| 1 | ; This is a testing zone file for use when testing DNS handling in Exim. This |
| 2 | ; is a fake zone of no real use. The zone name is |
| 3 | ; test.ex. This file is passed through the substitution mechanism before being |
| 4 | ; used by the fakens auxiliary program. This inserts the actual IP addresses |
| 5 | ; of the local host into the zone. |
| 6 | |
| 7 | ; NOTE (1): apart from ::1, IPv6 addresses must always have 8 components. Do |
| 8 | ; not abbreviate them by using the :: feature. Leading zeros in components may, |
| 9 | ; however, be omitted. |
| 10 | |
| 11 | ; NOTE (2): the fakens program is very simple and assumes that the buffer into |
| 12 | ; which is puts the response is always going to be big enough. In other words, |
| 13 | ; the expectation is for just a few RRs for each query. |
| 14 | |
| 15 | ; NOTE (3): the top-level networks for testing addresses are parameterized by |
| 16 | ; the use of V4NET and V6NET. These networks should be such that no real |
| 17 | ; host ever uses them. |
| 18 | ; |
| 19 | ; Several prefixes may be used, see the source in src/fakens.c for a complete list |
| 20 | ; and description. |
| 21 | |
| 22 | test.ex. NS exim.test.ex. |
| 23 | test.ex. SOA exim.test.ex. hostmaster.exim.test.ex 1430683638 1200 120 604800 3600 |
| 24 | |
| 25 | test.ex. TXT "A TXT record for test.ex." |
| 26 | s/lash TXT "A TXT record for s/lash.test.ex." |
| 27 | |
| 28 | cname CNAME test.ex. |
| 29 | |
| 30 | ptr PTR data.for.ptr.test.ex. |
| 31 | |
| 32 | ; Standard localhost handling |
| 33 | |
| 34 | localhost A 127.0.0.1 |
| 35 | localhost AAAA ::1 |
| 36 | |
| 37 | ; This name exists only if qualified; it is never automatically qualified |
| 38 | |
| 39 | dontqualify A V4NET.255.255.254 |
| 40 | |
| 41 | ; A host with upper case letters in its canonical name |
| 42 | |
| 43 | UpperCase A 127.0.0.1 |
| 44 | |
| 45 | ; A host with punycoded UTF-8 characters used for its lookup ( mx.π.test.ex ) |
| 46 | |
| 47 | mx.xn--1xa A V4NET.255.255.255 |
| 48 | |
| 49 | ; A non-standard name for localhost |
| 50 | |
| 51 | thishost A 127.0.0.1 |
| 52 | localhost4 A 127.0.0.1 |
| 53 | |
| 54 | ; A localhost with short TTL |
| 55 | |
| 56 | TTL=2 shorthost A 127.0.0.1 |
| 57 | |
| 58 | |
| 59 | ; Something that gives both the IP and the loopback |
| 60 | |
| 61 | thisloop A HOSTIPV4 |
| 62 | A 127.0.0.1 |
| 63 | |
| 64 | ; Something that gives an unreachable IP and the loopback |
| 65 | |
| 66 | badloop A V4NET.0.0.1 |
| 67 | A 127.0.0.1 |
| 68 | |
| 69 | ; Another host with both A and AAAA records |
| 70 | |
| 71 | 46 A V4NET.0.0.4 |
| 72 | AAAA V6NET:ffff:836f:0a00:000a:0800:200a:c031 |
| 73 | |
| 74 | ; And another |
| 75 | |
| 76 | 46b A V4NET.0.0.5 |
| 77 | AAAA V6NET:ffff:836f:0a00:000a:0800:200a:c033 |
| 78 | |
