1; config options 2server: 3 module-config: "respip validator iterator" 4 target-fetch-policy: "0 0 0 0 0" 5 qname-minimisation: no 6 7rpz: 8 name: "rpz.example.com." 9 zonefile: 10TEMPFILE_NAME rpz.example.com 11TEMPFILE_CONTENTS rpz.example.com 12$ORIGIN example.com. 13rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 14 1379078166 28800 7200 604800 7200 ) 15 3600 IN NS ns1.rpz.example.com. 16 3600 IN NS ns2.rpz.example.com. 17$ORIGIN rpz.example.com. 188.0.0.0.10.rpz-ip CNAME *. 1916.0.0.10.10.rpz-ip CNAME . 2024.0.10.10.10.rpz-ip CNAME rpz-drop. 2132.10.10.10.10.rpz-ip CNAME rpz-passthru. 2232.1.1.1.10.rpz-ip CNAME rpz-tcp-only. 23TEMPFILE_END 24 25stub-zone: 26 name: "." 27 stub-addr: 10.20.30.40 28CONFIG_END 29 30SCENARIO_BEGIN Test RPZ response IP address trigger and tcp-only action 31 32RANGE_BEGIN 0 100 33 ADDRESS 10.20.30.40 34ENTRY_BEGIN 35MATCH opcode qtype qname 36ADJUST copy_id 37REPLY QR NOERROR 38SECTION QUESTION 39. IN NS 40SECTION ANSWER 41. IN NS ns. 42SECTION ADDITIONAL 43ns. IN A 10.20.30.40 44ENTRY_END 45 46ENTRY_BEGIN 47MATCH opcode qtype qname 48ADJUST copy_id 49REPLY QR NOERROR 50SECTION QUESTION 51a. IN A 52SECTION ANSWER 53a. IN A 10.0.0.123 54ENTRY_END 55 56ENTRY_BEGIN 57MATCH opcode qtype qname 58ADJUST copy_id 59REPLY QR NOERROR 60SECTION QUESTION 61b. IN A 62SECTION ANSWER 63b. IN A 10.1.0.123 64ENTRY_END 65 66ENTRY_BEGIN 67MATCH opcode qtype qname 68ADJUST copy_id 69REPLY QR NOERROR 70SECTION QUESTION 71c. IN A 72SECTION ANSWER 73c. IN A 10.11.0.123 74ENTRY_END 75 76ENTRY_BEGIN 77MATCH opcode qtype qname 78ADJUST copy_id 79REPLY QR NOERROR 80SECTION QUESTION 81d. IN A 82SECTION ANSWER 83d. IN A 10.10.0.123 84ENTRY_END 85 86ENTRY_BEGIN 87MATCH opcode qtype qname 88ADJUST copy_id 89REPLY QR NOERROR 90SECTION QUESTION 91f. IN A 92SECTION ANSWER 93f. IN A 10.10.10.10 94ENTRY_END 95 96ENTRY_BEGIN 97MATCH opcode qtype qname 98ADJUST copy_id 99REPLY QR NOERROR 100SECTION QUESTION 101y. IN A 102SECTION ANSWER 103y. IN A 10.1.1.1 104ENTRY_END 105 106RANGE_END 107 108STEP 1 QUERY 109ENTRY_BEGIN 110REPLY RD 111SECTION QUESTION 112a. IN A 113ENTRY_END 114 115STEP 2 CHECK_ANSWER 116ENTRY_BEGIN 117MATCH all 118REPLY QR RD RA NOERROR 119SECTION QUESTION 120a. IN A 121SECTION ANSWER 122ENTRY_END 123 124STEP 10 QUERY 125ENTRY_BEGIN 126REPLY RD 127SECTION QUESTION 128b. IN A 129ENTRY_END 130 131STEP 11 CHECK_ANSWER 132ENTRY_BEGIN 133MATCH all 134REPLY QR RD RA NOERROR 135SECTION QUESTION 136b. IN A 137SECTION ANSWER 138ENTRY_END 139 140STEP 13 QUERY 141ENTRY_BEGIN 142REPLY RD 143SECTION QUESTION 144d. IN A 145ENTRY_END 146 147STEP 14 CHECK_ANSWER 148ENTRY_BEGIN 149MATCH all 150REPLY QR RD RA NXDOMAIN 151SECTION QUESTION 152d. IN A 153SECTION ANSWER 154ENTRY_END 155 156STEP 17 QUERY 157ENTRY_BEGIN 158REPLY RD 159SECTION QUESTION 160f. IN A 161ENTRY_END 162 163STEP 18 CHECK_ANSWER 164ENTRY_BEGIN 165MATCH all 166REPLY QR RD RA NOERROR 167SECTION QUESTION 168f. IN A 169SECTION ANSWER 170f. IN A 10.10.10.10 171ENTRY_END 172 173STEP 30 QUERY 174ENTRY_BEGIN 175REPLY RD 176SECTION QUESTION 177y. IN A 178ENTRY_END 179 180STEP 31 CHECK_ANSWER 181ENTRY_BEGIN 182MATCH all 183REPLY QR TC RD RA NOERROR 184SECTION QUESTION 185y. IN A 186SECTION ANSWER 187ENTRY_END 188 189STEP 40 QUERY 190ENTRY_BEGIN 191MATCH TCP 192REPLY RD 193SECTION QUESTION 194y. IN A 195ENTRY_END 196 197STEP 41 CHECK_ANSWER 198ENTRY_BEGIN 199MATCH all TCP 200REPLY QR RD RA NOERROR 201SECTION QUESTION 202y. IN A 203SECTION ANSWER 204y. IN A 10.1.1.1 205ENTRY_END 206 207SCENARIO_END 208