unbound/testdata/rpz_cname_wild.rpl

; config options
server:
	module-config: "respip validator iterator"
	target-fetch-policy: "0 0 0 0 0"
	qname-minimisation: no
	access-control: 192.0.0.0/8 allow

rpz:
	name: "rpz.example.com."
	rpz-log: yes
	rpz-log-name: "rpz.example.com"
	zonefile:
TEMPFILE_NAME rpz.example.com
TEMPFILE_CONTENTS rpz.example.com
$ORIGIN example.com. 
rpz	3600	IN	SOA	ns1.rpz.example.com. hostmaster.rpz.example.com. (
		1379078166 28800 7200 604800 7200 )
	3600	IN	NS	ns1.rpz.example.com.
	3600	IN	NS	ns2.rpz.example.com.
$ORIGIN rpz.example.com.
*.gotham5.a CNAME static.gotham6.a.
*.gotham7.a.rpz-nsdname CNAME static.gotham8.a.
TEMPFILE_END

stub-zone:
	name: "a."
	stub-addr: 10.20.30.40
CONFIG_END

SCENARIO_BEGIN Test RPZ with CNAME with a wildcarded qname trigger after it.

; a.
RANGE_BEGIN 0 100
	ADDRESS 10.20.30.40
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham.a. IN NS
SECTION AUTHORITY
gotham.a. NS ns1.gotham.a.
SECTION ADDITIONAL
ns1.gotham.a. A 10.20.30.41
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham2.a. IN NS
SECTION AUTHORITY
gotham2.a. NS ns1.gotham2.a.
SECTION ADDITIONAL
ns1.gotham2.a. A 10.20.30.42
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham6.a. IN NS
SECTION AUTHORITY
gotham6.a. NS ns1.gotham6.a.
SECTION ADDITIONAL
ns1.gotham6.a. A 10.20.30.46
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham7.a. IN NS
SECTION AUTHORITY
gotham7.a. NS ns1.gotham7.a.
SECTION ADDITIONAL
ns1.gotham7.a. A 10.20.30.47
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham8.a. IN NS
SECTION AUTHORITY
gotham8.a. NS ns1.gotham8.a.
SECTION ADDITIONAL
ns1.gotham8.a. A 10.20.30.48
ENTRY_END
RANGE_END

; gotham.a.
RANGE_BEGIN 0 100
	ADDRESS 10.20.30.41
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.gotham.a. IN A
SECTION ANSWER
www.gotham.a. CNAME host.gotham5.a.
ENTRY_END
RANGE_END

; gotham2.a.
RANGE_BEGIN 0 100
	ADDRESS 10.20.30.42
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.gotham2.a. IN A
SECTION ANSWER
www.gotham2.a. CNAME host.gotham7.a.
ENTRY_END
RANGE_END

; gotham6.a.
RANGE_BEGIN 0 100
	ADDRESS 10.20.30.46
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
static.gotham6.a. IN A
SECTION ANSWER
static.gotham6.a. A 1.2.3.4
ENTRY_END
RANGE_END

; gotham8.a.
RANGE_BEGIN 0 100
	ADDRESS 10.20.30.48
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
static.gotham8.a. IN A
SECTION ANSWER
static.gotham8.a. A 1.2.3.5
ENTRY_END
RANGE_END

STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham.a.	IN	A
ENTRY_END

STEP 20 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham.a.	IN	A
SECTION ANSWER
www.gotham.a. CNAME host.gotham5.a.
host.gotham5.a CNAME static.gotham6.a.
static.gotham6.a. A 1.2.3.4
ENTRY_END

STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham2.a.	IN	A
ENTRY_END

STEP 40 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham2.a.	IN	A
SECTION ANSWER
www.gotham2.a. CNAME host.gotham7.a.
host.gotham7.a CNAME static.gotham8.a.
static.gotham8.a. A 1.2.3.5
ENTRY_END

SCENARIO_END
- Fix #1332: CNAME chains are sometimes not followed when RPZs add a local CNAME rewrite. 2025-09-09 06:34:11 -04:00			`; config options`
			`server:`
			`module-config: "respip validator iterator"`
			`target-fetch-policy: "0 0 0 0 0"`
			`qname-minimisation: no`
			`access-control: 192.0.0.0/8 allow`

			`rpz:`
			`name: "rpz.example.com."`
			`rpz-log: yes`
			`rpz-log-name: "rpz.example.com"`
			`zonefile:`
			`TEMPFILE_NAME rpz.example.com`
			`TEMPFILE_CONTENTS rpz.example.com`
			`$ORIGIN example.com.`
			`rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (`
			`1379078166 28800 7200 604800 7200 )`
			`3600 IN NS ns1.rpz.example.com.`
			`3600 IN NS ns2.rpz.example.com.`
			`$ORIGIN rpz.example.com.`
			`*.gotham5.a CNAME static.gotham6.a.`
			`*.gotham7.a.rpz-nsdname CNAME static.gotham8.a.`
			`TEMPFILE_END`

			`stub-zone:`
			`name: "a."`
			`stub-addr: 10.20.30.40`
			`CONFIG_END`

			`SCENARIO_BEGIN Test RPZ with CNAME with a wildcarded qname trigger after it.`

			`; a.`
			`RANGE_BEGIN 0 100`
			`ADDRESS 10.20.30.40`
			`ENTRY_BEGIN`
			`MATCH opcode subdomain`
			`ADJUST copy_id copy_query`
			`REPLY QR NOERROR`
			`SECTION QUESTION`
			`gotham.a. IN NS`
			`SECTION AUTHORITY`
			`gotham.a. NS ns1.gotham.a.`
			`SECTION ADDITIONAL`
			`ns1.gotham.a. A 10.20.30.41`
			`ENTRY_END`

