1 ; config options 2 server: 3 module-config: "respip validator iterator" 4 target-fetch-policy: "0 0 0 0 0" 5 qname-minimisation: no 6 7 rpz: 8 name: "rpz.example.com." 9 rpz-log: yes 10 rpz-log-name: "rpz.example.com" 11 zonefile: 12 TEMPFILE_NAME rpz.example.com 13 TEMPFILE_CONTENTS rpz.example.com 14 $ORIGIN example.com. 15 rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 16 1379078166 28800 7200 604800 7200 ) 17 3600 IN NS ns1.rpz.example.com. 18 3600 IN NS ns2.rpz.example.com. 19 $ORIGIN rpz.example.com. 20 a CNAME . 21 a CNAME *. ; duplicate CNAME here on purpose 22 *.a TXT "wildcard local data" 23 b.a CNAME *. 24 c.a CNAME rpz-passthru. 25 c.g CNAME rpz-passthru. 26 TEMPFILE_END 27 28 rpz: 29 name: "rpz2.example.com." 30 rpz-log: yes 31 rpz-log-name: "rpz2.example.com" 32 zonefile: 33 TEMPFILE_NAME rpz2.example.com 34 TEMPFILE_CONTENTS rpz2.example.com 35 $ORIGIN example.com. 36 rpz2 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 37 1379078166 28800 7200 604800 7200 ) 38 3600 IN NS ns1.rpz.example.com. 39 3600 IN NS ns2.rpz.example.com. 40 $ORIGIN rpz2.example.com. 41 a TXT "local data 2nd zone" 42 d TXT "local data 2nd zone" 43 e CNAME *.a.example. 44 *.e CNAME *.b.example. 45 drop CNAME rpz-drop. 46 tcp CNAME rpz-tcp-only. 47 c.g CNAME . 48 TEMPFILE_END 49 50 stub-zone: 51 name: "a." 52 stub-addr: 10.20.30.40 53 stub-zone: 54 name: "example." 55 stub-addr: 10.20.30.50 56 stub-zone: 57 name: "tcp." 58 stub-addr: 10.20.30.60 59 stub-zone: 60 name: "g." 61 stub-addr: 10.20.30.40 62 CONFIG_END 63 64 SCENARIO_BEGIN Test all support RPZ action for QNAME trigger 65 66 ; a. 67 RANGE_BEGIN 0 1000 68 ADDRESS 10.20.30.40 69 ENTRY_BEGIN 70 MATCH opcode qtype qname 71 ADJUST copy_id 72 REPLY QR NOERROR 73 SECTION QUESTION 74 a. IN NS 75 SECTION ANSWER 76 a. IN NS ns.a. 77 SECTION ADDITIONAL 78 ns.a IN A 10.20.30.40 79 ENTRY_END 80 81 ENTRY_BEGIN 82 MATCH opcode qtype qname 83 ADJUST copy_id 84 REPLY QR NOERROR 85 SECTION QUESTION 86 c.a. IN TXT 87 SECTION ANSWER 88 c.a. IN TXT "answer from upstream ns" 89 ENTRY_END 90 91 ENTRY_BEGIN 92 MATCH opcode qtype qname 93 ADJUST copy_id 94 REPLY QR NOERROR 95 SECTION QUESTION 96 x.b.a. IN TXT 97 SECTION ANSWER 98 x.b.a. IN TXT "answer from upstream ns" 99 ENTRY_END 100 101 ENTRY_BEGIN 102 MATCH opcode qtype qname 103 ADJUST copy_id 104 REPLY QR NOERROR 105 SECTION QUESTION 106 c.g. IN TXT 107 SECTION ANSWER 108 c.g. IN TXT "answer from upstream ns" 109 ENTRY_END 110 111 RANGE_END 112 113 ; example. 114 RANGE_BEGIN 0 1000 115 ADDRESS 10.20.30.50 116 ENTRY_BEGIN 117 MATCH opcode qtype qname 118 ADJUST copy_id 119 REPLY QR NOERROR 120 SECTION QUESTION 121 example. IN NS 122 SECTION ANSWER 123 example. IN NS ns.example. 