aboutsummaryrefslogtreecommitdiff
path: root/testdata/rpz_cname_tag.rpl
diff options
context:
space:
mode:
Diffstat (limited to 'testdata/rpz_cname_tag.rpl')
-rw-r--r--testdata/rpz_cname_tag.rpl281
1 files changed, 281 insertions, 0 deletions
diff --git a/testdata/rpz_cname_tag.rpl b/testdata/rpz_cname_tag.rpl
new file mode 100644
index 000000000000..fb782b685ac7
--- /dev/null
+++ b/testdata/rpz_cname_tag.rpl
@@ -0,0 +1,281 @@
+; config options
+server:
+ module-config: "respip validator iterator"
+ target-fetch-policy: "0 0 0 0 0"
+ qname-minimisation: no
+ access-control: 192.0.0.0/8 allow
+ access-control: 193.0.0.0/8 allow
+ define-tag: "internal server"
+ access-control-tag: 192.0.0.0/8 "internal"
+ access-control-tag: 127.0.0.0/8 "server"
+ ; 193.0.0.0/8 has no tags
+
+rpz:
+ name: "rpz.example.com."
+ rpz-log: yes
+ rpz-log-name: "rpz.example.com"
+ tags: "internal"
+ zonefile:
+TEMPFILE_NAME rpz.example.com
+TEMPFILE_CONTENTS rpz.example.com
+$ORIGIN example.com.
+rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
+ 1379078166 28800 7200 604800 7200 )
+ 3600 IN NS ns1.rpz.example.com.
+ 3600 IN NS ns2.rpz.example.com.
+$ORIGIN rpz.example.com.
+www.gotham.a A 1.2.3.61
+www.gotham2.a CNAME g2.target.a.
+g2.target.a A 1.2.3.62
+www.gotham3.a CNAME g3.target.a.
+g3.target.a CNAME g3b.target.a.
+g3b.target.a A 1.2.3.63
+www.gotham4.a CNAME g4.target.a.
+g4.target.a CNAME g4b.target.a.
+g4b.target.a CNAME g4c.target.a.
+g4c.target.a A 1.2.3.64
+; server for a.
+32.40.30.20.10.rpz-nsip A 1.2.3.68
+www.gotham5.a TXT "txt5"
+TEMPFILE_END
+
+stub-zone:
+ name: "a."
+ stub-addr: 10.20.30.40
+CONFIG_END
+
+SCENARIO_BEGIN Test RPZ handling of CNAMEs and tags.
+
+; a.
+RANGE_BEGIN 0 1000
+ ADDRESS 10.20.30.40
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+target.a. IN A
+SECTION ANSWER
+target.a. IN A 1.2.3.6
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.gotham.a. IN A
+SECTION ANSWER
+www.gotham.a. IN A 1.2.3.5
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.gotham2.a. IN A
+SECTION ANSWER
+www.gotham2.a. IN A 1.2.3.52
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.gotham3.a. IN A
+SECTION ANSWER
+www.gotham3.a. IN A 1.2.3.53
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.gotham4.a. IN A
+SECTION ANSWER
+www.gotham4.a. IN A 1.2.3.54
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.gotham5.a. IN TXT
+SECTION ANSWER
+www.gotham5.a. IN TXT "gotham5"
+ENTRY_END
+RANGE_END
+
+; Test with zero rpz CNAMEs, no tag match for rpz answer.
+STEP 10 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.gotham.a. IN A
+ENTRY_END
+
+STEP 11 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.gotham.a. IN A
+SECTION ANSWER
+www.gotham.a. A 1.2.3.5
+ENTRY_END
+
+; Test with one rpz CNAME, no tag match for rpz answer.
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.gotham2.a. IN A
+ENTRY_END
+
+STEP 21 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.gotham2.a. IN A
+SECTION ANSWER
+www.gotham2.a. A 1.2.3.52
+ENTRY_END
+
+; Test with two rpz CNAMEs, no tag match for rpz answer.
+STEP 30 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.gotham3.a. IN A
+ENTRY_END
+
+STEP 31 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.gotham3.a. IN A
+SECTION ANSWER
+www.gotham3.a. A 1.2.3.53
+ENTRY_END
+
+; Test with three rpz CNAMEs, no tag match for rpz answer.
+STEP 40 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.gotham4.a. IN A
+ENTRY_END
+
+STEP 41 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.gotham4.a. IN A
+SECTION ANSWER
+www.gotham4.a. A 1.2.3.54
+ENTRY_END
+
+; Test with zero rpz CNAMEs, rpz answer. Tag "internal"
+STEP 50 QUERY ADDRESS 192.0.0.1
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.gotham.a. IN A
+ENTRY_END
+
+STEP 51 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AA NOERROR
+SECTION QUESTION
+www.gotham.a. IN A
+SECTION ANSWER
+www.gotham.a. A 1.2.3.61
+ENTRY_END
+
+; Test with one rpz CNAME, rpz answer. Tag "internal"
+STEP 60 QUERY ADDRESS 192.0.0.1
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.gotham2.a. IN A
+ENTRY_END
+
+STEP 61 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AA NOERROR
+SECTION QUESTION
+www.gotham2.a. IN A
+SECTION ANSWER
+www.gotham2.a. CNAME g2.target.a.
+g2.target.a. A 1.2.3.62
+ENTRY_END
+
+; Test with two rpz CNAMEs, rpz answer. Tag "internal"
+STEP 70 QUERY ADDRESS 192.0.0.1
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.gotham3.a. IN A
+ENTRY_END
+
+STEP 71 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AA NOERROR
+SECTION QUESTION
+www.gotham3.a. IN A
+SECTION ANSWER
+www.gotham3.a. CNAME g3.target.a.
+g3.target.a. CNAME g3b.target.a.
+g3b.target.a. A 1.2.3.63
+ENTRY_END
+
+; Test with three rpz CNAMEs, rpz answer. Tag "internal"
+STEP 80 QUERY ADDRESS 192.0.0.1
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.gotham4.a. IN A
+ENTRY_END
+
+STEP 81 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AA NOERROR
+SECTION QUESTION
+www.gotham4.a. IN A
+SECTION ANSWER
+www.gotham4.a. CNAME g4.target.a.
+g4.target.a. CNAME g4b.target.a.
+g4b.target.a. CNAME g4c.target.a.
+g4c.target.a. A 1.2.3.64
+ENTRY_END
+
+; Test with zero rpz CNAMEs, no tags for the query, and so no rpz answer.
+STEP 90 QUERY ADDRESS 193.0.0.1
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.gotham5.a. IN TXT
+ENTRY_END
+
+STEP 91 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.gotham5.a. IN TXT
+SECTION ANSWER
+www.gotham5.a. IN TXT "gotham5"
+ENTRY_END
+
+SCENARIO_END
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-06 12:40:55 +0000