Initial version. Very rough, particularly the build system.

[dnserr] / dnserr.in

;;; -*-dns-*-
;;;
;;; A zone filled with interestingly wrong things.

$TTL 14400

;;;--------------------------------------------------------------------------
;;; Standard zone scaffolding.

@                       IN      SOA     MASTER. (
                                                CONTACT.
                                             2012033109      ;serial
                                                  86400      ;refresh
                                                   3600      ;retry
                                                1209600      ;expire
                                                  14400 )    ;min-ttl

SUBZONE([@])

;;;--------------------------------------------------------------------------
;;; Some wrong things.

;; Some perfectly sensible records.
a                       IN      A       127.0.0.1
mx                      IN      MX 69   a
_http._tcp.srv          IN      SRV 69  0 80 a

;; Various stupid indirection games.
cname                   IN      CNAME   a
cname-2                 IN      CNAME   cname
cname-3                 IN      CNAME   cname-2
cname-mx                IN      CNAME   mx
mx-cname                IN      MX 69   cname
cname-srv               IN      CNAME   srv
srv-cname               IN      SRV 69  0 80 cname

;; I promise never to define RRs for this name.
;nxdomain               IN      ANY

;; A CNAME which doesn't point to anything.
dangling-cname          IN      CNAME   nxdomain

;; A CNAME which points to itself.
loop                    IN      CNAME   loop

;; I promise never to define A or AAAA records for this name.
no-address              IN      TXT     "This name has no address records."

;; A name -- in fact, an entire DNS subtree -- for which no authoritative
;; server will ever return a answer.  The address is
;; blackhole.distorted.org.uk, which drops all packets.
ns.blackhole            IN      A       BLACKHOLE
blackhole               IN      NS      ns.blackhole
                        IN      DS      18693 8 1 f2ade1384e3cf158372ba16aa3a934a16104066d
                        IN      DS      18693 8 2 061929cdc2de9ba7728d4e011f796d0abb54c4a5e4681469d5f1d32d78e142f0

;; A subtree for which authoritative servers will always answer REFUSED.
;; Recursive resolvers tend to turn this into SERVFAIL.
SUBZONE([refused])
                        IN      DS      63860 8 1 612896152445f6f9134ba5c85a98dd62f527ec4a
                        IN      DS      63860 8 2 afb31601378c19d394997f7ee2f5c59f47d1ceb4d181a559053d680f1836b31e

;; A subzone delegated to a server which doesn't think it's
;; authoritative.
SUBZONE([lame])
                        IN      DS      54525 8 1 d6b4f044da02963de9d60180871b94975a001f55
                        IN      DS      54525 8 2 88ab5ce80505eceba195de90e93d53fecf388aff292694f80c4ee24ab77796b9

;; I want some way of reliably provoking a SERVFAIL response from the
;; server, but I can't think of one right now.
;servfail               IN      ???

;;;--------------------------------------------------------------------------
;;; DNSsec wrongness.

;; An RRset whose DNSsec signature has expired.
expired-rrsig           IN      A       127.0.0.1
;                       IN      RRSIG   ?

;; An RRset whose signature is incorrect.
invalid-rrsigx          IN      A       127.0.0.1
;                       IN      RRSIG   ?

;; A delegation with an incorrect DS record.
SUBZONE([wrong-ds])
wrong-ds                IN      DS      8224 8 1 c12019d5604e3e4b0e0efb7c62c00021b5943e95
wrong-ds                IN      DS      8224 8 2 1541dfc4f64f26f5685a27bd0bdaac1ecb24b36f49e2d573d62646185978b78b


;;;----- That's all, folks --------------------------------------------------