124 SECTION ADDITIONAL 125 ns.example IN A 10.20.30.50 126 ENTRY_END 127 128 ENTRY_BEGIN 129 MATCH opcode qtype qname 130 ADJUST copy_id 131 REPLY QR NOERROR 132 SECTION QUESTION 133 e.a.example. IN TXT 134 SECTION ANSWER 135 e.a.example. IN TXT "e.a.example. answer from upstream ns" 136 ENTRY_END 137 138 ENTRY_BEGIN 139 MATCH opcode qtype qname 140 ADJUST copy_id 141 REPLY QR NOERROR 142 SECTION QUESTION 143 something.e.b.example. IN TXT 144 SECTION ANSWER 145 something.e.b.example. IN TXT "*.b.example. answer from upstream ns" 146 ENTRY_END 147 148 ENTRY_BEGIN 149 MATCH opcode qtype qname 150 ADJUST copy_id 151 REPLY QR NOERROR 152 SECTION QUESTION 153 f.example. IN TXT 154 SECTION ANSWER 155 f.example. IN CNAME d. 156 ENTRY_END 157 158 RANGE_END 159 160 ; tcp. 161 RANGE_BEGIN 0 1000 162 ADDRESS 10.20.30.60 163 ENTRY_BEGIN 164 MATCH opcode qtype qname 165 ADJUST copy_id 166 REPLY QR NOERROR 167 SECTION QUESTION 168 tcp. IN NS 169 SECTION ANSWER 170 tcp. IN NS ns.example. 171 SECTION ADDITIONAL 172 ns.tcp IN A 10.20.30.60 173 ENTRY_END 174 175 ENTRY_BEGIN 176 MATCH opcode qtype qname 177 ADJUST copy_id 178 REPLY QR AA NOERROR 179 SECTION QUESTION 180 tcp. IN TXT 181 SECTION ANSWER 182 tcp. IN TXT "tcp. answer from upstream ns" 183 ENTRY_END 184 RANGE_END 185 186 STEP 10 QUERY 187 ENTRY_BEGIN 188 REPLY RD 189 SECTION QUESTION 190 a. IN TXT 191 ENTRY_END 192 193 STEP 11 CHECK_ANSWER 194 ENTRY_BEGIN 195 MATCH all 196 REPLY QR RD RA AA NXDOMAIN 197 SECTION QUESTION 198 a. IN TXT 199 SECTION ANSWER 200 ENTRY_END 201 202 STEP 20 QUERY 203 ENTRY_BEGIN 204 REPLY RD 205 SECTION QUESTION 206 a.a. IN TXT 207 ENTRY_END 208 209 STEP 21 CHECK_ANSWER 210 ENTRY_BEGIN 211 MATCH all 212 REPLY QR RD RA AA NOERROR 213 SECTION QUESTION 214 a.a. IN TXT 215 SECTION ANSWER 216 a.a. IN TXT "wildcard local data" 217 ENTRY_END 218 219 STEP 30 QUERY 220 ENTRY_BEGIN 221 REPLY RD 222 SECTION QUESTION 223 b.a. IN TXT 224 ENTRY_END 225 226 STEP 31 CHECK_ANSWER 227 ENTRY_BEGIN 228 MATCH all 229 REPLY QR RD RA AA NOERROR 230 SECTION QUESTION 231 b.a. IN TXT 232 SECTION ANSWER 233 ENTRY_END 234 235 STEP 40 QUERY 236 ENTRY_BEGIN 237 REPLY RD 238 SECTION QUESTION 239 x.a. IN TXT 240 ENTRY_END 241 242 STEP 41 CHECK_ANSWER 243 ENTRY_BEGIN 244 MATCH all 245 REPLY QR RD RA AA NOERROR 246 SECTION QUESTION 247 x.a. IN TXT 248 SECTION ANSWER 249 x.a. IN TXT "wildcard local data" 250 ENTRY_END 251 252 STEP 50 QUERY 253 ENTRY_BEGIN 254 REPLY RD 255 SECTION QUESTION 256 x.a.a. IN TXT 257 ENTRY_END 258 259 STEP 51 CHECK_ANSWER 260 ENTRY_BEGIN 261 MATCH all 262 REPLY QR RD RA AA NOERROR 263 SECTION QUESTION 264 x.a.a. IN TXT 265 SECTION ANSWER 266 x.a.a. IN TXT "wildcard local data" 267 ENTRY_END 268 269 STEP 60 QUERY 270 ENTRY_BEGIN 271 REPLY RD 272 SECTION QUESTION 273 c.a. IN TXT 274 ENTRY_END 275 276 STEP 61 CHECK_ANSWER 277 ENTRY_BEGIN 278 MATCH all 279 REPLY QR RD RA NOERROR 280 SECTION QUESTION 281 c.a. IN TXT 282 SECTION ANSWER 283 c.a. IN TXT "answer from upstream ns" 284 ENTRY_END 285 286 STEP 70 QUERY 287 ENTRY_BEGIN 288 REPLY RD 289 SECTION