*s) && *s != ';' && *s != ')') { if (skip_m && (*s == 'm' || *s == 'M')) { saw_m = 1; } else { bitch("%s is not valid", what); return -1; } } if (!*s) end = s; c = *s; *s = '\0'; *val = strtod(*input, &stop); if (*stop != '\0') { *s = c; bitch("%s is not valid", what); return -1; } *s = c; if (saw_m) { s++; if (*s && !isspace(*s) && *s != ';' && *s != ')') { bitch("%s is not valid", what); return -1; } } if (end) { *input = end; } else { *input = skip_white_space(s); if (!*input) return -1; /* bitching's done elsewhere */ } return 1; } long extract_timevalue(char **input, char *what) { char *s = *input; int r = 0, acc = 0; if (!isdigit(*s)) { bitch("%s expected", what); return -1; } next_component: r = 0; while (isdigit(*s)) { r *= 10; r += *s - '0'; s++; } if (tolower(*s) == 's') { s++; } else if (tolower(*s) == 'm') { r *= 60; s++; } else if (tolower(*s) == 'h') { r *= 3600; s++; } else if (tolower(*s) == 'd') { r *= 86400; s++; } else if (tolower(*s) == 'w') { r *= 604800; s++; } acc += r; if (isdigit(*s)) goto next_component; if (*s && !isspace(*s) && *s != ';' && *s != ')') { bitch("%s is not valid", what); return -1; } *input = skip_white_space(s); if (!*input) return -1; /* bitching's done elsewhere */ return acc; } long long extract_timestamp(char **input, char *what) { char *s = *input; int year = 0; int month = 0; int day = 0; int hour = 0; int minute = 0; int second = 0; long long epoch = 0; struct tm tm; if (!isdigit(*s)) { bitch("%s expected", what); return -1; } year = year*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; year = year*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; year = year*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; year = year*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; month = month*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; month = month*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; day = day*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; day = day*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; hour = hour*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; hour = hour*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; minute = minute*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; minute = minute*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; second = second*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (!isdigit(*s)) goto looks_like_epoch; second = second*10 + *s - '0'; epoch = epoch*10 + *s - '0'; s++; if (*s && !isspace(*s) && *s != ';' && *s != ')') { bitch("%s is not valid", what); return -1; } if (second > 60 || minute > 59 || hour > 23 || day < 1 || day > 31 || month > 12 || year < 1900 || year > 2037) { bitch("%s is not valid", what); return -1; } memset(&tm, 0, sizeof(tm)); tm.tm_sec = second; tm.tm_min = minute; tm.tm_hour = hour; tm.tm_mday = day; tm.tm_mon = month - 1; tm.tm_year = year - 1900; epoch = mktime(&tm); if (epoch < 0) { bitch("%s is not valid", what); return -1; } goto done; looks_like_epoch: if (*s && !isspace(*s) && *s != ';' && *s != ')') { bitch("%s is not valid", what); return -1; } done: *input = skip_white_space(s); if (!*input) return -1; /* bitching's done elsewhere */ return epoch; } int extract_ipv4(char **input, char *what, struct in_addr *addr) { char *s = *input; char c; while (isdigit(*s) || *s == '.') { s++; } if (s == *input) { bitch("%s is not valid", what); return -1; } if (*s && !isspace(*s) && *s != ';' && *s != ')') { bitch("%s is not valid", what); return -1; } c = *s; *s = 0; if (inet_pton(AF_INET, *input, addr) != 1) { *s = c; bitch("cannot parse %s", what); return -1; } *s = c; *input = skip_white_space(s); if (!*input) { return -1; /* bitching's done elsewhere */ } return 1; } int extract_ipv6(char **input, char *what, struct in6_addr *addr) { char *s = *input; char c; while (isdigit(*s) || *s == ':' || *s == '.' || (*s >= 'a' && *s <= 'f') || (*s >= 'A' && *s <= 'F')) { s++; } if (s == *input) { bitch("%s is not valid", what); return -1; } if (*s && !isspace(*s) && *s != ';' && *s != ')') { bitch("%s is not valid", what); return -1; } c = *s; *s = 0; if (inet_pton(AF_INET6, *input, addr) != 1) { *s = c; bitch("cannot parse %s", what); return -1; } *s = c; *input = skip_white_space(s); if (!