| 79 | ; A working IPv4 address and a non-working IPv6 address, with different |
| 80 | ; names so they can have different MX values |
| 81 | |
| 82 | 46c AAAA V6NET:ffff:836f:0a00:000a:0800:200a:c033 |
| 83 | 46d A HOSTIPV4 |
| 84 | |
| 85 | ; A host with just a non-local IPv6 address |
| 86 | |
| 87 | v6 AAAA V6NET:ffff:836f:0a00:000a:0800:200a:c032 |
| 88 | |
| 89 | ; Alias A and CNAME records for the local host, under the name "eximtesthost" |
| 90 | ; Make the A covered by DNSSEC and add a TLSA for it. |
| 91 | |
| 92 | eximtesthost A HOSTIPV4 |
| 93 | alias-eximtesthost CNAME eximtesthost.test.ex. |
| 94 | |
| 95 | ; A bad CNAME |
| 96 | |
| 97 | badcname CNAME rhubarb.test.ex. |
| 98 | |
| 99 | ; Test a name containing an underscore |
| 100 | |
| 101 | a_b A 99.99.99.99 |
| 102 | |
| 103 | ; The reverse registration for this name is an empty string |
| 104 | |
| 105 | empty A V4NET.255.255.255 |
| 106 | |
| 107 | ; Some IPv6 stuff |
| 108 | |
| 109 | eximtesthost.ipv6 AAAA HOSTIPV6 |
| 110 | test2.ipv6 AAAA V6NET:2101:12:1:a00:20ff:fe86:a062 |
| 111 | test3.ipv6 AAAA V6NET:1234:5:6:7:8:abc:0d |
| 112 | |
| 113 | ; A case of forward and backward pointers disagreeing |
| 114 | |
| 115 | badA A V4NET.99.99.99 |
| 116 | badB A V4NET.99.99.98 |
| 117 | |
| 118 | ; A host with multiple names in different (sub) domains |
| 119 | ; These are intended to be within test.ex - absence of final dots is deliberate |
| 120 | |
| 121 | x.gov.uk A V4NET.99.99.97 |
| 122 | x.co.uk A V4NET.99.99.97 |
| 123 | |
| 124 | ; A host, the reverse lookup of whose IP address gives this name plus another |
| 125 | ; that does not forward resolve to the same address |
| 126 | |
| 127 | oneback A V4NET.99.99.90 |
| 128 | host1.masq A V4NET.90.90.90 |
| 129 | |
| 130 | ; Fake hosts are registered in the V4NET.0.0.0 subnet. In the past, the |
| 131 | ; 10.0.0.0/8 network was used; hence the names of the hosts. |
| 132 | |
| 133 | ten-1 A V4NET.0.0.1 |
| 134 | ten-2 A V4NET.0.0.2 |
| 135 | ten-3 A V4NET.0.0.3 |
| 136 | ten-3-alias A V4NET.0.0.3 |
| 137 | ten-3xtra A V4NET.0.0.3 |
| 138 | ten-4 A V4NET.0.0.4 |
| 139 | ten-5 A V4NET.0.0.5 |
| 140 | ten-6 A V4NET.0.0.6 |
| 141 | ten-5-6 A V4NET.0.0.5 |
| 142 | A V4NET.0.0.6 |
| 143 | |
| 144 | ten-99 A V4NET.0.0.99 |
| 145 | |
| 146 | black-1 A V4NET.11.12.13 |
| 147 | black-2 A V4NET.11.12.14 |
| 148 | |
| 149 | myhost A V4NET.10.10.10 |
| 150 | myhost2 A V4NET.10.10.10 |
| 151 | |
| 152 | other1 A V4NET.12.4.5 |
| 153 | other2 A V4NET.12.3.1 |
| 154 | A V4NET.12.3.2 |
| 155 | |
| 156 | other99 A V4NET.99.0.1 |
| 157 | |
| 158 | testsub.sub A V4NET.99.0.3 |
| 159 | |
| 160 | ; This one's real name really is recurse.test.ex.test.ex. It is done like |
| 161 | ; this for testing host widening, without getting tangled up in qualify issues. |
