1 ; This is a testing zone file for use when testing DNS handling in Exim. This
2 ; is a fake zone of no real use. The zone name is
3 ; test.ex. This file is passed through the substitution mechanism before being
4 ; used by the fakens auxiliary program. This inserts the actual IP addresses
5 ; of the local host into the zone.
7 ; NOTE (1): apart from ::1, IPv6 addresses must always have 8 components. Do
8 ; not abbreviate them by using the :: feature. Leading zeros in components may,
11 ; NOTE (2): the fakens program is very simple and assumes that the buffer into
12 ; which is puts the response is always going to be big enough. In other words,
13 ; the expectation is for just a few RRs for each query.
15 ; NOTE (3): the top-level networks for testing addresses are parameterized by
16 ; the use of V4NET and V6NET. These networks should be such that no real
17 ; host ever uses them.
19 ; Several prefixes may be used, see the source in src/fakens.c for a complete list
22 test.ex. NS exim.test.ex.
23 test.ex. SOA exim.test.ex. hostmaster.exim.test.ex 1430683638 1200 120 604800 3600
25 test.ex. TXT "A TXT record for test.ex."
26 s/lash TXT "A TXT record for s/lash.test.ex."
30 ptr PTR data.for.ptr.test.ex.
32 ; Standard localhost handling
37 ; This name exists only if qualified; it is never automatically qualified
39 dontqualify A V4NET.255.255.254
41 ; A host with upper case letters in its canonical name
45 ; A host with punycoded UTF-8 characters used for its lookup ( mx.π.test.ex )
47 mx.xn--1xa A V4NET.255.255.255
49 ; A non-standard name for localhost
52 localhost4 A 127.0.0.1
54 ; A localhost with short TTL
56 TTL=2 shorthost A 127.0.0.1
59 ; Something that gives both the IP and the loopback
64 ; Something that gives an unreachable IP and the loopback
69 ; Another host with both A and AAAA records
72 AAAA V6NET:ffff:836f:0a00:000a:0800:200a:c031
77 AAAA V6NET:ffff:836f:0a00:000a:0800:200a:c033
79 ; A working IPv4 address and a non-working IPv6 address, with different
80 ; names so they can have different MX values
82 46c AAAA V6NET:ffff:836f:0a00:000a:0800:200a:c033
85 ; A host with just a non-local IPv6 address
87 v6 AAAA V6NET:ffff:836f:0a00:000a:0800:200a:c032
89 ; Alias A and CNAME records for the local host, under the name "eximtesthost"
90 ; Make the A covered by DNSSEC and add a TLSA for it.
92 eximtesthost A HOSTIPV4
93 alias-eximtesthost CNAME eximtesthost.test.ex.
97 badcname CNAME rhubarb.test.ex.
99 ; Test a name containing an underscore
103 ; The reverse registration for this name is an empty string
105 empty A V4NET.255.255.255
109 eximtesthost.ipv6 AAAA HOSTIPV6
110 test2.ipv6 AAAA V6NET:2101:12:1:a00:20ff:fe86:a062
111 test3.ipv6 AAAA V6NET:1234:5:6:7:8:abc:0d
113 ; A case of forward and backward pointers disagreeing
115 badA A V4NET.99.99.99
116 badB A V4NET.99.99.98
118 ; A host with multiple names in different (sub) domains
119 ; These are intended to be within test.ex - absence of final dots is deliberate
121 x.gov.uk A V4NET.99.99.97
122 x.co.uk A V4NET.99.99.97
124 ; A host, the reverse lookup of whose IP address gives this name plus another
125 ; that does not forward resolve to the same address
127 oneback A V4NET.99.99.90
128 host1.masq A V4NET.90.90.90
130 ; Fake hosts are registered in the V4NET.0.0.0 subnet. In the past, the
131 ; 10.0.0.0/8 network was used; hence the names of the hosts.
