Testsuite: handle RC tagging convention
[exim.git] / test / dnszones-src / db.test.ex
CommitLineData
c55a77db 1; This is a testing zone file for use when testing DNS handling in Exim. This
d2a2c69b 2; is a fake zone of no real use. The zone name is
c55a77db
PH
3; test.ex. This file is passed through the substitution mechanism before being
4; used by the fakens auxiliary program. This inserts the actual IP addresses
5; of the local host into the zone.
6
7; NOTE (1): apart from ::1, IPv6 addresses must always have 8 components. Do
8; not abbreviate them by using the :: feature. Leading zeros in components may,
9; however, be omitted.
10
11; NOTE (2): the fakens program is very simple and assumes that the buffer into
12; which is puts the response is always going to be big enough. In other words,
13; the expectation is for just a few RRs for each query.
14
15; NOTE (3): the top-level networks for testing addresses are parameterized by
16; the use of V4NET and V6NET. These networks should be such that no real
17; host ever uses them.
f6584c83
HSHR
18;
19; Several prefixes may be used, see the source in src/fakens.c for a complete list
20; and description.
c55a77db
PH
21
22test.ex. NS exim.test.ex.
da0b4ba7 23test.ex. SOA exim.test.ex. hostmaster.exim.test.ex 1430683638 1200 120 604800 3000
c55a77db
PH
24
25test.ex. TXT "A TXT record for test.ex."
230205fc 26s/lash TXT "A TXT record for s/lash.test.ex."
c55a77db
PH
27
28cname CNAME test.ex.
29
30ptr PTR data.for.ptr.test.ex.
31
32; Standard localhost handling
33
34localhost A 127.0.0.1
35localhost AAAA ::1
36
37; This name exists only if qualified; it is never automatically qualified
38
39dontqualify A V4NET.255.255.254
40
41; A host with upper case letters in its canonical name
42
43UpperCase A 127.0.0.1
44
766e7a65 45; A host with punycoded UTF-8 characters used for its lookup ( mx.π.test.ex )
c55a77db 46
766e7a65 47mx.xn--1xa A V4NET.255.255.255
c55a77db
PH
48
49; A non-standard name for localhost
50
51thishost A 127.0.0.1
ac9a0d91
JH
52localhost4 A 127.0.0.1
53
14b3c5bc
JH
54; A localhost with short TTL
55
56TTL=2 shorthost A 127.0.0.1
57
c55a77db 58
1cce3af8
PH
59; Something that gives both the IP and the loopback
60
61thisloop A HOSTIPV4
62 A 127.0.0.1
63
64; Something that gives an unreachable IP and the loopback
65
66badloop A V4NET.0.0.1
67 A 127.0.0.1
68
c55a77db
PH
69; Another host with both A and AAAA records
70
7146 A V4NET.0.0.4
72 AAAA V6NET:ffff:836f:0a00:000a:0800:200a:c031
73
74; And another
75
7646b A V4NET.0.0.5
77 AAAA V6NET:ffff:836f:0a00:000a:0800:200a:c033
78
79; A working IPv4 address and a non-working IPv6 address, with different
80; names so they can have different MX values
81
8246c AAAA V6NET:ffff:836f:0a00:000a:0800:200a:c033
8346d A HOSTIPV4
84
85; A host with just a non-local IPv6 address
86
87v6 AAAA V6NET:ffff:836f:0a00:000a:0800:200a:c032
88
89; Alias A and CNAME records for the local host, under the name "eximtesthost"
b4161d10 90; Make the A covered by DNSSEC and add a TLSA for it.
c55a77db 91
101de477 92eximtesthost A HOSTIPV4
c55a77db
PH
93alias-eximtesthost CNAME eximtesthost.test.ex.
94
95; A bad CNAME
96
97badcname CNAME rhubarb.test.ex.
98
99; Test a name containing an underscore
100
101a_b A 99.99.99.99
102
103; The reverse registration for this name is an empty string
104
105empty A V4NET.255.255.255
106
107; Some IPv6 stuff
108
109eximtesthost.ipv6 AAAA HOSTIPV6
110test2.ipv6 AAAA V6NET:2101:12:1:a00:20ff:fe86:a062
111test3.ipv6 AAAA V6NET:1234:5:6:7:8:abc:0d
112
113; A case of forward and backward pointers disagreeing
114
115badA A V4NET.99.99.99
116badB A V4NET.99.99.98
117
118; A host with multiple names in different (sub) domains
119; These are intended to be within test.ex - absence of final dots is deliberate
120
121x.gov.uk A V4NET.99.99.97
122x.co.uk A V4NET.99.99.97
123
124; A host, the reverse lookup of whose IP address gives this name plus another
125; that does not forward resolve to the same address
126
127oneback A V4NET.99.99.90
128host1.masq A V4NET.90.90.90
129
130; Fake hosts are registered in the V4NET.0.0.0 subnet. In the past, the
131; 10.0.0.0/8 network was used; hence the names of the hosts.
