Home | History | Annotate | Line # | Download | only in testdata 
      1 ; config options
      2 server:
      3 	target-fetch-policy: "0 0 0 0 0"
      4 	qname-minimisation: "no"
      5 	minimal-responses: no
      6 	iter-scrub-promiscuous: no
      7 
      8 	private-address: 10.0.0.0/8
      9 	private-address: 172.16.0.0/12
     10 	private-address: 192.168.0.0/16
     11 	private-address: 169.254.0.0/16
     12 	private-address: fd00::/8
     13 	private-address: fe80::/10
     14 
     15 	private-domain: "example.net"
     16 
     17 stub-zone:
     18 	name: "."
     19 	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
     20 
     21 CONFIG_END
     22 
     23 SCENARIO_BEGIN Test iterator scrubber with private addresses.
     24 
     25 ; K.ROOT-SERVERS.NET.
     26 RANGE_BEGIN 0 100
     27 	ADDRESS 193.0.14.129 
     28 ENTRY_BEGIN
     29 MATCH opcode qtype qname
     30 ADJUST copy_id
     31 REPLY QR NOERROR
     32 SECTION QUESTION
     33 . IN NS
     34 SECTION ANSWER
     35 . IN NS	K.ROOT-SERVERS.NET.
     36 SECTION ADDITIONAL
     37 K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
     38 ENTRY_END
     39 
     40 ENTRY_BEGIN
     41 MATCH opcode subdomain
     42 ADJUST copy_id copy_query
     43 REPLY QR NOERROR
     44 SECTION QUESTION
     45 com. IN A
     46 SECTION AUTHORITY
     47 com.	IN NS	a.gtld-servers.net.
     48 SECTION ADDITIONAL
     49 a.gtld-servers.net.	IN 	A	192.5.6.30
     50 ENTRY_END
     51 
     52 ; root server authoritative for example.net too.
     53 ENTRY_BEGIN
     54 MATCH opcode qtype qname
     55 ADJUST copy_id
     56 REPLY QR NOERROR
     57 SECTION QUESTION
     58 mail.example.net. IN A
     59 SECTION ANSWER
     60 mail.example.net. IN A 10.20.30.40
     61 ENTRY_END
     62 RANGE_END
     63 
     64 ; a.gtld-servers.net.
     65 RANGE_BEGIN 0 100
     66 	ADDRESS 192.5.6.30
     67 ENTRY_BEGIN
     68 MATCH opcode qtype qname
     69 ADJUST copy_id
     70 REPLY QR NOERROR
     71 SECTION QUESTION
     72 com. IN NS
     73 SECTION ANSWER
     74 com.	IN NS	a.gtld-servers.net.
     75 SECTION ADDITIONAL
     76 a.gtld-servers.net.	IN 	A	192.5.6.30
     77 ENTRY_END
     78 
     79 ENTRY_BEGIN
     80 MATCH opcode subdomain
     81 ADJUST copy_id copy_query
     82 REPLY QR NOERROR
     83 SECTION QUESTION
     84 example.com. IN A
     85 SECTION AUTHORITY
     86 example.com.	IN NS	ns.example.com.
     87 SECTION ADDITIONAL
     88 ns.example.com.		IN 	A	1.2.3.4
     89 ENTRY_END
     90 RANGE_END
     91 
     92 ; ns.example.com.
     93 RANGE_BEGIN 0 100
     94 	ADDRESS 1.2.3.4
     95 ENTRY_BEGIN
     96 MATCH opcode qtype qname
     97 ADJUST copy_id
     98 REPLY QR NOERROR
     99 SECTION QUESTION
    100 example.com. IN NS
    101 SECTION ANSWER
    102 example.com.	IN NS	ns.example.com.
    103 SECTION ADDITIONAL
    104 ns.example.com.		IN 	A	1.2.3.4
    105 ENTRY_END
    106 
    107 ENTRY_BEGIN
    108 MATCH opcode qtype qname
    109 ADJUST copy_id
    110 REPLY QR NOERROR
    111 SECTION QUESTION
    112 ns.example.com. IN A
    113 SECTION ANSWER
    114 ns.example.com.		IN 	A	1.2.3.4
    115 SECTION AUTHORITY
    116 example.com.	IN NS	ns.example.com.
    117 ENTRY_END
    118 
    119 ENTRY_BEGIN
    120 MATCH opcode qtype qname
    121 ADJUST copy_id
    122 REPLY QR NOERROR
    123 SECTION QUESTION
    124 ns.example.com. IN AAAA
    125 SECTION ANSWER
    126 SECTION AUTHORITY
    127 example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600
    128 ENTRY_END
    129 
    130 ENTRY_BEGIN
    131 MATCH opcode qtype qname
    132 ADJUST copy_id
    133 REPLY QR NOERROR
    134 SECTION QUESTION
    135 www.example.com. IN A
    136 SECTION ANSWER
    137 www.example.com. IN A	192.20.30.40
    138 SECTION AUTHORITY
    139 example.com.	IN NS	ns.example.com.