136 ten-3-alias A V4NET.0.0.3
137 ten-3xtra A V4NET.0.0.3
141 ten-5-6 A V4NET.0.0.5
144 ten-99 A V4NET.0.0.99
146 black-1 A V4NET.11.12.13
147 black-2 A V4NET.11.12.14
149 myhost A V4NET.10.10.10
150 myhost2 A V4NET.10.10.10
152 other1 A V4NET.12.4.5
153 other2 A V4NET.12.3.1
156 other99 A V4NET.99.0.1
158 testsub.sub A V4NET.99.0.3
160 ; This one's real name really is recurse.test.ex.test.ex. It is done like
161 ; this for testing host widening, without getting tangled up in qualify issues.
163 recurse.test.ex A V4NET.99.0.2
165 ; a CNAME pointing to a name with both ipv4 and ipv6 A-records
166 ; and one with only ipv4
168 cname46 CNAME localhost
169 cname4 CNAME thishost
171 ; -------- Testing RBL records -------
173 ; V4NET.11.12.13 is deliberately not reverse-registered
175 13.12.11.V4NET.rbl A 127.0.0.2
176 TXT "This is a test blacklisting message"
177 TTL=2 14.12.11.V4NET.rbl A 127.0.0.2
178 TXT "This is a test blacklisting message"
179 15.12.11.V4NET.rbl A 127.0.0.2
180 TXT "This is a very long blacklisting message, continuing for ages and ages and certainly being longer than 128 characters which was a previous limit on the length that Exim was prepared to handle."
182 14.12.11.V4NET.rbl2 A 127.0.0.2
183 TXT "This is a test blacklisting2 message"
184 16.12.11.V4NET.rbl2 A 127.0.0.2
185 TXT "This is a test blacklisting2 message"
187 14.12.11.V4NET.rbl3 A 127.0.0.2
188 TXT "This is a test blacklisting3 message"
189 15.12.11.V4NET.rbl3 A 127.0.0.3
190 TXT "This is a very long blacklisting message, continuing for ages and ages and certainly being longer than 128 characters which was a previous limit on the length that Exim was prepared to handle."
192 20.12.11.V4NET.rbl4 A 127.0.0.6
193 21.12.11.V4NET.rbl4 A 127.0.0.7
194 22.12.11.V4NET.rbl4 A 127.0.0.128
195 TXT "This is a test blacklisting4 message"
197 22.12.11.V4NET.rbl5 A 127.0.0.1
198 TXT "This is a test blacklisting5 message"
200 1.13.13.V4NET.rbl CNAME non-exist.test.ex.
201 2.13.13.V4NET.rbl A 127.0.0.1
204 ; -------- Testing MX records --------
206 mxcased MX 5 ten-99.TEST.EX.
208 ; Points to a host with both A and AAAA
210 mx46 MX 46 46.test.ex.
212 ; Points to two hosts with both kinds of address, equal precedence
214 mx4646 MX 46 46.test.ex.
217 ; Ditto, with a third IPv6 host
219 mx46466 MX 46 46.test.ex.
223 ; This time, change precedence
225 mx46466b MX 46 46.test.ex.
229 ; Points to a host with a working IPv4 and a non-working IPv6 record
231 mx46cd MX 10 46c.test.ex.
234 ; Two equal precedence pointing to a v4 and a v6 host
236 mx246 MX 10 v6.test.ex.
239 ; Lowest-numbered points to local host
241 mxt1 MX 5 eximtesthost.test.ex.
243 ; Points only to non-existent hosts
245 mxt2 MX 5 not-exist.test.ex.
247 ; Points to some non-existent hosts;
248 ; Lowest numbered existing points to local host
250 mxt3 MX 5 not-exist.test.ex.
251 MX 6 eximtesthost.test.ex.
253 ; Points to some non-existent hosts;
254 ; Lowest numbered existing points to non-local host
256 mxt3r MX 5 not-exist.test.ex.
261 mxt4 MX 5 alias-eximtesthost.test.ex.
263 ; Various combinations of precedence and local host
265 mxt5 MX 5 eximtesthost.test.ex.
268 mxt6 MX 5 ten-1.test.ex.
269 MX 6 eximtesthost.test.ex.
272 mxt7 MX 5 ten-2.test.ex.
