Commit | Line | Data |
---|---|---|
2ff79b43 MW |
1 | ;;; -*-dns-*- |
2 | ;;; | |
3 | ;;; A zone filled with interestingly wrong things. | |
4 | ||
5 | $TTL 14400 | |
6 | ||
7 | ;;;-------------------------------------------------------------------------- | |
8 | ;;; Standard zone scaffolding. | |
9 | ||
10 | @ IN SOA MASTER. ( | |
11 | CONTACT. | |
91c0bba0 | 12 | 2012090602 ;serial |
2ff79b43 MW |
13 | 86400 ;refresh |
14 | 3600 ;retry | |
15 | 1209600 ;expire | |
16 | 14400 ) ;min-ttl | |
17 | ||
18 | SUBZONE([@]) | |
19 | ||
20 | ;;;-------------------------------------------------------------------------- | |
21 | ;;; Some wrong things. | |
22 | ||
23 | ;; Some perfectly sensible records. | |
24 | a IN A 127.0.0.1 | |
25 | mx IN MX 69 a | |
26 | _http._tcp.srv IN SRV 69 0 80 a | |
27 | ||
28 | ;; Various stupid indirection games. | |
29 | cname IN CNAME a | |
30 | cname-2 IN CNAME cname | |
31 | cname-3 IN CNAME cname-2 | |
32 | cname-mx IN CNAME mx | |
33 | mx-cname IN MX 69 cname | |
34 | cname-srv IN CNAME srv | |
91c0bba0 | 35 | _http._tcp.srv-cname IN SRV 69 0 80 cname |
2ff79b43 MW |
36 | |
37 | ;; I promise never to define RRs for this name. | |
38 | ;nxdomain IN ANY | |
39 | ||
40 | ;; A CNAME which doesn't point to anything. | |
41 | dangling-cname IN CNAME nxdomain | |
42 | ||
43 | ;; A CNAME which points to itself. | |
44 | loop IN CNAME loop | |
45 | ||
46 | ;; I promise never to define A or AAAA records for this name. | |
47 | no-address IN TXT "This name has no address records." | |
48 | ||
49 | ;; A name -- in fact, an entire DNS subtree -- for which no authoritative | |
50 | ;; server will ever return a answer. The address is | |
51 | ;; blackhole.distorted.org.uk, which drops all packets. | |
52 | ns.blackhole IN A BLACKHOLE | |
53 | blackhole IN NS ns.blackhole | |
54 | IN DS 18693 8 1 f2ade1384e3cf158372ba16aa3a934a16104066d | |
55 | IN DS 18693 8 2 061929cdc2de9ba7728d4e011f796d0abb54c4a5e4681469d5f1d32d78e142f0 | |
56 | ||
57 | ;; A subtree for which authoritative servers will always answer REFUSED. | |
58 | ;; Recursive resolvers tend to turn this into SERVFAIL. | |
59 | SUBZONE([refused]) | |
60 | IN DS 63860 8 1 612896152445f6f9134ba5c85a98dd62f527ec4a | |
61 | IN DS 63860 8 2 afb31601378c19d394997f7ee2f5c59f47d1ceb4d181a559053d680f1836b31e | |
62 | ||
63 | ;; A subzone delegated to a server which doesn't think it's | |
64 | ;; authoritative. | |
65 | SUBZONE([lame]) | |
66 | IN DS 54525 8 1 d6b4f044da02963de9d60180871b94975a001f55 | |
67 | IN DS 54525 8 2 88ab5ce80505eceba195de90e93d53fecf388aff292694f80c4ee24ab77796b9 | |
68 | ||
69 | ;; I want some way of reliably provoking a SERVFAIL response from the | |
70 | ;; server, but I can't think of one right now. | |
71 | ;servfail IN ??? | |
72 | ||
73 | ;;;-------------------------------------------------------------------------- | |
74 | ;;; DNSsec wrongness. | |
75 | ||
76 | ;; An RRset whose DNSsec signature has expired. | |
77 | expired-rrsig IN A 127.0.0.1 | |
78 | ; IN RRSIG ? | |
79 | ||
80 | ;; An RRset whose signature is incorrect. | |
81 | invalid-rrsigx IN A 127.0.0.1 | |
82 | ; IN RRSIG ? | |
83 | ||
84 | ;; A delegation with an incorrect DS record. | |
85 | SUBZONE([wrong-ds]) | |
86 | wrong-ds IN DS 8224 8 1 c12019d5604e3e4b0e0efb7c62c00021b5943e95 | |
87 | wrong-ds IN DS 8224 8 2 1541dfc4f64f26f5685a27bd0bdaac1ecb24b36f49e2d573d62646185978b78b | |
88 | ||
2ff79b43 | 89 | ;;;----- That's all, folks -------------------------------------------------- |