*input) { return -1; /* bitching's done elsewhere */ } return 1; } int extract_u64(char **input, char *what, uint64_t *r) { char *s = *input; uint8_t result = 0; unsigned u; #define GETHEXBLOCK if (!isxdigit(*s)) { bitch("%s is not valid", what); return -1; } \ u = 0; \ while (isxdigit(*s)) { \ if (isdigit(*s)) { \ u = (u << 4) | (*s - '0'); \ } else if (*s >= 'a' && *s <= 'f') { \ u = (u << 4) | (*s - 'a' + 10); \ } else { \ u = (u << 4) | (*s - 'A' + 10); \ } \ s++; \ } \ if (u > 0xffff) { bitch("%s is not valid, hex out of range", what); return -1; } \ result = (result << 16) | u; #define SKIPCOLON if (*s != ':') { bitch("%s is not valid", what); return -1; } s++; GETHEXBLOCK; SKIPCOLON; GETHEXBLOCK; SKIPCOLON; GETHEXBLOCK; SKIPCOLON; GETHEXBLOCK; *r = result; #undef GETHEXBLOCK #undef SKIPCOLON if (*s && !isspace(*s) && *s != ';' && *s != ')') { bitch("%s is not valid", what); return -1; } *input = skip_white_space(s); if (!*input) { return -1; /* bitching's done elsewhere */ } return 1; } struct binary_data bad_binary_data(void) { struct binary_data r; r.length = -1; r.data = NULL; return r; } void dump_binary_data(FILE *f, struct binary_data d) { char *s = d.data; int mem_len = d.length; int i; char o[69]; int pos[] = { 0,3,6,9,12,15,18,21,25,28,31,34,37,40,43,46 }; char hex[] = "0123456789abcdef"; if (mem_len < 0) { fprintf(f, "\n"); return; } while (mem_len) { memset(o, ' ', 67); o[67] = '\n'; o[68] = 0; for (i = 0; i < 16 && mem_len > 0; i++, mem_len--, s++) { o[pos[i]] = hex[*s >> 4]; o[pos[i]+1] = hex[*s & 0x0f]; o[51+i] = isprint(*s) ? *s : '.'; } fprintf(f, "%s", o); } } struct binary_data extract_base64_binary_data(char **input, char *what) { char b64[4096]; int l64 = 0; char *s = *input; struct binary_data r = bad_binary_data(); int bl; while (s && *s) { if (!isalnum(*s) && *s != '=' && *s != '+' && *s != '/') { bitch("%s expected", what); return r; } while (isalnum(*s) || *s == '=' || *s == '+' || *s == '/') { if (l64 >= 4095) { bitch("%s is too long", what); return r; } b64[l64++] = *s++; } s = skip_white_space(s); } *input = s; if (!s) return r; b64[l64] = 0; bl = (l64 * 3 + 3)/4; r.data = getmem(bl); r.length = decode_base64(r.data, b64, bl); if (r.length < 0) { bitch("error decoding base64 %s", what); return r; } return r; } struct binary_data extract_base32hex_binary_data(char **input, char *what) { char b32[4096]; int l32 = 0; char *s = *input; struct binary_data r = bad_binary_data(); int bl; while ( (*s >= 'A' && *s <= 'V') || (*s >= 'a' && *s <= 'v') || (*s >= '0' && *s <= '9') || *s == '=') { if (l32 >= 4095) { bitch("%s is too long", what); return r; } b32[l32++] = *s++; } if (l32 <= 0) { bitch("%s expected", what); return r; } s = skip_white_space(s); *input = s; if (!s) return r; b32[l32] = 0; bl = (l32 * 5 + 7)/8; r.data = getmem(bl); r.length = decode_base32hex(r.data, b32, bl); if (r.length < 0) { bitch("error decoding base32hex %s", what); return r; } return r; } struct binary_data extract_text(char **input, char *what) { char *s = *input; struct binary_data r = bad_binary_data(); char *o = getmem_temp(65536); int l = 0; int c; if (*s != '"') { while (*s && !isspace(*s)) { o[l++] = *s++; } *input = skip_white_space(s); if (!*input) return r; /* bitching's done elsewhere */ o[l] = 0; r.data = getmem(l+1); r.length = l; memcpy(r.data, o, l+1); return r; } s++; more_text: while (*s && *s != '"') { if (*s == '\\') { s++; if (*s == 0) { bitch("bad backslash quoting of %s", what); return r; } else if (isdigit(*s)) { c = 0; while (isdigit(*s)) { c = c*10 + *s - '0'; s++; } o[l++] = (unsigned char)c; } else { o[l] = *s; goto new_char; } } else { o[l] = *s; new_char: if (l >= 65534) { bitch("%s string too long", what); return r; } l++; s++; } } if (!*s) { if (read_zone_line()) { s = file_info->buf; goto more_text; } else { bitch("closing quote not found while parsing %s", what); return r; } } s++; *input = skip_white_space(s); if (!*input) return r; /* bitching's done elsewhere */ o[l] = 0; r.data = getmem(l+1); r.length = l; memcpy(r.data, o, l+1); return r; } struct binary_data extract_hex_binary_data(char **input, char *what, int eat_whitespace) { char hex[4096]; char *s = *input; struct binary_data r = bad_binary_data(); int hl, hi, hb; hex[0] = '0'; hl = 1; if (s[0] == '0' && (s[1] == 'x' || s[1] == 'X')) s += 2; if (eat_whitespace == EXTRACT_DONT_EAT_WHITESPACE) { while (isxdigit(*s)) { if (hl >= 4095) { bitch("%s is too long", what); return r; } hex[hl] = *s; s++; hl++; } if (*s && !isspace(*s) && *s != ';' && *s != ')') { bitch("%s is not valid", what); return r; } *input = skip_white_space(s); } else if (eat_whitespace == EXTRACT_EAT_WHITESPACE) { while (s && *s) { if (!isxdigit(*s)) { bitch("%s expected", what); return r; } while (isxdigit(*s)) { if (hl >= 4095) { bitch("%s is too long", what); return r; } hex[hl++] = *s++; } s = skip_white_space(s); } *input = s; } else { bitch("%s: internal: invalid eat_whitespace", what); } if (!