; config options server: module-config: "respip validator iterator" target-fetch-policy: "0 0 0 0 0" qname-minimisation: no rpz: name: "rpz.example.com." zonefile: TEMPFILE_NAME rpz.example.com TEMPFILE_CONTENTS rpz.example.com $ORIGIN example.com. rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 1379078166 28800 7200 604800 7200 ) 3600 IN NS ns1.rpz.example.com. 3600 IN NS ns2.rpz.example.com. $ORIGIN rpz.example.com. 8.0.0.0.10.rpz-ip CNAME *. 16.0.0.10.10.rpz-ip CNAME . 24.0.10.10.10.rpz-ip CNAME rpz-drop. 32.10.10.10.10.rpz-ip CNAME rpz-passthru. 32.1.1.1.10.rpz-ip CNAME rpz-tcp-only. TEMPFILE_END stub-zone: name: "." stub-addr: 10.20.30.40 CONFIG_END SCENARIO_BEGIN Test RPZ response IP address trigger and tcp-only action RANGE_BEGIN 0 100 ADDRESS 10.20.30.40 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION . IN NS SECTION ANSWER . IN NS ns. SECTION ADDITIONAL ns. IN A 10.20.30.40 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION a. IN A SECTION ANSWER a. IN A 10.0.0.123 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION b. IN A SECTION ANSWER b. IN A 10.1.0.123 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION c. IN A SECTION ANSWER c. IN A 10.11.0.123 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION d. IN A SECTION ANSWER d. IN A 10.10.0.123 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION f. IN A SECTION ANSWER f. IN A 10.10.10.10 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION y. IN A SECTION ANSWER y. IN A 10.1.1.1 ENTRY_END RANGE_END STEP 1 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION a. IN A ENTRY_END STEP 2 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION a. IN A SECTION ANSWER ENTRY_END STEP 10 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION b. IN A ENTRY_END STEP 11 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION b. IN A SECTION ANSWER ENTRY_END STEP 13 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION d. IN A ENTRY_END STEP 14 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NXDOMAIN SECTION QUESTION d. IN A SECTION ANSWER ENTRY_END STEP 17 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION f. IN A ENTRY_END STEP 18 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION f. IN A SECTION ANSWER f. IN A 10.10.10.10 ENTRY_END STEP 30 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION y. IN A ENTRY_END STEP 31 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR TC RD RA NOERROR SECTION QUESTION y. IN A SECTION ANSWER ENTRY_END STEP 40 QUERY ENTRY_BEGIN MATCH TCP REPLY RD SECTION QUESTION y. IN A ENTRY_END STEP 41 CHECK_ANSWER ENTRY_BEGIN MATCH all TCP REPLY QR RD RA NOERROR SECTION QUESTION y. IN A SECTION ANSWER y. IN A 10.1.1.1 ENTRY_END SCENARIO_END