| 162 | |
| 163 | recurse.test.ex A V4NET.99.0.2 |
| 164 | |
| 165 | ; a CNAME pointing to a name with both ipv4 and ipv6 A-records |
| 166 | ; and one with only ipv4 |
| 167 | |
| 168 | cname46 CNAME localhost |
| 169 | cname4 CNAME thishost |
| 170 | |
| 171 | ; -------- Testing RBL records ------- |
| 172 | |
| 173 | ; V4NET.11.12.13 is deliberately not reverse-registered |
| 174 | |
| 175 | 13.12.11.V4NET.rbl A 127.0.0.2 |
| 176 | TXT "This is a test blacklisting message" |
| 177 | TTL=2 14.12.11.V4NET.rbl A 127.0.0.2 |
| 178 | TXT "This is a test blacklisting message" |
| 179 | 15.12.11.V4NET.rbl A 127.0.0.2 |
| 180 | TXT "This is a very long blacklisting message, continuing for ages and ages and certainly being longer than 128 characters which was a previous limit on the length that Exim was prepared to handle." |
| 181 | |
| 182 | 14.12.11.V4NET.rbl2 A 127.0.0.2 |
| 183 | TXT "This is a test blacklisting2 message" |
| 184 | 16.12.11.V4NET.rbl2 A 127.0.0.2 |
| 185 | TXT "This is a test blacklisting2 message" |
| 186 | |
| 187 | 14.12.11.V4NET.rbl3 A 127.0.0.2 |
| 188 | TXT "This is a test blacklisting3 message" |
| 189 | 15.12.11.V4NET.rbl3 A 127.0.0.3 |
| 190 | TXT "This is a very long blacklisting message, continuing for ages and ages and certainly being longer than 128 characters which was a previous limit on the length that Exim was prepared to handle." |
| 191 | |
| 192 | 20.12.11.V4NET.rbl4 A 127.0.0.6 |
| 193 | 21.12.11.V4NET.rbl4 A 127.0.0.7 |
| 194 | 22.12.11.V4NET.rbl4 A 127.0.0.128 |
| 195 | TXT "This is a test blacklisting4 message" |
| 196 | |
| 197 | 22.12.11.V4NET.rbl5 A 127.0.0.1 |
| 198 | TXT "This is a test blacklisting5 message" |
| 199 | |
| 200 | 1.13.13.V4NET.rbl CNAME non-exist.test.ex. |
| 201 | 2.13.13.V4NET.rbl A 127.0.0.1 |
| 202 | A 127.0.0.2 |
| 203 | |
| 204 | ; -------- Testing MX records -------- |
| 205 | |
| 206 | mxcased MX 5 ten-99.TEST.EX. |
| 207 | |
| 208 | ; Points to a host with both A and AAAA |
| 209 | |
| 210 | mx46 MX 46 46.test.ex. |
| 211 | |
| 212 | ; Points to two hosts with both kinds of address, equal precedence |
| 213 | |
| 214 | mx4646 MX 46 46.test.ex. |
| 215 | MX 46 46b.test.ex. |
| 216 | |
| 217 | ; Ditto, with a third IPv6 host |
| 218 | |
| 219 | mx46466 MX 46 46.test.ex. |
| 220 | MX 46 46b.test.ex. |
| 221 | MX 46 v6.test.ex. |
| 222 | |
| 223 | ; This time, change precedence |
| 224 | |
| 225 | mx46466b MX 46 46.test.ex. |
| 226 | MX 47 46b.test.ex. |
| 227 | MX 48 v6.test.ex. |
| 228 | |
| 229 | ; Points to a host with a working IPv4 and a non-working IPv6 record |
| 230 | |
| 231 | mx46cd MX 10 46c.test.ex. |
| 232 | MX 11 46d.test.ex. |
| 233 | |
| 234 | ; Two equal precedence pointing to a v4 and a v6 host |
| 235 | |
| 236 | mx246 MX 10 v6.test.ex. |
