1; config options 2server: 3 module-config: "respip validator iterator" 4 target-fetch-policy: "0 0 0 0 0" 5 qname-minimisation: no 6 rrset-roundrobin: no 7 8rpz: 9 name: "rpz.example.com." 10 master: 10.20.30.40 11 zonefile: 12TEMPFILE_NAME rpz.example.com 13TEMPFILE_CONTENTS rpz.example.com 14rpz.example.com. 3600 IN SOA ns.rpz.example.com. hostmaster.rpz.example.com. 1 3600 900 86400 3600 15rpz.example.com. 3600 IN NS ns.rpz.example.net. 16a.rpz.example.com. IN CNAME *. 17c.rpz.example.com. IN TXT "hello from initial RPZ" 18c.rpz.example.com. IN TXT "another hello from initial RPZ" 19c.rpz.example.com. IN TXT "yet another hello from initial RPZ" 20d.rpz.example.com. IN CNAME . 2132.1.123.0.10.rpz-ip.rpz.example.com. CNAME *. 2232.3.123.0.10.rpz-ip.rpz.example.com. A 10.66.0.3 2332.3.123.0.10.rpz-ip.rpz.example.com. A 10.66.0.4 2432.4.123.0.10.rpz-ip.rpz.example.com. CNAME . 25TEMPFILE_END 26 27stub-zone: 28 name: "." 29 stub-addr: 10.20.30.40 30 31CONFIG_END 32 33SCENARIO_BEGIN Test RPZ QNAME trigger, loaded using IXFR 34 35RANGE_BEGIN 0 100 36 ADDRESS 10.20.30.40 37 38ENTRY_BEGIN 39MATCH opcode qname qtype 40ADJUST copy_id 41REPLY QR NOERROR AA 42SECTION QUESTION 43. IN NS 44SECTION ANSWER 45. IN NS ns. 46SECTION ADDITIONAL 47ns. IN NS 10.20.30.40 48ENTRY_END 49 50ENTRY_BEGIN 51MATCH opcode qname qtype 52ADJUST copy_id 53REPLY QR NOERROR AA 54SECTION QUESTION 55b. IN TXT 56SECTION ANSWER 57b. TXT "hello from upstream" 58ENTRY_END 59 60ENTRY_BEGIN 61MATCH opcode qname qtype 62ADJUST copy_id 63REPLY QR NOERROR AA 64SECTION QUESTION 65d. IN TXT 66SECTION ANSWER 67d. TXT "hello from upstream" 68ENTRY_END 69 70ENTRY_BEGIN 71MATCH opcode qname qtype 72ADJUST copy_id 73REPLY QR NOERROR AA 74SECTION QUESTION 75a.rpz-ip. IN A 76SECTION ANSWER 77a.rpz-ip. IN A 10.0.123.1 78ENTRY_END 79 80ENTRY_BEGIN 81MATCH opcode qname qtype 82ADJUST copy_id 83REPLY QR NOERROR AA 84SECTION QUESTION 85c.rpz-ip. IN A 86SECTION ANSWER 87c.rpz-ip. IN A 10.0.123.3 88ENTRY_END 89 90ENTRY_BEGIN 91MATCH opcode qname qtype 92ADJUST copy_id 93REPLY QR NOERROR AA 94SECTION QUESTION 95d.rpz-ip. IN A 96SECTION ANSWER 97d.rpz-ip. IN A 10.0.123.4 98ENTRY_END 99 100ENTRY_BEGIN 101MATCH opcode qname qtype 102ADJUST copy_id 103REPLY QR AA NOERROR 104SECTION QUESTION 105rpz.example.com. IN SOA 106SECTION ANSWER 107rpz.example.com. IN SOA ns.rpz.example.com. hostmaster.rpz.example.com. 2 3600 900 86400 3600 108ENTRY_END 109 110ENTRY_BEGIN 111MATCH opcode qname qtype 112ADJUST copy_id 113REPLY QR AA NOERROR 114SECTION QUESTION 115rpz.example.com. IN IXFR 116SECTION ANSWER 117rpz.example.com. IN SOA ns.rpz.example.com. hostmaster.rpz.example.com. 2 3600 900 86400 3600 118rpz.example.com. IN SOA ns.rpz.example.com. hostmaster.rpz.example.com. 1 3600 900 86400 3600 119a.rpz.example.com. IN CNAME *. 