1 ; config options 2 server: 3 module-config: "respip validator iterator" 4 target-fetch-policy: "0 0 0 0 0" 5 qname-minimisation: no 6 7 8 rpz: 9 name: "rpz.example.com." 10 zonefile: 11 TEMPFILE_NAME rpz.example.com 12 TEMPFILE_CONTENTS rpz.example.com 13 $ORIGIN example.com. 14 rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 15 1379078166 28800 7200 604800 7200 ) 16 3600 IN NS ns1.rpz.example.com. 17 3600 IN NS ns2.rpz.example.com. 18 $ORIGIN rpz.example.com. 19 8.0.0.0.10.rpz-ip CNAME *. 20 16.0.0.10.10.rpz-ip CNAME . 21 24.0.10.10.10.rpz-ip CNAME rpz-drop. 22 32.10.10.10.10.rpz-ip CNAME rpz-passthru. 23 32.1.1.1.10.rpz-ip CNAME rpz-tcp-only. 24 32.zz.db8.2001.rpz-ip CNAME *. 25 48.zz.aa.db8.2001.rpz-ip CNAME . 26 64.zz.bb.aa.db8.2001.rpz-ip CNAME rpz-drop. 27 128.1.zz.cc.bb.aa.db8.2001.rpz-ip CNAME rpz-passthru. 28 128.123.zz.cc.bb.aa.db8.2001.rpz-ip AAAA 2001:db8::123 29 128.124.0.0.cc.bb.aa.db8.2001.rpz-ip AAAA 2001:db8::124 30 31 TEMPFILE_END 32 33 rpz: 34 name: "rpz2.example.com." 35 zonefile: 36 TEMPFILE_NAME rpz2.example.com 37 TEMPFILE_CONTENTS rpz2.example.com 38 $ORIGIN example.com. 39 rpz2 3600 IN SOA ns1.rpz2.example.com. hostmaster.rpz2.example.com. ( 40 1379078166 28800 7200 604800 7200 ) 41 3600 IN NS ns1.rpz2.example.com. 42 3600 IN NS ns2.rpz2.example.com. 43 $ORIGIN rpz2.example.com. 44 32.10.10.10.10.rpz-ip A 203.0.113.123 45 32.123.2.0.192.rpz-ip A 203.0.113.123 46 128.1.zz.cc.bb.aa.db8.2001.rpz-ip AAAA 2001:db1::123 47 TEMPFILE_END 48 49 stub-zone: 50 name: "." 51 stub-addr: 10.20.30.40 52 CONFIG_END 53 54 SCENARIO_BEGIN Test all supported RPZ action for response IP address trigger 55 56 ; c. 57 RANGE_BEGIN 0 100 58 ADDRESS 10.20.30.40 59 ENTRY_BEGIN 60 MATCH opcode qtype qname 61 ADJUST copy_id 62 REPLY QR NOERROR 63 SECTION QUESTION 64 . IN NS 65 SECTION ANSWER 66 . IN NS ns. 67 SECTION ADDITIONAL 68 ns. IN A 10.20.30.40 69 ENTRY_END 70 71 ENTRY_BEGIN 72 MATCH opcode qtype qname 73 ADJUST copy_id 74 REPLY QR NOERROR 75 SECTION QUESTION 76 a. IN A 77 SECTION ANSWER 78 a. IN A 10.0.0.123 79 ENTRY_END 80 81 ENTRY_BEGIN 82 MATCH opcode qtype qname 83 ADJUST copy_id 84 REPLY QR NOERROR 85 SECTION QUESTION 86 a. IN AAAA 87 SECTION ANSWER 88 a. IN AAAA 2001:db8::123 89 ENTRY_END 90 91 ENTRY_BEGIN 92 MATCH opcode qtype qname 93 ADJUST copy_id 94 REPLY QR NOERROR 95 SECTION QUESTION 96 b. IN A 97 SECTION ANSWER 98 b. IN A 10.1.0.123 99 ENTRY_END 100 101 ENTRY_BEGIN 102 MATCH opcode qtype qname 103 ADJUST copy_id 104 REPLY QR NOERROR 105 SECTION QUESTION 106 b. IN AAAA 107 SECTION ANSWER 108 b. IN AAAA 2001:db8:1::123 109 ENTRY_END 110 111 ENTRY_BEGIN 112 MATCH opcode qtype qname 113 ADJUST copy_id 114 REPLY QR NOERROR 115 SECTION QUESTION 116 c. IN A 117 SECTION ANSWER 118 c. IN A 10.11.0.123 119 ENTRY_END 120 121 ENTRY_BEGIN 122 MATCH opcode qtype qname 123 ADJUST copy_id 124 REPLY QR NOERROR 125 SECTION QUESTION 126 c. IN AAAA 127 SECTION ANSWER 128 c. IN AAAA 2001:db8:ff::123 129 ENTRY_END 130 131 ENTRY_BEGIN 132 MATCH opcode qtype qname 133 ADJUST copy_id 134 