    140 SECTION ADDITIONAL
    141 ns.example.com.		IN 	A	1.2.3.4
    142 ENTRY_END
    143 
    144 ENTRY_BEGIN
    145 MATCH opcode qtype qname
    146 ADJUST copy_id
    147 REPLY QR NOERROR
    148 SECTION QUESTION
    149 mail.example.com. IN AAAA
    150 SECTION ANSWER
    151 mail.example.com. IN AAAA fe80::15
    152 SECTION AUTHORITY
    153 example.com.	IN NS	ns.example.com.
    154 SECTION ADDITIONAL
    155 ns.example.com.		IN 	A	1.2.3.4
    156 ENTRY_END
    157 
    158 ENTRY_BEGIN
    159 MATCH opcode qtype qname
    160 ADJUST copy_id
    161 REPLY QR NOERROR
    162 SECTION QUESTION
    163 foo.example.com. IN A
    164 SECTION ANSWER
    165 foo.example.com. IN A	10.20.30.40
    166 SECTION AUTHORITY
    167 example.com.	IN NS	ns.example.com.
    168 SECTION ADDITIONAL
    169 ns.example.com.		IN 	A	1.2.3.4
    170 ENTRY_END
    171 
    172 ENTRY_BEGIN
    173 MATCH opcode qtype qname
    174 ADJUST copy_id
    175 REPLY QR NOERROR
    176 SECTION QUESTION
    177 toss.example.com. IN A
    178 SECTION ANSWER
    179 toss.example.com. IN A	10.20.30.40
    180 toss.example.com. IN A	1.2.3.4
    181 toss.example.com. IN A	10.20.30.41
    182 SECTION AUTHORITY
    183 example.com.	IN NS	ns.example.com.
    184 SECTION ADDITIONAL
    185 ns.example.com.		IN 	A	1.2.3.4
    186 ENTRY_END
    187 RANGE_END
    188 
    189 ; public address is not scrubbed
    190 STEP 1 QUERY
    191 ENTRY_BEGIN
    192 REPLY RD
    193 SECTION QUESTION
    194 www.example.com. IN A
    195 ENTRY_END
    196 
    197 ; recursion happens here.
    198 STEP 2 CHECK_ANSWER
    199 ENTRY_BEGIN
    200 MATCH all
    201 REPLY QR RD RA NOERROR
    202 SECTION QUESTION
    203 www.example.com. IN A
    204 SECTION ANSWER
    205 www.example.com. IN A	192.20.30.40
    206 SECTION AUTHORITY
    207 example.com.	IN NS	ns.example.com.
    208 SECTION ADDITIONAL
    209 ns.example.com.		IN 	A	1.2.3.4
    210 ENTRY_END
    211 
    212 ; IPv4 address is scrubbed
    213 STEP 3 QUERY
    214 ENTRY_BEGIN
    215 REPLY RD
    216 SECTION QUESTION
    217 foo.example.com. IN A
    218 ENTRY_END
    219 
    220 ; recursion happens here.
    221 STEP 10 CHECK_ANSWER
    222 ENTRY_BEGIN
    223 MATCH all
    224 REPLY QR RD RA SERVFAIL
    225 SECTION QUESTION
    226 foo.example.com. IN A
    227 SECTION ANSWER
    228 ; scrubbed away
    229 ;foo.example.com. IN A	10.20.30.40
    230 ENTRY_END
    231 
    232 ; IPv6 address is scrubbed
    233 STEP 20 QUERY
    234 ENTRY_BEGIN
    235 REPLY RD
    236 SECTION QUESTION
    237 mail.example.com. IN AAAA
    238 ENTRY_END
    239 
    240 STEP 30 CHECK_ANSWER
    241 ENTRY_BEGIN
    242 MATCH all
    243 REPLY QR RD RA SERVFAIL
    244 SECTION QUESTION
    245 mail.example.com. IN AAAA
    246 SECTION ANSWER
    247 ENTRY_END
    248 
    249 ; allowed domain is not scrubbed.
    250 STEP 40 QUERY
    251 ENTRY_BEGIN
    252 REPLY RD
    253 SECTION QUESTION
    254 mail.example.net. IN A
    255 ENTRY_END
    256 
    257 STEP 50 CHECK_ANSWER
    258 ENTRY_BEGIN
    259 MATCH all
    260 REPLY QR RD RA NOERROR
    261 SECTION QUESTION
    262 mail.example.net. IN A
    263 SECTION ANSWER
    264 mail.example.net. IN A 10.20.30.40
    265 ENTRY_END
    266 
    267 ; rest of RRset intact, only 10/8 tossed away.
    268 STEP 60 QUERY
    269 ENTRY_BEGIN
    270 REPLY RD
    271 SECTION QUESTION
    272 toss.example.com. IN A
    273 ENTRY_END
    274 
    275 STEP 70 CHECK_ANSWER
    276 ENTRY_BEGIN
    277 MATCH all
    278 REPLY QR RD RA NOERROR
    279 SECTION QUESTION
    280 toss.example.com. IN A
    281 SECTION ANSWER
    282 ; toss.example.com. IN A	10.20.30.40
    283 toss.example.com. IN A	1.2.3.4
    284 SECTION AUTHORITY
    285 example.com.	IN NS	ns.example.com.
    286 SECTION ADDITIONAL
    287 ns.example.com.		IN 	A	1.2.3.4
    288 ENTRY_END
    289 
    290 SCENARIO_END
    291