1 ; config options 2 server: 3 target-fetch-policy: "0 0 0 0 0" 4 qname-minimisation: no 5 minimal-responses: yes 6 ; respip is before dns64 in the module list. 7 module-config: "respip dns64 validator iterator" 8 dns64-prefix: 64:ff9b::0/96 9 response-ip: 10.20.30.42/32 always_refuse 10 response-ip: 10.20.30.43/32 redirect 11 response-ip-data: 10.20.30.43/32 "A 4.5.6.3" 12 response-ip: 5.6.7.9/32 redirect 13 response-ip-data: 5.6.7.9/32 "A 4.5.6.7" 14 response-ip: 5.6.7.10/32 always_nxdomain 15 response-ip: 64:ff9b::506:70B/128 redirect 16 response-ip-data: 64:ff9b::506:70B/128 "AAAA 2001:db8::4" 17 18 rpz: 19 name: "rpz.example.com." 20 rpz-log: yes 21 zonefile: 22 TEMPFILE_NAME rpz.example.com 23 TEMPFILE_CONTENTS rpz.example.com 24 $ORIGIN example.com. 25 rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 26 1379078166 28800 7200 604800 7200 ) 27 3600 IN NS ns1.rpz.example.com. 28 3600 IN NS ns2.rpz.example.com. 29 $ORIGIN rpz.example.com. 30 32.44.30.20.10.rpz-ip CNAME . 31 32.12.7.6.5.rpz-ip CNAME . 32 32.13.7.6.5.rpz-ip A 4.5.6.13 33 32.14.7.6.5.rpz-ip CNAME alias.example.com. 34 TEMPFILE_END 35 36 stub-zone: 37 name: "." 38 stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. 39 CONFIG_END 40 41 SCENARIO_BEGIN Test respip and dns64 lookup. 42 43 ; K.ROOT-SERVERS.NET. 44 RANGE_BEGIN 0 1000 45 ADDRESS 193.0.14.129 46 ENTRY_BEGIN 47 MATCH opcode qtype qname 48 ADJUST copy_id 49 REPLY QR NOERROR 50 SECTION QUESTION 51 . IN NS 52 SECTION ANSWER 53 . IN NS K.ROOT-SERVERS.NET. 54 SECTION ADDITIONAL 55 K.ROOT-SERVERS.NET. IN A 193.0.14.129 56 ENTRY_END 57 58 ENTRY_BEGIN 59 MATCH opcode subdomain 60 ADJUST copy_id copy_query 61 REPLY QR NOERROR 62 SECTION QUESTION 63 com. IN NS 64 SECTION AUTHORITY 65 com. IN NS a.gtld-servers.net. 66 SECTION ADDITIONAL 67 a.gtld-servers.net. IN A 192.5.6.30 68 ENTRY_END 69 RANGE_END 70 71 ; a.gtld-servers.net. 72 RANGE_BEGIN 0 1000 73 ADDRESS 192.5.6.30 74 ENTRY_BEGIN 75 MATCH opcode qtype qname 76 ADJUST copy_id 77 REPLY QR NOERROR 78 SECTION QUESTION 79 com. IN NS 80 SECTION ANSWER 81 com. IN NS a.gtld-servers.net. 82 SECTION ADDITIONAL 83 a.gtld-servers.net. IN A 192.5.6.30 84 ENTRY_END 85 86 ENTRY_BEGIN 87 MATCH opcode subdomain 88 ADJUST copy_id copy_query 89 REPLY QR NOERROR 90 SECTION QUESTION 91 example.com. IN NS 92 SECTION AUTHORITY 93 example.com. IN NS ns.example.com. 94 SECTION ADDITIONAL 95 ns.example.com. IN A 1.2.3.4 96 ENTRY_END 97 RANGE_END 98 99 ; ns.example.com. 100 RANGE_BEGIN 0 1000 101 ADDRESS 1.2.3.4 102 ENTRY_BEGIN 103 MATCH opcode qtype qname 104 ADJUST copy_id 105 REPLY QR NOERROR 106 SECTION QUESTION 107 example.com. IN NS 108 SECTION ANSWER 109 example.com. IN NS ns.example.com. 110 SECTION ADDITIONAL 111 ns.example.com. IN A 1.2.3.4 112 ENTRY_END 113 114 ENTRY_BEGIN 115 MATCH opcode qtype qname 116 ADJUST copy_id 117 REPLY QR NOERROR 118 SECTION QUESTION 119 