; config options server: module-config: "respip validator iterator" target-fetch-policy: "0 0 0 0 0" qname-minimisation: no rpz: name: "rpz.example.com." zonefile: TEMPFILE_NAME rpz.example.com TEMPFILE_CONTENTS rpz.example.com $ORIGIN example.com. rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 1379078166 28800 7200 604800 7200 ) 3600 IN NS ns1.rpz.example.com. 3600 IN NS ns2.rpz.example.com. $ORIGIN rpz.example.com. 8.0.0.0.10.rpz-ip CNAME *. 16.0.0.10.10.rpz-ip CNAME . 24.0.10.10.10.rpz-ip CNAME rpz-drop. 32.10.10.10.10.rpz-ip CNAME rpz-passthru. 32.1.1.1.10.rpz-ip CNAME rpz-tcp-only. 32.zz.db8.2001.rpz-ip CNAME *. 48.zz.aa.db8.2001.rpz-ip CNAME . 64.zz.bb.aa.db8.2001.rpz-ip CNAME rpz-drop. 128.1.zz.cc.bb.aa.db8.2001.rpz-ip CNAME rpz-passthru. 128.123.zz.cc.bb.aa.db8.2001.rpz-ip AAAA 2001:db8::123 128.124.0.0.cc.bb.aa.db8.2001.rpz-ip AAAA 2001:db8::124 TEMPFILE_END rpz: name: "rpz2.example.com." zonefile: TEMPFILE_NAME rpz2.example.com TEMPFILE_CONTENTS rpz2.example.com $ORIGIN example.com. rpz2 3600 IN SOA ns1.rpz2.example.com. hostmaster.rpz2.example.com. ( 1379078166 28800 7200 604800 7200 ) 3600 IN NS ns1.rpz2.example.com. 3600 IN NS ns2.rpz2.example.com. $ORIGIN rpz2.example.com. 32.10.10.10.10.rpz-ip A 203.0.113.123 32.123.2.0.192.rpz-ip A 203.0.113.123 128.1.zz.cc.bb.aa.db8.2001.rpz-ip AAAA 2001:db1::123 TEMPFILE_END stub-zone: name: "." stub-addr: 10.20.30.40 CONFIG_END SCENARIO_BEGIN Test all supported RPZ action for response IP address trigger ; c. RANGE_BEGIN 0 100 ADDRESS 10.20.30.40 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION . IN NS SECTION ANSWER . IN NS ns. SECTION ADDITIONAL ns. IN A 10.20.30.40 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION a. IN A SECTION ANSWER a. IN A 10.0.0.123 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION a. IN AAAA SECTION ANSWER a. IN AAAA 2001:db8::123 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION b. IN A SECTION ANSWER b. IN A 10.1.0.123 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION b. IN AAAA SECTION ANSWER b. IN AAAA 2001:db8:1::123 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION c. IN A SECTION ANSWER c. IN A 10.11.0.123 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION c. IN AAAA SECTION ANSWER c. IN AAAA 2001:db8:ff::123 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION d. IN A SECTION ANSWER d. IN A 10.10.0.123 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION d. IN AAAA SECTION ANSWER d. IN AAAA 2001:db8:aa::123 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION e. IN A SECTION ANSWER e. IN A 10.10.10.123 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION e. IN AAAA SECTION ANSWER e. IN AAAA 2001:db8:aa:bb::123 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION f. IN A SECTION ANSWER f. IN A 10.10.10.10 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION f. IN AAAA SECTION ANSWER f. IN AAAA 2001:db8:aa:bb:cc::1 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION g. IN A SECTION ANSWER g. IN A 192.0.2.123 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION g. IN AAAA SECTION ANSWER g. IN AAAA 2001:db8:aa:bb:cc::123 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION h. IN AAAA SECTION ANSWER h. IN AAAA 2001:db8:aa:bb:cc::124 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION y. IN A SECTION ANSWER y. IN A 10.1.1.1 ENTRY_END RANGE_END STEP 1 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION a. IN A ENTRY_END STEP 2 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION a. IN A SECTION ANSWER ENTRY_END STEP 3 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION a. IN AAAA ENTRY_END STEP 4 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION a. IN AAAA SECTION ANSWER ENTRY_END STEP 5 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION b. IN A ENTRY_END STEP 6 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION b. IN A SECTION ANSWER ENTRY_END STEP 7 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION b. IN AAAA ENTRY_END STEP 8 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION b. IN AAAA SECTION ANSWER ENTRY_END STEP 9 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION c. IN A ENTRY_END STEP 10 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION c. IN A SECTION ANSWER ENTRY_END STEP 11 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION c. IN AAAA ENTRY_END STEP 12 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION c. IN AAAA SECTION ANSWER ENTRY_END STEP 13 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION d. IN A ENTRY_END STEP 14 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NXDOMAIN SECTION QUESTION d. IN A SECTION ANSWER ENTRY_END STEP 15 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION d. IN AAAA ENTRY_END STEP 16 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NXDOMAIN SECTION QUESTION d. IN AAAA SECTION ANSWER ENTRY_END STEP 17 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION f. IN A ENTRY_END STEP 18 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION f. IN A SECTION ANSWER f. IN A 10.10.10.10 ENTRY_END STEP 19 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION f. IN AAAA ENTRY_END STEP 20 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION f. IN AAAA SECTION ANSWER f. IN AAAA 2001:db8:aa:bb:cc::1 ENTRY_END STEP 21 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION g. IN A ENTRY_END STEP 22 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION g. IN A SECTION ANSWER g. IN A 203.0.113.123 ENTRY_END STEP 23 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION g. IN AAAA ENTRY_END STEP 24 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION g. IN AAAA SECTION ANSWER g. IN AAAA 2001:db8::123 ENTRY_END STEP 25 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION h. IN AAAA ENTRY_END STEP 26 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION h. IN AAAA SECTION ANSWER h. IN AAAA 2001:db8::124 ENTRY_END ; should be dropped STEP 27 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION e. IN A ENTRY_END STEP 28 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION e. IN AAAA ENTRY_END STEP 29 TIME_PASSES ELAPSE 12 ; should be dropped, with cache entry too. STEP 30 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION e. IN A ENTRY_END STEP 31 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION e. IN AAAA ENTRY_END STEP 32 TIME_PASSES ELAPSE 12 STEP 33 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION y. IN A ENTRY_END STEP 34 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR TC RD RA NOERROR SECTION QUESTION y. IN A SECTION ANSWER ENTRY_END SCENARIO_END