$ORIGIN success-cases.
$TTL 3600

@       SOA     primary admin 0 0 0 0 0


; A particular key does not need to have a value

s01	SVCB   0 . key123


; echconfig does not need to have a value

s02	SVCB   0 . echconfig


; When "no-default-alpn" is specified in an RR, "alpn" must also be specified
; in order for the RR to be "self-consistent"

s03	HTTPS	0 . alpn="h2,h3" no-default-alpn


; SHOULD is not MUST (so allowed)
; Zone-file implementations SHOULD enforce self-consistency

s04	HTTPS	0 . no-default-alpn


; SHOULD is not MUST (so allowed)
; (port and no-default-alpn are automatically mandatory keys with HTTPS)
; Other automatically mandatory keys SHOULD NOT appear in the list either.

s05	HTTPS	0 . alpn="dot" no-default-alpn port=853 mandatory=port

; Any valid base64 is okay for ech
s06     HTTPS   0 . ech="aGVsbG93b3JsZCE="

; echconfig is an alias for ech
s07     HTTPS   0 . echconfig="aGVsbG93b3JsZCE="

; maximum size allowed in a svcb rdata set (63 SvcParams)

s08     HTTPS   0 . ( key11=a key12=a key13=a key14=a key15=a key16=a key17=a key18=a key19=a key110=a key111=a key112=a key113=a key114=a key115=a key116=a key117=a key118=a key119=a key120=a key121=a key122=a key123=a key124=a key125=a key126=a key127=a key128=a key129=a key130=a key131=a key132=a key133=a key134=a key135=a key136=a key137=a key138=a key139=a key140=a key141=a key142=a key143=a key144=a key145=a key146=a key147=a key148=a key149=a key150=a key151=a key152=a key153=a key154=a key155=a key156=a key157=a key158=a key159=a key160=a key161=a key162=a key163=a)

; maximum alpn size allowed (255 characters)

s09     HTTPS   0 . ( alpn="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" )

; dohpath can be (non-)quoted and MUST contain "?dns"
; currently there is no validation from Unbound, it can be anything
; maybe needs changing if Unbound is the primary authoritative for SVCB records.
; Then SVCB_SEMANTIC_CHECKS parts of the code could be used per authoritative role.

_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath
_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath=
_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath=""
_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath="/"
_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath="/dns-query{?dns}"
_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath=/dns-query{?abcd}{!abcd}{?dns}
_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath=/dns-query{?abcdabcd?dns?defedf}
_dns.doh.example. 7200 IN SVCB 1 doh.example. alpn=h2 dohpath=/dns-queryéè{?dns}