[dnserr] / dnserr.in

;;; -*-dns-*-
;;;
;;; A zone filled with interestingly wrong things.

$TTL 14400

;;;--------------------------------------------------------------------------
;;; Standard zone scaffolding.

@			IN	SOA	MASTER. (
						CONTACT.
                                             2012090602      ;serial
                                                  86400      ;refresh
                                                   3600      ;retry
                                                1209600      ;expire
                                                  14400 )    ;min-ttl

SUBZONE([@])

;;;--------------------------------------------------------------------------
;;; Some wrong things.

;; Some perfectly sensible records.
a			IN	A	127.0.0.1
mx			IN	MX 69	a
_http._tcp.srv		IN	SRV 69	0 80 a

;; Various stupid indirection games.
cname			IN	CNAME	a
cname-2			IN	CNAME	cname
cname-3			IN	CNAME	cname-2
cname-mx		IN	CNAME	mx
mx-cname		IN	MX 69	cname
cname-srv		IN	CNAME	srv
_http._tcp.srv-cname	IN	SRV 69	0 80 cname

;; I promise never to define RRs for this name.
;nxdomain		IN	ANY

;; A CNAME which doesn't point to anything.
dangling-cname		IN	CNAME	nxdomain

;; A CNAME which points to itself.
loop			IN	CNAME	loop

;; I promise never to define A or AAAA records for this name.
no-address		IN	TXT	"This name has no address records."

;; A name -- in fact, an entire DNS subtree -- for which no authoritative
;; server will ever return a answer.  The address is
;; blackhole.distorted.org.uk, which drops all packets.
ns.blackhole		IN	A	BLACKHOLE
blackhole		IN	NS	ns.blackhole
			IN	DS	18693 8 1 f2ade1384e3cf158372ba16aa3a934a16104066d
			IN	DS	18693 8 2 061929cdc2de9ba7728d4e011f796d0abb54c4a5e4681469d5f1d32d78e142f0

;; A subtree for which authoritative servers will always answer REFUSED.
;; Recursive resolvers tend to turn this into SERVFAIL.
SUBZONE([refused])
			IN	DS	63860 8 1 612896152445f6f9134ba5c85a98dd62f527ec4a
			IN	DS	63860 8 2 afb31601378c19d394997f7ee2f5c59f47d1ceb4d181a559053d680f1836b31e

;; A subzone delegated to a server which doesn't think it's
;; authoritative.
SUBZONE([lame])
			IN	DS	54525 8 1 d6b4f044da02963de9d60180871b94975a001f55
			IN	DS	54525 8 2 88ab5ce80505eceba195de90e93d53fecf388aff292694f80c4ee24ab77796b9

;; I want some way of reliably provoking a SERVFAIL response from the
;; server, but I can't think of one right now.
;servfail		IN	???

;;;--------------------------------------------------------------------------
;;; DNSsec wrongness.

;; An RRset whose DNSsec signature has expired.
expired-rrsig		IN	A	127.0.0.1
;			IN	RRSIG	?

;; An RRset whose signature is incorrect.
invalid-rrsigx		IN	A	127.0.0.1
;			IN	RRSIG	?

;; A delegation with an incorrect DS record.
SUBZONE([wrong-ds])
wrong-ds		IN	DS	8224 8 1 c12019d5604e3e4b0e0efb7c62c00021b5943e95
wrong-ds		IN	DS	8224 8 2 1541dfc4f64f26f5685a27bd0bdaac1ecb24b36f49e2d573d62646185978b78b

;;;----- That's all, folks --------------------------------------------------
Commit	Line	Data
2ff79b43 MW	1	;;; --dns--
	2	;;;
	3	;;; A zone filled with interestingly wrong things.
	4
	5	$TTL 14400
	6
	7	;;;--------------------------------------------------------------------------
	8	;;; Standard zone scaffolding.
	9
	10	@ IN SOA MASTER. (
	11	CONTACT.
91c0bba0	12	2012090602 ;serial
2ff79b43 MW	13	86400 ;refresh
	14	3600 ;retry
	15	1209600 ;expire
	16	14400 ) ;min-ttl
	17
	18	SUBZONE([@])
	19
	20	;;;--------------------------------------------------------------------------
	21	;;; Some wrong things.
	22
	23	;; Some perfectly sensible records.
	24	a IN A 127.0.0.1
	25	mx IN MX 69 a
	26	_http._tcp.srv IN SRV 69 0 80 a
	27
	28	;; Various stupid indirection games.
	29	cname IN CNAME a
	30	cname-2 IN CNAME cname
	31	cname-3 IN CNAME cname-2
	32	cname-mx IN CNAME mx
	33	mx-cname IN MX 69 cname
	34	cname-srv IN CNAME srv
91c0bba0	35	_http._tcp.srv-cname IN SRV 69 0 80 cname
2ff79b43 MW	36
	37	;; I promise never to define RRs for this name.
	38	;nxdomain IN ANY
	39
	40	;; A CNAME which doesn't point to anything.
	41	dangling-cname IN CNAME nxdomain
	42
	43	;; A CNAME which points to itself.
	44	loop IN CNAME loop
	45
	46	;; I promise never to define A or AAAA records for this name.
	47	no-address IN TXT "This name has no address records."
	48
	49	;; A name -- in fact, an entire DNS subtree -- for which no authoritative
	50	;; server will ever return a answer. The address is
	51	;; blackhole.distorted.org.uk, which drops all packets.
	52	ns.blackhole IN A BLACKHOLE
	53	blackhole IN NS ns.blackhole
	54	IN DS 18693 8 1 f2ade1384e3cf158372ba16aa3a934a16104066d
	55	IN DS 18693 8 2 061929cdc2de9ba7728d4e011f796d0abb54c4a5e4681469d5f1d32d78e142f0
	56
	57	;; A subtree for which authoritative servers will always answer REFUSED.
	58	;; Recursive resolvers tend to turn this into SERVFAIL.
	59	SUBZONE([refused])
	60	IN DS 63860 8 1 612896152445f6f9134ba5c85a98dd62f527ec4a
	61	IN DS 63860 8 2 afb31601378c19d394997f7ee2f5c59f47d1ceb4d181a559053d680f1836b31e
	62
	63	;; A subzone delegated to a server which doesn't think it's
	64	;; authoritative.
	65	SUBZONE([lame])
	66	IN DS 54525 8 1 d6b4f044da02963de9d60180871b94975a001f55
	67	IN DS 54525 8 2 88ab5ce80505eceba195de90e93d53fecf388aff292694f80c4ee24ab77796b9
	68
	69	;; I want some way of reliably provoking a SERVFAIL response from the
	70	;; server, but I can't think of one right now.
	71	;servfail IN ???
	72
	73	;;;--------------------------------------------------------------------------
	74	;;; DNSsec wrongness.
	75
	76	;; An RRset whose DNSsec signature has expired.
	77	expired-rrsig IN A 127.0.0.1
	78	; IN RRSIG ?
	79
	80	;; An RRset whose signature is incorrect.
	81	invalid-rrsigx IN A 127.0.0.1
	82	; IN RRSIG ?
	83
	84	;; A delegation with an incorrect DS record.
	85	SUBZONE([wrong-ds])
	86	wrong-ds IN DS 8224 8 1 c12019d5604e3e4b0e0efb7c62c00021b5943e95
	87	wrong-ds IN DS 8224 8 2 1541dfc4f64f26f5685a27bd0bdaac1ecb24b36f49e2d573d62646185978b78b
	88
2ff79b43	89	;;;----- That's all, folks --------------------------------------------------