www.example.com. IN A 120 SECTION ANSWER 121 www.example.com. IN A 10.20.30.40 122 ENTRY_END 123 124 ENTRY_BEGIN 125 MATCH opcode qtype qname 126 ADJUST copy_id 127 REPLY QR NOERROR 128 SECTION QUESTION 129 www2.example.com. IN A 130 SECTION ANSWER 131 www2.example.com. IN A 10.20.30.42 132 ENTRY_END 133 134 ENTRY_BEGIN 135 MATCH opcode qtype qname 136 ADJUST copy_id 137 REPLY QR NOERROR 138 SECTION QUESTION 139 www3.example.com. IN A 140 SECTION ANSWER 141 www3.example.com. IN A 10.20.30.43 142 ENTRY_END 143 144 ENTRY_BEGIN 145 MATCH opcode qtype qname 146 ADJUST copy_id 147 REPLY QR NOERROR 148 SECTION QUESTION 149 www4.example.com. IN A 150 SECTION ANSWER 151 www4.example.com. IN A 10.20.30.44 152 ENTRY_END 153 154 ENTRY_BEGIN 155 MATCH opcode qtype qname 156 ADJUST copy_id 157 REPLY QR NOERROR 158 SECTION QUESTION 159 ip4.example.com. IN AAAA 160 SECTION ANSWER 161 ; NO AAAA present 162 SECTION AUTHORITY 163 example.com. IN SOA a. b. 1 2 3 4 5 164 ENTRY_END 165 166 ENTRY_BEGIN 167 MATCH opcode qtype qname 168 ADJUST copy_id 169 REPLY QR NOERROR 170 SECTION QUESTION 171 ip4.example.com. IN A 172 SECTION ANSWER 173 ip4.example.com. IN A 5.6.7.8 174 ENTRY_END 175 176 ENTRY_BEGIN 177 MATCH opcode qtype qname 178 ADJUST copy_id 179 REPLY QR NOERROR 180 SECTION QUESTION 181 ip4-2.example.com. IN AAAA 182 SECTION ANSWER 183 ; NO AAAA present 184 SECTION AUTHORITY 185 example.com. IN SOA a. b. 1 2 3 4 5 186 ENTRY_END 187 188 ENTRY_BEGIN 189 MATCH opcode qtype qname 190 ADJUST copy_id 191 REPLY QR NOERROR 192 SECTION QUESTION 193 ip4-2.example.com. IN A 194 SECTION ANSWER 195 ip4-2.example.com. IN A 5.6.7.9 196 ENTRY_END 197 198 ENTRY_BEGIN 199 MATCH opcode qtype qname 200 ADJUST copy_id 201 REPLY QR NOERROR 202 SECTION QUESTION 203 ip4-3.example.com. IN AAAA 204 SECTION ANSWER 205 ; NO AAAA present 206 SECTION AUTHORITY 207 example.com. IN SOA a. b. 1 2 3 4 5 208 ENTRY_END 209 210 ENTRY_BEGIN 211 MATCH opcode qtype qname 212 ADJUST copy_id 213 REPLY QR NOERROR 214 SECTION QUESTION 215 ip4-3.example.com. IN A 216 SECTION ANSWER 217 ip4-3.example.com. IN A 5.6.7.10 218 ENTRY_END 219 220 ENTRY_BEGIN 221 MATCH opcode qtype qname 222 ADJUST copy_id 223 REPLY QR NOERROR 224 SECTION QUESTION 225 ip4-4.example.com. IN AAAA 226 SECTION ANSWER 227 ; NO AAAA present 228 SECTION AUTHORITY 229 example.com. IN SOA a. b. 1 2 3 4 5 230 ENTRY_END 231 232 ENTRY_BEGIN 233 MATCH opcode qtype qname 234 ADJUST copy_id 235 REPLY QR NOERROR 236 SECTION QUESTION 237 ip4-4.example.com. IN A 238 SECTION ANSWER 239 ip4-4.example.com. IN A 5.6.7.11 240 ENTRY_END 241 242 ENTRY_BEGIN 243 MATCH opcode qtype qname 244 ADJUST copy_id 245 REPLY QR NOERROR 246 SECTION QUESTION 247 ip4-5.example.com. IN AAAA 248 SECTION ANSWER 249 ; NO AAAA present 250 SECTION AUTHORITY 251 example.com. IN SOA a. b. 1 2 3 4 5 252 ENTRY_END 253 254 ENTRY_BEGIN 255 MATCH opcode qtype qname 256 