1; config options 2server: 3 module-config: "respip validator iterator" 4 target-fetch-policy: "0 0 0 0 0" 5 qname-minimisation: no 6 7rpz: 8 name: "rpz.example.com." 9 zonefile: 10TEMPFILE_NAME rpz.example.com 11TEMPFILE_CONTENTS rpz.example.com 12$ORIGIN example.com. 13rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 14 1379078166 28800 7200 604800 7200 ) 15 3600 IN NS ns1.rpz.example.com. 16 3600 IN NS ns2.rpz.example.com. 17$ORIGIN rpz.example.com. 18a CNAME . 19a CNAME *. ; duplicate CNAME here on purpose 20*.a TXT "wildcard local data" 21* CNAME . 22b.a CNAME *. 23c.a CNAME rpz-passthru. 24TEMPFILE_END 25 26rpz: 27 name: "rpz2.example.com." 28 zonefile: 29TEMPFILE_NAME rpz2.example.com 30TEMPFILE_CONTENTS rpz2.example.com 31$ORIGIN example.com. 32rpz2 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 33 1379078166 28800 7200 604800 7200 ) 34 3600 IN NS ns1.rpz.example.com. 35 3600 IN NS ns2.rpz.example.com. 36$ORIGIN rpz2.example.com. 37a TXT "local data 2nd zone" 38d TXT "local data 2nd zone" 39e CNAME *.a.example. 40*.e CNAME *.b.example. 41drop CNAME rpz-drop. 42TEMPFILE_END 43 44stub-zone: 45 name: "a." 46 stub-addr: 10.20.30.40 47stub-zone: 48 name: "example." 49 stub-addr: 10.20.30.50 50CONFIG_END 51 52SCENARIO_BEGIN Test RPZ QNAME trigger for root wildcard. 53 54; a. 55RANGE_BEGIN 0 100 56 ADDRESS 10.20.30.40 57ENTRY_BEGIN 58MATCH opcode qtype qname 59ADJUST copy_id 60REPLY QR NOERROR 61SECTION QUESTION 62a. IN NS 63SECTION ANSWER 64a. IN NS ns.a. 65SECTION ADDITIONAL 66ns.a IN A 10.20.30.40 67ENTRY_END 68 69ENTRY_BEGIN 70MATCH opcode qtype qname 71ADJUST copy_id 72REPLY QR NOERROR 73SECTION QUESTION 74c.a. IN TXT 75SECTION ANSWER 76c.a. IN TXT "answer from upstream ns" 77ENTRY_END 78 79ENTRY_BEGIN 80MATCH opcode qtype qname 81ADJUST copy_id 82REPLY QR NOERROR 83SECTION QUESTION 84x.b.a. IN TXT 85SECTION ANSWER 86x.b.a. IN TXT "answer from upstream ns" 87ENTRY_END 88 89RANGE_END 90 91; example. 92RANGE_BEGIN 0 100 93 ADDRESS 10.20.30.50 94ENTRY_BEGIN 95MATCH opcode qtype qname 96ADJUST copy_id 97REPLY QR NOERROR 98SECTION QUESTION 99example. IN NS 100SECTION ANSWER 101example. IN NS ns.example. 102SECTION ADDITIONAL 103ns.example IN A 10.20.30.50 104ENTRY_END 105 106ENTRY_BEGIN 107MATCH opcode qtype qname 108ADJUST copy_id 109REPLY QR NOERROR 110SECTION QUESTION 111e.a.example. IN TXT 112SECTION ANSWER 113e.a.example. IN TXT "e.a.example. answer from upstream ns" 114ENTRY_END 115 116ENTRY_BEGIN 117MATCH opcode qtype qname 118ADJUST copy_id 119REPLY QR NOERROR 120SECTION QUESTION 121something.e.b.example. IN TXT 122SECTION ANSWER 123something.e.b.example. IN TXT "*.b.example. answer from upstream ns" 124ENTRY_END 125 126RANGE_END 127 128STEP 10 QUERY 129ENTRY_BEGIN 130REPLY RD 131SECTION QUESTION 132x. IN TXT 133ENTRY_END 134 135; wildcard deny all 136STEP 20 CHECK_ANSWER 137ENTRY_BEGIN 138MATCH all 139REPLY QR RD RA AA NXDOMAIN 140SECTION QUESTION 141x. IN TXT 142SECTION ANSWER 143ENTRY_END 144 145STEP 30 QUERY 146ENTRY_BEGIN 147REPLY RD 148SECTION QUESTION 149y.tld. IN TXT 150ENTRY_END 151 152; wildcard deny all 153STEP 40 CHECK_ANSWER 154ENTRY_BEGIN 155MATCH all 156REPLY QR RD RA AA NXDOMAIN 157SECTION QUESTION 158y.tld. IN TXT 159SECTION ANSWER 160ENTRY_END 161 162SCENARIO_END 163