1 ; config options 2 server: 3 module-config: "respip validator iterator" 4 target-fetch-policy: "0 0 0 0 0" 5 qname-minimisation: no 6 access-control: 192.0.0.0/8 allow 7 8 rpz: 9 name: "rpz.example.com." 10 rpz-log: yes 11 rpz-log-name: "rpz.example.com" 12 zonefile: 13 TEMPFILE_NAME rpz.example.com 14 TEMPFILE_CONTENTS rpz.example.com 15 $ORIGIN example.com. 16 rpz 3600 IN SOA ns1.rpz.gotham.com. hostmaster.rpz.example.com. ( 17 1379078166 28800 7200 604800 7200 ) 18 3600 IN NS ns1.rpz.example.com. 19 3600 IN NS ns2.rpz.example.com. 20 $ORIGIN rpz.example.com. 21 24.0.0.0.192.rpz-nsip CNAME . 22 24.0.1.0.192.rpz-nsip CNAME *. 23 24.0.2.0.192.rpz-nsip CNAME rpz-drop. 24 24.0.3.0.192.rpz-nsip CNAME rpz-passthru. 25 24.0.4.0.192.rpz-nsip CNAME rpz-tcp-only. 26 24.0.5.0.192.rpz-nsip A 127.0.0.1 27 24.0.5.0.192.rpz-nsip TXT "42" 28 TEMPFILE_END 29 30 stub-zone: 31 name: "." 32 stub-addr: 1.1.1.1 33 CONFIG_END 34 35 SCENARIO_BEGIN Test RPZ nsip triggers 36 37 ; . -------------------------------------------------------------------------- 38 RANGE_BEGIN 0 100 39 ADDRESS 1.1.1.1 40 ENTRY_BEGIN 41 MATCH opcode qtype qname 42 ADJUST copy_id 43 REPLY QR NOERROR 44 SECTION QUESTION 45 . IN NS 46 SECTION ANSWER 47 . IN NS ns.root. 48 SECTION ADDITIONAL 49 ns.root IN A 1.1.1.1 50 ENTRY_END 51 52 ENTRY_BEGIN 53 MATCH opcode subdomain 54 ADJUST copy_id copy_query 55 REPLY QR NOERROR 56 SECTION QUESTION 57 com. IN A 58 SECTION AUTHORITY 59 com. IN NS ns1.com. 60 SECTION ADDITIONAL 61 ns1.com. IN A 8.8.8.8 62 ENTRY_END 63 64 ENTRY_BEGIN 65 MATCH opcode subdomain 66 ADJUST copy_id copy_query 67 REPLY QR NOERROR 68 SECTION QUESTION 69 aa. IN A 70 SECTION AUTHORITY 71 aa. IN NS ns1.aa. 72 SECTION ADDITIONAL 73 ns1.aa. IN A 8.8.0.8 74 ENTRY_END 75 76 ENTRY_BEGIN 77 MATCH opcode subdomain 78 ADJUST copy_id copy_query 79 REPLY QR NOERROR 80 SECTION QUESTION 81 bb. IN A 82 SECTION AUTHORITY 83 bb. IN NS ns1.bb. 84 SECTION ADDITIONAL 85 ns1.bb. IN A 8.8.1.8 86 ENTRY_END 87 88 ENTRY_BEGIN 89 MATCH opcode subdomain 90 ADJUST copy_id copy_query 91 REPLY QR NOERROR 92 SECTION QUESTION 93 cc. IN A 94 SECTION AUTHORITY 95 cc. IN NS ns1.cc. 96 SECTION ADDITIONAL 97 ns1.cc. IN A 8.8.2.8 98 ENTRY_END 99 100 ENTRY_BEGIN 101 MATCH opcode subdomain 102 ADJUST copy_id copy_query 103 REPLY QR NOERROR 104 SECTION QUESTION 105 dd. IN A 106 SECTION AUTHORITY 107 dd. IN NS ns1.dd. 108 SECTION ADDITIONAL 109 ns1.dd. IN A 8.8.3.8 110 ENTRY_END 111 112 ENTRY_BEGIN 113 MATCH opcode subdomain 114 ADJUST copy_id copy_query 115 REPLY QR NOERROR 116 SECTION QUESTION 117 ee. IN A 118 SECTION AUTHORITY 119 ee. IN NS ns1.ee. 120 SECTION ADDITIONAL 121 ns1.ee. IN A 8.8.5.8 122 ENTRY_END 123 124 ENTRY_BEGIN 125 MATCH opcode subdomain 126 ADJUST copy_id copy_query 127 REPLY QR NOERROR 128 SECTION QUESTION 129 ff. IN A 130 SECTION AUTHORITY 