ADJUST copy_id 257 REPLY QR NOERROR 258 SECTION QUESTION 259 ip4-5.example.com. IN A 260 SECTION ANSWER 261 ip4-5.example.com. IN A 5.6.7.12 262 ENTRY_END 263 264 ENTRY_BEGIN 265 MATCH opcode qtype qname 266 ADJUST copy_id 267 REPLY QR NOERROR 268 SECTION QUESTION 269 ip4-6.example.com. IN AAAA 270 SECTION ANSWER 271 ; NO AAAA present 272 SECTION AUTHORITY 273 example.com. IN SOA a. b. 1 2 3 4 5 274 ENTRY_END 275 276 ENTRY_BEGIN 277 MATCH opcode qtype qname 278 ADJUST copy_id 279 REPLY QR NOERROR 280 SECTION QUESTION 281 ip4-6.example.com. IN A 282 SECTION ANSWER 283 ip4-6.example.com. IN A 5.6.7.13 284 ENTRY_END 285 286 ENTRY_BEGIN 287 MATCH opcode qtype qname 288 ADJUST copy_id 289 REPLY QR NOERROR 290 SECTION QUESTION 291 ip4-7.example.com. IN AAAA 292 SECTION ANSWER 293 ; NO AAAA present 294 SECTION AUTHORITY 295 example.com. IN SOA a. b. 1 2 3 4 5 296 ENTRY_END 297 298 ENTRY_BEGIN 299 MATCH opcode qtype qname 300 ADJUST copy_id 301 REPLY QR NOERROR 302 SECTION QUESTION 303 ip4-7.example.com. IN A 304 SECTION ANSWER 305 ip4-7.example.com. IN A 5.6.7.14 306 ENTRY_END 307 308 ENTRY_BEGIN 309 MATCH opcode qtype qname 310 ADJUST copy_id 311 REPLY QR NOERROR 312 SECTION QUESTION 313 alias.example.com. IN A 314 SECTION ANSWER 315 alias.example.com. IN A 4.5.6.14 316 ENTRY_END 317 RANGE_END 318 319 STEP 1 QUERY 320 ENTRY_BEGIN 321 REPLY RD 322 SECTION QUESTION 323 www.example.com. IN A 324 ENTRY_END 325 326 ; The query is unaltered. 327 STEP 10 CHECK_ANSWER 328 ENTRY_BEGIN 329 MATCH all 330 REPLY QR RD RA NOERROR 331 SECTION QUESTION 332 www.example.com. IN A 333 SECTION ANSWER 334 www.example.com. IN A 10.20.30.40 335 ENTRY_END 336 337 STEP 20 QUERY 338 ENTRY_BEGIN 339 REPLY RD 340 SECTION QUESTION 341 www2.example.com. IN A 342 ENTRY_END 343 344 ; The query is altered by respip, A query refused. 345 STEP 30 CHECK_ANSWER 346 ENTRY_BEGIN 347 MATCH all 348 REPLY QR RD RA REFUSED 349 SECTION QUESTION 350 www2.example.com. IN A 351 SECTION ANSWER 352 ENTRY_END 353 354 STEP 40 QUERY 355 ENTRY_BEGIN 356 REPLY RD 357 SECTION QUESTION 358 www3.example.com. IN A 359 ENTRY_END 360 361 ; The query is altered by respip, with redirect. 362 STEP 50 CHECK_ANSWER 363 ENTRY_BEGIN 364 MATCH all 365 REPLY QR RD RA NOERROR 366 SECTION QUESTION 367 www3.example.com. IN A 368 SECTION ANSWER 369 www3.example.com. IN A 4.5.6.3 370 ENTRY_END 371 372 STEP 60 QUERY 373 ENTRY_BEGIN 374 REPLY RD 375 SECTION QUESTION 376 ip4.example.com. IN AAAA 377 ENTRY_END 378 379 ; synthesize from A record 5.6.7.8 with DNS64. 380 STEP 70 CHECK_ANSWER 381 ENTRY_BEGIN 382 MATCH all 383 REPLY QR RD RA NOERROR 384 SECTION QUESTION 385 ip4.example.com. IN AAAA 386 SECTION ANSWER 387 ip4.example.com. IN AAAA 64:ff9b::506:708 388 ENTRY_END 389 390 STEP 80 QUERY 391 ENTRY_BEGIN 392 REPLY RD 393 SECTION QUESTION 394 ip4-2.example.com. IN AAAA 395 ENTRY_END 396 397 ; The dns64 subquery is altered by respip, with redirect. 