1; config options 2server: 3 module-config: "respip validator iterator" 4 target-fetch-policy: "0 0 0 0 0" 5 qname-minimisation: no 6 access-control: 192.0.0.0/8 allow 7 8rpz: 9 name: "rpz.example.com." 10 rpz-signal-nxdomain-ra: yes 11 zonefile: 12TEMPFILE_NAME rpz.example.com 13TEMPFILE_CONTENTS rpz.example.com 14$ORIGIN example.com. 15rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 16 1379078166 28800 7200 604800 7200 ) 17 3600 IN NS ns1.rpz.example.com. 18 3600 IN NS ns2.rpz.example.com. 19$ORIGIN rpz.example.com. 20a.a CNAME . 21b.a CNAME . 22ns1.a.rpz-nsdname CNAME . 2324.0.0.0.192.rpz-nsip CNAME . 2424.0.3.0.192.rpz-client-ip CNAME . 25TEMPFILE_END 26 27stub-zone: 28 name: "a." 29 stub-addr: 10.20.30.40 30CONFIG_END 31 32SCENARIO_BEGIN Test RPZ qname trigger and signal NXDOMAIN with unset RA. 33 34RANGE_BEGIN 0 100 35 ADDRESS 10.20.30.40 36ENTRY_BEGIN 37MATCH opcode qtype qname 38ADJUST copy_id 39REPLY QR NOERROR 40SECTION QUESTION 41a. IN NS 42SECTION ANSWER 43a. IN NS ns.a. 44SECTION ADDITIONAL 45ns.a IN A 10.20.30.40 46ENTRY_END 47 48ENTRY_BEGIN 49MATCH opcode qtype qname 50ADJUST copy_id 51REPLY QR NOERROR 52SECTION QUESTION 53a.a. IN TXT 54SECTION ANSWER 55a.a. IN TXT "upstream txt rr a.a." 56ENTRY_END 57 58ENTRY_BEGIN 59MATCH opcode qtype qname 60ADJUST copy_id 61REPLY QR NOERROR 62SECTION QUESTION 63b.a. IN TXT 64SECTION ANSWER 65b.a. IN TXT "upstream txt rr b.a." 66ENTRY_END 67 68ENTRY_BEGIN 69MATCH opcode qtype qname 70ADJUST copy_id 71REPLY QR NOERROR 72SECTION QUESTION 73c.a. IN TXT 74SECTION ANSWER 75c.a. IN CNAME b.a 76ENTRY_END 77 78ENTRY_BEGIN 79MATCH opcode subdomain 80ADJUST copy_id copy_query 81REPLY QR NOERROR 82SECTION QUESTION 83d.a. IN NS 84SECTION ANSWER 85SECTION AUTHORITY 86d.a. IN NS ns1.a. 87SECTION ADDITIONAL 88ns1.a. IN A 10.20.30.50 89ENTRY_END 90 91ENTRY_BEGIN 92MATCH opcode subdomain 93ADJUST copy_id copy_query 94REPLY QR NOERROR 95SECTION QUESTION 96e.a. IN NS 97SECTION ANSWER 98SECTION AUTHORITY 99e.a. IN NS ns2.a. 100SECTION ADDITIONAL 101ns2.a. IN A 192.0.0.5 102ENTRY_END 103 104ENTRY_BEGIN 105MATCH opcode qtype qname 106ADJUST copy_id 107REPLY QR NOERROR 108SECTION QUESTION 109f.a. IN TXT 110SECTION ANSWER 111f.a. IN TXT "upstream txt rr f.a." 112ENTRY_END 113 114RANGE_END 115 116RANGE_BEGIN 0 100 117 ADDRESS 10.20.30.50 118ENTRY_BEGIN 119MATCH opcode qtype qname 120ADJUST copy_id 121REPLY QR NOERROR 122SECTION QUESTION 123d.a. IN NS 124SECTION ANSWER 125d.a. IN NS ns1.a. 126SECTION ADDITIONAL 127ns1.a. IN A 10.20.30.50 128ENTRY_END 129 130ENTRY_BEGIN 131MATCH opcode qtype qname 132ADJUST copy_id 133REPLY QR NOERROR 134SECTION QUESTION 135d.d.a. IN TXT 136SECTION ANSWER 137d.d.a. IN TXT "upstream answer for d.d.a" 138ENTRY_END 139 140RANGE_END 141 142RANGE_BEGIN 0 100 143 ADDRESS 192.0.0.5 144ENTRY_BEGIN 145MATCH opcode qtype qname 146ADJUST copy_id 147REPLY QR NOERROR 148SECTION QUESTION 149e.a. IN NS 150SECTION ANSWER 151e.a. IN NS ns2.a. 152SECTION ADDITIONAL 153ns2.a. IN A 192.0.0.5 154ENTRY_END 155 156ENTRY_BEGIN 157MATCH opcode qtype qname 158ADJUST copy_id 159REPLY QR NOERROR 160SECTION QUESTION 161e.e.a. IN TXT 162SECTION ANSWER 163e.e.a. IN TXT "upstream answer for e.e.a" 164ENTRY_END 165 166RANGE_END 167 168; qname trigger 169STEP 10 QUERY 170ENTRY_BEGIN 171REPLY RD 172SECTION QUESTION 173a.a. IN TXT 174ENTRY_END 175 176STEP 11 CHECK_ANSWER 177ENTRY_BEGIN 178MATCH all 179REPLY QR RD AA NXDOMAIN 180SECTION QUESTION 181a.a. IN TXT 182SECTION ANSWER 183ENTRY_END 184 185; qname trigger after cname 186STEP 20 QUERY 187ENTRY_BEGIN 188REPLY RD 189SECTION QUESTION 190c.a. IN TXT 191ENTRY_END 192 193STEP 21 CHECK_ANSWER 194ENTRY_BEGIN 195MATCH all 196REPLY QR RD AA NXDOMAIN 197SECTION QUESTION 198c.a. IN TXT 199SECTION ANSWER 200c.a. IN CNAME b.a 201ENTRY_END 202 203; nsdname trigger 204STEP 30 QUERY 205ENTRY_BEGIN 206REPLY RD 207SECTION QUESTION 208d.d.a. IN TXT 209ENTRY_END 210 211STEP 31 CHECK_ANSWER 212ENTRY_BEGIN 213MATCH all 214REPLY QR RD AA NXDOMAIN 215SECTION QUESTION 216d.d.a. IN TXT 217SECTION ANSWER 218ENTRY_END 219 220; nsip trigger 221STEP 40 QUERY 222ENTRY_BEGIN 223REPLY RD 224SECTION QUESTION 225e.e.a. IN TXT 226ENTRY_END 227 228STEP 41 CHECK_ANSWER 229ENTRY_BEGIN 230MATCH all 231REPLY QR RD AA NXDOMAIN 232SECTION QUESTION 233e.e.a. IN TXT 234SECTION ANSWER 235ENTRY_END 236 237; clientip trigger 238STEP 50 QUERY ADDRESS 192.0.3.1 239ENTRY_BEGIN 240REPLY RD 241SECTION QUESTION 242f.a. IN TXT 243ENTRY_END 244 245STEP 51 CHECK_ANSWER 246ENTRY_BEGIN 247MATCH all 248REPLY QR AA RD NXDOMAIN 249SECTION QUESTION 250f.a. IN TXT 251SECTION ANSWER 252ENTRY_END 253 254SCENARIO_END 255