[exim.git] / test / dnszones-src / db.example.com

; This is a testing zone file for use when testing DNS handling in Exim. This
; is a fake zone of no real use - hence no SOA record. The zone name is
; example.com. This file is passed through the substitution mechanism before being
; used by the fakens auxiliary program. This inserts the actual IP addresses
; of the local host into the zone.

; NOTE (1): apart from ::1, IPv6 addresses must always have 8 components. Do
; not abbreviate them by using the :: feature. Leading zeros in components may,
; however, be omitted.

; NOTE (2): the fakens program is very simple and assumes that the buffer into
; which is puts the response is always going to be big enough. In other words,
; the expectation is for just a few RRs for each query.

; NOTE (3): the top-level networks for testing addresses are parameterized by
; the use of V4NET and V6NET. These networks should be such that no real
; host ever uses them.

; really short neg-cache interval, for testing NXDOMAIN caching
example.com.     SOA     exim.test.ex. hostmaster.exim.test.ex 1430683638 1200 120 604800 2

example.com.     NS      exim.example.com.

; The real example.com has an SPF record; duplicate that here

example.com.	TXT     v=spf1 -all

double		TXT	v=spf1 include:_spf.google.com ~all
		TXT	v=spf1 +a +mx -all

doubleplus	TXT	v=spf1 include:_spf.google.com ~all
		TXT	google-site-verification=q-4MSVLjluQIsBztu5jzJBxAcJXzNcHAk0jHTZEamB8
		TXT	v=spf1 +a +mx -all

uppercase	TXT	v=sPf1 +all

; Alias A record for the local host, under the name "server1"

server1     A       HOSTIPV4

; DANE testing

; a broken dane config where the name does not match in the cert, TA-mode, dane-requested
; NOTE: the server uses the example.net cert hence the mismatch
;
; openssl x509 -in aux-fixed/exim-ca/example.net/CA/CA.pem -fingerprint -sha256 -noout \
;  | awk -F= '{print $2}' | tr -d : | tr '[A-F]' '[a-f]'
;
;
DNSSEC danebroken7  A       127.0.0.1
DNSSEC _1225._tcp.danebroken7 TLSA 2 0 1 3110db5e73708d6fc3ffed8dcd1eef2bcd3c35d8da86ed048a332cb9d9538a0f

; the same, EE-mode
;
; openssl x509 -in aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem -noout -pubkey \
; | openssl pkey -pubin -outform DER | openssl dgst -sha256 | awk '{print $2}'
;
DNSSEC danebroken8  A       127.0.0.1
DNSSEC _1225._tcp.danebroken8 TLSA 3 1 1 5384398f502c423736dcc42295808f7a84769eb96d009816fa077e00bebc768e

; End
Commit	Line	Data
a163908a JH	1	; This is a testing zone file for use when testing DNS handling in Exim. This
	2	; is a fake zone of no real use - hence no SOA record. The zone name is
	3	; example.com. This file is passed through the substitution mechanism before being
	4	; used by the fakens auxiliary program. This inserts the actual IP addresses
	5	; of the local host into the zone.
	6
	7	; NOTE (1): apart from ::1, IPv6 addresses must always have 8 components. Do
	8	; not abbreviate them by using the :: feature. Leading zeros in components may,
	9	; however, be omitted.
	10
	11	; NOTE (2): the fakens program is very simple and assumes that the buffer into
	12	; which is puts the response is always going to be big enough. In other words,
	13	; the expectation is for just a few RRs for each query.
	14
	15	; NOTE (3): the top-level networks for testing addresses are parameterized by
	16	; the use of V4NET and V6NET. These networks should be such that no real
	17	; host ever uses them.
	18
7d8d08c4 JH	19	; really short neg-cache interval, for testing NXDOMAIN caching
	20	example.com. SOA exim.test.ex. hostmaster.exim.test.ex 1430683638 1200 120 604800 2
	21
a163908a JH	22	example.com. NS exim.example.com.
a163908a JH	23
b8e97684 JH	24	; The real example.com has an SPF record; duplicate that here
	25
	26	example.com. TXT v=spf1 -all
	27
bf4d7837 JH	28	double TXT v=spf1 include:_spf.google.com ~all
	29	TXT v=spf1 +a +mx -all
	30
	31	doubleplus TXT v=spf1 include:_spf.google.com ~all
	32	TXT google-site-verification=q-4MSVLjluQIsBztu5jzJBxAcJXzNcHAk0jHTZEamB8
	33	TXT v=spf1 +a +mx -all
	34
	35	uppercase TXT v=sPf1 +all
	36
a163908a JH	37	; Alias A record for the local host, under the name "server1"
	38
	39	server1 A HOSTIPV4
	40
28646fa9 JH	41	; DANE testing
	42
	43	; a broken dane config where the name does not match in the cert, TA-mode, dane-requested
	44	; NOTE: the server uses the example.net cert hence the mismatch
	45	;
	46	; openssl x509 -in aux-fixed/exim-ca/example.net/CA/CA.pem -fingerprint -sha256 -noout \
	47	; \| awk -F= '{print $2}' \| tr -d : \| tr '[A-F]' '[a-f]'
	48	;
	49	;
	50	DNSSEC danebroken7 A 127.0.0.1
a7a1ad14	51	DNSSEC _1225._tcp.danebroken7 TLSA 2 0 1 3110db5e73708d6fc3ffed8dcd1eef2bcd3c35d8da86ed048a332cb9d9538a0f
28646fa9 JH	52
	53	; the same, EE-mode
	54	;
	55	; openssl x509 -in aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem -noout -pubkey \
	56	; \| openssl pkey -pubin -outform DER \| openssl dgst -sha256 \| awk '{print $2}'
	57	;
	58	DNSSEC danebroken8 A 127.0.0.1
a7a1ad14	59	DNSSEC _1225._tcp.danebroken8 TLSA 3 1 1 5384398f502c423736dcc42295808f7a84769eb96d009816fa077e00bebc768e
28646fa9	60
a163908a	61	; End