| 237 | MX 10 ten-1.test.ex. |
| 238 | |
| 239 | ; Lowest-numbered points to local host |
| 240 | |
| 241 | mxt1 MX 5 eximtesthost.test.ex. |
| 242 | |
| 243 | ; Points only to non-existent hosts |
| 244 | |
| 245 | mxt2 MX 5 not-exist.test.ex. |
| 246 | |
| 247 | ; Points to some non-existent hosts; |
| 248 | ; Lowest numbered existing points to local host |
| 249 | |
| 250 | mxt3 MX 5 not-exist.test.ex. |
| 251 | MX 6 eximtesthost.test.ex. |
| 252 | |
| 253 | ; Points to some non-existent hosts; |
| 254 | ; Lowest numbered existing points to non-local host |
| 255 | |
| 256 | mxt3r MX 5 not-exist.test.ex. |
| 257 | MX 6 exim.org. |
| 258 | |
| 259 | ; Points to an alias |
| 260 | |
| 261 | mxt4 MX 5 alias-eximtesthost.test.ex. |
| 262 | |
| 263 | ; Various combinations of precedence and local host |
| 264 | |
| 265 | mxt5 MX 5 eximtesthost.test.ex. |
| 266 | MX 5 ten-1.test.ex. |
| 267 | |
| 268 | mxt6 MX 5 ten-1.test.ex. |
| 269 | MX 6 eximtesthost.test.ex. |
| 270 | MX 6 ten-2.test.ex. |
| 271 | |
| 272 | mxt7 MX 5 ten-2.test.ex. |
| 273 | MX 6 ten-3.test.ex. |
| 274 | MX 7 eximtesthost.test.ex. |
| 275 | MX 8 ten-1.test.ex. |
| 276 | |
| 277 | mxt8 MX 5 ten-2.test.ex. |
| 278 | MX 6 ten-3.test.ex. |
| 279 | MX 7 eximtesthost.test.ex. |
| 280 | MX 7 ten-4.test.ex. |
| 281 | MX 8 ten-1.test.ex. |
| 282 | |
| 283 | ; Same host appearing twice; make some variants in different orders to |
| 284 | ; simulate a real nameserver and its round robinning |
| 285 | |
| 286 | mxt9 MX 5 ten-1.test.ex. |
| 287 | MX 6 ten-2.test.ex. |
| 288 | MX 7 ten-3.test.ex. |
| 289 | MX 8 ten-1.test.ex. |
| 290 | |
| 291 | mxt9a MX 6 ten-2.test.ex. |
| 292 | MX 7 ten-3.test.ex. |
| 293 | MX 8 ten-1.test.ex. |
| 294 | MX 5 ten-1.test.ex. |
| 295 | |
| 296 | mxt9b MX 7 ten-3.test.ex. |
| 297 | MX 8 ten-1.test.ex. |
| 298 | MX 5 ten-1.test.ex. |
| 299 | MX 6 ten-2.test.ex. |
| 300 | |
| 301 | ; MX pointing to IP address |
| 302 | |
| 303 | mxt10 MX 5 V4NET.0.0.1. |
| 304 | |
| 305 | ; Several MXs pointing to local host |
| 306 | |
| 307 | mxt11 MX 5 localhost.test.ex. |
| 308 | MX 6 localhost.test.ex. |
| 309 | |
| 310 | mxt11a MX 5 localhost.test.ex. |
| 311 | MX 6 ten-1.test.ex. |
| 312 | |
| 313 | mxt12 MX 5 local1.test.ex. |
| 314 | MX 6 local2.test.ex. |
| 315 | |
| 316 | local1 A 127.0.0.2 |
| 317 | local2 A 127.0.0.2 |
| 318 | |
| 319 | ; Some more |
| 320 | |
| 321 | mxt13 MX 4 other1.test.ex. |
| 322 | MX 5 other2.test.ex. |
| 323 | |
| 324 | ; Different hosts with same IP addresses in the list |
| 325 | |
| 326 | mxt14 MX 4 ten-5-6.test.ex. |
| 327 | MX 5 ten-5.test.ex. |
| 328 | MX 6 ten-6.test.ex. |
| 329 | |
| 330 | ; Non-local hosts with different precedence |
| 331 | |
| 332 | mxt15 MX 10 ten-1.test.ex. |
| 333 | MX 20 ten-2.test.ex. |
| 334 | |