REPLY QR NOERROR 135 SECTION QUESTION 136 d. IN A 137 SECTION ANSWER 138 d. IN A 10.10.0.123 139 ENTRY_END 140 141 ENTRY_BEGIN 142 MATCH opcode qtype qname 143 ADJUST copy_id 144 REPLY QR NOERROR 145 SECTION QUESTION 146 d. IN AAAA 147 SECTION ANSWER 148 d. IN AAAA 2001:db8:aa::123 149 ENTRY_END 150 151 ENTRY_BEGIN 152 MATCH opcode qtype qname 153 ADJUST copy_id 154 REPLY QR NOERROR 155 SECTION QUESTION 156 e. IN A 157 SECTION ANSWER 158 e. IN A 10.10.10.123 159 ENTRY_END 160 161 ENTRY_BEGIN 162 MATCH opcode qtype qname 163 ADJUST copy_id 164 REPLY QR NOERROR 165 SECTION QUESTION 166 e. IN AAAA 167 SECTION ANSWER 168 e. IN AAAA 2001:db8:aa:bb::123 169 ENTRY_END 170 171 ENTRY_BEGIN 172 MATCH opcode qtype qname 173 ADJUST copy_id 174 REPLY QR NOERROR 175 SECTION QUESTION 176 f. IN A 177 SECTION ANSWER 178 f. IN A 10.10.10.10 179 ENTRY_END 180 181 ENTRY_BEGIN 182 MATCH opcode qtype qname 183 ADJUST copy_id 184 REPLY QR NOERROR 185 SECTION QUESTION 186 f. IN AAAA 187 SECTION ANSWER 188 f. IN AAAA 2001:db8:aa:bb:cc::1 189 ENTRY_END 190 191 ENTRY_BEGIN 192 MATCH opcode qtype qname 193 ADJUST copy_id 194 REPLY QR NOERROR 195 SECTION QUESTION 196 g. IN A 197 SECTION ANSWER 198 g. IN A 192.0.2.123 199 ENTRY_END 200 201 ENTRY_BEGIN 202 MATCH opcode qtype qname 203 ADJUST copy_id 204 REPLY QR NOERROR 205 SECTION QUESTION 206 g. IN AAAA 207 SECTION ANSWER 208 g. IN AAAA 2001:db8:aa:bb:cc::123 209 ENTRY_END 210 211 ENTRY_BEGIN 212 MATCH opcode qtype qname 213 ADJUST copy_id 214 REPLY QR NOERROR 215 SECTION QUESTION 216 h. IN AAAA 217 SECTION ANSWER 218 h. IN AAAA 2001:db8:aa:bb:cc::124 219 ENTRY_END 220 221 ENTRY_BEGIN 222 MATCH opcode qtype qname 223 ADJUST copy_id 224 REPLY QR NOERROR 225 SECTION QUESTION 226 y. IN A 227 SECTION ANSWER 228 y. IN A 10.1.1.1 229 ENTRY_END 230 231 RANGE_END 232 233 STEP 1 QUERY 234 ENTRY_BEGIN 235 REPLY RD 236 SECTION QUESTION 237 a. IN A 238 ENTRY_END 239 240 STEP 2 CHECK_ANSWER 241 ENTRY_BEGIN 242 MATCH all 243 REPLY QR RD RA NOERROR 244 SECTION QUESTION 245 a. IN A 246 SECTION ANSWER 247 ENTRY_END 248 249 STEP 3 QUERY 250 ENTRY_BEGIN 251 REPLY RD 252 SECTION QUESTION 253 a. IN AAAA 254 ENTRY_END 255 256 STEP 4 CHECK_ANSWER 257 ENTRY_BEGIN 258 MATCH all 259 REPLY QR RD RA NOERROR 260 SECTION QUESTION 261 a. IN AAAA 262 SECTION ANSWER 263 ENTRY_END 264 265 STEP 5 QUERY 266 ENTRY_BEGIN 267 REPLY RD 268 SECTION QUESTION 269 b. IN A 270 ENTRY_END 271 272 STEP 6 CHECK_ANSWER 273 ENTRY_BEGIN 274 MATCH all 275 REPLY QR RD RA NOERROR 276 SECTION QUESTION 277 b. IN A 278 SECTION ANSWER 279 ENTRY_END 280 281 STEP 7 QUERY 282 ENTRY_BEGIN 283 REPLY RD 284 SECTION QUESTION 285 b. IN AAAA 286 ENTRY_END 287 288 STEP 8 CHECK_ANSWER 289 ENTRY_BEGIN 290 MATCH all 291 REPLY QR RD RA NOERROR 292 SECTION QUESTION 293 b. IN AAAA 294 SECTION ANSWER 295 ENTRY_END 296 297 STEP 9 QUERY 298 ENTRY_BEGIN 299 REPLY RD 300 SECTION QUESTION 301 c. IN A 302 ENTRY_END 303 304 STEP 10 CHECK_ANSWER 305 ENTRY_BEGIN 306 MATCH all 307 REPLY QR RD RA NOERROR 308 SECTION QUESTION 309 c. IN A 310 SECTION ANSWER 