Home | History | Annotate | Line # | Download | only in testdata
iter_privaddr.rpl revision 1.1.1.3.10.1 
      1 ; config options
      2 server:
      3 	target-fetch-policy: "0 0 0 0 0"
      4 	qname-minimisation: "no"
      5 	minimal-responses: no
      6 
      7 	private-address: 10.0.0.0/8
      8 	private-address: 172.16.0.0/12
      9 	private-address: 192.168.0.0/16
     10 	private-address: 169.254.0.0/16
     11 	private-address: fd00::/8
     12 	private-address: fe80::/10
     13 
     14 	private-domain: "example.net"
     15 
     16 stub-zone:
     17 	name: "."
     18 	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
     19 
     20 CONFIG_END
     21 
     22 SCENARIO_BEGIN Test iterator scrubber with private addresses.
     23 
     24 ; K.ROOT-SERVERS.NET.
     25 RANGE_BEGIN 0 100
     26 	ADDRESS 193.0.14.129 
     27 ENTRY_BEGIN
     28 MATCH opcode qtype qname
     29 ADJUST copy_id
     30 REPLY QR NOERROR
     31 SECTION QUESTION
     32 . IN NS
     33 SECTION ANSWER
     34 . IN NS	K.ROOT-SERVERS.NET.
     35 SECTION ADDITIONAL
     36 K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
     37 ENTRY_END
     38 
     39 ENTRY_BEGIN
     40 MATCH opcode subdomain
     41 ADJUST copy_id copy_query
     42 REPLY QR NOERROR
     43 SECTION QUESTION
     44 com. IN A
     45 SECTION AUTHORITY
     46 com.	IN NS	a.gtld-servers.net.
     47 SECTION ADDITIONAL
     48 a.gtld-servers.net.	IN 	A	192.5.6.30
     49 ENTRY_END
     50 
     51 ; root server authoritative for example.net too.
     52 ENTRY_BEGIN
     53 MATCH opcode qtype qname
     54 ADJUST copy_id
     55 REPLY QR NOERROR
     56 SECTION QUESTION
     57 mail.example.net. IN A
     58 SECTION ANSWER
     59 mail.example.net. IN A 10.20.30.40
     60 ENTRY_END
     61 RANGE_END
     62 
     63 ; a.gtld-servers.net.
     64 RANGE_BEGIN 0 100
     65 	ADDRESS 192.5.6.30
     66 ENTRY_BEGIN
     67 MATCH opcode qtype qname
     68 ADJUST copy_id
     69 REPLY QR NOERROR
     70 SECTION QUESTION
     71 com. IN NS
     72 SECTION ANSWER
     73 com.	IN NS	a.gtld-servers.net.
     74 SECTION ADDITIONAL
     75 a.gtld-servers.net.	IN 	A	192.5.6.30
     76 ENTRY_END
     77 
     78 ENTRY_BEGIN
     79 MATCH opcode subdomain
     80 ADJUST copy_id copy_query
     81 REPLY QR NOERROR
     82 SECTION QUESTION
     83 example.com. IN A
     84 SECTION AUTHORITY
     85 example.com.	IN NS	ns.example.com.
     86 SECTION ADDITIONAL
     87 ns.example.com.		IN 	A	1.2.3.4
     88 ENTRY_END
     89 RANGE_END
     90 
     91 ; ns.example.com.
     92 RANGE_BEGIN 0 100
     93 	ADDRESS 1.2.3.4
     94 ENTRY_BEGIN
     95 MATCH opcode qtype qname
     96 ADJUST copy_id
     97 REPLY QR NOERROR
     98 SECTION QUESTION
     99 example.com. IN NS
    100 SECTION ANSWER
    101 example.com.	IN NS	ns.example.com.
    102 SECTION ADDITIONAL
    103 ns.example.com.		IN 	A	1.2.3.4
    104 ENTRY_END
    105 
    106 ENTRY_BEGIN
    107 MATCH opcode qtype qname
    108 ADJUST copy_id
    109 REPLY QR NOERROR
    110 SECTION QUESTION
    111 ns.example.com. IN A
    112 SECTION ANSWER
    113 ns.example.com.		IN 	A	1.2.3.4
    114 SECTION AUTHORITY
    115 example.com.	IN NS	ns.example.com.
    116 ENTRY_END
    117 
    118 ENTRY_BEGIN
    119 MATCH opcode qtype qname
    120 ADJUST copy_id
    121 REPLY QR NOERROR
    122 SECTION QUESTION
    123 ns.example.com. IN AAAA
    124 SECTION ANSWER
    125 SECTION AUTHORITY
    126 example.com. IN SOA ns.example.com. root.example.com. 4 14400 3600 604800 3600
    127 ENTRY_END
    128 
    129 ENTRY_BEGIN
    130 MATCH opcode qtype qname
    131 ADJUST copy_id
    132 REPLY QR NOERROR
    133 SECTION QUESTION
    134 www.example.com. IN A
    135 SECTION ANSWER
    136 www.example.com. IN A	192.20.30.40
    137 SECTION AUTHORITY
    138 example.com.	IN NS	ns.example.com.
