1; config options 2server: 3 module-config: "respip validator iterator" 4 target-fetch-policy: "0 0 0 0 0" 5 qname-minimisation: no 6 7rpz: 8 name: "rpz.example.com." 9 rpz-action-override: disabled 10 zonefile: 11TEMPFILE_NAME rpz.example.com 12TEMPFILE_CONTENTS rpz.example.com 13$ORIGIN rpz.example.com. 14a TXT "record zone rpz.example.com" 15TEMPFILE_END 16 17rpz: 18 name: "rpz2.example.com." 19 zonefile: 20TEMPFILE_NAME rpz2.example.com 21TEMPFILE_CONTENTS rpz2.example.com 22$ORIGIN rpz2.example.com. 23a TXT "record zone rpz2.example.com" 24TEMPFILE_END 25 26rpz: 27 name: "rpz3.example.com." 28 rpz-action-override: nodata 29 zonefile: 30TEMPFILE_NAME rpz3.example.com 31TEMPFILE_CONTENTS rpz3.example.com 32$ORIGIN rpz3.example.com. 33b CNAME . 34TEMPFILE_END 35 36rpz: 37 name: "rpz4.example.com." 38 rpz-action-override: nxdomain 39 zonefile: 40TEMPFILE_NAME rpz4.example.com 41TEMPFILE_CONTENTS rpz4.example.com 42$ORIGIN rpz4.example.com. 43c CNAME *. 44TEMPFILE_END 45 46rpz: 47 name: "rpz5.example.com." 48 rpz-action-override: passthru 49 zonefile: 50TEMPFILE_NAME rpz5.example.com 51TEMPFILE_CONTENTS rpz5.example.com 52$ORIGIN rpz5.example.com. 53d TXT "should be override by passthru" 54TEMPFILE_END 55 56rpz: 57 name: "rpz6.example.com." 58 rpz-action-override: cname 59 rpz-cname-override: "d." 60 zonefile: 61TEMPFILE_NAME rpz6.example.com 62TEMPFILE_CONTENTS rpz6.example.com 63$ORIGIN rpz6.example.com. 64e TXT "should be override by cname" 65TEMPFILE_END 66 67rpz: 68 name: "rpz7.example.com." 69 rpz-action-override: drop 70 zonefile: 71TEMPFILE_NAME rpz7.example.com 72TEMPFILE_CONTENTS rpz7.example.com 73$ORIGIN rpz7.example.com. 74f TXT "should be override by drop policy" 75TEMPFILE_END 76 77stub-zone: 78 name: "d." 79 stub-addr: 10.20.30.40 80CONFIG_END 81 82SCENARIO_BEGIN Test RPZ action overrides for QNAME trigger 83 84; d. 85RANGE_BEGIN 0 100 86 ADDRESS 10.20.30.40 87ENTRY_BEGIN 88MATCH opcode qtype qname 89ADJUST copy_id 90REPLY QR NOERROR 91SECTION QUESTION 92d. IN TXT 93SECTION ANSWER 94d. IN TXT "answer from upstream ns" 95ENTRY_END 96 97RANGE_END 98 99; check disabled override, should be answered using next policy zone 100STEP 10 QUERY 101ENTRY_BEGIN 102REPLY RD 103SECTION QUESTION 104a. IN TXT 105ENTRY_END 106 107STEP 11 CHECK_ANSWER 108ENTRY_BEGIN 109MATCH all 110REPLY QR RD RA AA NOERROR 111SECTION QUESTION 112a. IN TXT 113SECTION ANSWER 114a TXT "record zone rpz2.example.com" 115ENTRY_END 116 117; check nodata override, would be NXDOMAIN without override 118STEP 20 QUERY 119ENTRY_BEGIN 120REPLY RD 121SECTION QUESTION 122b. IN TXT 123ENTRY_END 124 125STEP 21 CHECK_ANSWER 126ENTRY_BEGIN 127MATCH all 128REPLY QR RD RA AA NOERROR 129SECTION QUESTION 130b. IN TXT 131SECTION ANSWER 132ENTRY_END 133 134; check nxdomain override, would be NODATA without override 135STEP 30 QUERY 136ENTRY_BEGIN 137REPLY RD 138SECTION QUESTION 139c. IN TXT 140ENTRY_END 141 142STEP 31 CHECK_ANSWER 143ENTRY_BEGIN 144MATCH all 145REPLY QR RD RA AA NXDOMAIN 146SECTION QUESTION 147c. IN TXT 148SECTION ANSWER 149ENTRY_END 150 151; check passthru override, would be localdata without override 152STEP 40 QUERY 153ENTRY_BEGIN 154REPLY RD 155SECTION QUESTION 156d. IN TXT 157ENTRY_END 158 159STEP 41 CHECK_ANSWER 160ENTRY_BEGIN 161MATCH all 162REPLY QR RD RA NOERROR 163SECTION QUESTION 164d. IN TXT 165SECTION ANSWER 166d. IN TXT "answer from upstream ns" 167ENTRY_END 168 169; check cname override, would be localdata without override 170STEP 50 QUERY 171ENTRY_BEGIN 172REPLY RD 173SECTION QUESTION 174e. IN TXT 175ENTRY_END 176 177STEP 51 CHECK_ANSWER 178ENTRY_BEGIN 179MATCH all 180REPLY QR RD RA AA NOERROR 181SECTION QUESTION 182e. IN TXT 183SECTION ANSWER 184e. IN CNAME d. 185d. IN TXT "answer from upstream ns" 186ENTRY_END 187 188; check drop override, would be localdata without override 189STEP 60 QUERY 190ENTRY_BEGIN 191REPLY RD 192SECTION QUESTION 193f. IN TXT 194ENTRY_END 195; no answer is checked at exit of testbound. 196 197SCENARIO_END 198