1; config options 2server: 3 module-config: "respip validator iterator" 4 target-fetch-policy: "0 0 0 0 0" 5 qname-minimisation: no 6 7 8rpz: 9 name: "rpz.example.com." 10 zonefile: 11TEMPFILE_NAME rpz.example.com 12TEMPFILE_CONTENTS rpz.example.com 13$ORIGIN example.com. 14rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 15 1379078166 28800 7200 604800 7200 ) 16 3600 IN NS ns1.rpz.example.com. 17 3600 IN NS ns2.rpz.example.com. 18$ORIGIN rpz.example.com. 198.0.0.0.10.rpz-ip CNAME *. 2016.0.0.10.10.rpz-ip CNAME . 2124.0.10.10.10.rpz-ip CNAME rpz-drop. 2232.10.10.10.10.rpz-ip CNAME rpz-passthru. 2332.1.1.1.10.rpz-ip CNAME rpz-tcp-only. 2432.zz.db8.2001.rpz-ip CNAME *. 2548.zz.aa.db8.2001.rpz-ip CNAME . 2664.zz.bb.aa.db8.2001.rpz-ip CNAME rpz-drop. 27128.1.zz.cc.bb.aa.db8.2001.rpz-ip CNAME rpz-passthru. 28128.123.zz.cc.bb.aa.db8.2001.rpz-ip AAAA 2001:db8::123 29128.124.0.0.cc.bb.aa.db8.2001.rpz-ip AAAA 2001:db8::124 30 31TEMPFILE_END 32 33rpz: 34 name: "rpz2.example.com." 35 zonefile: 36TEMPFILE_NAME rpz2.example.com 37TEMPFILE_CONTENTS rpz2.example.com 38$ORIGIN example.com. 39rpz2 3600 IN SOA ns1.rpz2.example.com. hostmaster.rpz2.example.com. ( 40 1379078166 28800 7200 604800 7200 ) 41 3600 IN NS ns1.rpz2.example.com. 42 3600 IN NS ns2.rpz2.example.com. 43$ORIGIN rpz2.example.com. 4432.10.10.10.10.rpz-ip A 203.0.113.123 4532.123.2.0.192.rpz-ip A 203.0.113.123 46128.1.zz.cc.bb.aa.db8.2001.rpz-ip AAAA 2001:db1::123 47TEMPFILE_END 48 49stub-zone: 50 name: "." 51 stub-addr: 10.20.30.40 52CONFIG_END 53 54SCENARIO_BEGIN Test all supported RPZ action for response IP address trigger 55 56; c. 57RANGE_BEGIN 0 100 58 ADDRESS 10.20.30.40 59ENTRY_BEGIN 60MATCH opcode qtype qname 61ADJUST copy_id 62REPLY QR NOERROR 63SECTION QUESTION 64. IN NS 65SECTION ANSWER 66. IN NS ns. 67SECTION ADDITIONAL 68ns. IN A 10.20.30.40 69ENTRY_END 70 71ENTRY_BEGIN 72MATCH opcode qtype qname 73ADJUST copy_id 74REPLY QR NOERROR 75SECTION QUESTION 76a. IN A 77SECTION ANSWER 78a. IN A 10.0.0.123 79ENTRY_END 80 81ENTRY_BEGIN 82MATCH opcode qtype qname 83ADJUST copy_id 84REPLY QR NOERROR 85SECTION QUESTION 86a. IN AAAA 87SECTION ANSWER 88a. IN AAAA 2001:db8::123 89ENTRY_END 90 91ENTRY_BEGIN 92MATCH opcode qtype qname 93ADJUST copy_id 94REPLY QR NOERROR 95SECTION QUESTION 96b. IN A 97SECTION ANSWER 98b. IN A 10.1.0.123 99ENTRY_END 100 101ENTRY_BEGIN 102MATCH opcode qtype qname 103ADJUST copy_id 104REPLY QR NOERROR 105SECTION QUESTION 106b. IN AAAA 107SECTION ANSWER 108b. IN AAAA 2001:db8:1::123 109ENTRY_END 110 111ENTRY_BEGIN 112MATCH opcode qtype qname 113ADJUST copy_id 114REPLY QR NOERROR 115SECTION QUESTION 116c. IN A 117SECTION ANSWER 118c. IN A 10.11.0.123 119ENTRY_END 120 121ENTRY_BEGIN 122MATCH opcode qtype qname 123ADJUST copy_id 124REPLY QR NOERROR 125SECTION QUESTION 126c. IN AAAA 127SECTION ANSWER 128c. IN AAAA 2001:db8:ff::123 129ENTRY_END 130 131ENTRY_BEGIN 