chiark - git - mdw - dnserr/blob - dnserr.in

   1 ;;; -*-dns-*-
   2 ;;;
   3 ;;; A zone filled with interestingly wrong things.
   4
   5 $TTL 14400
   6
   7 ;;;--------------------------------------------------------------------------
   8 ;;; Standard zone scaffolding.
   9
  10 @                       IN      SOA     MASTER. (
  11                                                 CONTACT.
  12                                              2014050408      ;serial
  13                                                   86400      ;refresh
  14                                                    3600      ;retry
  15                                                 1209600      ;expire
  16                                                   14400 )    ;min-ttl
  17
  18 SUBZONE([@])
  19
  20 ;;;--------------------------------------------------------------------------
  21 ;;; Some wrong things.
  22
  23 ;; Some perfectly sensible records.
  24 a                       IN      A       198.51.100.16
  25 aaaa                    IN      AAAA    2001:db8::1
  26 addr                    IN      A       198.51.100.17
  27                         IN      AAAA    2001:db8::2
  28 maddr                   IN      A       198.51.100.1
  29                         IN      A       198.51.100.2
  30                         IN      A       192.0.2.1
  31                         IN      A       192.0.2.2
  32                         IN      A       203.0.113.1
  33                         IN      A       203.0.113.2
  34                         IN      AAAA    2001:db8:1::1
  35                         IN      AAAA    2001:db8:1::2
  36                         IN      AAAA    2001:db8:2::1
  37                         IN      AAAA    2001:db8:2::2
  38                         IN      AAAA    2001:db8:3::1
  39                         IN      AAAA    2001:db8:3::2
  40 mx                      IN      MX 69   maddr
  41                         IN      MX 69   a
  42                         IN      MX 69   aaaa
  43                         IN      MX 70   addr
  44 _http._tcp.srv          IN      SRV 69  3 80 maddr
  45                         IN      SRV 69  1 80 a
  46                         IN      SRV 69  1 80 aaaa
  47                         IN      SRV 70  1 80 addr
  48
  49 ;; Various stupid indirection games.
  50 cname                   IN      CNAME   a
  51 cname-2                 IN      CNAME   cname
  52 cname-3                 IN      CNAME   cname-2
  53 cname-mx                IN      CNAME   mx
  54 mx-cname                IN      MX 69   cname
  55 cname-srv               IN      CNAME   srv
  56 _http._tcp.srv-cname    IN      SRV 69  0 80 cname
  57
  58 ;; I promise never to define RRs for this name.
  59 ;nxdomain               IN      ANY
  60
  61 ;; A CNAME which doesn't point to anything.
  62 dangling-cname          IN      CNAME   nxdomain
  63
  64 ;; A CNAME which points to itself.
  65 loop                    IN      CNAME   loop
  66
  67 ;; I promise never to define A or AAAA records for this name.
  68 no-address              IN      TXT     "This name has no address records."
  69
  70 ;; A name -- in fact, an entire DNS subtree -- for which no authoritative
  71 ;; server will ever return a answer.  The address is
  72 ;; blackhole.distorted.org.uk, which drops all packets.
  73 ns.blackhole            IN      A       BLACKHOLE
  74 blackhole               IN      NS      ns.blackhole
  75                         IN      DS      18693 8 1 f2ade1384e3cf158372ba16aa3a934a16104066d
  76                         IN      DS      18693 8 2 061929cdc2de9ba7728d4e011f796d0abb54c4a5e4681469d5f1d32d78e142f0
  77
  78 ;; A subtree for which authoritative servers will always answer REFUSED.
  79 ;; Recursive resolvers tend to turn this into SERVFAIL.
  80 SUBZONE([refused])
  81                         IN      DS      63860 8 1 612896152445f6f9134ba5c85a98dd62f527ec4a
  82                         IN      DS      63860 8 2 afb31601378c19d394997f7ee2f5c59f47d1ceb4d181a559053d680f1836b31e
  83
  84 ;; A subzone delegated to a server which doesn't think it's
  85 ;; authoritative.
  86 SUBZONE([lame])
  87                         IN      DS      54525 8 1 d6b4f044da02963de9d60180871b94975a001f55
  88                         IN      DS      54525 8 2 88ab5ce80505eceba195de90e93d53fecf388aff292694f80c4ee24ab77796b9
  89
  90 ;; I want some way of reliably provoking a SERVFAIL response from the
  91 ;; server, but I can't think of one right now.
  92 ;servfail               IN      ???
  93
  94 ;;;--------------------------------------------------------------------------
  95 ;;; DNSsec wrongness.
  96
  97 ;; An RRset whose DNSsec signature has expired.
  98 expired-rrsig           IN      A       127.0.0.1
  99                         IN      AAAA    ::1
 100 ;                       IN      RRSIG   ?
 101
 102 ;; An RRset whose signature is incorrect.
 103 invalid-rrsig           IN      A       127.0.0.1
 104                         IN      AAAA    ::1
 105 ;                       IN      RRSIG   ?
 106
 107 ;; A delegation with an incorrect DS record.
 108 SUBZONE([wrong-ds])
 109 wrong-ds                IN      DS      8224 8 1 c12019d5604e3e4b0e0efb7c62c00021b5943e95
 110 wrong-ds                IN      DS      8224 8 2 1541dfc4f64f26f5685a27bd0bdaac1ecb24b36f49e2d573d62646185978b78b
 111
 112 ;;;----- That's all, folks --------------------------------------------------