1 ; config options 2 server: 3 module-config: "respip validator iterator" 4 target-fetch-policy: "0 0 0 0 0" 5 qname-minimisation: no 6 rrset-roundrobin: no 7 access-control: 192.0.0.0/8 allow 8 9 rpz: 10 name: "rpz.example.com." 11 master: 10.20.30.40 12 zonefile: 13 TEMPFILE_NAME rpz.example.com 14 TEMPFILE_CONTENTS rpz.example.com 15 rpz.example.com. 3600 IN SOA ns.rpz.example.com. hostmaster.rpz.example.com. 1 3600 900 86400 3600 16 rpz.example.com. 3600 IN NS ns.rpz.example.net. 17 a.rpz.example.com. IN CNAME *. 18 c.rpz.example.com. IN TXT "hello from initial RPZ" 19 c.rpz.example.com. IN TXT "another hello from initial RPZ" 20 c.rpz.example.com. IN TXT "yet another hello from initial RPZ" 21 d.rpz.example.com. IN CNAME . 22 32.1.123.0.10.rpz-ip.rpz.example.com. CNAME *. 23 32.3.123.0.10.rpz-ip.rpz.example.com. A 10.66.0.3 24 32.3.123.0.10.rpz-ip.rpz.example.com. A 10.66.0.4 25 32.4.123.0.10.rpz-ip.rpz.example.com. CNAME . 26 ; also test client-ip, and remove it later with an IXFR. 27 24.0.5.0.192.rpz-client-ip A 127.0.0.5 28 24.0.6.0.192.rpz-client-ip CNAME *. 29 32.41.30.20.10.rpz-nsip A 127.0.0.1 30 ns.gotham.com.rpz-nsdname A 127.0.0.1 31 TEMPFILE_END 32 33 stub-zone: 34 name: "." 35 stub-addr: 10.20.30.40 36 37 CONFIG_END 38 39 SCENARIO_BEGIN Test RPZ QNAME trigger, loaded using IXFR 40 41 RANGE_BEGIN 0 100 42 ADDRESS 10.20.30.40 43 44 ENTRY_BEGIN 45 MATCH opcode qname qtype 46 ADJUST copy_id 47 REPLY QR NOERROR AA 48 SECTION QUESTION 49 . IN NS 50 SECTION ANSWER 51 . IN NS ns. 52 SECTION ADDITIONAL 53 ns. IN NS 10.20.30.40 54 ENTRY_END 55 56 ENTRY_BEGIN 57 MATCH opcode qname qtype 58 ADJUST copy_id 59 REPLY QR NOERROR AA 60 SECTION QUESTION 61 b. IN TXT 62 SECTION ANSWER 63 b. TXT "hello from upstream" 64 ENTRY_END 65 66 ENTRY_BEGIN 67 MATCH opcode qname qtype 68 ADJUST copy_id 69 REPLY QR NOERROR AA 70 SECTION QUESTION 71 d. IN TXT 72 SECTION ANSWER 73 d. TXT "hello from upstream" 74 ENTRY_END 75 76 ENTRY_BEGIN 77 MATCH opcode qname qtype 78 ADJUST copy_id 79 REPLY QR NOERROR AA 80 SECTION QUESTION 81 a.rpz-ip. IN A 82 SECTION ANSWER 83 a.rpz-ip. IN A 10.0.123.1 84 ENTRY_END 85 86 ENTRY_BEGIN 87 MATCH opcode qname qtype 88 ADJUST copy_id 89 REPLY QR NOERROR AA 90 SECTION QUESTION 91 c.rpz-ip. IN A 92 SECTION ANSWER 93 c.rpz-ip. IN A 10.0.123.3 94 ENTRY_END 95 96 ENTRY_BEGIN 97 MATCH opcode qname qtype 98 ADJUST copy_id 99 REPLY QR NOERROR AA 100 SECTION QUESTION 101 d.rpz-ip. IN A 102 SECTION ANSWER 103 d.rpz-ip. IN A 10.0.123.4 104 ENTRY_END 105 106 ENTRY_BEGIN 107 MATCH opcode qname qtype 108 ADJUST copy_id 109 REPLY QR NOERROR AA 110 SECTION QUESTION 111 a.a. IN A 112 