132MATCH opcode qtype qname 133ADJUST copy_id 134REPLY QR NOERROR 135SECTION QUESTION 136d. IN A 137SECTION ANSWER 138d. IN A 10.10.0.123 139ENTRY_END 140 141ENTRY_BEGIN 142MATCH opcode qtype qname 143ADJUST copy_id 144REPLY QR NOERROR 145SECTION QUESTION 146d. IN AAAA 147SECTION ANSWER 148d. IN AAAA 2001:db8:aa::123 149ENTRY_END 150 151ENTRY_BEGIN 152MATCH opcode qtype qname 153ADJUST copy_id 154REPLY QR NOERROR 155SECTION QUESTION 156e. IN A 157SECTION ANSWER 158e. IN A 10.10.10.123 159ENTRY_END 160 161ENTRY_BEGIN 162MATCH opcode qtype qname 163ADJUST copy_id 164REPLY QR NOERROR 165SECTION QUESTION 166e. IN AAAA 167SECTION ANSWER 168e. IN AAAA 2001:db8:aa:bb::123 169ENTRY_END 170 171ENTRY_BEGIN 172MATCH opcode qtype qname 173ADJUST copy_id 174REPLY QR NOERROR 175SECTION QUESTION 176f. IN A 177SECTION ANSWER 178f. IN A 10.10.10.10 179ENTRY_END 180 181ENTRY_BEGIN 182MATCH opcode qtype qname 183ADJUST copy_id 184REPLY QR NOERROR 185SECTION QUESTION 186f. IN AAAA 187SECTION ANSWER 188f. IN AAAA 2001:db8:aa:bb:cc::1 189ENTRY_END 190 191ENTRY_BEGIN 192MATCH opcode qtype qname 193ADJUST copy_id 194REPLY QR NOERROR 195SECTION QUESTION 196g. IN A 197SECTION ANSWER 198g. IN A 192.0.2.123 199ENTRY_END 200 201ENTRY_BEGIN 202MATCH opcode qtype qname 203ADJUST copy_id 204REPLY QR NOERROR 205SECTION QUESTION 206g. IN AAAA 207SECTION ANSWER 208g. IN AAAA 2001:db8:aa:bb:cc::123 209ENTRY_END 210 211ENTRY_BEGIN 212MATCH opcode qtype qname 213ADJUST copy_id 214REPLY QR NOERROR 215SECTION QUESTION 216h. IN AAAA 217SECTION ANSWER 218h. IN AAAA 2001:db8:aa:bb:cc::124 219ENTRY_END 220 221ENTRY_BEGIN 222MATCH opcode qtype qname 223ADJUST copy_id 224REPLY QR NOERROR 225SECTION QUESTION 226y. IN A 227SECTION ANSWER 228y. IN A 10.1.1.1 229ENTRY_END 230 231RANGE_END 232 233STEP 1 QUERY 234ENTRY_BEGIN 235REPLY RD 236SECTION QUESTION 237a. IN A 238ENTRY_END 239 240STEP 2 CHECK_ANSWER 241ENTRY_BEGIN 242MATCH all 243REPLY QR RD RA NOERROR 244SECTION QUESTION 245a. IN A 246SECTION ANSWER 247ENTRY_END 248 249STEP 3 QUERY 250ENTRY_BEGIN 251REPLY RD 252SECTION QUESTION 253a. IN AAAA 254ENTRY_END 255 256STEP 4 CHECK_ANSWER 257ENTRY_BEGIN 258MATCH all 259REPLY QR RD RA NOERROR 260SECTION QUESTION 261a. IN AAAA 262SECTION ANSWER 263ENTRY_END 264 265STEP 5 QUERY 266ENTRY_BEGIN 267REPLY RD 268SECTION QUESTION 269b. IN A 270ENTRY_END 271 272STEP 6 CHECK_ANSWER 273ENTRY_BEGIN 274MATCH all 275REPLY QR RD RA NOERROR 276SECTION QUESTION 277b. IN A 278SECTION ANSWER 279ENTRY_END 280 281STEP 7 QUERY 282ENTRY_BEGIN 283REPLY RD 284SECTION QUESTION 285b. IN AAAA 286ENTRY_END 287 288STEP 8 CHECK_ANSWER 289ENTRY_BEGIN 290MATCH all 291REPLY QR RD RA NOERROR 292SECTION QUESTION 293b. IN AAAA 294SECTION ANSWER 295ENTRY_END 296 297STEP 9 QUERY 298ENTRY_BEGIN 299REPLY RD 300SECTION QUESTION 301c. IN A 302ENTRY_END 303 304STEP 10 CHECK_ANSWER 305ENTRY_BEGIN 306MATCH all 307REPLY QR RD RA