131 ff. IN NS ns1.ff. 132 SECTION ADDITIONAL 133 ns1.ff. IN A 8.8.6.8 134 ENTRY_END 135 136 RANGE_END 137 138 ; com. ----------------------------------------------------------------------- 139 RANGE_BEGIN 0 100 140 ADDRESS 8.8.8.8 141 142 ENTRY_BEGIN 143 MATCH opcode qtype qname 144 ADJUST copy_id 145 REPLY QR NOERROR 146 SECTION QUESTION 147 com. IN NS 148 SECTION ANSWER 149 com. IN NS ns1.com. 150 SECTION ADDITIONAL 151 ns1.com. IN A 8.8.8.8 152 ENTRY_END 153 154 ENTRY_BEGIN 155 MATCH opcode subdomain 156 ADJUST copy_id copy_query 157 REPLY QR NOERROR 158 SECTION QUESTION 159 gotham.com. IN A 160 SECTION AUTHORITY 161 gotham.com. IN NS ns1.gotham.com. 162 SECTION ADDITIONAL 163 ns1.gotham.com. IN A 192.0.6.1 164 ENTRY_END 165 166 RANGE_END 167 168 ; aa. ------------------------------------------------------------------------ 169 RANGE_BEGIN 0 100 170 ADDRESS 8.8.0.8 171 172 ENTRY_BEGIN 173 MATCH opcode qtype qname 174 ADJUST copy_id 175 REPLY QR NOERROR 176 SECTION QUESTION 177 aa. IN NS 178 SECTION ANSWER 179 aa. IN NS ns1.aa. 180 SECTION ADDITIONAL 181 ns1.aa. IN A 8.8.0.8 182 ENTRY_END 183 184 ENTRY_BEGIN 185 MATCH opcode subdomain 186 ADJUST copy_id copy_query 187 REPLY QR NOERROR 188 SECTION QUESTION 189 gotham.aa. IN A 190 SECTION AUTHORITY 191 gotham.aa. IN NS ns1.gotham.aa. 192 SECTION ADDITIONAL 193 ns1.gotham.aa. IN A 192.0.0.1 194 ENTRY_END 195 196 RANGE_END 197 198 ; bb. ------------------------------------------------------------------------ 199 RANGE_BEGIN 0 100 200 ADDRESS 8.8.1.8 201 202 ENTRY_BEGIN 203 MATCH opcode qtype qname 204 ADJUST copy_id 205 REPLY QR NOERROR 206 SECTION QUESTION 207 bb. IN NS 208 SECTION ANSWER 209 bb. IN NS ns1.bb. 210 SECTION ADDITIONAL 211 ns1.bb. IN A 8.8.1.8 212 ENTRY_END 213 214 ENTRY_BEGIN 215 MATCH opcode subdomain 216 ADJUST copy_id copy_query 217 REPLY QR NOERROR 218 SECTION QUESTION 219 gotham.bb. IN A 220 SECTION AUTHORITY 221 gotham.bb. IN NS ns1.gotham.bb. 222 SECTION ADDITIONAL 223 ns1.gotham.bb. IN A 192.0.1.1 224 ENTRY_END 225 226 RANGE_END 227 228 ; ff. ------------------------------------------------------------------------ 229 RANGE_BEGIN 0 100 230 ADDRESS 8.8.6.8 231 232 ENTRY_BEGIN 233 MATCH opcode qtype qname 234 ADJUST copy_id 235 REPLY QR NOERROR 236 SECTION QUESTION 237 ff. IN NS 238 SECTION ANSWER 239 ff. IN NS ns1.ff. 240 SECTION ADDITIONAL 241 ns1.ff. IN A 8.8.6.8 242 ENTRY_END 243 244 ENTRY_BEGIN 245 MATCH opcode subdomain 246 ADJUST copy_id copy_query 247 REPLY QR NOERROR 248 SECTION QUESTION 249 gotham.ff. IN A 250 SECTION AUTHORITY 251 gotham.ff. IN NS ns1.gotham.ff. 252 SECTION ADDITIONAL 253 ns1.gotham.ff. IN A 192.0.5.1 254 ENTRY_END 255 256 RANGE_END 257 258 ; ns1.gotham.com. ------------------------------------------------------------ 259 RANGE_BEGIN 0 100 260 ADDRESS 192.0.6.1 261 262 ENTRY_BEGIN 263 