1; config options 2server: 3 module-config: "respip validator iterator" 4 target-fetch-policy: "0 0 0 0 0" 5 qname-minimisation: no 6 access-control: 192.0.0.0/8 allow 7 8rpz: 9 name: "rpz.example.com." 10 rpz-log: yes 11 rpz-log-name: "rpz.example.com" 12 zonefile: 13TEMPFILE_NAME rpz.example.com 14TEMPFILE_CONTENTS rpz.example.com 15$ORIGIN example.com. 16rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 17 1379078166 28800 7200 604800 7200 ) 18 3600 IN NS ns1.rpz.example.com. 19 3600 IN NS ns2.rpz.example.com. 20$ORIGIN rpz.example.com. 21ns1.gotham.aa.rpz-nsdname CNAME . 22ns1.gotham.bb.rpz-nsdname CNAME *. 23ns1.gotham.cc.rpz-nsdname CNAME rpz-drop. 24ns1.gotham.com.rpz-nsdname CNAME rpz-passthru. 25ns1.gotham.dd.rpz-nsdname CNAME rpz-tcp-only. 26ns1.gotham.ff.rpz-nsdname A 127.0.0.1 27ns1.gotham.ff.rpz-nsdname TXT "42" 28TEMPFILE_END 29 30stub-zone: 31 name: "." 32 stub-addr: 1.1.1.1 33CONFIG_END 34 35SCENARIO_BEGIN Test RPZ nsip triggers 36 37; . -------------------------------------------------------------------------- 38RANGE_BEGIN 0 100 39 ADDRESS 1.1.1.1 40ENTRY_BEGIN 41MATCH opcode qtype qname 42ADJUST copy_id 43REPLY QR NOERROR 44SECTION QUESTION 45. IN NS 46SECTION ANSWER 47. IN NS ns.root. 48SECTION ADDITIONAL 49ns.root IN A 1.1.1.1 50ENTRY_END 51 52ENTRY_BEGIN 53MATCH opcode subdomain 54ADJUST copy_id copy_query 55REPLY QR NOERROR 56SECTION QUESTION 57com. IN A 58SECTION AUTHORITY 59com. IN NS ns1.com. 60SECTION ADDITIONAL 61ns1.com. IN A 8.8.8.8 62ENTRY_END 63 64ENTRY_BEGIN 65MATCH opcode subdomain 66ADJUST copy_id copy_query 67REPLY QR NOERROR 68SECTION QUESTION 69aa. IN A 70SECTION AUTHORITY 71aa. IN NS ns1.aa. 72SECTION ADDITIONAL 73ns1.aa. IN A 8.8.0.8 74ENTRY_END 75 76ENTRY_BEGIN 77MATCH opcode subdomain 78ADJUST copy_id copy_query 79REPLY QR NOERROR 80SECTION QUESTION 81bb. IN A 82SECTION AUTHORITY 83bb. IN NS ns1.bb. 84SECTION ADDITIONAL 85ns1.bb. IN A 8.8.1.8 86ENTRY_END 87 88ENTRY_BEGIN 89MATCH opcode subdomain 90ADJUST copy_id copy_query 91REPLY QR NOERROR 92SECTION QUESTION 93cc. IN A 94SECTION AUTHORITY 95cc. IN NS ns1.cc. 96SECTION ADDITIONAL 97ns1.cc. IN A 8.8.2.8 98ENTRY_END 99 100ENTRY_BEGIN 101MATCH opcode subdomain 102ADJUST copy_id copy_query 103REPLY QR NOERROR 104SECTION QUESTION 105dd. IN A 106SECTION AUTHORITY 107dd. IN NS ns1.dd. 108SECTION ADDITIONAL 109ns1.dd. IN A 8.8.3.8 110ENTRY_END 111 112ENTRY_BEGIN 113MATCH opcode subdomain 114ADJUST copy_id copy_query 115REPLY QR NOERROR 116SECTION QUESTION 117ee. IN A 118SECTION AUTHORITY 119ee. IN NS ns1.ee. 120SECTION ADDITIONAL 121ns1.ee. IN A 8.8.5.8 122ENTRY_END 123 