1 ; config options 2 server: 3 module-config: "respip validator iterator" 4 target-fetch-policy: "0 0 0 0 0" 5 qname-minimisation: no 6 access-control: 192.0.0.0/8 allow 7 8 rpz: 9 name: "rpz.example.com." 10 rpz-log: yes 11 rpz-log-name: "rpz.example.com" 12 zonefile: 13 TEMPFILE_NAME rpz.example.com 14 TEMPFILE_CONTENTS rpz.example.com 15 $ORIGIN example.com. 16 rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 17 1379078166 28800 7200 604800 7200 ) 18 3600 IN NS ns1.rpz.example.com. 19 3600 IN NS ns2.rpz.example.com. 20 $ORIGIN rpz.example.com. 21 ns1.gotham.aa.rpz-nsdname CNAME . 22 ns1.gotham.bb.rpz-nsdname CNAME *. 23 ns1.gotham.cc.rpz-nsdname CNAME rpz-drop. 24 ns1.gotham.com.rpz-nsdname CNAME rpz-passthru. 25 ns1.gotham.dd.rpz-nsdname CNAME rpz-tcp-only. 26 ns1.gotham.ff.rpz-nsdname A 127.0.0.1 27 ns1.gotham.ff.rpz-nsdname TXT "42" 28 TEMPFILE_END 29 30 stub-zone: 31 name: "." 32 stub-addr: 1.1.1.1 33 CONFIG_END 34 35 SCENARIO_BEGIN Test RPZ nsdname triggers 36 37 ; . -------------------------------------------------------------------------- 38 RANGE_BEGIN 0 100 39 ADDRESS 1.1.1.1 40 ENTRY_BEGIN 41 MATCH opcode qtype qname 42 ADJUST copy_id 43 REPLY QR NOERROR 44 SECTION QUESTION 45 . IN NS 46 SECTION ANSWER 47 . IN NS ns.root. 48 SECTION ADDITIONAL 49 ns.root IN A 1.1.1.1 50 ENTRY_END 51 52 ENTRY_BEGIN 53 MATCH opcode subdomain 54 ADJUST copy_id copy_query 55 REPLY QR NOERROR 56 SECTION QUESTION 57 com. IN A 58 SECTION AUTHORITY 59 com. IN NS ns1.com. 60 SECTION ADDITIONAL 61 ns1.com. IN A 8.8.8.8 62 ENTRY_END 63 64 ENTRY_BEGIN 65 MATCH opcode subdomain 66 ADJUST copy_id copy_query 67 REPLY QR NOERROR 68 SECTION QUESTION 69 aa. IN A 70 SECTION AUTHORITY 71 aa. IN NS ns1.aa. 72 SECTION ADDITIONAL 73 ns1.aa. IN A 8.8.0.8 74 ENTRY_END 75 76 ENTRY_BEGIN 77 MATCH opcode subdomain 78 ADJUST copy_id copy_query 79 REPLY QR NOERROR 80 SECTION QUESTION 81 bb. IN A 82 SECTION AUTHORITY 83 bb. IN NS ns1.bb. 84 SECTION ADDITIONAL 85 ns1.bb. IN A 8.8.1.8 86 ENTRY_END 87 88 ENTRY_BEGIN 89 MATCH opcode subdomain 90 ADJUST copy_id copy_query 91 REPLY QR NOERROR 92 SECTION QUESTION 93 cc. IN A 94 SECTION AUTHORITY 95 cc. IN NS ns1.cc. 96 SECTION ADDITIONAL 97 ns1.cc. IN A 8.8.2.8 98 ENTRY_END 99 100 ENTRY_BEGIN 101 MATCH opcode subdomain 102 ADJUST copy_id copy_query 103 REPLY QR NOERROR 104 SECTION QUESTION 105 dd. IN A 106 SECTION AUTHORITY 107 dd. IN NS ns1.dd. 108 SECTION ADDITIONAL 109 ns1.dd. IN A 8.8.3.8 110 ENTRY_END 111 112 ENTRY_BEGIN 113 MATCH opcode subdomain 114 ADJUST copy_id copy_query 115 REPLY QR NOERROR 116 SECTION QUESTION 117 ee. IN A 118 SECTION AUTHORITY 119 ee. IN NS ns1.ee. 120 SECTION ADDITIONAL 121 ns1.ee. IN A 8.8.5.8 122 ENTRY_END 123 124 ENTRY_BEGIN 125 MATCH opcode subdomain 126 ADJUST copy_id copy_query 127 REPLY QR NOERROR 128 SECTION QUESTION 129 ff. IN A 130 SECTION AUTHORITY 131 ff. IN NS ns1.ff. 132 SECTION ADDITIONAL 133 ns1.ff. IN A 8.8.6.8 134 ENTRY_END 135 136 RANGE_END 137 138 ; com. ----------------------------------------------------------------------- 139 RANGE_BEGIN 0 100 140 ADDRESS 8.8.8.8 141 142 ENTRY_BEGIN 143 MATCH opcode qtype qname 144 ADJUST copy_id 145 REPLY QR NOERROR 146 SECTION QUESTION 147 com. IN NS 148 SECTION ANSWER 149 com. IN NS ns1.com. 150 SECTION ADDITIONAL 