*input) return r; /* bitching's done elsewhere */ hb = hl % 2 ? 1 : 0; if (hb == 0) bitch("%s: hex data does not represent whole number of bytes", what); r.data = getmem(hl/2); r.length = hl/2; memset(r.data, 0, r.length); for (hi = 0; hi < hl-hb; hi++) { r.data[hi/2] <<= 4; r.data[hi/2] |= 0x0f & (isdigit(hex[hi+hb]) ? hex[hi+hb] - '0' : tolower(hex[hi+hb]) - 'a' + 10); } return r; } struct binary_data new_set(void) { struct binary_data set; set.length = 256*(1+1+32); set.data = getmem_temp(set.length); memset(set.data, 0, set.length); return set; } void add_bit_to_set(struct binary_data *set, int bit) { int map; int map_base; int byte; if (bit < 0 || bit > 65535) croakx(1, "bitmap index out of range"); map = bit / 256; map_base = map*(1+1+32); set->data[map_base] = map; bit = bit & 0xff; byte = bit / 8; if (set->data[map_base + 1] <= byte) set->data[map_base + 1] = byte+1; set->data[map_base + 2 + byte] |= 0x80 >> (bit & 0x07); } struct binary_data compressed_set(struct binary_data *set) { int len = 0; int map; int map_base; struct binary_data r; for (map = 0; map <= 255; map++) { map_base = map*(1+1+32); if (set->data[map_base+1]) { len += 2 + set->data[map_base+1]; } } r.length = len; r.data = getmem(r.length); len = 0; for (map = 0; map <= 255; map++) { map_base = map*(1+1+32); if (set->data[map_base+1]) { memcpy(&r.data[len], &set->data[map_base], 2 + set->data[map_base+1]); len += 2 + set->data[map_base+1]; } } return r; } struct binary_data compose_binary_data(const char *fmt, int tmp, ...) { va_list ap; const char *args; int sz; struct binary_data bd; struct binary_data r; char *t; uint8_t b1; uint16_t b2; uint32_t b4; uint64_t b8; char *bs; int bsl; va_start(ap, tmp); args = fmt; sz = 0; while (*args) { switch (*args++) { case '1': va_arg(ap, unsigned int); sz += 1; break; case '2': va_arg(ap, unsigned int); sz += 2; break; case '4': va_arg(ap, unsigned int); sz += 4; break; case '8': va_arg(ap, uint64_t); sz += 8; break; case 'd': bd = va_arg(ap, struct binary_data); sz += bd.length; break; case 'b': bd = va_arg(ap, struct binary_data); if (bd.length > 255) croak(5, "compose_binary_data: 'b' data too long"); sz += bd.length + 1; break; case 'B': bd = va_arg(ap, struct binary_data); if (bd.length > 65535) croak(5, "compose_binary_data: 'B' data too long"); sz += bd.length + 2; break; case 's': bs = va_arg(ap, char *); bsl = strlen(bs); if (bsl > 255) croak(5, "compose_binary_data: 's' string too long"); sz += bsl + 1; break; default: croak(5, "compose_binary_data: bad format"); } } va_end(ap); r.length = sz; r.data = tmp ? getmem_temp(sz) : getmem(sz); t = r.data; va_start(ap, tmp); args = fmt; while (*args) { switch (*args++) { case '1': b1 = (uint8_t)va_arg(ap, unsigned int); memcpy(t, &b1, 1); t += 1; break; case '2': b2 = htons(va_arg(ap, unsigned int)); memcpy(t, &b2, 2); t += 2; break; case '4': b4 = htonl(va_arg(ap, unsigned int)); memcpy(t, &b4, 4); t += 4; break; case '8': b8 = htonl(va_arg(ap, uint64_t)); memcpy(t, &b8, 8); t += 8; break; case 'd': bd = va_arg(ap, struct binary_data); memcpy(t, bd.data, bd.length); t += bd.length; break; case 'b': bd = va_arg(ap, struct binary_data); b1 = (uint8_t)bd.length; memcpy(t, &b1, 1); t += 1; memcpy(t, bd.data, bd.length); t += bd.length; break; case 'B': bd = va_arg(ap, struct binary_data); b2 = htons(bd.length); memcpy(t, &b2, 2); t += 2; memcpy(t, bd.data, bd.length); t += bd.length; break; case 's': bs = va_arg(ap, char *); bsl = strlen(bs); b1 = (uint8_t)bsl; memcpy(t, &b1, 1); t += 1; memcpy(t, bs, bsl); t += bsl; break; default: croak(5, "compose_binary_data: bad format"); } } va_end(ap); return r; } /* implementation taken from FreeBSD's libc (minus the __restrict keyword) */ char * mystpcpy(char *to, const char *from) { for (; (*to = *from); ++from, ++to); return(to); } size_t mystrlcat(char *dst, const char *src, size_t siz) { char *d = dst; const char *s = src; size_t n = siz; size_t dlen; /* Find the end of dst and adjust bytes left but don't go past end */ while (n-- != 0 && *d != '\0') d++; dlen = d - dst; n = siz - dlen; if (n == 0) return(dlen + strlen(s)); while (*s != '\0') { if (n != 1) { *d++ = *s; n--; } s++; } *d = '\0'; return(dlen + (s - src)); /* count