274 MX 7 eximtesthost.test.ex.
277 mxt8 MX 5 ten-2.test.ex.
279 MX 7 eximtesthost.test.ex.
283 ; Same host appearing twice; make some variants in different orders to
284 ; simulate a real nameserver and its round robinning
286 mxt9 MX 5 ten-1.test.ex.
291 mxt9a MX 6 ten-2.test.ex.
296 mxt9b MX 7 ten-3.test.ex.
301 ; MX pointing to IP address
303 mxt10 MX 5 V4NET.0.0.1.
305 ; Several MXs pointing to local host
307 mxt11 MX 5 localhost.test.ex.
308 MX 6 localhost.test.ex.
310 mxt11a MX 5 localhost.test.ex.
313 mxt12 MX 5 local1.test.ex.
321 mxt13 MX 4 other1.test.ex.
324 ; Different hosts with same IP addresses in the list
326 mxt14 MX 4 ten-5-6.test.ex.
330 ; Non-local hosts with different precedence
332 mxt15 MX 10 ten-1.test.ex.
335 ; Large number of IP addresses at one MX value, and then some
336 ; at another, to check that hosts_max_try tries the MX different
339 mxt99 MX 1 ten-1.test.ex.
345 MX 3 black-1.test.ex.
346 MX 3 black-2.test.ex.
348 ; Special case test for @mx_any (to doublecheck a reported Exim 3 bug isn't
349 ; in Exim 4). The MX points to two names, each with multiple addresses. The
350 ; very last address is the local host. When Exim is testing, it will sort
351 ; these addresses into ascending order.
353 mxt98 MX 1 98-1.test.ex.
362 ; IP addresses with the same MX value
364 mxt97 MX 1 ten-1.test.ex.
369 ; MX pointing to a single-component name that exists if qualified, but not
370 ; if not. We use the special name dontqualify to stop the fake resolver
373 mxt1c MX 1 dontqualify.
375 ; MX with punycoded UTF-8 characters used for its lookup ( π.test.ex )
377 xn--1xa MX 0 mx.π.test.ex.
379 ; MX with actual UTF-8 characters in its name, for allow_utf8_domains mode test
381 π MX 0 mx.xn--1xa.test.ex.
383 ; -------- Testing SRV records --------
385 _smtp._tcp.srv01 SRV 0 0 25 ten-1.test.ex.
387 _smtp._tcp.srv02 SRV 1 3 99 ten-1.test.ex.
388 SRV 1 1 99 ten-2.test.ex.
389 SRV 3 0 66 ten-3.test.ex.
391 _smtp._tcp.nosmtp SRV 0 0 0 .
393 _smtp2._tcp.srv03 SRV 0 0 88 ten-4.test.ex.
395 _smtp._tcp.srv27 SRV 0 0 PORT_S localhost
398 ; -------- With some for CSA testing plus their A records -------
400 _client._smtp.csa1 SRV 1 2 0 csa1.test.ex.
401 _client._smtp.csa2 SRV 1 1 0 csa2.test.ex.