151 ns1.com. IN A 8.8.8.8 152 ENTRY_END 153 154 ENTRY_BEGIN 155 MATCH opcode subdomain 156 ADJUST copy_id copy_query 157 REPLY QR NOERROR 158 SECTION QUESTION 159 gotham.com. IN A 160 SECTION AUTHORITY 161 gotham.com. IN NS ns1.gotham.com. 162 SECTION ADDITIONAL 163 ns1.gotham.com. IN A 192.0.6.1 164 ENTRY_END 165 166 RANGE_END 167 168 ; aa. ------------------------------------------------------------------------ 169 RANGE_BEGIN 0 100 170 ADDRESS 8.8.0.8 171 172 ENTRY_BEGIN 173 MATCH opcode qtype qname 174 ADJUST copy_id 175 REPLY QR NOERROR 176 SECTION QUESTION 177 aa. IN NS 178 SECTION ANSWER 179 aa. IN NS ns1.aa. 180 SECTION ADDITIONAL 181 ns1.aa. IN A 8.8.0.8 182 ENTRY_END 183 184 ENTRY_BEGIN 185 MATCH opcode subdomain 186 ADJUST copy_id copy_query 187 REPLY QR NOERROR 188 SECTION QUESTION 189 gotham.aa. IN A 190 SECTION AUTHORITY 191 gotham.aa. IN NS ns1.gotham.aa. 192 SECTION ADDITIONAL 193 ns1.gotham.aa. IN A 192.0.0.1 194 ENTRY_END 195 196 RANGE_END 197 198 ; bb. ------------------------------------------------------------------------ 199 RANGE_BEGIN 0 100 200 ADDRESS 8.8.1.8 201 202 ENTRY_BEGIN 203 MATCH opcode qtype qname 204 ADJUST copy_id 205 REPLY QR NOERROR 206 SECTION QUESTION 207 bb. IN NS 208 SECTION ANSWER 209 bb. IN NS ns1.bb. 210 SECTION ADDITIONAL 211 ns1.bb. IN A 8.8.1.8 212 ENTRY_END 213 214 ENTRY_BEGIN 215 MATCH opcode subdomain 216 ADJUST copy_id copy_query 217 REPLY QR NOERROR 218 SECTION QUESTION 219 gotham.bb. IN A 220 SECTION AUTHORITY 221 gotham.bb. IN NS ns1.gotham.bb. 222 SECTION ADDITIONAL 223 ns1.gotham.bb. IN A 192.0.1.1 224 ENTRY_END 225 226 RANGE_END 227 228 ; dd. ------------------------------------------------------------------------ 229 RANGE_BEGIN 0 100 230 ADDRESS 8.8.3.8 231 232 ENTRY_BEGIN 233 MATCH opcode qtype qname 234 ADJUST copy_id 235 REPLY QR NOERROR 236 SECTION QUESTION 237 dd. IN NS 238 SECTION ANSWER 239 dd. IN NS ns1.dd. 240 SECTION ADDITIONAL 241 ns1.dd. IN A 8.8.3.8 242 ENTRY_END 243 244 ENTRY_BEGIN 245 MATCH opcode subdomain 246 ADJUST copy_id copy_query 247 REPLY QR NOERROR 248 SECTION QUESTION 249 gotham.dd. IN A 250 SECTION AUTHORITY 251 gotham.dd. IN NS ns1.gotham.dd. 252 SECTION ADDITIONAL 253 ns1.gotham.dd. IN A 192.0.3.1 254 ENTRY_END 255 256 RANGE_END 257 258 ; ff. ------------------------------------------------------------------------ 259 RANGE_BEGIN 0 100 260 ADDRESS 8.8.6.8 261 262 ENTRY_BEGIN 263 MATCH opcode qtype qname 264 ADJUST copy_id 265 REPLY QR NOERROR 266 SECTION QUESTION 267 ff. IN NS 268 SECTION ANSWER 269 ff. IN NS ns1.ff. 270 SECTION ADDITIONAL 271 ns1.ff. IN A 8.8.6.8 272 ENTRY_END 273 274 ENTRY_BEGIN 275 MATCH opcode subdomain 276 ADJUST copy_id copy_query 277 REPLY QR NOERROR 278 SECTION QUESTION 279 gotham.ff. IN A 280 SECTION AUTHORITY 281 gotham.ff. IN NS ns1.gotham.ff. 282 SECTION ADDITIONAL 283 ns1.gotham.ff. IN A 192.0.5.1 284 ENTRY_END 285 286 RANGE_END 287 288 ; ns1.gotham.com. ------------------------------------------------------------ 289 RANGE_BEGIN 0 100 290 ADDRESS 192.0.6.1 291 292 ENTRY_BEGIN 293 MATCH opcode qtype qname 294 ADJUST copy_id 295 REPLY QR NOERROR 296 SECTION QUESTION 297 gotham.com. IN A 298 SECTION ANSWER 299 gotham.com. IN A 192.0.6.2 300 ENTRY_END 301 302 RANGE_END 303 304 ; ns1.gotham.aa. ------------------------------------------------------------- 305 RANGE_BEGIN 0 100 306 ADDRESS 192.0.0.1 307 308 ENTRY_BEGIN 309 MATCH opcode qtype qname 310 ADJUST copy_id 311 REPLY QR NOERROR 312 SECTION QUESTION 313 gotham.aa. IN A 314 SECTION ANSWER 315 gotham.aa. IN A 192.0.0.2 316 ENTRY_END 317 318 RANGE_END 319 320 ; ns1.gotham.bb. ------------------------------------------------------------- 321 RANGE_BEGIN 0 100 322 ADDRESS 192.0.1.1 323 324 ENTRY_BEGIN 325 MATCH opcode qtype qname 326 ADJUST copy_id 327 REPLY QR NOERROR 328 SECTION QUESTION 329 gotham.bb. IN A 330 SECTION ANSWER 331 gotham.bb. IN A 192.0.1.2 332 ENTRY_END 333 334 RANGE_END 335 336 ; ns1.gotham.dd. ------------------------------------------------------------- 337 RANGE_BEGIN 0 100 338 ADDRESS 192.0.3.1 339 340 ENTRY_BEGIN 341 MATCH opcode qtype qname 342 ADJUST copy_id 343 REPLY QR AA NOERROR 344 SECTION QUESTION 345 gotham.dd. IN A 346 SECTION ANSWER 347 gotham.dd. IN A 192.0.3.2 348 ENTRY_END 349 350 RANGE_END 351 352 ; ns1.gotham.ff. ------------------------------------------------------------- 353 RANGE_BEGIN 0 100 354 ADDRESS 192.0.5.1 355 356 ENTRY_BEGIN 357 MATCH opcode qtype qname 358 ADJUST copy_id 359 REPLY QR NOERROR 360 SECTION QUESTION 361 gotham.ff. IN A 362 SECTION ANSWER 363 gotham.ff. IN A 192.0.5.2 364 ENTRY_END 365 366 RANGE_END 367 368 ; ---------------------------------------------------------------------------- 369 370 STEP 1 QUERY 371 ENTRY_BEGIN 372 REPLY RD 373 SECTION QUESTION 374 gotham.com. IN A 375 ENTRY_END 376 377 STEP 2 CHECK_ANSWER 378 ENTRY_BEGIN 379 MATCH all 380 REPLY QR RD RA NOERROR 381 SECTION QUESTION 382 gotham.com. IN A 383 SECTION ANSWER 384 gotham.com. IN A 192.0.6.2 385 ENTRY_END 386 387 STEP 10 QUERY 388 ENTRY_BEGIN 389 REPLY RD 390 SECTION QUESTION 391 gotham.aa. IN A 392 ENTRY_END 393 394 STEP 11 CHECK_ANSWER 395 ENTRY_BEGIN 396 MATCH all 397 REPLY QR AA RD RA NXDOMAIN 398 SECTION QUESTION 399 gotham.aa. IN A 400 SECTION ANSWER 401 ENTRY_END 402 403 STEP 20 QUERY 404 ENTRY_BEGIN 405 REPLY RD 406 SECTION QUESTION 407 gotham.bb. IN A 408 ENTRY_END 409 410 STEP 21 CHECK_ANSWER 411 ENTRY_BEGIN 412 MATCH all 413 REPLY QR RD RA AA NOERROR 414 SECTION QUESTION 415 gotham.bb. IN A 416 SECTION ANSWER 417 ENTRY_END 418 419 STEP 30 QUERY 420 ENTRY_BEGIN 421 REPLY RD 422 SECTION QUESTION 423 gotham.ff. IN A 424 ENTRY_END 425 426 STEP 31 CHECK_ANSWER 427 ENTRY_BEGIN 428 MATCH all 429 REPLY QR RD RA AA NOERROR 430 SECTION QUESTION 431 gotham.ff. IN A 432 SECTION ANSWER 433 gotham.ff. IN A 127.0.0.1 434 ENTRY_END 435 436 STEP 40 QUERY 437 ENTRY_BEGIN 438 REPLY RD 439 SECTION QUESTION 440 gotham.dd. IN A 441 ENTRY_END 442 443 ; should come back truncated because TCP is required. 444 STEP 41 CHECK_ANSWER 445 ENTRY_BEGIN 446 MATCH all 447 REPLY QR RD RA TC NOERROR 448 SECTION QUESTION 449 gotham.dd. IN A 450 SECTION ANSWER 451 ENTRY_END 452 453 STEP 42 QUERY 454 ENTRY_BEGIN 455 MATCH TCP 456 REPLY RD 457 SECTION QUESTION 458 gotham.dd. IN A 459 ENTRY_END 460 461 STEP 43 CHECK_ANSWER 462 ENTRY_BEGIN 463 MATCH all TCP 464 REPLY QR RD RA NOERROR 465 SECTION QUESTION 466 gotham.dd. IN A 467 SECTION ANSWER 468 gotham.dd. IN A 192.0.3.2 469 ENTRY_END 470 471 SCENARIO_END 472
Indexes created Mon Jun 01 00:24:59 UTC 2026