1; config options 2server: 3 module-config: "respip validator iterator" 4 target-fetch-policy: "0 0 0 0 0" 5 qname-minimisation: no 6 access-control: 192.0.0.0/8 allow 7 8rpz: 9 name: "rpz.example.com." 10 rpz-log: yes 11 rpz-log-name: "rpz.example.com" 12 rpz-action-override: passthru 13 zonefile: 14TEMPFILE_NAME rpz.example.com 15TEMPFILE_CONTENTS rpz.example.com 16$ORIGIN example.com. 17rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 18 1379078166 28800 7200 604800 7200 ) 19 3600 IN NS ns1.rpz.example.com. 20 3600 IN NS ns2.rpz.example.com. 21$ORIGIN rpz.example.com. 22c.a TXT "local data 1st zone" 23d.a A 127.0.0.1 24TEMPFILE_END 25 26rpz: 27 name: "wl.example.com." 28 rpz-log: yes 29 rpz-log-name: "wl.example.com" 30 zonefile: 31TEMPFILE_NAME wl.example.com 32TEMPFILE_CONTENTS wl.example.com 33$ORIGIN example.com. 34wl 3600 IN SOA ns1.wl.example.com. hostmaster.wl.example.com. ( 35 1379078166 28800 7200 604800 7200 ) 36 3600 IN NS ns1.wl.example.com. 37 3600 IN NS ns2.wl.example.com. 38$ORIGIN wl.example.com. 39e.a CNAME rpz-passthru. 40TEMPFILE_END 41 42rpz: 43 name: "rpz2.example.com." 44 rpz-log: yes 45 rpz-log-name: "rpz2.example.com" 46 rpz-action-override: nxdomain 47 zonefile: 48TEMPFILE_NAME rpz2.example.com 49TEMPFILE_CONTENTS rpz2.example.com 50$ORIGIN example.com. 51rpz2 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 52 1379078166 28800 7200 604800 7200 ) 53 3600 IN NS ns1.rpz.example.com. 54 3600 IN NS ns2.rpz.example.com. 55$ORIGIN rpz2.example.com. 56c.a TXT "local data 2nd zone" 5724.0.5.0.192.rpz-client-ip A 127.0.0.1 5824.0.5.0.192.rpz-client-ip TXT "clientip 2nd zone" 5924.0.3.2.1.rpz-ip A 127.0.0.2 60TEMPFILE_END 61 62stub-zone: 63 name: "a." 64 stub-addr: 10.20.30.40 65CONFIG_END 66 67SCENARIO_BEGIN Test RPZ passthru ends processing for later triggers. 68 69; a. 70RANGE_BEGIN 0 1000 71 ADDRESS 10.20.30.40 72ENTRY_BEGIN 73MATCH opcode qtype qname 74ADJUST copy_id 75REPLY QR NOERROR 76SECTION QUESTION 77c.a. IN TXT 78SECTION ANSWER 79c.a. IN TXT "answer from upstream ns" 80ENTRY_END 81 82ENTRY_BEGIN 83MATCH opcode qtype qname 84ADJUST copy_id 85REPLY QR NOERROR 86SECTION QUESTION 87d.a. IN A 88SECTION ANSWER 89d.a. IN A 1.2.3.4 90ENTRY_END 91 92ENTRY_BEGIN 93MATCH opcode qtype qname 94ADJUST copy_id 95REPLY QR NOERROR 96SECTION QUESTION 97e.a. IN A 98SECTION ANSWER 99e.a. IN A 1.2.3.4 100ENTRY_END 101RANGE_END 102 103STEP 10 QUERY ADDRESS 192.0.5.1 104ENTRY_BEGIN 105REPLY RD 106SECTION QUESTION 107c.a. IN TXT 108ENTRY_END 109 110STEP 11 CHECK_ANSWER 111ENTRY_BEGIN 112MATCH all 113REPLY QR RD RA NOERROR 114SECTION QUESTION 115c.a. IN TXT 116SECTION ANSWER 117c.a. IN TXT "answer from upstream ns" 118ENTRY_END 119 120STEP 20 QUERY ADDRESS 192.0.2.1 121ENTRY_BEGIN 122REPLY RD 123SECTION QUESTION 124d.a. IN A 125ENTRY_END 126 127STEP 21 CHECK_ANSWER 128ENTRY_BEGIN 129MATCH all 130REPLY QR RD RA NOERROR 131SECTION QUESTION 132d.a. IN A 133SECTION ANSWER 134d.a. IN A 1.2.3.4 135ENTRY_END 136 137STEP 30 QUERY ADDRESS 192.0.2.1 138ENTRY_BEGIN 139REPLY RD 140SECTION QUESTION 141e.a. IN A 142ENTRY_END 143 144STEP 31 CHECK_ANSWER 145ENTRY_BEGIN 146MATCH all 147REPLY QR RD RA NOERROR 148SECTION QUESTION 149e.a. IN A 150SECTION ANSWER 151e.a. IN A 1.2.3.4 152ENTRY_END 153 154SCENARIO_END 155