132
133ten-1 A V4NET.0.0.1
134ten-2 A V4NET.0.0.2
135ten-3 A V4NET.0.0.3
136ten-3-alias A V4NET.0.0.3
137ten-3xtra A V4NET.0.0.3
138ten-4 A V4NET.0.0.4
139ten-5 A V4NET.0.0.5
140ten-6 A V4NET.0.0.6
141ten-5-6 A V4NET.0.0.5
142 A V4NET.0.0.6
143
144ten-99 A V4NET.0.0.99
145
146black-1 A V4NET.11.12.13
147black-2 A V4NET.11.12.14
148
149myhost A V4NET.10.10.10
150myhost2 A V4NET.10.10.10
151
152other1 A V4NET.12.4.5
153other2 A V4NET.12.3.1
154 A V4NET.12.3.2
155
156other99 A V4NET.99.0.1
157
158testsub.sub A V4NET.99.0.3
159
160; This one's real name really is recurse.test.ex.test.ex. It is done like
161; this for testing host widening, without getting tangled up in qualify issues.
162
163recurse.test.ex A V4NET.99.0.2
164
8241d8dd
JH
165; a CNAME pointing to a name with both ipv4 and ipv6 A-records
166; and one with only ipv4
167
168cname46 CNAME localhost
169cname4 CNAME thishost
170
c55a77db
PH
171; -------- Testing RBL records -------
172
173; V4NET.11.12.13 is deliberately not reverse-registered
174
2e860c76 175TTL=3 13.12.11.V4NET.rbl A 127.0.0.2
c55a77db 176 TXT "This is a test blacklisting message"
14b3c5bc 177TTL=2 14.12.11.V4NET.rbl A 127.0.0.2
c55a77db
PH
178 TXT "This is a test blacklisting message"
17915.12.11.V4NET.rbl A 127.0.0.2
180 TXT "This is a very long blacklisting message, continuing for ages and ages and certainly being longer than 128 characters which was a previous limit on the length that Exim was prepared to handle."
181
18214.12.11.V4NET.rbl2 A 127.0.0.2
183 TXT "This is a test blacklisting2 message"
18416.12.11.V4NET.rbl2 A 127.0.0.2
185 TXT "This is a test blacklisting2 message"
186
18714.12.11.V4NET.rbl3 A 127.0.0.2
188 TXT "This is a test blacklisting3 message"
18915.12.11.V4NET.rbl3 A 127.0.0.3
190 TXT "This is a very long blacklisting message, continuing for ages and ages and certainly being longer than 128 characters which was a previous limit on the length that Exim was prepared to handle."
191
19220.12.11.V4NET.rbl4 A 127.0.0.6
19321.12.11.V4NET.rbl4 A 127.0.0.7
d6f6e0dc
PH
19422.12.11.V4NET.rbl4 A 127.0.0.128
195 TXT "This is a test blacklisting4 message"
196
19722.12.11.V4NET.rbl5 A 127.0.0.1
198 TXT "This is a test blacklisting5 message"
c55a77db
PH
199
2001.13.13.V4NET.rbl CNAME non-exist.test.ex.
2012.13.13.V4NET.rbl A 127.0.0.1
202 A 127.0.0.2
203
204; -------- Testing MX records --------
205
206mxcased MX 5 ten-99.TEST.EX.
207
208; Points to a host with both A and AAAA
209
210mx46 MX 46 46.test.ex.
211
212; Points to two hosts with both kinds of address, equal precedence
213
214mx4646 MX 46 46.test.ex.
215 MX 46 46b.test.ex.
216
217; Ditto, with a third IPv6 host
218
219mx46466 MX 46 46.test.ex.
220 MX 46 46b.test.ex.
221 MX 46 v6.test.ex.
222
98cd9003
PH
223; This time, change precedence
224
225mx46466b MX 46 46.test.ex.
226 MX 47 46b.test.ex.
227 MX 48 v6.test.ex.
228
c55a77db
PH
229; Points to a host with a working IPv4 and a non-working IPv6 record
230
231mx46cd MX 10 46c.test.ex.
