Commit | Line | Data |
---|---|---|
a163908a JH |
1 | ; This is a testing zone file for use when testing DNS handling in Exim. This |
2 | ; is a fake zone of no real use - hence no SOA record. The zone name is | |
3 | ; example.com. This file is passed through the substitution mechanism before being | |
4 | ; used by the fakens auxiliary program. This inserts the actual IP addresses | |
5 | ; of the local host into the zone. | |
6 | ||
7 | ; NOTE (1): apart from ::1, IPv6 addresses must always have 8 components. Do | |
8 | ; not abbreviate them by using the :: feature. Leading zeros in components may, | |
9 | ; however, be omitted. | |
10 | ||
11 | ; NOTE (2): the fakens program is very simple and assumes that the buffer into | |
12 | ; which is puts the response is always going to be big enough. In other words, | |
13 | ; the expectation is for just a few RRs for each query. | |
14 | ||
15 | ; NOTE (3): the top-level networks for testing addresses are parameterized by | |
16 | ; the use of V4NET and V6NET. These networks should be such that no real | |
17 | ; host ever uses them. | |
18 | ||
19 | example.com. NS exim.example.com. | |
20 | ||
b8e97684 JH |
21 | ; The real example.com has an SPF record; duplicate that here |
22 | ||
23 | example.com. TXT v=spf1 -all | |
24 | ||
a163908a JH |
25 | ; Alias A record for the local host, under the name "server1" |
26 | ||
27 | server1 A HOSTIPV4 | |
28 | ||
28646fa9 JH |
29 | ; DANE testing |
30 | ||
31 | ; a broken dane config where the name does not match in the cert, TA-mode, dane-requested | |
32 | ; NOTE: the server uses the example.net cert hence the mismatch | |
33 | ; | |
34 | ; openssl x509 -in aux-fixed/exim-ca/example.net/CA/CA.pem -fingerprint -sha256 -noout \ | |
35 | ; | awk -F= '{print $2}' | tr -d : | tr '[A-F]' '[a-f]' | |
36 | ; | |
37 | ; | |
38 | DNSSEC danebroken7 A 127.0.0.1 | |
a7a1ad14 | 39 | DNSSEC _1225._tcp.danebroken7 TLSA 2 0 1 3110db5e73708d6fc3ffed8dcd1eef2bcd3c35d8da86ed048a332cb9d9538a0f |
28646fa9 JH |
40 | |
41 | ; the same, EE-mode | |
42 | ; | |
43 | ; openssl x509 -in aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem -noout -pubkey \ | |
44 | ; | openssl pkey -pubin -outform DER | openssl dgst -sha256 | awk '{print $2}' | |
45 | ; | |
46 | DNSSEC danebroken8 A 127.0.0.1 | |
a7a1ad14 | 47 | DNSSEC _1225._tcp.danebroken8 TLSA 3 1 1 5384398f502c423736dcc42295808f7a84769eb96d009816fa077e00bebc768e |
28646fa9 | 48 | |
a163908a | 49 | ; End |