MATCH opcode qtype qname 264 ADJUST copy_id 265 REPLY QR NOERROR 266 SECTION QUESTION 267 gotham.com. IN A 268 SECTION ANSWER 269 gotham.com. IN A 192.0.6.2 270 ENTRY_END 271 272 RANGE_END 273 274 ; ns1.gotham.aa. ------------------------------------------------------------- 275 RANGE_BEGIN 0 100 276 ADDRESS 192.0.0.1 277 278 ENTRY_BEGIN 279 MATCH opcode qtype qname 280 ADJUST copy_id 281 REPLY QR NOERROR 282 SECTION QUESTION 283 gotham.aa. IN A 284 SECTION ANSWER 285 gotham.aa. IN A 192.0.0.2 286 ENTRY_END 287 288 RANGE_END 289 290 ; ns1.gotham.bb. ------------------------------------------------------------- 291 RANGE_BEGIN 0 100 292 ADDRESS 192.0.1.1 293 294 ENTRY_BEGIN 295 MATCH opcode qtype qname 296 ADJUST copy_id 297 REPLY QR NOERROR 298 SECTION QUESTION 299 gotham.bb. IN A 300 SECTION ANSWER 301 gotham.bb. IN A 192.0.1.2 302 ENTRY_END 303 304 RANGE_END 305 306 ; ns1.gotham.ff. ------------------------------------------------------------- 307 RANGE_BEGIN 0 100 308 ADDRESS 192.0.5.1 309 310 ENTRY_BEGIN 311 MATCH opcode qtype qname 312 ADJUST copy_id 313 REPLY QR NOERROR 314 SECTION QUESTION 315 gotham.ff. IN A 316 SECTION ANSWER 317 gotham.ff. IN A 192.0.5.2 318 ENTRY_END 319 320 RANGE_END 321 322 ; ---------------------------------------------------------------------------- 323 324 STEP 1 QUERY 325 ENTRY_BEGIN 326 REPLY RD 327 SECTION QUESTION 328 gotham.com. IN A 329 ENTRY_END 330 331 STEP 2 CHECK_ANSWER 332 ENTRY_BEGIN 333 MATCH all 334 REPLY QR RD RA NOERROR 335 SECTION QUESTION 336 gotham.com. IN A 337 SECTION ANSWER 338 gotham.com. IN A 192.0.6.2 339 ENTRY_END 340 341 STEP 10 QUERY 342 ENTRY_BEGIN 343 REPLY RD 344 SECTION QUESTION 345 gotham.aa. IN A 346 ENTRY_END 347 348 STEP 11 CHECK_ANSWER 349 ENTRY_BEGIN 350 MATCH all 351 REPLY QR AA RD RA NXDOMAIN 352 SECTION QUESTION 353 gotham.aa. IN A 354 SECTION ANSWER 355 ENTRY_END 356 357 STEP 20 QUERY 358 ENTRY_BEGIN 359 REPLY RD 360 SECTION QUESTION 361 gotham.bb. IN A 362 ENTRY_END 363 364 STEP 21 CHECK_ANSWER 365 ENTRY_BEGIN 366 MATCH all 367 REPLY QR RD RA AA NOERROR 368 SECTION QUESTION 369 gotham.bb. IN A 370 SECTION ANSWER 371 ENTRY_END 372 373 STEP 30 QUERY 374 ENTRY_BEGIN 375 REPLY RD 376 SECTION QUESTION 377 gotham.ff. IN A 378 ENTRY_END 379 380 STEP 31 CHECK_ANSWER 381 ENTRY_BEGIN 382 MATCH all 383 REPLY QR RD RA AA NOERROR 384 SECTION QUESTION 385 gotham.ff. IN A 386 SECTION ANSWER 387 gotham.ff. IN A 127.0.0.1 388 ENTRY_END 389 390 ; again with more cache items 391 STEP 40 QUERY 392 ENTRY_BEGIN 393 REPLY RD 394 SECTION QUESTION 395 gotham.ff. IN A 396 ENTRY_END 397 398 STEP 41 CHECK_ANSWER 399 ENTRY_BEGIN 400 MATCH all 401 REPLY QR RD RA AA NOERROR 402 SECTION QUESTION 403 gotham.ff. IN A 404 SECTION ANSWER 405 gotham.ff. IN A 127.0.0.1 406 ENTRY_END 407 408 SCENARIO_END 409
Indexes created Mon Jun 01 00:24:59 UTC 2026