232 MX 11 46d.test.ex.
233
234; Two equal precedence pointing to a v4 and a v6 host
235
236mx246 MX 10 v6.test.ex.
237 MX 10 ten-1.test.ex.
238
239; Lowest-numbered points to local host
240
241mxt1 MX 5 eximtesthost.test.ex.
242
243; Points only to non-existent hosts
244
245mxt2 MX 5 not-exist.test.ex.
246
247; Points to some non-existent hosts;
248; Lowest numbered existing points to local host
249
250mxt3 MX 5 not-exist.test.ex.
251 MX 6 eximtesthost.test.ex.
252
253; Points to some non-existent hosts;
254; Lowest numbered existing points to non-local host
255
256mxt3r MX 5 not-exist.test.ex.
257 MX 6 exim.org.
258
259; Points to an alias
260
261mxt4 MX 5 alias-eximtesthost.test.ex.
262
263; Various combinations of precedence and local host
264
265mxt5 MX 5 eximtesthost.test.ex.
266 MX 5 ten-1.test.ex.
267
268mxt6 MX 5 ten-1.test.ex.
269 MX 6 eximtesthost.test.ex.
270 MX 6 ten-2.test.ex.
271
272mxt7 MX 5 ten-2.test.ex.
273 MX 6 ten-3.test.ex.
274 MX 7 eximtesthost.test.ex.
275 MX 8 ten-1.test.ex.
276
277mxt8 MX 5 ten-2.test.ex.
278 MX 6 ten-3.test.ex.
279 MX 7 eximtesthost.test.ex.
280 MX 7 ten-4.test.ex.
281 MX 8 ten-1.test.ex.
282
283; Same host appearing twice; make some variants in different orders to
284; simulate a real nameserver and its round robinning
285
286mxt9 MX 5 ten-1.test.ex.
287 MX 6 ten-2.test.ex.
288 MX 7 ten-3.test.ex.
289 MX 8 ten-1.test.ex.
290
291mxt9a MX 6 ten-2.test.ex.
292 MX 7 ten-3.test.ex.
293 MX 8 ten-1.test.ex.
294 MX 5 ten-1.test.ex.
295
296mxt9b MX 7 ten-3.test.ex.
297 MX 8 ten-1.test.ex.
298 MX 5 ten-1.test.ex.
299 MX 6 ten-2.test.ex.
300
301; MX pointing to IP address
302
303mxt10 MX 5 V4NET.0.0.1.
304
305; Several MXs pointing to local host
306
307mxt11 MX 5 localhost.test.ex.
308 MX 6 localhost.test.ex.
309
310mxt11a MX 5 localhost.test.ex.
311 MX 6 ten-1.test.ex.
312
313mxt12 MX 5 local1.test.ex.
314 MX 6 local2.test.ex.
315
316local1 A 127.0.0.2
317local2 A 127.0.0.2
318
319; Some more
320
321mxt13 MX 4 other1.test.ex.
322 MX 5 other2.test.ex.
323
324; Different hosts with same IP addresses in the list
325
326mxt14 MX 4 ten-5-6.test.ex.
327 MX 5 ten-5.test.ex.
328 MX 6 ten-6.test.ex.
329
cd9868ec
PH
330; Non-local hosts with different precedence
331
332mxt15 MX 10 ten-1.test.ex.
333 MX 20 ten-2.test.ex.
334
c55a77db
PH
335; Large number of IP addresses at one MX value, and then some
336; at another, to check that hosts_max_try tries the MX different
337; values if it can.
338
339mxt99 MX 1 ten-1.test.ex.
340 MX 1 ten-2.test.ex.
341 MX 1 ten-3.test.ex.
342 MX 1 ten-4.test.ex.
343 MX 1 ten-5.test.ex.
344 MX 1 ten-6.test.ex.
345 MX 3 black-1.test.ex.
346 MX 3 black-2.test.ex.
347
348; Special case test for @mx_any (to doublecheck a reported Exim 3 bug isn't
349; in Exim 4). The MX points to two names, each with multiple addresses. The
350; very last address is the local host. When Exim is testing, it will sort
351; these addresses into ascending order.
352
353mxt98 MX 1 98-1.test.ex.
354 MX 2 98-2.test.ex.
355
35698-1 A V4NET.1.2.3
357 A V4NET.4.5.6
358
35998-2 A V4NET.7.8.9
360 A HOSTIPV4
361
362; IP addresses with the same MX value
363
364mxt97 MX 1 ten-1.test.ex.
