1; config options 2server: 3 module-config: "respip validator iterator" 4 target-fetch-policy: "0 0 0 0 0" 5 qname-minimisation: no 6 minimal-responses: no 7 access-control: 192.0.0.0/8 allow 8 9rpz: 10 name: "rpz.example.com." 11 zonefile: 12TEMPFILE_NAME rpz.example.com 13TEMPFILE_CONTENTS rpz.example.com 14$ORIGIN example.com. 15rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 16 1379078166 28800 7200 604800 7200 ) 17 3600 IN NS ns1.rpz.example.com. 18 3600 IN NS ns2.rpz.example.com. 19$ORIGIN rpz.example.com. 2024.0.0.0.192.rpz-client-ip CNAME . 2124.0.1.0.192.rpz-client-ip CNAME *. 2224.0.2.0.192.rpz-client-ip CNAME rpz-drop. 2324.0.3.0.192.rpz-client-ip CNAME rpz-passthru. 2424.0.4.0.192.rpz-client-ip CNAME rpz-tcp-only. 2524.0.5.0.192.rpz-client-ip A 127.0.0.1 2624.0.5.0.192.rpz-client-ip TXT "42" 27TEMPFILE_END 28 29stub-zone: 30 name: "a." 31 stub-addr: 10.20.30.40 32CONFIG_END 33 34SCENARIO_BEGIN Test RPZ client ip triggers 35 36RANGE_BEGIN 0 100 37 ADDRESS 10.20.30.40 38ENTRY_BEGIN 39MATCH opcode qtype qname 40ADJUST copy_id 41REPLY QR NOERROR 42SECTION QUESTION 43a. IN NS 44SECTION ANSWER 45a. IN NS ns.a. 46SECTION ADDITIONAL 47ns.a IN A 10.20.30.40 48ENTRY_END 49 50ENTRY_BEGIN 51MATCH opcode qtype qname 52ADJUST copy_id 53REPLY QR NOERROR 54SECTION QUESTION 55a.a. IN TXT 56SECTION ANSWER 57a.a. IN TXT "upstream txt rr a.a." 58ENTRY_END 59 60ENTRY_BEGIN 61MATCH opcode qtype qname 62ADJUST copy_id 63REPLY QR NOERROR 64SECTION QUESTION 65a.a. IN A 66SECTION ANSWER 67a.a. IN A 10.20.30.40 68ENTRY_END 69 70ENTRY_BEGIN 71MATCH opcode qtype qname 72ADJUST copy_id 73REPLY QR NOERROR 74SECTION QUESTION 75a.a. IN AAAA 76SECTION ANSWER 77a.a. IN AAAA 2001:db8::123 78ENTRY_END 79 80RANGE_END 81 82; unrelated client ip address -- passthru 83 84STEP 10 QUERY 85ENTRY_BEGIN 86REPLY RD 87SECTION QUESTION 88a.a. IN TXT 89ENTRY_END 90 91STEP 11 CHECK_ANSWER 92ENTRY_BEGIN 93MATCH all 94REPLY QR RD RA NOERROR 95SECTION QUESTION 96a.a. IN TXT 97SECTION ANSWER 98a.a. IN TXT "upstream txt rr a.a." 99ENTRY_END 100 101; should be NXDOMAIN 102 103STEP 20 QUERY ADDRESS 192.0.0.1 104ENTRY_BEGIN 105REPLY RD 106SECTION QUESTION 107a.a. IN TXT 108ENTRY_END 109 110STEP 21 CHECK_ANSWER 111ENTRY_BEGIN 112MATCH all 113REPLY QR AA RD RA NXDOMAIN 114SECTION QUESTION 115a.a. IN TXT 116SECTION ANSWER 117ENTRY_END 118 119; should be NODATA 120 121STEP 30 QUERY ADDRESS 192.0.1.1 122ENTRY_BEGIN 123REPLY RD 124SECTION QUESTION 125a.a. IN TXT 126ENTRY_END 127 128STEP 31 CHECK_ANSWER 129ENTRY_BEGIN 130MATCH all 131REPLY QR