; config options server: module-config: "respip validator iterator" target-fetch-policy: "0 0 0 0 0" qname-minimisation: no minimal-responses: no access-control: 192.0.0.0/8 allow rpz: name: "rpz.example.com." zonefile: TEMPFILE_NAME rpz.example.com TEMPFILE_CONTENTS rpz.example.com $ORIGIN example.com. rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 1379078166 28800 7200 604800 7200 ) 3600 IN NS ns1.rpz.example.com. 3600 IN NS ns2.rpz.example.com. $ORIGIN rpz.example.com. 24.0.0.0.192.rpz-client-ip CNAME . 24.0.1.0.192.rpz-client-ip CNAME *. 24.0.2.0.192.rpz-client-ip CNAME rpz-drop. 24.0.3.0.192.rpz-client-ip CNAME rpz-passthru. 24.0.4.0.192.rpz-client-ip CNAME rpz-tcp-only. 24.0.5.0.192.rpz-client-ip A 127.0.0.1 24.0.5.0.192.rpz-client-ip TXT "42" TEMPFILE_END stub-zone: name: "a." stub-addr: 10.20.30.40 CONFIG_END SCENARIO_BEGIN Test RPZ client ip triggers RANGE_BEGIN 0 100 ADDRESS 10.20.30.40 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION a. IN NS SECTION ANSWER a. IN NS ns.a. SECTION ADDITIONAL ns.a IN A 10.20.30.40 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION a.a. IN TXT SECTION ANSWER a.a. IN TXT "upstream txt rr a.a." ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION a.a. IN A SECTION ANSWER a.a. IN A 10.20.30.40 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION a.a. IN AAAA SECTION ANSWER a.a. IN AAAA 2001:db8::123 ENTRY_END RANGE_END ; unrelated client ip address -- passthru STEP 10 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION a.a. IN TXT ENTRY_END STEP 11 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION a.a. IN TXT SECTION ANSWER a.a. IN TXT "upstream txt rr a.a." ENTRY_END ; should be NXDOMAIN STEP 20 QUERY ADDRESS 192.0.0.1 ENTRY_BEGIN REPLY RD SECTION QUESTION a.a. IN TXT ENTRY_END STEP 21 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR AA RD RA NXDOMAIN SECTION QUESTION a.a. IN TXT SECTION ANSWER ENTRY_END ; should be NODATA STEP 30 QUERY ADDRESS 192.0.1.1 ENTRY_BEGIN REPLY RD SECTION QUESTION a.a. IN TXT ENTRY_END STEP 31 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR AA RD RA NOERROR SECTION QUESTION a.a. IN TXT SECTION ANSWER ENTRY_END ; should be PASSTHRU STEP 40 QUERY ADDRESS 192.0.3.1 ENTRY_BEGIN REPLY RD SECTION QUESTION a.a. IN TXT ENTRY_END STEP 41 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION a.a. IN TXT SECTION ANSWER a.a. IN TXT "upstream txt rr a.a." ENTRY_END ; should be TRUNCATED STEP 50 QUERY ADDRESS 192.0.4.1 ENTRY_BEGIN REPLY RD SECTION QUESTION a.a. IN TXT ENTRY_END STEP 51 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR AA TC RD RA NOERROR SECTION QUESTION a.a. IN TXT SECTION ANSWER ENTRY_END ; should not be TRUNCATED via TCP STEP 52 QUERY ADDRESS 192.0.4.1 ENTRY_BEGIN MATCH TCP REPLY RD SECTION QUESTION a.a. IN TXT ENTRY_END STEP 53 CHECK_ANSWER ENTRY_BEGIN MATCH all TCP REPLY QR RD RA NOERROR SECTION QUESTION a.a. IN TXT SECTION ANSWER a.a. IN TXT "upstream txt rr a.a." ENTRY_END ; should be synthesized STEP 60 QUERY ADDRESS 192.0.5.1 ENTRY_BEGIN REPLY RD SECTION QUESTION a.a. IN A ENTRY_END STEP 61 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR AA RD RA NOERROR SECTION QUESTION a.a. IN A SECTION ANSWER a.a. IN A 127.0.0.1 SECTION ADDITIONAL rpz.example.com. 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 1379078166 28800 7200 604800 7200 ) ENTRY_END ; should be synthesized STEP 62 QUERY ADDRESS 192.0.5.1 ENTRY_BEGIN REPLY RD SECTION QUESTION a.a. IN TXT ENTRY_END STEP 63 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR AA RD RA NOERROR SECTION QUESTION a.a. IN TXT SECTION ANSWER a.a. IN TXT "42" SECTION ADDITIONAL rpz.example.com. 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 1379078166 28800 7200 604800 7200 ) ENTRY_END ; should be synthesized NODATA STEP 64 QUERY ADDRESS 192.0.5.1 ENTRY_BEGIN REPLY RD SECTION QUESTION a.a. IN AAAA ENTRY_END STEP 65 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR AA RD RA NOERROR SECTION QUESTION a.a. IN AAAA SECTION ADDITIONAL rpz.example.com. 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 1379078166 28800 7200 604800 7200 ) ENTRY_END ; should be DROPPED STEP 90 QUERY ADDRESS 192.0.2.1 ENTRY_BEGIN REPLY RD SECTION QUESTION a.a. IN TXT ENTRY_END SCENARIO_END