120c.rpz.example.com. IN TXT "hello from initial RPZ" 121c.rpz.example.com. IN TXT "another hello from initial RPZ" 122d.rpz.example.com. IN CNAME . 12332.1.123.0.10.rpz-ip.rpz.example.com. CNAME *. 12432.3.123.0.10.rpz-ip.rpz.example.com. A 10.66.0.3 12532.3.123.0.10.rpz-ip.rpz.example.com. A 10.66.0.4 12632.4.123.0.10.rpz-ip.rpz.example.com. CNAME . 127rpz.example.com. IN SOA ns.rpz.example.com. hostmaster.rpz.example.com. 2 3600 900 86400 3600 128b.rpz.example.com. TXT "hello from RPZ" 129c.rpz.example.com. TXT "hello from RPZ" 130a.rpz.example.com. CNAME . 13132.1.123.0.10.rpz-ip.rpz.example.com. CNAME . 13232.3.123.0.10.rpz-ip.rpz.example.com. A 10.66.0.5 13332.3.123.0.10.rpz-ip.rpz.example.com. A 10.66.0.6 134rpz.example.com. IN SOA ns.rpz.example.com. hostmaster.rpz.example.com. 2 3600 900 86400 3600 135ENTRY_END 136 137RANGE_END 138 139STEP 1 QUERY 140ENTRY_BEGIN 141REPLY RD 142SECTION QUESTION 143b. IN TXT 144ENTRY_END 145 146STEP 2 CHECK_ANSWER 147ENTRY_BEGIN 148MATCH all 149REPLY QR RD RA NOERROR 150SECTION QUESTION 151b. IN TXT 152SECTION ANSWER 153b. IN TXT "hello from upstream" 154ENTRY_END 155 156STEP 3 QUERY 157ENTRY_BEGIN 158REPLY RD 159SECTION QUESTION 160a. IN TXT 161ENTRY_END 162 163STEP 4 CHECK_ANSWER 164ENTRY_BEGIN 165MATCH all 166REPLY QR RD RA AA NOERROR 167SECTION QUESTION 168a. IN TXT 169SECTION ANSWER 170ENTRY_END 171 172STEP 5 QUERY 173ENTRY_BEGIN 174REPLY RD 175SECTION QUESTION 176a.rpz-ip. IN A 177ENTRY_END 178 179STEP 6 CHECK_ANSWER 180ENTRY_BEGIN 181MATCH all 182REPLY QR RD RA NOERROR 183SECTION QUESTION 184a.rpz-ip. IN A 185SECTION ANSWER 186ENTRY_END 187 188STEP 7 QUERY 189ENTRY_BEGIN 190REPLY RD 191SECTION QUESTION 192c. IN TXT 193ENTRY_END 194 195STEP 8 CHECK_ANSWER 196ENTRY_BEGIN 197MATCH all 198REPLY QR RD RA AA NOERROR 199SECTION QUESTION 200c. IN TXT 201SECTION ANSWER 202c. IN TXT "yet another hello from initial RPZ" 203c. IN TXT "another hello from initial RPZ" 204c. IN TXT "hello from initial RPZ" 205ENTRY_END 206 207STEP 9 QUERY 208ENTRY_BEGIN 209REPLY RD 210SECTION QUESTION 211c.rpz-ip. IN A 212ENTRY_END 213 214STEP 10 CHECK_ANSWER 215ENTRY_BEGIN 216MATCH all 217REPLY QR RD RA NOERROR 218SECTION QUESTION 219c.rpz-ip. IN A 220SECTION ANSWER 221c.rpz-ip. IN A 10.66.0.4 222c.rpz-ip. IN A 10.66.0.3 