			`ENTRY_BEGIN`
			`MATCH opcode subdomain`
			`ADJUST copy_id copy_query`
			`REPLY QR NOERROR`
			`SECTION QUESTION`
			`gotham2.a. IN NS`
			`SECTION AUTHORITY`
			`gotham2.a. NS ns1.gotham2.a.`
			`SECTION ADDITIONAL`
			`ns1.gotham2.a. A 10.20.30.42`
			`ENTRY_END`

			`ENTRY_BEGIN`
			`MATCH opcode subdomain`
			`ADJUST copy_id copy_query`
			`REPLY QR NOERROR`
			`SECTION QUESTION`
			`gotham6.a. IN NS`
			`SECTION AUTHORITY`
			`gotham6.a. NS ns1.gotham6.a.`
			`SECTION ADDITIONAL`
			`ns1.gotham6.a. A 10.20.30.46`
			`ENTRY_END`

			`ENTRY_BEGIN`
			`MATCH opcode subdomain`
			`ADJUST copy_id copy_query`
			`REPLY QR NOERROR`
			`SECTION QUESTION`
			`gotham7.a. IN NS`
			`SECTION AUTHORITY`
			`gotham7.a. NS ns1.gotham7.a.`
			`SECTION ADDITIONAL`
			`ns1.gotham7.a. A 10.20.30.47`
			`ENTRY_END`

			`ENTRY_BEGIN`
			`MATCH opcode subdomain`
			`ADJUST copy_id copy_query`
			`REPLY QR NOERROR`
			`SECTION QUESTION`
			`gotham8.a. IN NS`
			`SECTION AUTHORITY`
			`gotham8.a. NS ns1.gotham8.a.`
			`SECTION ADDITIONAL`
			`ns1.gotham8.a. A 10.20.30.48`
			`ENTRY_END`
			`RANGE_END`

			`; gotham.a.`
			`RANGE_BEGIN 0 100`
			`ADDRESS 10.20.30.41`
			`ENTRY_BEGIN`
			`MATCH opcode qtype qname`
			`ADJUST copy_id`
			`REPLY QR AA NOERROR`
			`SECTION QUESTION`
			`www.gotham.a. IN A`
			`SECTION ANSWER`
			`www.gotham.a. CNAME host.gotham5.a.`
			`ENTRY_END`
			`RANGE_END`

			`; gotham2.a.`
			`RANGE_BEGIN 0 100`
			`ADDRESS 10.20.30.42`
			`ENTRY_BEGIN`
			`MATCH opcode qtype qname`
			`ADJUST copy_id`
			`REPLY QR AA NOERROR`
			`SECTION QUESTION`
			`www.gotham2.a. IN A`
			`SECTION ANSWER`
			`www.gotham2.a. CNAME host.gotham7.a.`
			`ENTRY_END`
			`RANGE_END`

			`; gotham6.a.`
			`RANGE_BEGIN 0 100`
			`ADDRESS 10.20.30.46`
			`ENTRY_BEGIN`
			`MATCH opcode qtype qname`
			`ADJUST copy_id`
			`REPLY QR AA NOERROR`
			`SECTION QUESTION`
			`static.gotham6.a. IN A`
			`SECTION ANSWER`
			`static.gotham6.a. A 1.2.3.4`
			`ENTRY_END`
			`RANGE_END`

			`; gotham8.a.`
			`RANGE_BEGIN 0 100`
			`ADDRESS 10.20.30.48`
			`ENTRY_BEGIN`
			`MATCH opcode qtype qname`
			`ADJUST copy_id`
			`REPLY QR AA NOERROR`
			`SECTION QUESTION`
			`static.gotham8.a. IN A`
			`SECTION ANSWER`
			`static.gotham8.a. A 1.2.3.5`
			`ENTRY_END`
			`RANGE_END`

			`STEP 10 QUERY`
			`ENTRY_BEGIN`
			`REPLY RD`
			`SECTION QUESTION`
			`www.gotham.a. IN A`
			`ENTRY_END`

			`STEP 20 CHECK_ANSWER`
			`ENTRY_BEGIN`
			`MATCH all`
			`REPLY QR RD RA NOERROR`
			`SECTION QUESTION`
			`www.gotham.a. IN A`
			`SECTION ANSWER`
			`www.gotham.a. CNAME host.gotham5.a.`
			`host.gotham5.a CNAME static.gotham6.a.`
			`static.gotham6.a. A 1.2.3.4`
			`ENTRY_END`

			`STEP 30 QUERY`
			`ENTRY_BEGIN`
			`REPLY RD`
			`SECTION QUESTION`
			`www.gotham2.a. IN A`
			`ENTRY_END`

			`STEP 40 CHECK_ANSWER`
			`ENTRY_BEGIN`
			`MATCH all`
			`REPLY QR RD RA NOERROR`
			`SECTION QUESTION`
			`www.gotham2.a. IN A`
			`SECTION ANSWER`
			`www.gotham2.a. CNAME host.gotham7.a.`
			`host.gotham7.a CNAME static.gotham8.a.`
			`static.gotham8.a. A 1.2.3.5`
			`ENTRY_END`

			`SCENARIO_END`