365 MX 1 ten-2.test.ex.
366 MX 1 ten-3.test.ex.
367 MX 1 ten-4.test.ex.
368
369; MX pointing to a single-component name that exists if qualified, but not
370; if not. We use the special name dontqualify to stop the fake resolver
371; qualifying it.
372
373mxt1c MX 1 dontqualify.
374
766e7a65 375; MX with punycoded UTF-8 characters used for its lookup ( π.test.ex )
c55a77db 376
766e7a65
JH
377xn--1xa MX 0 mx.π.test.ex.
378
379; MX with actual UTF-8 characters in its name, for allow_utf8_domains mode test
380
381π MX 0 mx.xn--1xa.test.ex.
c55a77db
PH
382
383; -------- Testing SRV records --------
384
385_smtp._tcp.srv01 SRV 0 0 25 ten-1.test.ex.
386
387_smtp._tcp.srv02 SRV 1 3 99 ten-1.test.ex.
388 SRV 1 1 99 ten-2.test.ex.
389 SRV 3 0 66 ten-3.test.ex.
390
391_smtp._tcp.nosmtp SRV 0 0 0 .
392
393_smtp2._tcp.srv03 SRV 0 0 88 ten-4.test.ex.
394
395_smtp._tcp.srv27 SRV 0 0 PORT_S localhost
396
397
398; -------- With some for CSA testing plus their A records -------
399
400_client._smtp.csa1 SRV 1 2 0 csa1.test.ex.
401_client._smtp.csa2 SRV 1 1 0 csa2.test.ex.
402
403csa1 A V4NET.9.8.7
404csa2 A V4NET.9.8.8
405
abe1353e
HSHR
406; ------- Testing DNSSEC ----------
407
408mx-unsec-a-unsec MX 5 a-unsec
409mx-unsec-a-sec MX 5 a-sec
410DNSSEC mx-sec-a-unsec MX 5 a-unsec
411DNSSEC mx-sec-a-sec MX 5 a-sec
da830d08 412DNSSEC mx-sec-a-aa MX 5 a-aa
6aa849d3 413AA mx-aa-a-sec MX 5 a-sec
abe1353e 414
6aa849d3
JH
415a-unsec A V4NET.0.0.100
416DNSSEC a-sec A V4NET.0.0.100
417DNSSEC l-sec A 127.0.0.1
1705dd20 418
6aa849d3 419AA a-aa A V4NET.0.0.100
da830d08 420
101de477 421; ------- Testing DANE ------------
899b8bbc
JH
422; Since these refer to certs in the exim-ca tree, they must be regenerated any time that tree is.
423;
101de477
JH
424
425; full suite dns chain, sha512
6975138c 426;
899b8bbc 427; openssl x509 -in aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem -noout -pubkey \
6975138c
JH
428; | openssl pkey -pubin -outform DER \
429; | openssl dgst -sha512 \
430; | awk '{print $2}'
431;
6aa849d3
JH
432DNSSEC mxdane512ee MX 1 dane512ee
433DNSSEC dane512ee A HOSTIPV4
a7a1ad14 434DNSSEC _1225._tcp.dane512ee TLSA 3 1 2 c0c2fc12e9fe1abf0ae7b1f2ad2798a4689668db8cf7f7b771a43bf8a4f1d9741ef103bad470b1201157150fbd6182054b0170e90ce66b944a82a0a9c81281af
101de477
JH
435
436; A-only, sha256
6975138c 437;
899b8bbc 438; openssl x509 -in aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem -noout -pubkey \
6975138c
JH
439; | openssl pkey -pubin -outform DER \
440; | openssl dgst -sha256 \
441; | awk '{print $2}'
442;
6aa849d3 443DNSSEC dane256ee A HOSTIPV4
a7a1ad14 444DNSSEC _1225._tcp.dane256ee TLSA 3 1 1 7230d90731ea2c94f7f5e892489cc43f842ad261974e89e4306b081401032b7a
101de477 445
82525c6f 446; full MX, sha256, TA-mode
6975138c
JH
447;
448; openssl x509 -in aux-fixed/exim-ca/example.com/CA/CA.pem -fingerprint -sha256 -noout \
94c13285 449; | awk -F= '{print $2}' | tr -d : | tr '[A-F]' '[a-f]'
6975138c 450;
6aa849d3
JH
451DNSSEC mxdane256ta MX 1 dane256ta
452DNSSEC dane256ta A HOSTIPV4
a7a1ad14 453DNSSEC _1225._tcp.dane256ta TLSA 2 0 1 52a90c3571549f83cff5b6166ae3210fe6e43dd3f95694cc85c989221bdfc4c7
854586e1
JH
454
455
456; full MX, sha256, TA-mode, cert-key-only
457; Indicates a trust-anchor for a chain involving an Authority Key ID extension
458; linkage, as this excites a bug in OpenSSL 1.0.2 which the DANE code has to
459; work around, while synthesizing a selfsigned parent for it.