| 335 | ; Large number of IP addresses at one MX value, and then some |
| 336 | ; at another, to check that hosts_max_try tries the MX different |
| 337 | ; values if it can. |
| 338 | |
| 339 | mxt99 MX 1 ten-1.test.ex. |
| 340 | MX 1 ten-2.test.ex. |
| 341 | MX 1 ten-3.test.ex. |
| 342 | MX 1 ten-4.test.ex. |
| 343 | MX 1 ten-5.test.ex. |
| 344 | MX 1 ten-6.test.ex. |
| 345 | MX 3 black-1.test.ex. |
| 346 | MX 3 black-2.test.ex. |
| 347 | |
| 348 | ; Special case test for @mx_any (to doublecheck a reported Exim 3 bug isn't |
| 349 | ; in Exim 4). The MX points to two names, each with multiple addresses. The |
| 350 | ; very last address is the local host. When Exim is testing, it will sort |
| 351 | ; these addresses into ascending order. |
| 352 | |
| 353 | mxt98 MX 1 98-1.test.ex. |
| 354 | MX 2 98-2.test.ex. |
| 355 | |
| 356 | 98-1 A V4NET.1.2.3 |
| 357 | A V4NET.4.5.6 |
| 358 | |
| 359 | 98-2 A V4NET.7.8.9 |
| 360 | A HOSTIPV4 |
| 361 | |
| 362 | ; IP addresses with the same MX value |
| 363 | |
| 364 | mxt97 MX 1 ten-1.test.ex. |
| 365 | MX 1 ten-2.test.ex. |
| 366 | MX 1 ten-3.test.ex. |
| 367 | MX 1 ten-4.test.ex. |
| 368 | |
| 369 | ; MX pointing to a single-component name that exists if qualified, but not |
| 370 | ; if not. We use the special name dontqualify to stop the fake resolver |
| 371 | ; qualifying it. |
| 372 | |
| 373 | mxt1c MX 1 dontqualify. |
| 374 | |
| 375 | ; MX with punycoded UTF-8 characters used for its lookup ( π.test.ex ) |
| 376 | |
| 377 | xn--1xa MX 0 mx.π.test.ex. |
| 378 | |
| 379 | ; MX with actual UTF-8 characters in its name, for allow_utf8_domains mode test |
| 380 | |
| 381 | π MX 0 mx.xn--1xa.test.ex. |
| 382 | |
| 383 | ; -------- Testing SRV records -------- |
| 384 | |
| 385 | _smtp._tcp.srv01 SRV 0 0 25 ten-1.test.ex. |
| 386 | |
| 387 | _smtp._tcp.srv02 SRV 1 3 99 ten-1.test.ex. |
| 388 | SRV 1 1 99 ten-2.test.ex. |
| 389 | SRV 3 0 66 ten-3.test.ex. |
| 390 | |
| 391 | _smtp._tcp.nosmtp SRV 0 0 0 . |
| 392 | |
| 393 | _smtp2._tcp.srv03 SRV 0 0 88 ten-4.test.ex. |
| 394 | |
| 395 | _smtp._tcp.srv27 SRV 0 0 PORT_S localhost |
| 396 | |
| 397 | |
| 398 | ; -------- With some for CSA testing plus their A records ------- |
| 399 | |
| 400 | _client._smtp.csa1 SRV 1 2 0 csa1.test.ex. |
| 401 | _client._smtp.csa2 SRV 1 1 0 csa2.test.ex. |
| 402 | |
| 403 | csa1 A V4NET.9.8.7 |
| 404 | csa2 A V4NET.9.8.8 |
| 405 | |
| 406 | ; ------- Testing DNSSEC ---------- |
| 407 | |
| 408 | mx-unsec-a-unsec MX 5 a-unsec |
| 409 | mx-unsec-a-sec MX 5 a-sec |
| 410 | DNSSEC mx-sec-a-unsec MX 5 a-unsec |
| 411 | DNSSEC mx-sec-a-sec MX 5 a-sec |
| 412 | DNSSEC mx-sec-a-aa MX 5 a-aa |
| 413 | AA mx-aa-a-sec MX 5 a-sec |
| 414 | |
| 415 | a-unsec A V4NET.0.0.100 |
| 416 | DNSSEC a-sec A V4NET.0.0.100 |
| 417 | DNSSEC l-sec A 127.0.0.1 |