does not include NUL */ } tobez-validns-f423245/textparse.h000066400000000000000000000050741314110214000167270ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #ifndef _TEXTPARSE_H_ #define _TEXTPARSE_H_ #include struct binary_data { int length; char *data; }; void dump_binary_data(FILE *f, struct binary_data d); struct binary_data compose_binary_data(const char *fmt, int tmp, ...); /* * Format: * 1 - byte * 2 - 16-bit, will convert to network byte order * 4 - 32-bit, will convert to network byte order * d - another binary structure, will incorporate its data * b - another binary structure, will incorporate its data, * and prepend the length as a byte (fatal error on overflow) * B - another binary structure, will incorporate its data, * and prepend the length as a 16-bit word in NBO, * fatal error on overflow * s - a NULL-terminated string, will incorporate the string * without the NULL byte, and prepend the string length as a byte * (fatal error on overflow) * tmp : allocate temp storage if true, permanent if false * */ #define KEEP_CAPITALIZATION 32 #define DOLLAR_OK_IN_NAMES 64 int empty_line_or_comment(char *s); char *skip_white_space(char *s); char *extract_name(char **input, char *what, int options); char *extract_label(char **input, char *what, void *is_temporary); long long extract_integer(char **input, char *what, const char *extra_delimiters); long extract_timevalue(char **input, char *what); long long extract_timestamp(char **input, char *what); int extract_ipv4(char **input, char *what, struct in_addr *addr); int extract_ipv6(char **input, char *what, struct in6_addr *addr); int extract_u64(char **input, char *what, uint64_t *r); int extract_double(char **input, char *what, double *val, int skip_m); struct binary_data extract_base32hex_binary_data(char **input, char *what); struct binary_data extract_base64_binary_data(char **input, char *what); struct binary_data extract_text(char **input, char *what); #define EXTRACT_DONT_EAT_WHITESPACE 0 #define EXTRACT_EAT_WHITESPACE 1 struct binary_data extract_hex_binary_data(char **input, char *what, int eat_whitespace); struct binary_data bad_binary_data(void); /* for NSEC/NSEC3 sets */ struct binary_data new_set(void); void add_bit_to_set(struct binary_data *set, int bit); struct binary_data compressed_set(struct binary_data *set); char *mystpcpy(char *to, const char *from); /* stpcpy(3) is not available everywhere */ size_t mystrlcat(char *dst, const char *src, size_t siz); /* so is strlcat */ char *read_zone_line(void); #endif tobez-validns-f423245/threads.c000066400000000000000000000014621314110214000163320ustar00rootroot00000000000000#include #include #ifdef __GLIBC__ #include #elif defined(__APPLE__) || defined(__FreeBSD__) #include #include #endif /* supposedly, #if defined(PTW32_VERSION) || defined(__hpux) return pthread_num_processors_np(); but I cannot verify that at the moment */ #if defined(__GLIBC__) int ncpus(void) { return get_nprocs(); } #elif defined(__APPLE__) || defined(__FreeBSD__) int ncpus(void) { int count; size_t size=sizeof(count); return sysctlbyname("hw.ncpu",&count,&size,NULL,0) ? 0 : count; } #else int ncpus(void) { return 0; } /* "Don't know */ #endif /* Supposedly, sysconf() can also be used in some cases: #include int const count=sysconf(_SC_NPROCESSORS_ONLN); return (count>0)?count:0; */ tobez-validns-f423245/tlsa.c000066400000000000000000000110301314110214000156330ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" /* See http://www.rfc-editor.org/internet-drafts/draft-ietf-dane-protocol-23.txt * for TLSA description. * See https://tools.ietf.org/html/draft-ietf-dane-smime-16 * for SMIMEA description. */ static struct rr* tlsa_smimea_parse(char *name, long ttl, int type, char *s) { struct rr_tlsa_smimea *rr = getmem(sizeof(*rr)); int cert_usage, selector, matching_type; cert_usage = extract_integer(&s, "certificate usage field", NULL); if (cert_usage < 0) return NULL; if (cert_usage > 3) return bitch("bad certificate usage field"); rr->cert_usage = cert_usage; selector = extract_integer(&s, "selector field", NULL); if (selector < 0) return NULL; if (selector > 1) return bitch("bad selector field"); rr->selector = selector; matching_type = extract_integer(&s, "matching type field", NULL); if (matching_type < 0) return NULL; if (matching_type > 2) return bitch("bad matching type field"); rr->matching_type = matching_type; rr->association_data = extract_hex_binary_data(&s, "certificate association