460; As it happens it is also an intermediate cert in the CA-rooted chain, as this
a7a1ad14 461; was initially thought to be a factor.
854586e1
JH
462;
463; openssl x509 -in aux-fixed/exim-ca/example.com/CA/Signer.pem -noout -pubkey \
464; | openssl pkey -pubin -outform DER \
465; | openssl dgst -sha256 \
466; | awk '{print $2}'
467;
854586e1
JH
468DNSSEC mxdane256tak MX 1 dane256tak
469DNSSEC dane256tak A HOSTIPV4
a7a1ad14 470DNSSEC _1225._tcp.dane256tak TLSA 2 1 1 535b534691f5755ae7deef6593ef73f7a34db16833d6653300c942a29877e18f
624f33df
JH
471
472
473
6aa849d3
JH
474; A multiple-return MX where all TLSA lookups defer
475DNSSEC mxdanelazy MX 1 danelazy
476DNSSEC MX 2 danelazy2
477
478DNSSEC danelazy A HOSTIPV4
479DNSSEC danelazy2 A 127.0.0.1
4cea764f 480
6aa849d3
JH
481DNSSEC _1225._tcp.danelazy CNAME test.again.dns.
482DNSSEC _1225._tcp.danelazy2 CNAME test.again.dns.
4cea764f 483
ce889807
JH
484; hosts with no TLSA (just missing here, hence the TLSA NXDMAIN is _insecure_; a broken dane config)
485; 1 for dane-required, 2 for merely requested
6aa849d3
JH
486DNSSEC dane.no.1 A HOSTIPV4
487DNSSEC dane.no.2 A 127.0.0.1
4cea764f 488
b7e4352c
JH
489; a broken dane config (or under attack) where the TLSA lookup fails (as opposed to there not being one)
490DNSSEC danebroken1 A 127.0.0.1
491_1225._tcp.danebroken1 CNAME test.fail.dns.
492
899b8bbc
JH
493; a broken dane config (or under attack) where the TLSA record is wrong
494; (127.0.0.1 for merely dane-requested, but having gotten the TLSA it is supposedly definitive)
495DNSSEC danebroken2 A 127.0.0.1
496DNSSEC _1225._tcp.danebroken2 TLSA 2 0 1 cb0fa60000000000000000000000000000000000000000000000000000000000
497
498; a broken dane config (or under attack) where the TLSA record is correct but not DNSSEC-assured
499; (record copied from dane256ee above)
500; 3 for dane-requested, 4 for dane-required
501DNSSEC danebroken3 A 127.0.0.1
a7a1ad14 502_1225._tcp.danebroken3 TLSA 2 0 1 7230d90731ea2c94f7f5e892489cc43f842ad261974e89e4306b081401032b7a
899b8bbc 503DNSSEC danebroken4 A HOSTIPV4
a7a1ad14 504_1225._tcp.danebroken4 TLSA 2 0 1 7230d90731ea2c94f7f5e892489cc43f842ad261974e89e4306b081401032b7a
899b8bbc
JH
505
506; a broken dane config (or under attack) where the address record is correct but not DNSSEC-assured
507; (TLSA record copied from dane256ee above)
508; 5 for dane-requested, 6 for dane-required
509danebroken5 A 127.0.0.1
a7a1ad14 510DNSSEC _1225._tcp.danebroken5 TLSA 2 0 1 7230d90731ea2c94f7f5e892489cc43f842ad261974e89e4306b081401032b7a
899b8bbc 511danebroken6 A HOSTIPV4
a7a1ad14 512DNSSEC _1225._tcp.danebroken6 TLSA 2 0 1 7230d90731ea2c94f7f5e892489cc43f842ad261974e89e4306b081401032b7a
899b8bbc 513
ce889807
JH
514; a good dns config saying there is no dane support, by securely returning NOXDOMAIN for TLSA lookups
515; 3 for dane-required, 4 for merely requested
516; the TLSA data here is dummy; ignored
517DNSSEC dane.no.3 A HOSTIPV4
518DNSSEC dane.no.4 A 127.0.0.1
519
520DNSSEC NXDOMAIN _1225._tcp.dane.no.3 TLSA 2 0 1 eec923139018c540a344c5191660ecba1ac3708525a98bfc338e17f31d3fa741
521DNSSEC NXDOMAIN _1225._tcp.dane.no.4 TLSA 2 0 1 eec923139018c540a344c5191660ecba1ac3708525a98bfc338e17f31d3fa741
522
94c13285
JH
523; a mixed-usage set of TLSA records, EE one failing. TA one coped from dane256ta.
