;;; -*-dns-*-
;;;
;;; A zone filled with interestingly wrong things.

$TTL 14400

;;;--------------------------------------------------------------------------
;;; Standard zone scaffolding.

@			IN	SOA	MASTER. (
						CONTACT.
                                             2012090602      ;serial
                                                  86400      ;refresh
                                                   3600      ;retry
                                                1209600      ;expire
                                                  14400 )    ;min-ttl

SUBZONE([@])

;;;--------------------------------------------------------------------------
;;; Some wrong things.

;; Some perfectly sensible records.
a			IN	A	127.0.0.1
mx			IN	MX 69	a
_http._tcp.srv		IN	SRV 69	0 80 a

;; Various stupid indirection games.
cname			IN	CNAME	a
cname-2			IN	CNAME	cname
cname-3			IN	CNAME	cname-2
cname-mx		IN	CNAME	mx
mx-cname		IN	MX 69	cname
cname-srv		IN	CNAME	srv
_http._tcp.srv-cname	IN	SRV 69	0 80 cname

;; I promise never to define RRs for this name.
;nxdomain		IN	ANY

;; A CNAME which doesn't point to anything.
dangling-cname		IN	CNAME	nxdomain

;; A CNAME which points to itself.
loop			IN	CNAME	loop

;; I promise never to define A or AAAA records for this name.
no-address		IN	TXT	"This name has no address records."

;; A name -- in fact, an entire DNS subtree -- for which no authoritative
;; server will ever return a answer.  The address is
;; blackhole.distorted.org.uk, which drops all packets.
ns.blackhole		IN	A	BLACKHOLE
blackhole		IN	NS	ns.blackhole
			IN	DS	18693 8 1 f2ade1384e3cf158372ba16aa3a934a16104066d
			IN	DS	18693 8 2 061929cdc2de9ba7728d4e011f796d0abb54c4a5e4681469d5f1d32d78e142f0

;; A subtree for which authoritative servers will always answer REFUSED.
;; Recursive resolvers tend to turn this into SERVFAIL.
SUBZONE([refused])
			IN	DS	63860 8 1 612896152445f6f9134ba5c85a98dd62f527ec4a
			IN	DS	63860 8 2 afb31601378c19d394997f7ee2f5c59f47d1ceb4d181a559053d680f1836b31e

;; A subzone delegated to a server which doesn't think it's
;; authoritative.
SUBZONE([lame])
			IN	DS	54525 8 1 d6b4f044da02963de9d60180871b94975a001f55
			IN	DS	54525 8 2 88ab5ce80505eceba195de90e93d53fecf388aff292694f80c4ee24ab77796b9

;; I want some way of reliably provoking a SERVFAIL response from the
;; server, but I can't think of one right now.
;servfail		IN	???

;;;--------------------------------------------------------------------------
;;; DNSsec wrongness.

;; An RRset whose DNSsec signature has expired.
expired-rrsig		IN	A	127.0.0.1
;			IN	RRSIG	?

;; An RRset whose signature is incorrect.
invalid-rrsigx		IN	A	127.0.0.1
;			IN	RRSIG	?

;; A delegation with an incorrect DS record.
SUBZONE([wrong-ds])
wrong-ds		IN	DS	8224 8 1 c12019d5604e3e4b0e0efb7c62c00021b5943e95
wrong-ds		IN	DS	8224 8 2 1541dfc4f64f26f5685a27bd0bdaac1ecb24b36f49e2d573d62646185978b78b

;;;----- That's all, folks --------------------------------------------------