124ENTRY_BEGIN 125MATCH opcode subdomain 126ADJUST copy_id copy_query 127REPLY QR NOERROR 128SECTION QUESTION 129ff. IN A 130SECTION AUTHORITY 131ff. IN NS ns1.ff. 132SECTION ADDITIONAL 133ns1.ff. IN A 8.8.6.8 134ENTRY_END 135 136RANGE_END 137 138; com. ----------------------------------------------------------------------- 139RANGE_BEGIN 0 100 140 ADDRESS 8.8.8.8 141 142ENTRY_BEGIN 143MATCH opcode qtype qname 144ADJUST copy_id 145REPLY QR NOERROR 146SECTION QUESTION 147com. IN NS 148SECTION ANSWER 149com. IN NS ns1.com. 150SECTION ADDITIONAL 151ns1.com. IN A 8.8.8.8 152ENTRY_END 153 154ENTRY_BEGIN 155MATCH opcode subdomain 156ADJUST copy_id copy_query 157REPLY QR NOERROR 158SECTION QUESTION 159gotham.com. IN A 160SECTION AUTHORITY 161gotham.com. IN NS ns1.gotham.com. 162SECTION ADDITIONAL 163ns1.gotham.com. IN A 192.0.6.1 164ENTRY_END 165 166RANGE_END 167 168; aa. ------------------------------------------------------------------------ 169RANGE_BEGIN 0 100 170 ADDRESS 8.8.0.8 171 172ENTRY_BEGIN 173MATCH opcode qtype qname 174ADJUST copy_id 175REPLY QR NOERROR 176SECTION QUESTION 177aa. IN NS 178SECTION ANSWER 179aa. IN NS ns1.aa. 180SECTION ADDITIONAL 181ns1.aa. IN A 8.8.0.8 182ENTRY_END 183 184ENTRY_BEGIN 185MATCH opcode subdomain 186ADJUST copy_id copy_query 187REPLY QR NOERROR 188SECTION QUESTION 189gotham.aa. IN A 190SECTION AUTHORITY 191gotham.aa. IN NS ns1.gotham.aa. 192SECTION ADDITIONAL 193ns1.gotham.aa. IN A 192.0.0.1 194ENTRY_END 195 196RANGE_END 197 198; bb. ------------------------------------------------------------------------ 199RANGE_BEGIN 0 100 200 ADDRESS 8.8.1.8 201 202ENTRY_BEGIN 203MATCH opcode qtype qname 204ADJUST copy_id 205REPLY QR NOERROR 206SECTION QUESTION 207bb. IN NS 208SECTION ANSWER 209bb. IN NS ns1.bb. 210SECTION ADDITIONAL 211ns1.bb. IN A 8.8.1.8 212ENTRY_END 213 214ENTRY_BEGIN 215MATCH opcode subdomain 216ADJUST copy_id copy_query 217REPLY QR NOERROR 218SECTION QUESTION 219gotham.bb. IN A 220SECTION AUTHORITY 221gotham.bb. IN NS ns1.gotham.bb. 222SECTION ADDITIONAL 223ns1.gotham.bb. IN A 192.0.1.1 224ENTRY_END 225 226RANGE_END 227 228; ff. ------------------------------------------------------------------------ 229RANGE_BEGIN 0 100 230 ADDRESS 8.8.6.8 231 232ENTRY_BEGIN 233MATCH opcode qtype qname 234ADJUST copy_id 235REPLY QR NOERROR 236SECTION QUESTION 237ff. IN NS 238SECTION ANSWER 239ff. IN NS ns1.ff. 240SECTION ADDITIONAL 241ns1.ff. IN A 8.8.6.8 242ENTRY_END 243 244ENTRY_BEGIN 245MATCH opcode subdomain 246ADJUST copy_id copy_query 247REPLY QR NOERROR 248SECTION QUESTION 249gotham.ff. IN A 250SECTION AUTHORITY 251gotham.ff. IN