| 1 | ;;; -*-dns-*- |
| 2 | ;;; |
| 3 | ;;; A zone filled with interestingly wrong things. |
| 4 | |
| 5 | $TTL 14400 |
| 6 | |
| 7 | ;;;-------------------------------------------------------------------------- |
| 8 | ;;; Standard zone scaffolding. |
| 9 | |
| 10 | @ IN SOA MASTER. ( |
| 11 | CONTACT. |
| 12 | 2012090602 ;serial |
| 13 | 86400 ;refresh |
| 14 | 3600 ;retry |
| 15 | 1209600 ;expire |
| 16 | 14400 ) ;min-ttl |
| 17 | |
| 18 | SUBZONE([@]) |
| 19 | |
| 20 | ;;;-------------------------------------------------------------------------- |
| 21 | ;;; Some wrong things. |
| 22 | |
| 23 | ;; Some perfectly sensible records. |
| 24 | a IN A 127.0.0.1 |
| 25 | mx IN MX 69 a |
| 26 | _http._tcp.srv IN SRV 69 0 80 a |
| 27 | |
| 28 | ;; Various stupid indirection games. |
| 29 | cname IN CNAME a |
| 30 | cname-2 IN CNAME cname |
| 31 | cname-3 IN CNAME cname-2 |
| 32 | cname-mx IN CNAME mx |
| 33 | mx-cname IN MX 69 cname |
| 34 | cname-srv IN CNAME srv |
| 35 | _http._tcp.srv-cname IN SRV 69 0 80 cname |
| 36 | |
| 37 | ;; I promise never to define RRs for this name. |
| 38 | ;nxdomain IN ANY |
| 39 | |
| 40 | ;; A CNAME which doesn't point to anything. |
| 41 | dangling-cname IN CNAME nxdomain |
| 42 | |
| 43 | ;; A CNAME which points to itself. |
| 44 | loop IN CNAME loop |
| 45 | |
| 46 | ;; I promise never to define A or AAAA records for this name. |
| 47 | no-address IN TXT "This name has no address records." |
| 48 | |
| 49 | ;; A name -- in fact, an entire DNS subtree -- for which no authoritative |
| 50 | ;; server will ever return a answer. The address is |
| 51 | ;; blackhole.distorted.org.uk, which drops all packets. |
| 52 | ns.blackhole IN A BLACKHOLE |
| 53 | blackhole IN NS ns.blackhole |
| 54 | IN DS 18693 8 1 f2ade1384e3cf158372ba16aa3a934a16104066d |
| 55 | IN DS 18693 8 2 061929cdc2de9ba7728d4e011f796d0abb54c4a5e4681469d5f1d32d78e142f0 |
| 56 | |
| 57 | ;; A subtree for which authoritative servers will always answer REFUSED. |
| 58 | ;; Recursive resolvers tend to turn this into SERVFAIL. |
| 59 | SUBZONE([refused]) |
| 60 | IN DS 63860 8 1 612896152445f6f9134ba5c85a98dd62f527ec4a |
| 61 | IN DS 63860 8 2 afb31601378c19d394997f7ee2f5c59f47d1ceb4d181a559053d680f1836b31e |
| 62 | |
| 63 | ;; A subzone delegated to a server which doesn't think it's |
| 64 | ;; authoritative. |
| 65 | SUBZONE([lame]) |
| 66 | IN DS 54525 8 1 d6b4f044da02963de9d60180871b94975a001f55 |
| 67 | IN DS 54525 8 2 88ab5ce80505eceba195de90e93d53fecf388aff292694f80c4ee24ab77796b9 |
| 68 | |
| 69 | ;; I want some way of reliably provoking a SERVFAIL response from the |
| 70 | ;; server, but I can't think of one right now. |
| 71 | ;servfail IN ??? |
| 72 | |
| 73 | ;;;-------------------------------------------------------------------------- |
| 74 | ;;; DNSsec wrongness. |
| 75 | |
| 76 | ;; An RRset whose DNSsec signature has expired. |
| 77 | expired-rrsig IN A 127.0.0.1 |
| 78 | ; IN RRSIG ? |
| 79 | |
| 80 | ;; An RRset whose signature is incorrect. |
| 81 | invalid-rrsigx IN A 127.0.0.1 |
| 82 | ; IN RRSIG ? |
| 83 | |
| 84 | ;; A delegation with an incorrect DS record. |
| 85 | SUBZONE([wrong-ds]) |
| 86 | wrong-ds IN DS 8224 8 1 c12019d5604e3e4b0e0efb7c62c00021b5943e95 |
| 87 | wrong-ds IN DS 8224 8 2 1541dfc4f64f26f5685a27bd0bdaac1ecb24b36f49e2d573d62646185978b78b |
| 88 | |
| 89 | ;;;----- That's all, folks -------------------------------------------------- |