; config options server: module-config: "respip validator iterator" target-fetch-policy: "0 0 0 0 0" qname-minimisation: no access-control: 192.0.0.0/8 allow rpz: name: "rpz.example.com." rpz-log: yes rpz-log-name: "rpz.example.com" zonefile: TEMPFILE_NAME rpz.example.com TEMPFILE_CONTENTS rpz.example.com $ORIGIN example.com. rpz 3600 IN SOA ns1.rpz.gotham.com. hostmaster.rpz.example.com. ( 1379078166 28800 7200 604800 7200 ) 3600 IN NS ns1.rpz.example.com. 3600 IN NS ns2.rpz.example.com. $ORIGIN rpz.example.com. 24.0.0.0.192.rpz-nsip CNAME . 24.0.1.0.192.rpz-nsip CNAME *. 24.0.2.0.192.rpz-nsip CNAME rpz-drop. 24.0.3.0.192.rpz-nsip CNAME rpz-passthru. 24.0.4.0.192.rpz-nsip CNAME rpz-tcp-only. 24.0.5.0.192.rpz-nsip A 127.0.0.1 24.0.5.0.192.rpz-nsip TXT "42" TEMPFILE_END stub-zone: name: "." stub-addr: 1.1.1.1 CONFIG_END SCENARIO_BEGIN Test RPZ nsip triggers ; . -------------------------------------------------------------------------- RANGE_BEGIN 0 100 ADDRESS 1.1.1.1 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION . IN NS SECTION ANSWER . IN NS ns.root. SECTION ADDITIONAL ns.root IN A 1.1.1.1 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION com. IN A SECTION AUTHORITY com. IN NS ns1.com. SECTION ADDITIONAL ns1.com. IN A 8.8.8.8 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION aa. IN A SECTION AUTHORITY aa. IN NS ns1.aa. SECTION ADDITIONAL ns1.aa. IN A 8.8.0.8 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION bb. IN A SECTION AUTHORITY bb. IN NS ns1.bb. SECTION ADDITIONAL ns1.bb. IN A 8.8.1.8 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION cc. IN A SECTION AUTHORITY cc. IN NS ns1.cc. SECTION ADDITIONAL ns1.cc. IN A 8.8.2.8 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION dd. IN A SECTION AUTHORITY dd. IN NS ns1.dd. SECTION ADDITIONAL ns1.dd. IN A 8.8.3.8 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION ee. IN A SECTION AUTHORITY ee. IN NS ns1.ee. SECTION ADDITIONAL ns1.ee. IN A 8.8.5.8 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION ff. IN A SECTION AUTHORITY ff. IN NS ns1.ff. SECTION ADDITIONAL ns1.ff. IN A 8.8.6.8 ENTRY_END RANGE_END ; com. ----------------------------------------------------------------------- RANGE_BEGIN 0 100 ADDRESS 8.8.8.8 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION com. IN NS SECTION ANSWER com. IN NS ns1.com. SECTION ADDITIONAL ns1.com. IN A 8.8.8.8 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION gotham.com. IN A SECTION AUTHORITY gotham.com. IN NS ns1.gotham.com. SECTION ADDITIONAL ns1.gotham.com. IN A 192.0.6.1 ENTRY_END RANGE_END ; aa. ------------------------------------------------------------------------ RANGE_BEGIN 0 100 ADDRESS 8.8.0.8 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION aa. IN NS SECTION ANSWER aa. IN NS ns1.aa. SECTION ADDITIONAL ns1.aa. IN A 8.8.0.8 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION gotham.aa. IN A SECTION AUTHORITY gotham.aa. IN NS ns1.gotham.aa. SECTION ADDITIONAL ns1.gotham.aa. IN A 192.0.0.1 ENTRY_END RANGE_END ; bb. ------------------------------------------------------------------------ RANGE_BEGIN 0 100 ADDRESS 8.8.1.8 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION bb. IN NS SECTION ANSWER bb. IN NS ns1.bb. SECTION ADDITIONAL ns1.bb. IN A 8.8.1.8 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION gotham.bb. IN A SECTION AUTHORITY gotham.bb. IN NS ns1.gotham.bb. SECTION ADDITIONAL ns1.gotham.bb. IN A 192.0.1.1 ENTRY_END RANGE_END ; ff. ------------------------------------------------------------------------ RANGE_BEGIN 0 100 ADDRESS 8.8.6.8 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION ff. IN NS SECTION ANSWER ff. IN NS ns1.ff. SECTION ADDITIONAL ns1.ff. IN A 8.8.6.8 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION gotham.ff. IN A SECTION AUTHORITY gotham.ff. IN NS ns1.gotham.ff. SECTION ADDITIONAL ns1.gotham.ff. IN A 192.0.5.1 ENTRY_END RANGE_END ; ns1.gotham.com. ------------------------------------------------------------ RANGE_BEGIN 0 100 ADDRESS 192.0.6.1 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION gotham.com. IN A SECTION ANSWER gotham.com. IN A 192.0.6.2 ENTRY_END RANGE_END ; ns1.gotham.aa. ------------------------------------------------------------- RANGE_BEGIN 0 100 ADDRESS 192.0.0.1 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION gotham.aa. IN A SECTION ANSWER gotham.aa. IN A 192.0.0.2 ENTRY_END RANGE_END ; ns1.gotham.bb. ------------------------------------------------------------- RANGE_BEGIN 0 100 ADDRESS 192.0.1.1 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION gotham.bb. IN A SECTION ANSWER gotham.bb. IN A 192.0.1.2 ENTRY_END RANGE_END ; ns1.gotham.ff. ------------------------------------------------------------- RANGE_BEGIN 0 100 ADDRESS 192.0.5.1 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION gotham.ff. IN A SECTION ANSWER gotham.ff. IN A 192.0.5.2 ENTRY_END RANGE_END ; ---------------------------------------------------------------------------- STEP 1 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION gotham.com. IN A ENTRY_END STEP 2 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION gotham.com. IN A SECTION ANSWER gotham.com. IN A 192.0.6.2 ENTRY_END STEP 10 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION gotham.aa. IN A ENTRY_END STEP 11 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR AA RD RA NXDOMAIN SECTION QUESTION gotham.aa. IN A SECTION ANSWER ENTRY_END STEP 20 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION gotham.bb. IN A ENTRY_END STEP 21 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA AA NOERROR SECTION QUESTION gotham.bb. IN A SECTION ANSWER ENTRY_END STEP 30 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION gotham.ff. IN A ENTRY_END STEP 31 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA AA NOERROR SECTION QUESTION gotham.ff. IN A SECTION ANSWER gotham.ff. IN A 127.0.0.1 ENTRY_END ; again with more cache items STEP 40 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION gotham.ff. IN A ENTRY_END STEP 41 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA AA NOERROR SECTION QUESTION gotham.ff. IN A SECTION ANSWER gotham.ff. IN A 127.0.0.1 ENTRY_END SCENARIO_END