    139 SECTION ADDITIONAL
    140 ns.example.com.		IN 	A	1.2.3.4
    141 ENTRY_END
    142 
    143 ENTRY_BEGIN
    144 MATCH opcode qtype qname
    145 ADJUST copy_id
    146 REPLY QR NOERROR
    147 SECTION QUESTION
    148 mail.example.com. IN AAAA
    149 SECTION ANSWER
    150 mail.example.com. IN AAAA fe80::15
    151 SECTION AUTHORITY
    152 example.com.	IN NS	ns.example.com.
    153 SECTION ADDITIONAL
    154 ns.example.com.		IN 	A	1.2.3.4
    155 ENTRY_END
    156 
    157 ENTRY_BEGIN
    158 MATCH opcode qtype qname
    159 ADJUST copy_id
    160 REPLY QR NOERROR
    161 SECTION QUESTION
    162 foo.example.com. IN A
    163 SECTION ANSWER
    164 foo.example.com. IN A	10.20.30.40
    165 SECTION AUTHORITY
    166 example.com.	IN NS	ns.example.com.
    167 SECTION ADDITIONAL
    168 ns.example.com.		IN 	A	1.2.3.4
    169 ENTRY_END
    170 
    171 ENTRY_BEGIN
    172 MATCH opcode qtype qname
    173 ADJUST copy_id
    174 REPLY QR NOERROR
    175 SECTION QUESTION
    176 toss.example.com. IN A
    177 SECTION ANSWER
    178 toss.example.com. IN A	10.20.30.40
    179 toss.example.com. IN A	1.2.3.4
    180 toss.example.com. IN A	10.20.30.41
    181 SECTION AUTHORITY
    182 example.com.	IN NS	ns.example.com.
    183 SECTION ADDITIONAL
    184 ns.example.com.		IN 	A	1.2.3.4
    185 ENTRY_END
    186 RANGE_END
    187 
    188 ; public address is not scrubbed
    189 STEP 1 QUERY
    190 ENTRY_BEGIN
    191 REPLY RD
    192 SECTION QUESTION
    193 www.example.com. IN A
    194 ENTRY_END
    195 
    196 ; recursion happens here.
    197 STEP 2 CHECK_ANSWER
    198 ENTRY_BEGIN
    199 MATCH all
    200 REPLY QR RD RA NOERROR
    201 SECTION QUESTION
    202 www.example.com. IN A
    203 SECTION ANSWER
    204 www.example.com. IN A	192.20.30.40
    205 SECTION AUTHORITY
    206 example.com.	IN NS	ns.example.com.
    207 SECTION ADDITIONAL
    208 ns.example.com.		IN 	A	1.2.3.4
    209 ENTRY_END
    210 
    211 ; IPv4 address is scrubbed
    212 STEP 3 QUERY
    213 ENTRY_BEGIN
    214 REPLY RD
    215 SECTION QUESTION
    216 foo.example.com. IN A
    217 ENTRY_END
    218 
    219 ; recursion happens here.
    220 STEP 10 CHECK_ANSWER
    221 ENTRY_BEGIN
    222 MATCH all
    223 REPLY QR RD RA SERVFAIL
    224 SECTION QUESTION
    225 foo.example.com. IN A
    226 SECTION ANSWER
    227 ; scrubbed away
    228 ;foo.example.com. IN A	10.20.30.40
    229 ENTRY_END
    230 
    231 ; IPv6 address is scrubbed
    232 STEP 20 QUERY
    233 ENTRY_BEGIN
    234 REPLY RD
    235 SECTION QUESTION
    236 mail.example.com. IN AAAA
    237 ENTRY_END
    238 
    239 STEP 30 CHECK_ANSWER
    240 ENTRY_BEGIN
    241 MATCH all
    242 REPLY QR RD RA SERVFAIL
    243 SECTION QUESTION
    244 mail.example.com. IN AAAA
    245 SECTION ANSWER
    246 ENTRY_END
    247 
    248 ; allowed domain is not scrubbed.
    249 STEP 40 QUERY
    250 ENTRY_BEGIN
    251 REPLY RD
    252 SECTION QUESTION
    253 mail.example.net. IN A
    254 ENTRY_END
    255 
    256 STEP 50 CHECK_ANSWER
    257 ENTRY_BEGIN
    258 MATCH all
    259 REPLY QR RD RA NOERROR
    260 SECTION QUESTION
    261 mail.example.net. IN A
    262 SECTION ANSWER
    263 mail.example.net. IN A 10.20.30.40
    264 ENTRY_END
    265 
    266 ; rest of RRset intact, only 10/8 tossed away.
    267 STEP 60 QUERY
    268 ENTRY_BEGIN
    269 REPLY RD
    270 SECTION QUESTION
    271 toss.example.com. IN A
    272 ENTRY_END
    273 
    274 STEP 70 CHECK_ANSWER
    275 ENTRY_BEGIN
    276 MATCH all
    277 REPLY QR RD RA NOERROR
    278 SECTION QUESTION
    279 toss.example.com. IN A
    280 SECTION ANSWER
    281 ; toss.example.com. IN A	10.20.30.40
    282 toss.example.com. IN A	1.2.3.4
    283 SECTION AUTHORITY
    284 example.com.	IN NS	ns.example.com.
    285 SECTION ADDITIONAL
    286 ns.example.com.		IN 	A	1.2.3.4
    287 ENTRY_END
    288 
    289 SCENARIO_END
    290