; config options server: module-config: "respip validator iterator" target-fetch-policy: "0 0 0 0 0" qname-minimisation: no access-control: 192.0.0.0/8 allow rpz: name: "rpz.example.com." rpz-signal-nxdomain-ra: yes zonefile: TEMPFILE_NAME rpz.example.com TEMPFILE_CONTENTS rpz.example.com $ORIGIN example.com. rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 1379078166 28800 7200 604800 7200 ) 3600 IN NS ns1.rpz.example.com. 3600 IN NS ns2.rpz.example.com. $ORIGIN rpz.example.com. a.a CNAME . b.a CNAME . ns1.a.rpz-nsdname CNAME . 24.0.0.0.192.rpz-nsip CNAME . 24.0.3.0.192.rpz-client-ip CNAME . TEMPFILE_END stub-zone: name: "a." stub-addr: 10.20.30.40 CONFIG_END SCENARIO_BEGIN Test RPZ qname trigger and signal NXDOMAIN with unset RA. RANGE_BEGIN 0 100 ADDRESS 10.20.30.40 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION a. IN NS SECTION ANSWER a. IN NS ns.a. SECTION ADDITIONAL ns.a IN A 10.20.30.40 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION a.a. IN TXT SECTION ANSWER a.a. IN TXT "upstream txt rr a.a." ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION b.a. IN TXT SECTION ANSWER b.a. IN TXT "upstream txt rr b.a." ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION c.a. IN TXT SECTION ANSWER c.a. IN CNAME b.a ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION d.a. IN NS SECTION ANSWER SECTION AUTHORITY d.a. IN NS ns1.a. SECTION ADDITIONAL ns1.a. IN A 10.20.30.50 ENTRY_END ENTRY_BEGIN MATCH opcode subdomain ADJUST copy_id copy_query REPLY QR NOERROR SECTION QUESTION e.a. IN NS SECTION ANSWER SECTION AUTHORITY e.a. IN NS ns2.a. SECTION ADDITIONAL ns2.a. IN A 192.0.0.5 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION f.a. IN TXT SECTION ANSWER f.a. IN TXT "upstream txt rr f.a." ENTRY_END RANGE_END RANGE_BEGIN 0 100 ADDRESS 10.20.30.50 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION d.a. IN NS SECTION ANSWER d.a. IN NS ns1.a. SECTION ADDITIONAL ns1.a. IN A 10.20.30.50 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION d.d.a. IN TXT SECTION ANSWER d.d.a. IN TXT "upstream answer for d.d.a" ENTRY_END RANGE_END RANGE_BEGIN 0 100 ADDRESS 192.0.0.5 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION e.a. IN NS SECTION ANSWER e.a. IN NS ns2.a. SECTION ADDITIONAL ns2.a. IN A 192.0.0.5 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION e.e.a. IN TXT SECTION ANSWER e.e.a. IN TXT "upstream answer for e.e.a" ENTRY_END RANGE_END ; qname trigger STEP 10 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION a.a. IN TXT ENTRY_END STEP 11 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD AA NXDOMAIN SECTION QUESTION a.a. IN TXT SECTION ANSWER ENTRY_END ; qname trigger after cname STEP 20 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION c.a. IN TXT ENTRY_END STEP 21 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD AA NXDOMAIN SECTION QUESTION c.a. IN TXT SECTION ANSWER c.a. IN CNAME b.a ENTRY_END ; nsdname trigger STEP 30 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION d.d.a. IN TXT ENTRY_END STEP 31 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD AA NXDOMAIN SECTION QUESTION d.d.a. IN TXT SECTION ANSWER ENTRY_END ; nsip trigger STEP 40 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION e.e.a. IN TXT ENTRY_END STEP 41 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD AA NXDOMAIN SECTION QUESTION e.e.a. IN TXT SECTION ANSWER ENTRY_END ; clientip trigger STEP 50 QUERY ADDRESS 192.0.3.1 ENTRY_BEGIN REPLY RD SECTION QUESTION f.a. IN TXT ENTRY_END STEP 51 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR AA RD NXDOMAIN SECTION QUESTION f.a. IN TXT SECTION ANSWER ENTRY_END SCENARIO_END