SECTION ANSWER 113 a.a. IN A 10.0.123.5 114 ENTRY_END 115 116 ENTRY_BEGIN 117 MATCH opcode subdomain 118 ADJUST copy_id copy_query 119 REPLY QR NOERROR 120 SECTION QUESTION 121 foo.com. IN NS 122 SECTION ANSWER 123 SECTION AUTHORITY 124 foo.com. 10 IN NS ns.foo.com. 125 SECTION ADDITIONAL 126 ns.foo.com. 10 IN A 10.20.30.41 127 ENTRY_END 128 129 ENTRY_BEGIN 130 MATCH opcode subdomain 131 ADJUST copy_id copy_query 132 REPLY QR NOERROR 133 SECTION QUESTION 134 gotham.com. IN NS 135 SECTION ANSWER 136 SECTION AUTHORITY 137 gotham.com. 10 IN NS ns.gotham.com. 138 SECTION ADDITIONAL 139 ns.gotham.com. 10 IN A 10.20.30.42 140 ENTRY_END 141 142 ENTRY_BEGIN 143 MATCH opcode qname qtype 144 ADJUST copy_id 145 REPLY QR AA NOERROR 146 SECTION QUESTION 147 rpz.example.com. IN SOA 148 SECTION ANSWER 149 rpz.example.com. IN SOA ns.rpz.example.com. hostmaster.rpz.example.com. 2 3600 900 86400 3600 150 ENTRY_END 151 152 ENTRY_BEGIN 153 MATCH opcode qname qtype 154 ADJUST copy_id 155 REPLY QR AA NOERROR 156 SECTION QUESTION 157 rpz.example.com. IN IXFR 158 SECTION ANSWER 159 rpz.example.com. IN SOA ns.rpz.example.com. hostmaster.rpz.example.com. 2 3600 900 86400 3600 160 rpz.example.com. IN SOA ns.rpz.example.com. hostmaster.rpz.example.com. 1 3600 900 86400 3600 161 a.rpz.example.com. IN CNAME *. 162 c.rpz.example.com. IN TXT "hello from initial RPZ" 163 c.rpz.example.com. IN TXT "another hello from initial RPZ" 164 d.rpz.example.com. IN CNAME . 165 32.1.123.0.10.rpz-ip.rpz.example.com. CNAME *. 166 32.3.123.0.10.rpz-ip.rpz.example.com. A 10.66.0.3 167 32.3.123.0.10.rpz-ip.rpz.example.com. A 10.66.0.4 168 32.4.123.0.10.rpz-ip.rpz.example.com. CNAME . 169 24.0.5.0.192.rpz-client-ip.rpz.example.com. A 127.0.0.5 170 24.0.6.0.192.rpz-client-ip.rpz.example.com. CNAME *. 171 32.41.30.20.10.rpz-nsip.rpz.example.com. A 127.0.0.1 172 ns.gotham.com.rpz-nsdname.rpz.example.com. A 127.0.0.1 173 rpz.example.com. IN SOA ns.rpz.example.com. hostmaster.rpz.example.com. 2 3600 900 86400 3600 174 b.rpz.example.com. TXT "hello from RPZ" 175 c.rpz.example.com. TXT "hello from RPZ" 176 a.rpz.example.com. CNAME . 177 32.1.123.0.10.rpz-ip.rpz.example.com. CNAME . 178 32.3.123.0.10.rpz-ip.rpz.example.com. A 10.66.0.5 179 32.3.123.0.10.rpz-ip.rpz.example.com. A 10.66.0.6 180 rpz.example.com. IN SOA ns.rpz.example.com. hostmaster.rpz.example.com. 2 3600 900 86400 3600 181 ENTRY_END 182 183 RANGE_END 184 185 ; ns.foo.com 186 RANGE_BEGIN 0 100 187 ADDRESS 10.20.30.41 188 ENTRY_BEGIN 189 MATCH opcode qname qtype 190 ADJUST copy_id 191 REPLY QR NOERROR AA 192 SECTION QUESTION 193 ns.foo.com. IN A 194 SECTION ANSWER 195 ns.foo.com. 10 IN