data", EXTRACT_EAT_WHITESPACE); if (rr->association_data.length < 0) return NULL; switch (rr->matching_type) { case 1: if (rr->association_data.length != SHA256_BYTES) return bitch("bad SHA-256 hash length"); break; case 2: if (rr->association_data.length != SHA512_BYTES) return bitch("bad SHA-512 hash length"); break; } if (*s) { return bitch("garbage after valid %s data", type == T_TLSA ? "TLSA" : "SMIMEA"); } return store_record(type, name, ttl, rr); } static char* tlsa_smimea_human(struct rr *rrv) { RRCAST(tlsa_smimea); char s[1024]; snprintf(s, 1024, "%d %d %d ...", rr->cert_usage, rr->selector, rr->matching_type); return quickstrdup_temp(s); } static struct binary_data tlsa_smimea_wirerdata(struct rr *rrv) { RRCAST(tlsa_smimea); return compose_binary_data("111d", 1, rr->cert_usage, rr->selector, rr->matching_type, rr->association_data); } static void* tlsa_validate_set(struct rr_set *rr_set) { struct rr *rr; struct named_rr *named_rr; char *s; int port = 0; int len; if (G.opt.policy_checks[POLICY_TLSA_HOST]) { rr = rr_set->tail; named_rr = rr_set->named_rr; /* _25._tcp.mail.example.com. */ s = named_rr->name; if (*s != '_') { not_a_prefixed_domain_name: return moan(rr->file_name, rr->line, "not a proper prefixed DNS domain name"); } s++; while (isdigit(*s)) { port = port * 10 + *s - '0'; s++; } if (port <= 0 || port > 65535) goto not_a_prefixed_domain_name; if (*s++ != '.') goto not_a_prefixed_domain_name; len = strlen(s); if (len < 6) goto not_a_prefixed_domain_name; if (memcmp(s, "_tcp.", 5) != 0 && memcmp(s, "_udp.", 5) != 0 && memcmp(s, "_sctp.", 6) != 0) goto not_a_prefixed_domain_name; } return NULL; } static void* smimea_validate_set(struct rr_set *rr_set) { struct rr *rr; struct named_rr *named_rr; char *s; int hash_len = 0; int len; if (G.opt.policy_checks[POLICY_SMIMEA_HOST]) { rr = rr_set->tail; named_rr = rr_set->named_rr; /* c93f1e400f26708f98cb19d936620da35eec8f72e57f9eec01c1afd6._smimecert.example.com. */ s = named_rr->name; while (isxdigit(*s)) { hash_len++; s++; } if (*s++ != '.' || hash_len != 56) { not_a_proper_smimea_domainname: return moan(rr->file_name, rr->line, "not a proper domain name for an SMIMEA record"); } len = strlen(s); if (len < 11) goto not_a_proper_smimea_domainname; if (memcmp(s, "_smimecert.", 11) != 0) goto not_a_proper_smimea_domainname; } return NULL; } struct rr_methods tlsa_methods = { tlsa_smimea_parse, tlsa_smimea_human, tlsa_smimea_wirerdata, tlsa_validate_set, NULL }; struct rr_methods smimea_methods = { tlsa_smimea_parse, tlsa_smimea_human, tlsa_smimea_wirerdata, smimea_validate_set, NULL }; tobez-validns-f423245/todo.mdwn000066400000000000000000000033161314110214000163700ustar00rootroot00000000000000Goals / development milestones / features for validns: 1. Requirements for an initial public release (missing functionality/doc) Task/feature/functionality % done Descr ----------------------------------------------------------------------------- - understand all standard rdtypes 80 - currently missing: AFSDB, APL, CERT, DHCID, DLV, DNAME, HIP, IPSECKEY, KEY, KX, SIG, SPF, TA, TKEY - initial user documentation 30 2. Performance and other non-critical enhancements - speed up signature verification 0 - the initial parsing cannot (and possibly other operations) be easily parallelized, via using multiple threads but signature checks can - add an incremental checks mode 0 - store hashes of succesfully (do not do expensive verified records verifications which were done previously, provided the records did not change) 3. Nice to have features, for post-release - user-defined policy checks via 0 - lua API shall provide lua embedding (split out convenient means to access syntactical and policy validation) and search records, so that policy checks involving relationships between records can be implemented by the user - speed up signature verification 0 - requires significan via GPU crypto offload amount of experimentation tobez-validns-f423245/txt.c000066400000000000000000000041351314110214000155170ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" /* XXX Does not accept multiple character-strings */ static struct rr *txt_parse(char *name, long ttl, int type, char *s) { struct rr_txt *rr; struct binary_data txt; struct rr_txt_segment *first = NULL; struct rr_txt_segment *last = NULL; struct rr_txt_segment *cur = NULL; int i; i = 0; while (*s) { freeall_temp(); txt = extract_text(&s, "text segment"); if (txt.length < 0) return NULL; if (txt.length > 255) return bitch("TXT segment too long"); i++; cur = getmem(sizeof(*cur)); cur->txt = txt; cur->next = NULL; if (!first) first = cur; if (last) last->next = cur; last = cur; } if (i == 0) return bitch("empty text record"); rr = getmem(sizeof(*rr)); rr->count = i; rr->txt = first; return store_record(type, name, ttl, rr); } static char* txt_human(struct rr *rrv) { RRCAST(txt); char ss[1024]; char *s = ss; int l; struct rr_txt_segment *seg = rr->txt; while (seg) { /* XXX would be nice to escape " with \ in strings */ l = snprintf(s, 1024-(s-ss), "\"%s\" ", seg->txt.data); s += l; seg = seg->next; } return quickstrdup_temp(ss); } static struct binary_data txt_wirerdata(struct rr *rrv) { RRCAST(txt); struct binary_data r, t; struct rr_txt_segment *seg = rr->txt; r = bad_binary_data(); t.length = 0; t.data = NULL; while (seg) { r = compose_binary_data("db", 1, t, seg->txt); t = r; seg = seg->next; } return r; } struct rr_methods txt_methods = { txt_parse, txt_human, txt_wirerdata, NULL, NULL }; tobez-validns-f423245/usage.mdwn000066400000000000000000000116261314110214000165320ustar00rootroot00000000000000% VALIDNS(1) % Anton Berezin % April 2011 # NAME validns - DNS and DSNSEC zone file validator # VERSION This document describes validns version 0.8 # SYNOPSIS validns *-h* validns [*options*] *zone-file* For validating stdin, specify "-" in place of *zone-file*. # DESCRIPTION Coming soon. # OPTIONS -h : Produce usage text and quit. -f : Quit on first validation error. Normally, `validns` continues working on a zone after encountering a parsing or validation error. -p *name* : Activate policy check *name*. By default, only basic checks and DNSSEC checks are performed. This option can be specified multiple times. See **POLICY CHECKS**, below, for details. The following names are understood: - single-ns - cname-other-data - dname - dnskey - nsec3param-not-apex - mx-alias - ns-alias - rp-txt-exists - tlsa-host - ksk-exists - smimea-host - all -n *N* : Use N worker threads for parallelizable operations. The default is 0, meaning no parallelization. Currently only signature verification is parallelizable. -q : quiet - do not produce any output -s : Print validation summary/stats. If specified twice, also print record counts by type. -v : be extra verbose -M : use SOA MINTTL as the default TTL when no TTL specified -I *path* : use this path for $INCLUDE files -z *origin* : use this origin as initial $ORIGIN -t *epoch-time* : Use specified time instead of the current time when verifying validity of the signatures. This option may be specified multiple times, in which case every signature is checked against all specified times. # BASIC CHECKS Every record and every supported directive should be parsable, which consitutes the most basic check of all. The `validns` program will report the exact reason why it cannot parse a record or a directive. Other basic checks include: - there could only be one SOA in a zone; - the first record in the zone must be an SOA record; - a record outside the apex; - TTL values differ within an RR set (excepting *RRSIG*); # DNSSEC CHECKS - *type* exists, but NSEC does not mention it for *name*; - NSEC mentions *type*, but no such record found for *name*; - NSEC says *x* is the last name, but *z* exists; - NSEC says *z* comes after *x*, but nothing does; - NSEC says *z* comes after *x*, but *y* does; - signature is too new; - signature is too old; - RRSIG exists for non-existing type *type*; - RRSIG's original TTL differs from corresponding record's; - RRSIG(*type*): cannot find a signer key; - RRSIG(*type*): cannot verify the signature; - RRSIG(*type*): cannot find the right signer key; - NSEC3 record name is not valid; - multiple NSEC3 with the same record name; - no corresponding NSEC3 found for *name*; - *type* exists, but NSEC3 does not mention it for *name*; - NSEC3 mentions *type*, but no such record found for *name*; - there are more record types than NSEC3 mentions for *name*; - broken NSEC3 chain, expected *name*, but nothing found; - broken NSEC3 chain, expected *name1*, but found *name2*; - NSEC3 without a corresponding record (or empty non-terminal). # POLICY CHECKS - there should be at least two NS records per name (or zero); - CNAME and other data (excluding possible RRSIG and NSEC); - DNAME checks: no multiple DNAMEs, no descendants of a node with a DNAME; please note that DNAME/CNAME clash is handled by CNAME and other data check already; - DNSKEY checks: public key too short, leading zero octets in public key exponent or modulus; - NSEC3PARAM, if present, should only be at the zone apex. - MX exchange should not be an alias - NS nsdname should not be an alias - TXT domain name mentioned in RP record must have a corresponding TXT record if it is within the zone - domain name of a TLSA record must be a proper prefixed DNS name - a KSK key must exist in a signed zone - domain name must have the form which is proper for an SMIMEA record # BUGS - textual segments in *TXT* and *HINFO* must be enclosed in double quotes; - a dot within a label is not currently supported; If at least one NSEC3 record uses opt-out flag, `validns` assumes it is used as much as possible, that is, every unsigned delegation does not have a corresponding NSEC3 record. This is done for reasons of efficiency, to avoid calculating cryptographic hashes of every unsigned delegation. If this assumption is wrong for a zone, `validns` will produce spurious validation errors. # ACKNOWLEDGEMENTS Thanks go to Andy Holdaway, Daniel Stirnimann, Dennis Kjaer Jensen, Goran Bengtson, Hirohisa Yamaguchi, Hugo Salgado, Jake Zack, Jakob Schlyter, Koh-ichi Ito, Mathieu Arnold, Miek Gieben, Patrik Wallstrom, Paul Wouters, Ryan Eby, Tony Finch, Willem Toorop, and YAMAGUCHI Takanori for bug reports, testing, discussions, and occasional patches. Special thanks to Stephane Bortzmeyer and Phil Regnauld. Thanks for AFNIC which funded major portion of the development. Thanks for SWITCH for additional funding. tobez-validns-f423245/validns.1000066400000000000000000000134641314110214000162630ustar00rootroot00000000000000.TH "VALIDNS" "1" "April 2011" "" "" .SH NAME .PP validns \- DNS and DSNSEC zone file validator .SH VERSION .PP This document describes validns version 0.8 .SH SYNOPSIS .PP validns \f[I]\-h\f[] validns [\f[I]options\f[]] \f[I]zone\-file\f[] .PP For validating stdin, specify "\-" in place of \f[I]zone\-file\f[]. .SH DESCRIPTION .PP Coming soon. .SH OPTIONS .TP .B \-h Produce usage text and quit. .RS .RE .TP .B \-f Quit on first validation error. Normally, \f[C]validns\f[] continues working on a zone after encountering a parsing or validation error. .RS .RE .TP .B \-p \f[I]name\f[] Activate policy check \f[I]name\f[]. By default, only basic checks and DNSSEC checks are performed. This option can be specified multiple times. See \f[B]POLICY CHECKS\f[], below, for details. The following names are understood: .RS .IP \[bu] 2 single\-ns .IP \[bu] 2 cname\-other\-data .IP \[bu] 2 dname .IP \[bu] 2 dnskey .IP \[bu] 2 nsec3param\-not\-apex .IP \[bu] 2 mx\-alias .IP \[bu] 2 ns\-alias .IP \[bu] 2 rp\-txt\-exists .IP \[bu] 2 tlsa\-host .IP \[bu] 2 ksk\-exists .IP \[bu] 2 smimea\-host .IP \[bu] 2 all .RE .TP .B \-n \f[I]N\f[] Use N worker threads for parallelizable operations. The default is 0, meaning no parallelization. Currently only signature verification is parallelizable. .RS .RE .TP .B \-q quiet \- do not produce any output .RS .RE .TP .B \-s Print validation summary/stats. If specified twice, also print record counts by type. .RS .RE .TP .B \-v be extra verbose .RS .RE .TP .B \-M use SOA MINTTL as the default TTL when no TTL specified .RS .RE .TP .B \-I \f[I]path\f[] use this path for $INCLUDE files .RS .RE .TP .B \-z \f[I]origin\f[] use this origin as initial $ORIGIN .RS .RE .TP .B \-t \f[I]epoch\-time\f[] Use specified time instead of the current time when verifying validity of the signatures. This option may be specified multiple times, in which case every signature is checked against all specified times. .RS .RE .SH BASIC CHECKS .PP Every record and every supported directive should be parsable, which consitutes the most basic check of all. The \f[C]validns\f[] program will report the exact reason why it cannot parse a record or a directive. .PP Other basic checks include: .IP \[bu] 2 there could only be one SOA in a zone; .IP \[bu] 2 the first record in the zone must be an SOA record; .IP \[bu] 2 a record outside the apex; .IP \[bu] 2 TTL values differ within an RR set (excepting \f[I]RRSIG\f[]); .SH DNSSEC CHECKS .IP \[bu] 2 \f[I]type\f[] exists, but NSEC does not mention it for \f[I]name\f[]; .IP \[bu] 2 NSEC mentions \f[I]type\f[], but no such record found for \f[I]name\f[]; .IP \[bu] 2 NSEC says \f[I]x\f[] is the last name, but \f[I]z\f[] exists; .IP \[bu] 2 NSEC says \f[I]z\f[] comes after \f[I]x\f[], but nothing does; .IP \[bu] 2 NSEC says \f[I]z\f[] comes after \f[I]x\f[], but \f[I]y\f[] does; .IP \[bu] 2 signature is too new; .IP \[bu] 2 signature is too old; .IP \[bu] 2 RRSIG exists for non\-existing type \f[I]type\f[]; .IP \[bu] 2 RRSIG\[aq]s original TTL differs from corresponding record\[aq]s; .IP \[bu] 2 RRSIG(\f[I]type\f[]): cannot find a signer key; .IP \[bu] 2 RRSIG(\f[I]type\f[]): cannot verify the signature; .IP \[bu] 2 RRSIG(\f[I]type\f[]): cannot find the right signer key; .IP \[bu] 2 NSEC3 record name is not valid; .IP \[bu] 2 multiple NSEC3 with the same record name; .IP \[bu] 2 no corresponding NSEC3 found for \f[I]name\f[]; .IP \[bu] 2 \f[I]type\f[] exists, but NSEC3 does not mention it for \f[I]name\f[]; .IP \[bu] 2 NSEC3 mentions \f[I]type\f[], but no such record found for \f[I]name\f[]; .IP \[bu] 2 there are more record types than NSEC3 mentions for \f[I]name\f[]; .IP \[bu] 2 broken NSEC3 chain, expected \f[I]name\f[], but nothing found; .IP \[bu] 2 broken NSEC3 chain, expected \f[I]name1\f[], but found \f[I]name2\f[]; .IP \[bu] 2 NSEC3 without a corresponding record (or empty non\-terminal). .SH POLICY CHECKS .IP \[bu] 2 there should be at least two NS records per name (or zero); .IP \[bu] 2 CNAME and other data (excluding possible RRSIG and NSEC); .IP \[bu] 2 DNAME checks: no multiple DNAMEs, no descendants of a node with a DNAME; please note that DNAME/CNAME clash is handled by CNAME and other data check already; .IP \[bu] 2 DNSKEY checks: public key too short, leading zero octets in public key exponent or modulus; .IP \[bu] 2 NSEC3PARAM, if present, should only be at the zone apex. .IP \[bu] 2 MX exchange should not be an alias .IP \[bu] 2 NS nsdname should not be an alias .IP \[bu] 2 TXT domain name mentioned in RP record must have a corresponding TXT record if it is within the zone .IP \[bu] 2 domain name of a TLSA record must be a proper prefixed DNS name .IP \[bu] 2 a KSK key must exist in a signed zone .IP \[bu] 2 domain name must have the form which is proper for an SMIMEA record .SH BUGS .IP \[bu] 2 textual segments in \f[I]TXT\f[] and \f[I]HINFO\f[] must be enclosed in double quotes; .IP \[bu] 2 a dot within a label is not currently supported; .PP If at least one NSEC3 record uses opt\-out flag, \f[C]validns\f[] assumes it is used as much as possible, that is, every unsigned delegation does not have a corresponding NSEC3 record. This is done for reasons of efficiency, to avoid calculating cryptographic hashes of every unsigned delegation. If this assumption is wrong for a zone, \f[C]validns\f[] will produce spurious validation errors. .SH ACKNOWLEDGEMENTS .PP Thanks go to Andy Holdaway, Daniel Stirnimann, Dennis Kjaer Jensen, Goran Bengtson, Hirohisa Yamaguchi, Hugo Salgado, Jake Zack, Jakob Schlyter, Koh\-ichi Ito, Mathieu Arnold, Miek Gieben, Patrik Wallstrom, Paul Wouters, Ryan Eby, Tony Finch, Willem Toorop, and YAMAGUCHI Takanori for bug reports, testing, discussions, and occasional patches. .PP Special thanks to Stephane Bortzmeyer and Phil Regnauld. .PP Thanks for AFNIC which funded major portion of the development. Thanks for SWITCH for additional funding. .SH AUTHORS Anton Berezin. tobez-validns-f423245/x25.c000066400000000000000000000027211314110214000153150ustar00rootroot00000000000000/* * Part of DNS zone file validator `validns`. * * Copyright 2011-2014 Anton Berezin * Modified BSD license. * (See LICENSE file in the distribution.) * */ #include #include #include #include #include #include #include "common.h" #include "textparse.h" #include "mempool.h" #include "carp.h" #include "rr.h" /* XXX Does not accept multiple character-strings */ static struct rr *x25_parse(char *name, long ttl, int type, char *s) { struct rr_x25 *rr = getmem(sizeof(*rr)); int i; rr->psdn_address = extract_text(&s, "PSDN-address"); if (rr->psdn_address.length < 0) return NULL; if (rr->psdn_address.length > 255) return bitch("PSDN-address too long"); if (rr->psdn_address.length < 4) return bitch("PSDN-address too short"); for (i = 0; i < rr->psdn_address.length; i++) { if (!isdigit(rr->psdn_address.data[i])) return bitch("PSDN-address contains non-digits"); } if (*s) { return bitch("garbage after valid X25 data"); } return store_record(type, name, ttl, rr); } static char* x25_human(struct rr *rrv) { RRCAST(x25); return rr->psdn_address.data; } static struct binary_data x25_wirerdata(struct rr *rrv) { RRCAST(x25); return compose_binary_data("b", 1, rr->psdn_address); } struct rr_methods x25_methods = { x25_parse, x25_human, x25_wirerdata, NULL, NULL };