NS ns1.gotham.ff. 252SECTION ADDITIONAL 253ns1.gotham.ff. IN A 192.0.5.1 254ENTRY_END 255 256RANGE_END 257 258; ns1.gotham.com. ------------------------------------------------------------ 259RANGE_BEGIN 0 100 260 ADDRESS 192.0.6.1 261 262ENTRY_BEGIN 263MATCH opcode qtype qname 264ADJUST copy_id 265REPLY QR NOERROR 266SECTION QUESTION 267gotham.com. IN A 268SECTION ANSWER 269gotham.com. IN A 192.0.6.2 270ENTRY_END 271 272RANGE_END 273 274; ns1.gotham.aa. ------------------------------------------------------------- 275RANGE_BEGIN 0 100 276 ADDRESS 192.0.0.1 277 278ENTRY_BEGIN 279MATCH opcode qtype qname 280ADJUST copy_id 281REPLY QR NOERROR 282SECTION QUESTION 283gotham.aa. IN A 284SECTION ANSWER 285gotham.aa. IN A 192.0.0.2 286ENTRY_END 287 288RANGE_END 289 290; ns1.gotham.bb. ------------------------------------------------------------- 291RANGE_BEGIN 0 100 292 ADDRESS 192.0.1.1 293 294ENTRY_BEGIN 295MATCH opcode qtype qname 296ADJUST copy_id 297REPLY QR NOERROR 298SECTION QUESTION 299gotham.bb. IN A 300SECTION ANSWER 301gotham.bb. IN A 192.0.1.2 302ENTRY_END 303 304RANGE_END 305 306; ns1.gotham.ff. ------------------------------------------------------------- 307RANGE_BEGIN 0 100 308 ADDRESS 192.0.5.1 309 310ENTRY_BEGIN 311MATCH opcode qtype qname 312ADJUST copy_id 313REPLY QR NOERROR 314SECTION QUESTION 315gotham.ff. IN A 316SECTION ANSWER 317gotham.ff. IN A 192.0.5.2 318ENTRY_END 319 320RANGE_END 321 322; ---------------------------------------------------------------------------- 323 324STEP 1 QUERY 325ENTRY_BEGIN 326REPLY RD 327SECTION QUESTION 328gotham.com. IN A 329ENTRY_END 330 331STEP 2 CHECK_ANSWER 332ENTRY_BEGIN 333MATCH all 334REPLY QR RD RA NOERROR 335SECTION QUESTION 336gotham.com. IN A 337SECTION ANSWER 338gotham.com. IN A 192.0.6.2 339ENTRY_END 340 341STEP 10 QUERY 342ENTRY_BEGIN 343REPLY RD 344SECTION QUESTION 345gotham.aa. IN A 346ENTRY_END 347 348STEP 11 CHECK_ANSWER 349ENTRY_BEGIN 350MATCH all 351REPLY QR RD RA NXDOMAIN 352SECTION QUESTION 353gotham.aa. IN A 354SECTION ANSWER 355ENTRY_END 356 357STEP 20 QUERY 358ENTRY_BEGIN 359REPLY RD 360SECTION QUESTION 361gotham.bb. IN A 362ENTRY_END 363 364STEP 21 CHECK_ANSWER 365ENTRY_BEGIN 366MATCH all 367REPLY QR RD RA AA NOERROR 368SECTION QUESTION 369gotham.bb. IN A 370SECTION ANSWER 371ENTRY_END 372 373STEP 30 QUERY 374ENTRY_BEGIN 375REPLY RD 376SECTION QUESTION 377gotham.ff. IN A 378ENTRY_END 379 380STEP 31 CHECK_ANSWER 381ENTRY_BEGIN 382MATCH all 383REPLY QR RD RA AA NOERROR 384SECTION QUESTION 385gotham.ff. IN A 386SECTION ANSWER 387gotham.ff. IN A 127.0.0.1 388ENTRY_END 389 390SCENARIO_END 391