A 10.20.30.41 196 ENTRY_END 197 198 ENTRY_BEGIN 199 MATCH opcode qname qtype 200 ADJUST copy_id 201 REPLY QR NOERROR AA 202 SECTION QUESTION 203 ns.foo.com. IN AAAA 204 SECTION ANSWER 205 SECTION AUTHORITY 206 foo.com. 10 IN SOA ns.foo.com. root.foo.com. 1 2 3 4 10 207 ENTRY_END 208 209 ENTRY_BEGIN 210 MATCH opcode qname qtype 211 ADJUST copy_id 212 REPLY QR NOERROR AA 213 SECTION QUESTION 214 www.foo.com. IN A 215 SECTION ANSWER 216 www.foo.com. 10 IN A 10.20.30.42 217 ENTRY_END 218 219 RANGE_END 220 221 ; ns.gotham.com 222 RANGE_BEGIN 0 100 223 ADDRESS 10.20.30.42 224 ENTRY_BEGIN 225 MATCH opcode qname qtype 226 ADJUST copy_id 227 REPLY QR NOERROR AA 228 SECTION QUESTION 229 ns.gotham.com. IN A 230 SECTION ANSWER 231 ns.gotham.com. 10 IN A 10.20.30.42 232 ENTRY_END 233 234 ENTRY_BEGIN 235 MATCH opcode qname qtype 236 ADJUST copy_id 237 REPLY QR NOERROR AA 238 SECTION QUESTION 239 ns.gotham.com. IN AAAA 240 SECTION ANSWER 241 SECTION AUTHORITY 242 gotham.com. 10 IN SOA ns.gotham.com. root.gotham.com. 1 2 3 4 10 243 ENTRY_END 244 245 ENTRY_BEGIN 246 MATCH opcode qname qtype 247 ADJUST copy_id 248 REPLY QR NOERROR AA 249 SECTION QUESTION 250 www.gotham.com. IN A 251 SECTION ANSWER 252 www.gotham.com. 10 IN A 10.20.30.43 253 ENTRY_END 254 255 RANGE_END 256 257 STEP 1 QUERY 258 ENTRY_BEGIN 259 REPLY RD 260 SECTION QUESTION 261 b. IN TXT 262 ENTRY_END 263 264 STEP 2 CHECK_ANSWER 265 ENTRY_BEGIN 266 MATCH all 267 REPLY QR RD RA NOERROR 268 SECTION QUESTION 269 b. IN TXT 270 SECTION ANSWER 271 b. IN TXT "hello from upstream" 272 ENTRY_END 273 274 STEP 3 QUERY 275 ENTRY_BEGIN 276 REPLY RD 277 SECTION QUESTION 278 a. IN TXT 279 ENTRY_END 280 281 STEP 4 CHECK_ANSWER 282 ENTRY_BEGIN 283 MATCH all 284 REPLY QR RD RA AA NOERROR 285 SECTION QUESTION 286 a. IN TXT 287 SECTION ANSWER 288 ENTRY_END 289 290 STEP 5 QUERY 291 ENTRY_BEGIN 292 REPLY RD 293 SECTION QUESTION 294 a.rpz-ip. IN A 295 ENTRY_END 296 297 STEP 6 CHECK_ANSWER 298 ENTRY_BEGIN 299 MATCH all 300 REPLY QR RD RA NOERROR 301 SECTION QUESTION 302 a.rpz-ip. IN A 303 SECTION ANSWER 304 ENTRY_END 305 306 STEP 7 QUERY 307 ENTRY_BEGIN 308 REPLY RD 309 SECTION QUESTION 310 c. IN TXT 311 ENTRY_END 312 313 STEP 8 CHECK_ANSWER 314 ENTRY_BEGIN 315 MATCH all 316 REPLY QR RD RA AA NOERROR 317 SECTION QUESTION 318 c. IN TXT 319 SECTION ANSWER 320 c. IN TXT "yet another hello from initial RPZ" 321 c. IN TXT "another hello from initial RPZ" 322 c. IN TXT "hello from initial RPZ" 323 ENTRY_END 324 325 STEP 9 QUERY 326 ENTRY_BEGIN 327 REPLY RD 328 SECTION QUESTION 329 c.rpz-ip. IN A 330 ENTRY_END 331 332 STEP 10 CHECK_ANSWER 333 ENTRY_BEGIN 334 MATCH all 335 