311 ENTRY_END 312 313 STEP 11 QUERY 314 ENTRY_BEGIN 315 REPLY RD 316 SECTION QUESTION 317 c. IN AAAA 318 ENTRY_END 319 320 STEP 12 CHECK_ANSWER 321 ENTRY_BEGIN 322 MATCH all 323 REPLY QR RD RA NOERROR 324 SECTION QUESTION 325 c. IN AAAA 326 SECTION ANSWER 327 ENTRY_END 328 329 STEP 13 QUERY 330 ENTRY_BEGIN 331 REPLY RD 332 SECTION QUESTION 333 d. IN A 334 ENTRY_END 335 336 STEP 14 CHECK_ANSWER 337 ENTRY_BEGIN 338 MATCH all 339 REPLY QR RD RA NXDOMAIN 340 SECTION QUESTION 341 d. IN A 342 SECTION ANSWER 343 ENTRY_END 344 345 STEP 15 QUERY 346 ENTRY_BEGIN 347 REPLY RD 348 SECTION QUESTION 349 d. IN AAAA 350 ENTRY_END 351 352 STEP 16 CHECK_ANSWER 353 ENTRY_BEGIN 354 MATCH all 355 REPLY QR RD RA NXDOMAIN 356 SECTION QUESTION 357 d. IN AAAA 358 SECTION ANSWER 359 ENTRY_END 360 361 STEP 17 QUERY 362 ENTRY_BEGIN 363 REPLY RD 364 SECTION QUESTION 365 f. IN A 366 ENTRY_END 367 368 STEP 18 CHECK_ANSWER 369 ENTRY_BEGIN 370 MATCH all 371 REPLY QR RD RA NOERROR 372 SECTION QUESTION 373 f. IN A 374 SECTION ANSWER 375 f. IN A 10.10.10.10 376 ENTRY_END 377 378 STEP 19 QUERY 379 ENTRY_BEGIN 380 REPLY RD 381 SECTION QUESTION 382 f. IN AAAA 383 ENTRY_END 384 385 STEP 20 CHECK_ANSWER 386 ENTRY_BEGIN 387 MATCH all 388 REPLY QR RD RA NOERROR 389 SECTION QUESTION 390 f. IN AAAA 391 SECTION ANSWER 392 f. IN AAAA 2001:db8:aa:bb:cc::1 393 ENTRY_END 394 395 STEP 21 QUERY 396 ENTRY_BEGIN 397 REPLY RD 398 SECTION QUESTION 399 g. IN A 400 ENTRY_END 401 402 STEP 22 CHECK_ANSWER 403 ENTRY_BEGIN 404 MATCH all 405 REPLY QR RD RA NOERROR 406 SECTION QUESTION 407 g. IN A 408 SECTION ANSWER 409 g. IN A 203.0.113.123 410 ENTRY_END 411 412 STEP 23 QUERY 413 ENTRY_BEGIN 414 REPLY RD 415 SECTION QUESTION 416 g. IN AAAA 417 ENTRY_END 418 419 STEP 24 CHECK_ANSWER 420 ENTRY_BEGIN 421 MATCH all 422 REPLY QR RD RA NOERROR 423 SECTION QUESTION 424 g. IN AAAA 425 SECTION ANSWER 426 g. IN AAAA 2001:db8::123 427 ENTRY_END 428 429 STEP 25 QUERY 430 ENTRY_BEGIN 431 REPLY RD 432 SECTION QUESTION 433 h. IN AAAA 434 ENTRY_END 435 436 STEP 26 CHECK_ANSWER 437 ENTRY_BEGIN 438 MATCH all 439 REPLY QR RD RA NOERROR 440 SECTION QUESTION 441 h. IN AAAA 442 SECTION ANSWER 443 h. IN AAAA 2001:db8::124 444 ENTRY_END 445 446 ; should be dropped 447 STEP 27 QUERY 448 ENTRY_BEGIN 449 REPLY RD 450 SECTION QUESTION 451 e. IN A 452 ENTRY_END 453 STEP 28 QUERY 454 ENTRY_BEGIN 455 REPLY RD 456 SECTION QUESTION 457 e. IN AAAA 458 ENTRY_END 459 STEP 29 TIME_PASSES ELAPSE 12 460 461 ; should be dropped, with cache entry too. 462 STEP 30 QUERY 463 ENTRY_BEGIN 464 REPLY RD 465 SECTION QUESTION 466 e. IN A 467 ENTRY_END 468 STEP 31 QUERY 469 ENTRY_BEGIN 470 REPLY RD 471 SECTION QUESTION 472 e. IN AAAA 473 ENTRY_END 474 STEP 32 TIME_PASSES ELAPSE 12 475 476 STEP 33 QUERY 477 ENTRY_BEGIN 478 REPLY RD 479 SECTION QUESTION 480 y. IN A 481 ENTRY_END 482 483 STEP 34 CHECK_ANSWER 484 ENTRY_BEGIN 485 MATCH all 486 REPLY QR TC RD RA NOERROR 487 SECTION QUESTION 488 y. IN A 489 SECTION ANSWER 490 ENTRY_END 491 492 SCENARIO_END 493
Indexes created Mon Jun 01 00:24:59 UTC 2026