1 ; config options 2 server: 3 module-config: "respip validator iterator" 4 target-fetch-policy: "0 0 0 0 0" 5 qname-minimisation: no 6 7 rpz: 8 name: "rpz.example.com." 9 zonefile: 10 TEMPFILE_NAME rpz.example.com 11 TEMPFILE_CONTENTS rpz.example.com 12 $ORIGIN example.com. 13 rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 14 1379078166 28800 7200 604800 7200 ) 15 3600 IN NS ns1.rpz.example.com. 16 3600 IN NS ns2.rpz.example.com. 17 $ORIGIN rpz.example.com. 18 a CNAME . 19 a CNAME *. ; duplicate CNAME here on purpose 20 *.a TXT "wildcard local data" 21 * CNAME . 22 b.a CNAME *. 23 c.a CNAME rpz-passthru. 24 TEMPFILE_END 25 26 rpz: 27 name: "rpz2.example.com." 28 zonefile: 29 TEMPFILE_NAME rpz2.example.com 30 TEMPFILE_CONTENTS rpz2.example.com 31 $ORIGIN example.com. 32 rpz2 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 33 1379078166 28800 7200 604800 7200 ) 34 3600 IN NS ns1.rpz.example.com. 35 3600 IN NS ns2.rpz.example.com. 36 $ORIGIN rpz2.example.com. 37 a TXT "local data 2nd zone" 38 d TXT "local data 2nd zone" 39 e CNAME *.a.example. 40 *.e CNAME *.b.example. 41 drop CNAME rpz-drop. 42 TEMPFILE_END 43 44 stub-zone: 45 name: "a." 46 stub-addr: 10.20.30.40 47 stub-zone: 48 name: "example." 49 stub-addr: 10.20.30.50 50 CONFIG_END 51 52 SCENARIO_BEGIN Test RPZ QNAME trigger for root wildcard. 53 54 ; a. 55 RANGE_BEGIN 0 100 56 ADDRESS 10.20.30.40 57 ENTRY_BEGIN 58 MATCH opcode qtype qname 59 ADJUST copy_id 60 REPLY QR NOERROR 61 SECTION QUESTION 62 a. IN NS 63 SECTION ANSWER 64 a. IN NS ns.a. 65 SECTION ADDITIONAL 66 ns.a IN A 10.20.30.40 67 ENTRY_END 68 69 ENTRY_BEGIN 70 MATCH opcode qtype qname 71 ADJUST copy_id 72 REPLY QR NOERROR 73 SECTION QUESTION 74 c.a. IN TXT 75 SECTION ANSWER 76 c.a. IN TXT "answer from upstream ns" 77 ENTRY_END 78 79 ENTRY_BEGIN 80 MATCH opcode qtype qname 81 ADJUST copy_id 82 REPLY QR NOERROR 83 SECTION QUESTION 84 x.b.a. IN TXT 85 SECTION ANSWER 86 x.b.a. IN TXT "answer from upstream ns" 87 ENTRY_END 88 89 RANGE_END 90 91 ; example. 92 RANGE_BEGIN 0 100 93 ADDRESS 10.20.30.50 94 ENTRY_BEGIN 95 MATCH opcode qtype qname 96 ADJUST copy_id 97 REPLY QR NOERROR 98 SECTION QUESTION 99 example. IN NS 100 SECTION ANSWER 101 example. IN NS ns.example. 102 SECTION ADDITIONAL 103 ns.example IN A 10.20.30.50 104 ENTRY_END 105 106 ENTRY_BEGIN 107 MATCH opcode qtype qname 108 ADJUST copy_id 109 REPLY QR NOERROR 110 SECTION QUESTION 111 e.a.example. IN TXT 112 SECTION ANSWER 113 e.a.example. IN TXT "e.a.example. answer from upstream ns" 114 ENTRY_END 115 116 ENTRY_BEGIN 117 MATCH opcode qtype qname 118 ADJUST copy_id 119 REPLY QR NOERROR 120 SECTION QUESTION 121 something.e.b.example. IN TXT 122 SECTION ANSWER 123 something.e.b.example. IN TXT "*.b.example. answer from upstream ns" 124 ENTRY_END 125 126 RANGE_END 127 128 STEP 10 QUERY 129 ENTRY_BEGIN 130 REPLY RD 131 SECTION QUESTION 132 x. IN TXT 133 ENTRY_END 134 135 ; wildcard deny all 136 STEP 20 CHECK_ANSWER 137 ENTRY_BEGIN 138 MATCH all 139 REPLY QR RD RA AA NXDOMAIN 140 SECTION QUESTION 141 x. IN TXT 142 SECTION ANSWER 143 ENTRY_END 144 145 STEP 30 QUERY 146 ENTRY_BEGIN 147 REPLY RD 148 SECTION QUESTION 149 y.tld. IN TXT 150 ENTRY_END 151 152 ; wildcard deny all 153 STEP 40 CHECK_ANSWER 154 ENTRY_BEGIN 155 MATCH all 156 REPLY QR RD RA AA NXDOMAIN 157 SECTION QUESTION 158 y.tld. IN TXT 159 SECTION ANSWER 160 ENTRY_END 161 162 SCENARIO_END 163
Indexes created Mon Jun 01 00:24:59 UTC 2026