REPLY QR RD RA NOERROR 336 SECTION QUESTION 337 c.rpz-ip. IN A 338 SECTION ANSWER 339 c.rpz-ip. IN A 10.66.0.4 340 c.rpz-ip. IN A 10.66.0.3 341 ENTRY_END 342 343 STEP 11 QUERY 344 ENTRY_BEGIN 345 REPLY RD 346 SECTION QUESTION 347 d. IN TXT 348 ENTRY_END 349 350 STEP 12 CHECK_ANSWER 351 ENTRY_BEGIN 352 MATCH all 353 REPLY QR RD RA AA NXDOMAIN 354 SECTION QUESTION 355 d. IN TXT 356 ENTRY_END 357 358 STEP 13 QUERY 359 ENTRY_BEGIN 360 REPLY RD 361 SECTION QUESTION 362 d.rpz-ip. IN A 363 ENTRY_END 364 365 STEP 15 CHECK_ANSWER 366 ENTRY_BEGIN 367 MATCH all 368 REPLY QR RD RA NXDOMAIN 369 SECTION QUESTION 370 d.rpz-ip. IN A 371 ENTRY_END 372 373 STEP 16 QUERY ADDRESS 192.0.5.1 374 ENTRY_BEGIN 375 REPLY RD 376 SECTION QUESTION 377 a.a. IN A 378 ENTRY_END 379 380 STEP 17 CHECK_ANSWER 381 ENTRY_BEGIN 382 MATCH all 383 REPLY QR RD RA AA NOERROR 384 SECTION QUESTION 385 a.a. IN A 386 SECTION ANSWER 387 a.a. IN A 127.0.0.5 388 ENTRY_END 389 390 STEP 18 QUERY ADDRESS 192.0.6.1 391 ENTRY_BEGIN 392 REPLY RD 393 SECTION QUESTION 394 a.a. IN A 395 ENTRY_END 396 397 STEP 19 CHECK_ANSWER 398 ENTRY_BEGIN 399 MATCH all 400 REPLY QR RD RA AA NOERROR 401 SECTION QUESTION 402 a.a. IN A 403 SECTION ANSWER 404 ENTRY_END 405 406 STEP 20 QUERY 407 ENTRY_BEGIN 408 REPLY RD 409 SECTION QUESTION 410 www.foo.com. IN A 411 ENTRY_END 412 413 STEP 21 CHECK_ANSWER 414 ENTRY_BEGIN 415 MATCH all 416 REPLY QR RD RA AA NOERROR 417 SECTION QUESTION 418 www.foo.com. IN A 419 SECTION ANSWER 420 www.foo.com. IN A 127.0.0.1 421 ENTRY_END 422 423 STEP 22 QUERY 424 ENTRY_BEGIN 425 REPLY RD 426 SECTION QUESTION 427 www.gotham.com. IN A 428 ENTRY_END 429 430 STEP 23 CHECK_ANSWER 431 ENTRY_BEGIN 432 MATCH all 433 REPLY QR RD RA AA NOERROR 434 SECTION QUESTION 435 www.gotham.com. IN A 436 SECTION ANSWER 437 www.gotham.com. IN A 127.0.0.1 438 ENTRY_END 439 440 STEP 24 TIME_PASSES ELAPSE 1 441 STEP 30 TIME_PASSES ELAPSE 3600 442 STEP 40 TRAFFIC 443 444 STEP 50 QUERY 445 ENTRY_BEGIN 446 REPLY RD 447 SECTION QUESTION 448 b. IN TXT 449 ENTRY_END 450 451 STEP 51 CHECK_ANSWER 452 ENTRY_BEGIN 453 MATCH all 454 REPLY QR RD RA AA NOERROR 455 SECTION QUESTION 456 b. IN TXT 457 SECTION ANSWER 458 b. IN TXT "hello from RPZ" 459 ENTRY_END 460 461 STEP 52 QUERY 462 ENTRY_BEGIN 463 REPLY RD 464 SECTION QUESTION 465 a. IN TXT 466 ENTRY_END 467 468 STEP 53 CHECK_ANSWER 469 ENTRY_BEGIN 470 MATCH all 471 REPLY QR RD RA AA NXDOMAIN 472 SECTION QUESTION 473 a. IN TXT 474 SECTION ANSWER 475 ENTRY_END 476 477 STEP 54 QUERY 478 ENTRY_BEGIN 479 REPLY RD 480 SECTION QUESTION 481 a.rpz-ip. IN A 482 ENTRY_END 483 484 STEP 55 CHECK_ANSWER 485 ENTRY_BEGIN 486 MATCH