NOERROR 308SECTION QUESTION 309c. IN A 310SECTION ANSWER 311ENTRY_END 312 313STEP 11 QUERY 314ENTRY_BEGIN 315REPLY RD 316SECTION QUESTION 317c. IN AAAA 318ENTRY_END 319 320STEP 12 CHECK_ANSWER 321ENTRY_BEGIN 322MATCH all 323REPLY QR RD RA NOERROR 324SECTION QUESTION 325c. IN AAAA 326SECTION ANSWER 327ENTRY_END 328 329STEP 13 QUERY 330ENTRY_BEGIN 331REPLY RD 332SECTION QUESTION 333d. IN A 334ENTRY_END 335 336STEP 14 CHECK_ANSWER 337ENTRY_BEGIN 338MATCH all 339REPLY QR RD RA NXDOMAIN 340SECTION QUESTION 341d. IN A 342SECTION ANSWER 343ENTRY_END 344 345STEP 15 QUERY 346ENTRY_BEGIN 347REPLY RD 348SECTION QUESTION 349d. IN AAAA 350ENTRY_END 351 352STEP 16 CHECK_ANSWER 353ENTRY_BEGIN 354MATCH all 355REPLY QR RD RA NXDOMAIN 356SECTION QUESTION 357d. IN AAAA 358SECTION ANSWER 359ENTRY_END 360 361STEP 17 QUERY 362ENTRY_BEGIN 363REPLY RD 364SECTION QUESTION 365f. IN A 366ENTRY_END 367 368STEP 18 CHECK_ANSWER 369ENTRY_BEGIN 370MATCH all 371REPLY QR RD RA NOERROR 372SECTION QUESTION 373f. IN A 374SECTION ANSWER 375f. IN A 10.10.10.10 376ENTRY_END 377 378STEP 19 QUERY 379ENTRY_BEGIN 380REPLY RD 381SECTION QUESTION 382f. IN AAAA 383ENTRY_END 384 385STEP 20 CHECK_ANSWER 386ENTRY_BEGIN 387MATCH all 388REPLY QR RD RA NOERROR 389SECTION QUESTION 390f. IN AAAA 391SECTION ANSWER 392f. IN AAAA 2001:db8:aa:bb:cc::1 393ENTRY_END 394 395STEP 21 QUERY 396ENTRY_BEGIN 397REPLY RD 398SECTION QUESTION 399g. IN A 400ENTRY_END 401 402STEP 22 CHECK_ANSWER 403ENTRY_BEGIN 404MATCH all 405REPLY QR RD RA NOERROR 406SECTION QUESTION 407g. IN A 408SECTION ANSWER 409g. IN A 203.0.113.123 410ENTRY_END 411 412STEP 23 QUERY 413ENTRY_BEGIN 414REPLY RD 415SECTION QUESTION 416g. IN AAAA 417ENTRY_END 418 419STEP 24 CHECK_ANSWER 420ENTRY_BEGIN 421MATCH all 422REPLY QR RD RA NOERROR 423SECTION QUESTION 424g. IN AAAA 425SECTION ANSWER 426g. IN AAAA 2001:db8::123 427ENTRY_END 428 429STEP 25 QUERY 430ENTRY_BEGIN 431REPLY RD 432SECTION QUESTION 433h. IN AAAA 434ENTRY_END 435 436STEP 26 CHECK_ANSWER 437ENTRY_BEGIN 438MATCH all 439REPLY QR RD RA NOERROR 440SECTION QUESTION 441h. IN AAAA 442SECTION ANSWER 443h. IN AAAA 2001:db8::124 444ENTRY_END 445 446; should be dropped 447STEP 27 QUERY 448ENTRY_BEGIN 449REPLY RD 450SECTION QUESTION 451e. IN A 452ENTRY_END 453STEP 28 QUERY 454ENTRY_BEGIN 455REPLY RD 456SECTION QUESTION 457e. IN AAAA 458ENTRY_END 459STEP 29 TIME_PASSES ELAPSE 12 460 461; should be dropped, with cache entry too. 462STEP 30 QUERY 463ENTRY_BEGIN 464REPLY RD 465SECTION QUESTION 466e. IN A 467ENTRY_END 468STEP 31 QUERY 469ENTRY_BEGIN 470REPLY RD 471SECTION QUESTION 472e. IN AAAA 473ENTRY_END 474STEP 32 TIME_PASSES ELAPSE 12 475 476STEP 33 QUERY 477ENTRY_BEGIN 478REPLY RD 479SECTION QUESTION 480y. IN A 481ENTRY_END 482 483STEP 34 CHECK_ANSWER 484ENTRY_BEGIN 485MATCH all 486REPLY QR TC RD RA NOERROR 487SECTION QUESTION 488y. IN A 489SECTION ANSWER 490ENTRY_END 491 492SCENARIO_END 493