diff options
Diffstat (limited to 'testdata/rpz_cname_tag.rpl')
-rw-r--r-- | testdata/rpz_cname_tag.rpl | 281 |
1 files changed, 281 insertions, 0 deletions
diff --git a/testdata/rpz_cname_tag.rpl b/testdata/rpz_cname_tag.rpl new file mode 100644 index 000000000000..fb782b685ac7 --- /dev/null +++ b/testdata/rpz_cname_tag.rpl @@ -0,0 +1,281 @@ +; config options +server: + module-config: "respip validator iterator" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + access-control: 192.0.0.0/8 allow + access-control: 193.0.0.0/8 allow + define-tag: "internal server" + access-control-tag: 192.0.0.0/8 "internal" + access-control-tag: 127.0.0.0/8 "server" + ; 193.0.0.0/8 has no tags + +rpz: + name: "rpz.example.com." + rpz-log: yes + rpz-log-name: "rpz.example.com" + tags: "internal" + zonefile: +TEMPFILE_NAME rpz.example.com +TEMPFILE_CONTENTS rpz.example.com +$ORIGIN example.com. +rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz.example.com. + 3600 IN NS ns2.rpz.example.com. +$ORIGIN rpz.example.com. +www.gotham.a A 1.2.3.61 +www.gotham2.a CNAME g2.target.a. +g2.target.a A 1.2.3.62 +www.gotham3.a CNAME g3.target.a. +g3.target.a CNAME g3b.target.a. +g3b.target.a A 1.2.3.63 +www.gotham4.a CNAME g4.target.a. +g4.target.a CNAME g4b.target.a. +g4b.target.a CNAME g4c.target.a. +g4c.target.a A 1.2.3.64 +; server for a. +32.40.30.20.10.rpz-nsip A 1.2.3.68 +www.gotham5.a TXT "txt5" +TEMPFILE_END + +stub-zone: + name: "a." + stub-addr: 10.20.30.40 +CONFIG_END + +SCENARIO_BEGIN Test RPZ handling of CNAMEs and tags. + +; a. +RANGE_BEGIN 0 1000 + ADDRESS 10.20.30.40 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +target.a. IN A +SECTION ANSWER +target.a. IN A 1.2.3.6 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham.a. IN A +SECTION ANSWER +www.gotham.a. IN A 1.2.3.5 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham2.a. IN A +SECTION ANSWER +www.gotham2.a. IN A 1.2.3.52 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham3.a. IN A +SECTION ANSWER +www.gotham3.a. IN A 1.2.3.53 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham4.a. IN A +SECTION ANSWER +www.gotham4.a. IN A 1.2.3.54 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.gotham5.a. IN TXT +SECTION ANSWER +www.gotham5.a. IN TXT "gotham5" +ENTRY_END +RANGE_END + +; Test with zero rpz CNAMEs, no tag match for rpz answer. +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham.a. IN A +ENTRY_END + +STEP 11 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham.a. IN A +SECTION ANSWER +www.gotham.a. A 1.2.3.5 +ENTRY_END + +; Test with one rpz CNAME, no tag match for rpz answer. +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham2.a. IN A +ENTRY_END + +STEP 21 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham2.a. IN A +SECTION ANSWER +www.gotham2.a. A 1.2.3.52 +ENTRY_END + +; Test with two rpz CNAMEs, no tag match for rpz answer. +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham3.a. IN A +ENTRY_END + +STEP 31 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham3.a. IN A +SECTION ANSWER +www.gotham3.a. A 1.2.3.53 +ENTRY_END + +; Test with three rpz CNAMEs, no tag match for rpz answer. +STEP 40 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham4.a. IN A +ENTRY_END + +STEP 41 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham4.a. IN A +SECTION ANSWER +www.gotham4.a. A 1.2.3.54 +ENTRY_END + +; Test with zero rpz CNAMEs, rpz answer. Tag "internal" +STEP 50 QUERY ADDRESS 192.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham.a. IN A +ENTRY_END + +STEP 51 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham.a. IN A +SECTION ANSWER +www.gotham.a. A 1.2.3.61 +ENTRY_END + +; Test with one rpz CNAME, rpz answer. Tag "internal" +STEP 60 QUERY ADDRESS 192.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham2.a. IN A +ENTRY_END + +STEP 61 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham2.a. IN A +SECTION ANSWER +www.gotham2.a. CNAME g2.target.a. +g2.target.a. A 1.2.3.62 +ENTRY_END + +; Test with two rpz CNAMEs, rpz answer. Tag "internal" +STEP 70 QUERY ADDRESS 192.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham3.a. IN A +ENTRY_END + +STEP 71 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham3.a. IN A +SECTION ANSWER +www.gotham3.a. CNAME g3.target.a. +g3.target.a. CNAME g3b.target.a. +g3b.target.a. A 1.2.3.63 +ENTRY_END + +; Test with three rpz CNAMEs, rpz answer. Tag "internal" +STEP 80 QUERY ADDRESS 192.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham4.a. IN A +ENTRY_END + +STEP 81 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.gotham4.a. IN A +SECTION ANSWER +www.gotham4.a. CNAME g4.target.a. +g4.target.a. CNAME g4b.target.a. +g4b.target.a. CNAME g4c.target.a. +g4c.target.a. A 1.2.3.64 +ENTRY_END + +; Test with zero rpz CNAMEs, no tags for the query, and so no rpz answer. +STEP 90 QUERY ADDRESS 193.0.0.1 +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.gotham5.a. IN TXT +ENTRY_END + +STEP 91 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.gotham5.a. IN TXT +SECTION ANSWER +www.gotham5.a. IN TXT "gotham5" +ENTRY_END + +SCENARIO_END |