all 487 REPLY QR RD RA NXDOMAIN 488 SECTION QUESTION 489 a.rpz-ip. IN A 490 SECTION ANSWER 491 ENTRY_END 492 493 STEP 56 QUERY 494 ENTRY_BEGIN 495 REPLY RD 496 SECTION QUESTION 497 c. IN TXT 498 ENTRY_END 499 500 STEP 57 CHECK_ANSWER 501 ENTRY_BEGIN 502 MATCH all 503 REPLY QR RD RA AA NOERROR 504 SECTION QUESTION 505 c. IN TXT 506 SECTION ANSWER 507 c. IN TXT "hello from RPZ" 508 c. IN TXT "yet another hello from initial RPZ" 509 ENTRY_END 510 511 STEP 58 QUERY 512 ENTRY_BEGIN 513 REPLY RD 514 SECTION QUESTION 515 c.rpz-ip. IN A 516 ENTRY_END 517 518 STEP 59 CHECK_ANSWER 519 ENTRY_BEGIN 520 MATCH all 521 REPLY QR RD RA NOERROR 522 SECTION QUESTION 523 c.rpz-ip. IN A 524 SECTION ANSWER 525 c.rpz-ip. IN A 10.66.0.6 526 c.rpz-ip. IN A 10.66.0.5 527 ENTRY_END 528 529 STEP 60 QUERY 530 ENTRY_BEGIN 531 REPLY RD 532 SECTION QUESTION 533 d. IN TXT 534 ENTRY_END 535 536 STEP 61 CHECK_ANSWER 537 ENTRY_BEGIN 538 MATCH all 539 REPLY QR RD RA NOERROR 540 SECTION QUESTION 541 d. IN TXT 542 SECTION ANSWER 543 d. IN TXT "hello from upstream" 544 ENTRY_END 545 546 STEP 62 QUERY 547 ENTRY_BEGIN 548 REPLY RD 549 SECTION QUESTION 550 d.rpz-ip. IN A 551 ENTRY_END 552 553 STEP 63 CHECK_ANSWER 554 ENTRY_BEGIN 555 MATCH all 556 REPLY QR RD RA NOERROR 557 SECTION QUESTION 558 d.rpz-ip. IN A 559 SECTION ANSWER 560 d.rpz-ip. IN A 10.0.123.4 561 ENTRY_END 562 563 STEP 64 QUERY ADDRESS 192.0.5.1 564 ENTRY_BEGIN 565 REPLY RD 566 SECTION QUESTION 567 a.a. IN A 568 ENTRY_END 569 570 STEP 65 CHECK_ANSWER 571 ENTRY_BEGIN 572 MATCH all 573 REPLY QR RD RA NOERROR 574 SECTION QUESTION 575 a.a. IN A 576 SECTION ANSWER 577 a.a. IN A 10.0.123.5 578 ENTRY_END 579 580 STEP 66 QUERY ADDRESS 192.0.6.1 581 ENTRY_BEGIN 582 REPLY RD 583 SECTION QUESTION 584 a.a. IN A 585 ENTRY_END 586 587 STEP 67 CHECK_ANSWER 588 ENTRY_BEGIN 589 MATCH all 590 REPLY QR RD RA NOERROR 591 SECTION QUESTION 592 a.a. IN A 593 SECTION ANSWER 594 a.a. IN A 10.0.123.5 595 ENTRY_END 596 597 STEP 68 QUERY 598 ENTRY_BEGIN 599 REPLY RD 600 SECTION QUESTION 601 www.foo.com. IN A 602 ENTRY_END 603 604 STEP 69 CHECK_ANSWER 605 ENTRY_BEGIN 606 MATCH all 607 REPLY QR RD RA NOERROR 608 SECTION QUESTION 609 www.foo.com. IN A 610 SECTION ANSWER 611 www.foo.com. 10 IN A 10.20.30.42 612 ENTRY_END 613 614 STEP 70 QUERY 615 ENTRY_BEGIN 616 REPLY RD 617 SECTION QUESTION 618 www.gotham.com. IN A 619 ENTRY_END 620 621 STEP 71 CHECK_ANSWER 622 ENTRY_BEGIN 623 MATCH all 624 REPLY QR RD RA NOERROR 625 SECTION QUESTION 626 www.gotham.com. IN A 627 SECTION ANSWER 628 www.gotham.com. 10 IN A 10.20.30.43 629 ENTRY_END 630 631 SCENARIO_END 632
Indexes created Mon Jun 01 00:24:59 UTC 2026