406 ; ------- Testing DNSSEC ----------
408 mx-unsec-a-unsec MX 5 a-unsec
409 mx-unsec-a-sec MX 5 a-sec
410 DNSSEC mx-sec-a-unsec MX 5 a-unsec
411 DNSSEC mx-sec-a-sec MX 5 a-sec
412 DNSSEC mx-sec-a-aa MX 5 a-aa
413 AA mx-aa-a-sec MX 5 a-sec
415 a-unsec A V4NET.0.0.100
416 DNSSEC a-sec A V4NET.0.0.100
417 DNSSEC l-sec A 127.0.0.1
419 AA a-aa A V4NET.0.0.100
421 ; ------- Testing DANE ------------
423 ; full suite dns chain, sha512
425 ; openssl x509 -in aux-fixed/cert1 -noout -pubkey \
426 ; | openssl pkey -pubin -outform DER \
427 ; | openssl dgst -sha512 \
430 DNSSEC mxdane512ee MX 1 dane512ee
431 DNSSEC dane512ee A HOSTIPV4
432 DNSSEC _1225._tcp.dane512ee TLSA 3 1 2 3d5eb81b1dfc3f93c1fa8819e3fb3fdb41bb590441d5f3811db17772f4bc6de29bdd7c4f4b723750dda871b99379192b3f979f03db1252c4f08b03ef7176528d
436 ; openssl x509 -in aux-fixed/cert1 -noout -pubkey \
437 ; | openssl pkey -pubin -outform DER \
438 ; | openssl dgst -sha256 \
441 DNSSEC dane256ee A HOSTIPV4
442 DNSSEC _1225._tcp.dane256ee TLSA 3 1 1 2bb55f418bb03411a5007cecbfcd3ec1c94404312c0d53a44bb2166b32654db3
444 ; full MX, sha256, TA-mode
446 ; openssl x509 -in aux-fixed/exim-ca/example.com/CA/CA.pem -fingerprint -sha256 -noout \
447 ; | awk -F= '{print $2}' | tr -d : | tr '[A-F]' '[a-f]'
449 DNSSEC mxdane256ta MX 1 dane256ta
450 DNSSEC dane256ta A HOSTIPV4
451 DNSSEC _1225._tcp.dane256ta TLSA 2 0 1 eec923139018c540a344c5191660ecba1ac3708525a98bfc338e17f31d3fa741
454 ; A multiple-return MX where all TLSA lookups defer
455 DNSSEC mxdanelazy MX 1 danelazy
456 DNSSEC MX 2 danelazy2
458 DNSSEC danelazy A HOSTIPV4
459 DNSSEC danelazy2 A 127.0.0.1
461 DNSSEC _1225._tcp.danelazy CNAME test.again.dns.
462 DNSSEC _1225._tcp.danelazy2 CNAME test.again.dns.
464 ; hosts with no TLSA (just missing here, hence the TLSA NXDMAIN is _insecure_; a broken dane config)
465 ; 1 for dane-required, 2 for merely requested
466 DNSSEC dane.no.1 A HOSTIPV4
467 DNSSEC dane.no.2 A 127.0.0.1
469 ; a broken dane config (or under attack) where the TLSA lookup fails (as opposed to there not being one)
470 DNSSEC danebroken1 A 127.0.0.1
471 _1225._tcp.danebroken1 CNAME test.fail.dns.
473 ; a good dns config saying there is no dane support, by securely returning NOXDOMAIN for TLSA lookups
474 ; 3 for dane-required, 4 for merely requested
475 ; the TLSA data here is dummy; ignored
476 DNSSEC dane.no.3 A HOSTIPV4
477 DNSSEC dane.no.4 A 127.0.0.1
479 DNSSEC NXDOMAIN _1225._tcp.dane.no.3 TLSA 2 0 1 eec923139018c540a344c5191660ecba1ac3708525a98bfc338e17f31d3fa741
480 DNSSEC NXDOMAIN _1225._tcp.dane.no.4 TLSA 2 0 1 eec923139018c540a344c5191660ecba1ac3708525a98bfc338e17f31d3fa741
482 ; ------- Testing delays ------------
484 DELAY=500 delay500 A HOSTIPV4
485 DELAY=1500 delay1500 A HOSTIPV4
487 ; ------- DKIM ---------
489 ; public key, base64 - matches private key in aux-fixed/dkim/dkim.private
490 ; openssl genrsa -out aux-fixed/dkim/dkim.private 1024
491 ; openssl rsa -in aux-fixed/dkim/dkim.private -out /dev/stdout -pubout -outform PEM
493 ; Deliberate bad version, having extra backslashes
495 ; Another, 512-bit (with a Notes field)
497 sel._domainkey TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB"
498 sel_bad._domainkey TXT "v=DKIM1\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB"
500 ses._domainkey TXT "v=DKIM1; n=halfkilo; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL6eAQxd9didJ0/+05iDwJOqT6ly826Vi8aGPecsBiYK5/tAT97fxXk+dPWMZp9kQxtknEzYjYjAydzf+HQ2yJMCAwEAAQ=="