524DNSSEC danemixed A 127.0.0.1
a7a1ad14 525DNSSEC _1225._tcp.danemixed TLSA 2 0 1 52a90c3571549f83cff5b6166ae3210fe6e43dd3f95694cc85c989221bdfc4c7
94c13285
JH
526DNSSEC TLSA 3 1 1 8276000000000000000000000000000000000000000000000000000000000000
527
846430d9
JH
528; ------- Testing delays ------------
529
0539a19d 530DELAY=500 delay500 A HOSTIPV4
846430d9
JH
531DELAY=1500 delay1500 A HOSTIPV4
532
6a11a9e6
JH
533; ------- DKIM ---------
534
69a70afa 535; public key, base64 - matches private key in aux-fixed/dkim/dkim.private
6a11a9e6
JH
536; openssl genrsa -out aux-fixed/dkim/dkim.private 1024
537; openssl rsa -in aux-fixed/dkim/dkim.private -out /dev/stdout -pubout -outform PEM
538;
e21a4d00 539; Deliberate bad version, having extra backslashes
135e9496 540; sha256-hash-only version.... appears to be too long, gets truncated
e21a4d00 541;
abe1010c 542; Another, 512-bit (with a Notes field)
135e9496
JH
543; 512 requiring sha1 hash
544; 512 requiring sha256 hash
abe1010c 545;
6a11a9e6 546sel._domainkey TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB"
e21a4d00 547sel_bad._domainkey TXT "v=DKIM1\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB"
135e9496 548sel_sha256._domainkey TXT "v=DKIM1; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB"
6a11a9e6 549
abe1010c 550ses._domainkey TXT "v=DKIM1; n=halfkilo; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL6eAQxd9didJ0/+05iDwJOqT6ly826Vi8aGPecsBiYK5/tAT97fxXk+dPWMZp9kQxtknEzYjYjAydzf+HQ2yJMCAwEAAQ=="
135e9496
JH
551ses_sha1._domainkey TXT "v=DKIM1; h=sha1; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL6eAQxd9didJ0/+05iDwJOqT6ly826Vi8aGPecsBiYK5/tAT97fxXk+dPWMZp9kQxtknEzYjYjAydzf+HQ2yJMCAwEAAQ=="
552ses_sha256._domainkey TXT "v=DKIM1; h=sha256; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL6eAQxd9didJ0/+05iDwJOqT6ly826Vi8aGPecsBiYK5/tAT97fxXk+dPWMZp9kQxtknEzYjYjAydzf+HQ2yJMCAwEAAQ=="
abe1010c 553
a91fd779
JH
554sel2._domainkey TXT "v=spf1 mx a include:spf.nl2go.com -all"
555sel2._domainkey TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB"
846430d9 556
286b9d5f
JH
557; EC signing, using Ed25519
558; - needs GnuTLS 3.6.0 (fedora rawhide has that)
559; certtool --generate-privkey --key-type=ed25519 --outfile=dkim_ed25519.private
321ef002 560; certtool --load_privkey=dkim_ed25519.private --pubkey_info --outder | tail -c +13 | base64
286b9d5f
JH
561
562sed._domainkey TXT "v=DKIM1; k=ed25519; p=sPs07Vu29FpHT/80UXUcYHFOHifD4o2ZlP2+XUh9g6E="
563
321ef002
JH
564; version of the above wrapped in SubjectPublicKeyInfo, in case the WG plumps in that direction
565; certtool --load_privkey=aux-fixed/dkim/dkim_ed25519.private --pubkey_info
566; (and grab the b64 content from between the pem headers)
567
568sedw._domainkey TXT "v=DKIM1; k=ed25519; p=MCowBQYDK2VwAyEAsPs07Vu29FpHT/80UXUcYHFOHifD4o2ZlP2+XUh9g6E="
569
286b9d5f 570
c55a77db 571; End