QUESTION 290 x.b.a. IN TXT 291 ENTRY_END 292 293 STEP 71 CHECK_ANSWER 294 ENTRY_BEGIN 295 MATCH all 296 REPLY QR RD RA NOERROR 297 SECTION QUESTION 298 x.b.a. IN TXT 299 SECTION ANSWER 300 x.b.a. IN TXT "answer from upstream ns" 301 ENTRY_END 302 303 STEP 80 QUERY 304 ENTRY_BEGIN 305 REPLY RD 306 SECTION QUESTION 307 d. IN TXT 308 ENTRY_END 309 310 STEP 81 CHECK_ANSWER 311 ENTRY_BEGIN 312 MATCH all 313 REPLY QR RD RA AA NOERROR 314 SECTION QUESTION 315 d. IN TXT 316 SECTION ANSWER 317 d. IN TXT "local data 2nd zone" 318 ENTRY_END 319 320 STEP 82 QUERY 321 ENTRY_BEGIN 322 REPLY RD 323 SECTION QUESTION 324 e. IN TXT 325 ENTRY_END 326 327 STEP 83 CHECK_ANSWER 328 ENTRY_BEGIN 329 MATCH all 330 REPLY QR RD RA AA NOERROR 331 SECTION QUESTION 332 e. IN TXT 333 SECTION ANSWER 334 e. IN CNAME e.a.example. 335 e.a.example. IN TXT "e.a.example. answer from upstream ns" 336 ENTRY_END 337 338 STEP 84 QUERY 339 ENTRY_BEGIN 340 REPLY RD 341 SECTION QUESTION 342 something.e. IN TXT 343 ENTRY_END 344 345 STEP 85 CHECK_ANSWER 346 ENTRY_BEGIN 347 MATCH all 348 REPLY QR RD RA AA NOERROR 349 SECTION QUESTION 350 something.e. IN TXT 351 SECTION ANSWER 352 something.e. IN CNAME something.e.b.example. 353 something.e.b.example. IN TXT "*.b.example. answer from upstream ns" 354 ENTRY_END 355 356 ; deny zone 357 ;STEP 90 QUERY 358 ;ENTRY_BEGIN 359 ;SECTION QUESTION 360 ;drop. IN TXT 361 ;ENTRY_END 362 363 ; tcp-only action 364 365 STEP 95 QUERY 366 ENTRY_BEGIN 367 REPLY RD 368 SECTION QUESTION 369 tcp. IN TXT 370 ENTRY_END 371 372 STEP 96 CHECK_ANSWER 373 ENTRY_BEGIN 374 MATCH all 375 REPLY QR RD RA AA TC NOERROR 376 SECTION QUESTION 377 tcp. IN TXT 378 SECTION ANSWER 379 ENTRY_END 380 381 STEP 97 QUERY 382 ENTRY_BEGIN 383 MATCH TCP 384 REPLY RD 385 SECTION QUESTION 386 tcp. IN TXT 387 ENTRY_END 388 389 STEP 98 CHECK_ANSWER 390 ENTRY_BEGIN 391 MATCH all TCP 392 REPLY QR RD RA NOERROR 393 SECTION QUESTION 394 tcp. IN TXT 395 SECTION ANSWER 396 tcp. IN TXT "tcp. answer from upstream ns" 397 ENTRY_END 398 399 ; check if the name after the CNAME has the qname trigger applied to it. 400 STEP 100 QUERY 401 ENTRY_BEGIN 402 REPLY RD 403 SECTION QUESTION 404 f.example. IN TXT 405 ENTRY_END 406 407 STEP 101 CHECK_ANSWER 408 ENTRY_BEGIN 409 MATCH all 410 REPLY QR RD RA AA NOERROR 411 SECTION QUESTION 412 f.example. IN TXT 413 SECTION ANSWER 414 f.example. IN CNAME d. 415 d. IN TXT "local data 2nd zone" 416 ENTRY_END 417 418 ; check if passthru ends processing 419 STEP 110 QUERY 420 ENTRY_BEGIN 421 REPLY RD 422 SECTION QUESTION 423 c.g. IN TXT 424 ENTRY_END 425 426 STEP 111 CHECK_ANSWER 427 ENTRY_BEGIN 428 MATCH all 429 REPLY QR RD RA NOERROR 430 SECTION QUESTION 431 c.g. IN TXT 432 SECTION ANSWER 433 c.g. IN TXT "answer from upstream ns" 434 ENTRY_END 435 436 ; no answer is checked at exit of testbound. 437 SCENARIO_END 438
Indexes created Mon Jun 01 00:24:59 UTC 2026