398 ; and the respip result is dns64 synthesized. 399 STEP 90 CHECK_ANSWER 400 ENTRY_BEGIN 401 MATCH all 402 REPLY QR RD RA NOERROR 403 SECTION QUESTION 404 ip4-2.example.com. IN AAAA 405 SECTION ANSWER 406 ip4-2.example.com. IN AAAA 64:ff9b::405:607 407 ENTRY_END 408 409 STEP 100 QUERY 410 ENTRY_BEGIN 411 REPLY RD 412 SECTION QUESTION 413 ip4-3.example.com. IN AAAA 414 ENTRY_END 415 416 ; The dns64 subquery is altered by respip, with nxdomain. 417 ; and the respip result is dns64 synthesized. 418 STEP 110 CHECK_ANSWER 419 ENTRY_BEGIN 420 MATCH all 421 REPLY QR RD RA NOERROR 422 SECTION QUESTION 423 ip4-3.example.com. IN AAAA 424 SECTION ANSWER 425 SECTION AUTHORITY 426 example.com. IN SOA a. b. 1 2 3 4 5 427 ENTRY_END 428 429 STEP 120 QUERY 430 ENTRY_BEGIN 431 REPLY RD 432 SECTION QUESTION 433 ip4-4.example.com. IN AAAA 434 ENTRY_END 435 436 ; The dns64 subquery is synthesized, respip operates on the 437 ; synthesized AAAA result, and makes a redirect. 438 STEP 130 CHECK_ANSWER 439 ENTRY_BEGIN 440 MATCH all 441 REPLY QR RD RA NOERROR 442 SECTION QUESTION 443 ip4-4.example.com. IN AAAA 444 SECTION ANSWER 445 ip4-4.example.com. IN AAAA 2001:db8::4 446 ENTRY_END 447 448 STEP 140 QUERY 449 ENTRY_BEGIN 450 REPLY RD 451 SECTION QUESTION 452 www4.example.com. IN A 453 ENTRY_END 454 455 ; The query is blocked by rpz. 456 STEP 150 CHECK_ANSWER 457 ENTRY_BEGIN 458 MATCH all 459 REPLY QR RD RA NXDOMAIN 460 SECTION QUESTION 461 www4.example.com. IN A 462 SECTION ANSWER 463 ENTRY_END 464 465 STEP 160 QUERY 466 ENTRY_BEGIN 467 REPLY RD 468 SECTION QUESTION 469 ip4-5.example.com. IN AAAA 470 ENTRY_END 471 472 ; The dns64 subquery is blocked by RPZ. 473 STEP 170 CHECK_ANSWER 474 ENTRY_BEGIN 475 MATCH all 476 REPLY QR RD RA NOERROR 477 SECTION QUESTION 478 ip4-5.example.com. IN AAAA 479 SECTION ANSWER 480 SECTION AUTHORITY 481 example.com. IN SOA a. b. 1 2 3 4 5 482 ENTRY_END 483 484 STEP 180 QUERY 485 ENTRY_BEGIN 486 REPLY RD 487 SECTION QUESTION 488 ip4-6.example.com. IN AAAA 489 ENTRY_END 490 491 ; The dns64 subquery is redirected by RPZ. 492 STEP 190 CHECK_ANSWER 493 ENTRY_BEGIN 494 MATCH all 495 REPLY QR RD RA NOERROR 496 SECTION QUESTION 497 ip4-6.example.com. IN AAAA 498 SECTION ANSWER 499 ip4-6.example.com. AAAA 64:ff9b::405:60d 500 ENTRY_END 501 502 STEP 200 QUERY 503 ENTRY_BEGIN 504 REPLY RD 505 SECTION QUESTION 506 ip4-7.example.com. IN AAAA 507 ENTRY_END 508 509 ; The dns64 subquery is a CNAME by RPZ. 510 ; that CNAME resolves to an A record, dns64 synthesizes that A record. 511 STEP 210 CHECK_ANSWER 512 ENTRY_BEGIN 513 MATCH all 514 REPLY QR RD RA NOERROR 515 SECTION QUESTION 516 ip4-7.example.com. IN AAAA 517 SECTION ANSWER 518 ip4-7.example.com. CNAME alias.example.com. 519 alias.example.com. AAAA 64:ff9b::405:60e 520 ENTRY_END 521 522 SCENARIO_END 523
Indexes created Mon Jun 01 00:24:59 UTC 2026