1; config options 2server: 3 module-config: "respip validator iterator" 4 target-fetch-policy: "0 0 0 0 0" 5 qname-minimisation: no 6 7rpz: 8 name: "rpz.example.com." 9 rpz-action-override: disabled 10 zonefile: 11TEMPFILE_NAME rpz.example.com 12TEMPFILE_CONTENTS rpz.example.com 13$ORIGIN rpz.example.com. 1432.1.113.0.203.rpz-ip A 192.0.2.1 15TEMPFILE_END 16 17rpz: 18 name: "rpz2.example.com." 19 zonefile: 20TEMPFILE_NAME rpz2.example.com 21TEMPFILE_CONTENTS rpz2.example.com 22$ORIGIN rpz2.example.com. 2332.1.113.0.203.rpz-ip A 192.0.2.2 24TEMPFILE_END 25 26rpz: 27 name: "rpz3.example.com." 28 rpz-action-override: nodata 29 zonefile: 30TEMPFILE_NAME rpz3.example.com 31TEMPFILE_CONTENTS rpz3.example.com 32$ORIGIN rpz3.example.com. 3332.3.113.0.203.rpz-ip CNAME . 34TEMPFILE_END 35 36rpz: 37 name: "rpz4.example.com." 38 rpz-action-override: nxdomain 39 zonefile: 40TEMPFILE_NAME rpz4.example.com 41TEMPFILE_CONTENTS rpz4.example.com 42$ORIGIN rpz4.example.com. 4332.4.113.0.203.rpz-ip CNAME *. 44TEMPFILE_END 45 46rpz: 47 name: "rpz5.example.com." 48 rpz-action-override: passthru 49 zonefile: 50TEMPFILE_NAME rpz5.example.com 51TEMPFILE_CONTENTS rpz5.example.com 52$ORIGIN rpz5.example.com. 5332.5.113.0.203.rpz-ip A 192.0.2.5 54TEMPFILE_END 55 56rpz: 57 name: "rpz6.example.com." 58 rpz-action-override: cname 59 rpz-cname-override: ns. 60 zonefile: 61TEMPFILE_NAME rpz6.example.com 62TEMPFILE_CONTENTS rpz6.example.com 63$ORIGIN rpz6.example.com. 6432.6.113.0.203.rpz-ip A 192.0.2.6 65TEMPFILE_END 66 67rpz: 68 name: "rpz7.example.com." 69 rpz-action-override: drop 70 zonefile: 71TEMPFILE_NAME rpz7.example.com 72TEMPFILE_CONTENTS rpz7.example.com 73$ORIGIN rpz7.example.com. 7432.7.113.0.203.rpz-ip A 192.0.2.7 75TEMPFILE_END 76 77stub-zone: 78 name: "." 79 stub-addr: 10.20.30.40 80CONFIG_END 81 82SCENARIO_BEGIN Test all supported RPZ action for response IP address trigger 83 84; c. 85RANGE_BEGIN 0 100 86 ADDRESS 10.20.30.40 87ENTRY_BEGIN 88MATCH opcode qtype qname 89ADJUST copy_id 90REPLY QR NOERROR 91SECTION QUESTION 92. IN NS 93SECTION ANSWER 94. IN NS ns. 95SECTION ADDITIONAL 96ns. IN A 10.20.30.40 97ENTRY_END 98 99ENTRY_BEGIN 100MATCH opcode qtype qname 101ADJUST copy_id 102REPLY QR NOERROR 103SECTION QUESTION 104ns. IN A 105SECTION ANSWER 106ns. IN A 10.20.30.40 107ENTRY_END 108 109ENTRY_BEGIN 110MATCH opcode qtype qname 111ADJUST copy_id 112REPLY QR NOERROR 113SECTION QUESTION 114a. IN A 115SECTION ANSWER 116a. IN A 203.0.113.1 117ENTRY_END 118 119ENTRY_BEGIN 120MATCH opcode qtype qname 121ADJUST copy_id 122REPLY QR NOERROR 123SECTION QUESTION 124b. IN A 125SECTION ANSWER 126b. IN A 203.0.113.3 127ENTRY_END 128 129ENTRY_BEGIN 130MATCH opcode qtype qname 131ADJUST copy_id 132REPLY QR NOERROR 133SECTION QUESTION 134c. IN A 135SECTION ANSWER 136c. IN A 203.0.113.4 137ENTRY_END 138 139ENTRY_BEGIN 140MATCH opcode qtype qname 141ADJUST copy_id 142REPLY QR NOERROR 143SECTION QUESTION 144d. IN A 145SECTION ANSWER 146d. IN A 203.0.113.5 147ENTRY_END 148 149ENTRY_BEGIN 150MATCH opcode qtype qname 151ADJUST copy_id 152REPLY QR NOERROR 153SECTION QUESTION 154e. IN A 155SECTION ANSWER 156e. IN A 203.0.113.6 157ENTRY_END 158 159ENTRY_BEGIN 160MATCH opcode qtype qname 161ADJUST copy_id 162REPLY QR NOERROR 163SECTION QUESTION 164f. IN A 165SECTION ANSWER 166f. IN A 203.0.113.7 167ENTRY_END 168 169RANGE_END 170 171STEP 1 QUERY 172ENTRY_BEGIN 173REPLY RD 174SECTION QUESTION 175a. IN A 176ENTRY_END 177 178STEP 2 CHECK_ANSWER 179ENTRY_BEGIN 180MATCH all 181REPLY QR RD RA NOERROR 182SECTION QUESTION 183a. IN A 184SECTION ANSWER 185a. IN A 192.0.2.2 186ENTRY_END 187 188STEP 3 QUERY 189ENTRY_BEGIN 190REPLY RD 191SECTION QUESTION 192b. IN A 193ENTRY_END 194 195STEP 4 CHECK_ANSWER 196ENTRY_BEGIN 197MATCH all 198REPLY QR RD RA NOERROR 199SECTION QUESTION 200b. IN A 201SECTION ANSWER 202ENTRY_END 203 204STEP 5 QUERY 205ENTRY_BEGIN 206REPLY RD 207SECTION QUESTION 208c. IN A 209ENTRY_END 210 211STEP 6 CHECK_ANSWER 212ENTRY_BEGIN 213MATCH all 214REPLY QR RD RA NXDOMAIN 215SECTION QUESTION 216c. IN A 217SECTION ANSWER 218ENTRY_END 219 220STEP 7 QUERY 221ENTRY_BEGIN 222REPLY RD 223SECTION QUESTION 224d. IN A 225ENTRY_END 226 227STEP 8 CHECK_ANSWER 228ENTRY_BEGIN 229MATCH all 230REPLY QR RD RA NOERROR 231SECTION QUESTION 232d. IN A 233SECTION ANSWER 234d. IN A 203.0.113.5 235ENTRY_END 236 237STEP 9 QUERY 238ENTRY_BEGIN 239REPLY RD 240SECTION QUESTION 241e. IN A 242ENTRY_END 243 244STEP 10 CHECK_ANSWER 245ENTRY_BEGIN 246MATCH all 247REPLY QR RD RA NOERROR 248SECTION QUESTION 249e. IN A 250SECTION ANSWER 251e. IN CNAME ns. 252ns. IN A 10.20.30.40 253ENTRY_END 254 255STEP 11 QUERY 256ENTRY_BEGIN 257REPLY RD 258SECTION QUESTION 259f. IN A 260ENTRY_END 261; no answer is checked at exit of testbound. 262 263STEP 12 TIME_PASSES ELAPSE 10 264 265SCENARIO_END 266