| 418 | |
| 419 | AA a-aa A V4NET.0.0.100 |
| 420 | |
| 421 | ; ------- Testing DANE ------------ |
| 422 | |
| 423 | ; full suite dns chain, sha512 |
| 424 | ; |
| 425 | ; openssl x509 -in aux-fixed/cert1 -noout -pubkey \ |
| 426 | ; | openssl pkey -pubin -outform DER \ |
| 427 | ; | openssl dgst -sha512 \ |
| 428 | ; | awk '{print $2}' |
| 429 | ; |
| 430 | DNSSEC mxdane512ee MX 1 dane512ee |
| 431 | DNSSEC dane512ee A HOSTIPV4 |
| 432 | DNSSEC _1225._tcp.dane512ee TLSA 3 1 2 3d5eb81b1dfc3f93c1fa8819e3fb3fdb41bb590441d5f3811db17772f4bc6de29bdd7c4f4b723750dda871b99379192b3f979f03db1252c4f08b03ef7176528d |
| 433 | |
| 434 | ; A-only, sha256 |
| 435 | ; |
| 436 | ; openssl x509 -in aux-fixed/cert1 -noout -pubkey \ |
| 437 | ; | openssl pkey -pubin -outform DER \ |
| 438 | ; | openssl dgst -sha256 \ |
| 439 | ; | awk '{print $2}' |
| 440 | ; |
| 441 | DNSSEC dane256ee A HOSTIPV4 |
| 442 | DNSSEC _1225._tcp.dane256ee TLSA 3 1 1 2bb55f418bb03411a5007cecbfcd3ec1c94404312c0d53a44bb2166b32654db3 |
| 443 | |
| 444 | ; full MX, sha256, TA-mode |
| 445 | ; |
| 446 | ; openssl x509 -in aux-fixed/exim-ca/example.com/CA/CA.pem -fingerprint -sha256 -noout \ |
| 447 | ; | awk -F= '{print $2}' | tr -d : | tr '[A-F]' '[a-f]' |
| 448 | ; |
| 449 | DNSSEC mxdane256ta MX 1 dane256ta |
| 450 | DNSSEC dane256ta A HOSTIPV4 |
| 451 | DNSSEC _1225._tcp.dane256ta TLSA 2 0 1 882be5ac06deafdc021a69daa457226153bfde6da7914813b0144b0fd31bf7ae |
| 452 | |
| 453 | |
| 454 | ; A multiple-return MX where all TLSA lookups defer |
| 455 | DNSSEC mxdanelazy MX 1 danelazy |
| 456 | DNSSEC MX 2 danelazy2 |
| 457 | |
| 458 | DNSSEC danelazy A HOSTIPV4 |
| 459 | DNSSEC danelazy2 A 127.0.0.1 |
| 460 | |
| 461 | DNSSEC _1225._tcp.danelazy CNAME test.again.dns. |
| 462 | DNSSEC _1225._tcp.danelazy2 CNAME test.again.dns. |
| 463 | |
| 464 | ; hosts with no TLSA |
| 465 | DNSSEC dane.no.1 A HOSTIPV4 |
| 466 | DNSSEC dane.no.2 A 127.0.0.1 |
| 467 | |
| 468 | ; ------- Testing delays ------------ |
| 469 | |
| 470 | DELAY=500 delay500 A HOSTIPV4 |
| 471 | DELAY=1500 delay1500 A HOSTIPV4 |
| 472 | |
| 473 | ; ------- DKIM --------- |
| 474 | |
| 475 | ; public key, base64 - matches private key in aux-fixed/dkim/dkim.private |
| 476 | ; openssl genrsa -out aux-fixed/dkim/dkim.private 1024 |
| 477 | ; openssl rsa -in aux-fixed/dkim/dkim.private -out /dev/stdout -pubout -outform PEM |
| 478 | ; |
| 479 | ; Another, 512-bit (with a Notes field) |
| 480 | ; |
| 481 | sel._domainkey TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB" |
| 482 | |
| 483 | ses._domainkey TXT "v=DKIM1; n=halfkilo; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL6eAQxd9didJ0/+05iDwJOqT6ly826Vi8aGPecsBiYK5/tAT97fxXk+dPWMZp9kQxtknEzYjYjAydzf+HQ2yJMCAwEAAQ==" |
| 484 | |
| 485 | |
| 486 | ; End |