AA RD RA NOERROR 132SECTION QUESTION 133a.a. IN TXT 134SECTION ANSWER 135ENTRY_END 136 137; should be PASSTHRU 138 139STEP 40 QUERY ADDRESS 192.0.3.1 140ENTRY_BEGIN 141REPLY RD 142SECTION QUESTION 143a.a. IN TXT 144ENTRY_END 145 146STEP 41 CHECK_ANSWER 147ENTRY_BEGIN 148MATCH all 149REPLY QR RD RA NOERROR 150SECTION QUESTION 151a.a. IN TXT 152SECTION ANSWER 153a.a. IN TXT "upstream txt rr a.a." 154ENTRY_END 155 156; should be TRUNCATED 157 158STEP 50 QUERY ADDRESS 192.0.4.1 159ENTRY_BEGIN 160REPLY RD 161SECTION QUESTION 162a.a. IN TXT 163ENTRY_END 164 165STEP 51 CHECK_ANSWER 166ENTRY_BEGIN 167MATCH all 168REPLY QR AA TC RD RA NOERROR 169SECTION QUESTION 170a.a. IN TXT 171SECTION ANSWER 172ENTRY_END 173 174; should not be TRUNCATED via TCP 175 176STEP 52 QUERY ADDRESS 192.0.4.1 177ENTRY_BEGIN 178MATCH TCP 179REPLY RD 180SECTION QUESTION 181a.a. IN TXT 182ENTRY_END 183 184STEP 53 CHECK_ANSWER 185ENTRY_BEGIN 186MATCH all TCP 187REPLY QR RD RA NOERROR 188SECTION QUESTION 189a.a. IN TXT 190SECTION ANSWER 191a.a. IN TXT "upstream txt rr a.a." 192ENTRY_END 193 194; should be synthesized 195 196STEP 60 QUERY ADDRESS 192.0.5.1 197ENTRY_BEGIN 198REPLY RD 199SECTION QUESTION 200a.a. IN A 201ENTRY_END 202 203STEP 61 CHECK_ANSWER 204ENTRY_BEGIN 205MATCH all 206REPLY QR AA RD RA NOERROR 207SECTION QUESTION 208a.a. IN A 209SECTION ANSWER 210a.a. IN A 127.0.0.1 211SECTION ADDITIONAL 212rpz.example.com. 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 1379078166 28800 7200 604800 7200 ) 213ENTRY_END 214 215; should be synthesized 216 217STEP 62 QUERY ADDRESS 192.0.5.1 218ENTRY_BEGIN 219REPLY RD 220SECTION QUESTION 221a.a. IN TXT 222ENTRY_END 223 224STEP 63 CHECK_ANSWER 225ENTRY_BEGIN 226MATCH all 227REPLY QR AA RD RA NOERROR 228SECTION QUESTION 229a.a. IN TXT 230SECTION ANSWER 231a.a. IN TXT "42" 232SECTION ADDITIONAL 233rpz.example.com. 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 1379078166 28800 7200 604800 7200 ) 234ENTRY_END 235 236; should be synthesized NODATA 237 238STEP 64 QUERY ADDRESS 192.0.5.1 239ENTRY_BEGIN 240REPLY RD 241SECTION QUESTION 242a.a. IN AAAA 243ENTRY_END 244 245STEP 65 CHECK_ANSWER 246ENTRY_BEGIN 247MATCH all 248REPLY QR AA RD RA NOERROR 249SECTION QUESTION 250a.a. IN AAAA 251SECTION ADDITIONAL 252rpz.example.com. 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 1379078166 28800 7200 604800 7200 ) 253ENTRY_END 254 255; should be DROPPED 256 257STEP 90 QUERY ADDRESS 192.0.2.1 258ENTRY_BEGIN 259REPLY RD 260SECTION QUESTION 261a.a. IN TXT 262ENTRY_END 263 264SCENARIO_END 265