223ENTRY_END 224 225STEP 11 QUERY 226ENTRY_BEGIN 227REPLY RD 228SECTION QUESTION 229d. IN TXT 230ENTRY_END 231 232STEP 12 CHECK_ANSWER 233ENTRY_BEGIN 234MATCH all 235REPLY QR RD RA AA NXDOMAIN 236SECTION QUESTION 237d. IN TXT 238ENTRY_END 239 240STEP 13 QUERY 241ENTRY_BEGIN 242REPLY RD 243SECTION QUESTION 244d.rpz-ip. IN A 245ENTRY_END 246 247 248STEP 15 CHECK_ANSWER 249ENTRY_BEGIN 250MATCH all 251REPLY QR RD RA NXDOMAIN 252SECTION QUESTION 253d.rpz-ip. IN A 254ENTRY_END 255 256STEP 16 TIME_PASSES ELAPSE 1 257STEP 30 TIME_PASSES ELAPSE 3600 258STEP 40 TRAFFIC 259 260STEP 50 QUERY 261ENTRY_BEGIN 262REPLY RD 263SECTION QUESTION 264b. IN TXT 265ENTRY_END 266 267STEP 51 CHECK_ANSWER 268ENTRY_BEGIN 269MATCH all 270REPLY QR RD RA AA NOERROR 271SECTION QUESTION 272b. IN TXT 273SECTION ANSWER 274b. IN TXT "hello from RPZ" 275ENTRY_END 276 277STEP 52 QUERY 278ENTRY_BEGIN 279REPLY RD 280SECTION QUESTION 281a. IN TXT 282ENTRY_END 283 284STEP 53 CHECK_ANSWER 285ENTRY_BEGIN 286MATCH all 287REPLY QR RD RA AA NXDOMAIN 288SECTION QUESTION 289a. IN TXT 290SECTION ANSWER 291ENTRY_END 292 293STEP 54 QUERY 294ENTRY_BEGIN 295REPLY RD 296SECTION QUESTION 297a.rpz-ip. IN A 298ENTRY_END 299 300STEP 55 CHECK_ANSWER 301ENTRY_BEGIN 302MATCH all 303REPLY QR RD RA NXDOMAIN 304SECTION QUESTION 305a.rpz-ip. IN A 306SECTION ANSWER 307ENTRY_END 308 309STEP 56 QUERY 310ENTRY_BEGIN 311REPLY RD 312SECTION QUESTION 313c. IN TXT 314ENTRY_END 315 316STEP 57 CHECK_ANSWER 317ENTRY_BEGIN 318MATCH all 319REPLY QR RD RA AA NOERROR 320SECTION QUESTION 321c. IN TXT 322SECTION ANSWER 323c. IN TXT "hello from RPZ" 324c. IN TXT "yet another hello from initial RPZ" 325ENTRY_END 326 327STEP 58 QUERY 328ENTRY_BEGIN 329REPLY RD 330SECTION QUESTION 331c.rpz-ip. IN A 332ENTRY_END 333 334STEP 59 CHECK_ANSWER 335ENTRY_BEGIN 336MATCH all 337REPLY QR RD RA NOERROR 338SECTION QUESTION 339c.rpz-ip. IN A 340SECTION ANSWER 341c.rpz-ip. IN A 10.66.0.6 342c.rpz-ip. IN A 10.66.0.5 343ENTRY_END 344 345STEP 60 QUERY 346ENTRY_BEGIN 347REPLY RD 348SECTION QUESTION 349d. IN TXT 350ENTRY_END 351 352STEP 61 CHECK_ANSWER 353ENTRY_BEGIN 354MATCH all 355REPLY QR RD RA NOERROR 356SECTION QUESTION 357d. IN TXT 358SECTION ANSWER 359d. IN TXT "hello from upstream" 360ENTRY_END 361 362STEP 62 QUERY 363ENTRY_BEGIN 364REPLY RD 365SECTION QUESTION 366d.rpz-ip. IN A 367ENTRY_END 368 369STEP 63 CHECK_ANSWER 370ENTRY_BEGIN 371MATCH all 372REPLY QR RD RA NOERROR 373SECTION QUESTION 374d.rpz-ip. IN A 375SECTION ANSWER 376d.rpz-ip. IN A 10.0.123.4 377ENTRY_END 378 379SCENARIO_END 380