- Add RPZ/QNAME override test

2026-01-29 09:57:34 -05:00 · 2019-08-08 16:43:28 +02:00 · 2019-08-08 16:43:28 +02:00 · 7180284d82
commit 7180284d82
parent 401fc15443
1 changed files with 178 additions and 0 deletions
--- a/testdata/rpz_qname_override.rpl
+++ b/testdata/rpz_qname_override.rpl
@ -0,0 +1,178 @@
+; config options
+server:
+	module-config: "respip validator iterator"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: no
+
+rpz:
+	name: "rpz.example.com."
+	rpz-action-override: disabled
+	zonefile:
+TEMPFILE_NAME rpz.example.com
+TEMPFILE_CONTENTS rpz.example.com
+$ORIGIN rpz.example.com.
+a	TXT	"record zone rpz.example.com"
+TEMPFILE_END
+
+rpz:
+	name: "rpz2.example.com."
+	zonefile:
+TEMPFILE_NAME rpz2.example.com
+TEMPFILE_CONTENTS rpz2.example.com
+$ORIGIN rpz2.example.com.
+a	TXT	"record zone rpz2.example.com"
+TEMPFILE_END
+
+rpz:
+	name: "rpz3.example.com."
+	rpz-action-override: nodata
+	zonefile:
+TEMPFILE_NAME rpz3.example.com
+TEMPFILE_CONTENTS rpz3.example.com
+$ORIGIN rpz3.example.com.
+b	CNAME .
+TEMPFILE_END
+
+rpz:
+	name: "rpz4.example.com."
+	rpz-action-override: nxdomain
+	zonefile:
+TEMPFILE_NAME rpz4.example.com
+TEMPFILE_CONTENTS rpz4.example.com
+$ORIGIN rpz4.example.com.
+c	CNAME *.
+TEMPFILE_END
+
+rpz:
+	name: "rpz5.example.com."
+	rpz-action-override: passthru
+	zonefile:
+TEMPFILE_NAME rpz5.example.com
+TEMPFILE_CONTENTS rpz5.example.com
+$ORIGIN rpz5.example.com.
+d	TXT "should be override by passthru"
+TEMPFILE_END
+
+rpz:
+	name: "rpz6.example.com."
+	rpz-action-override: cname
+	rpz-cname-override: "d."
+	zonefile:
+TEMPFILE_NAME rpz6.example.com
+TEMPFILE_CONTENTS rpz6.example.com
+$ORIGIN rpz6.example.com.
+e	TXT "should be override by cname"
+TEMPFILE_END
+
+stub-zone:
+	name: "d."
+	stub-addr: 10.20.30.40
+CONFIG_END
+
+SCENARIO_BEGIN Test RPZ action overrides for QNAME trigger
+
+; d.
+RANGE_BEGIN 0 100
+	ADDRESS 10.20.30.40
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+d. IN TXT
+SECTION ANSWER
+d. IN TXT "answer from upstream ns"
+ENTRY_END
+
+RANGE_END
+
+; check disabled override, should be answered using next policy zone
+STEP 10 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+a.	IN	TXT
+ENTRY_END
+
+STEP 11 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AA NOERROR
+SECTION QUESTION
+a.	IN	TXT
+SECTION ANSWER
+a	TXT	"record zone rpz2.example.com"
+ENTRY_END
+
+; check nodata override, would be NXDOMAIN without override 
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+b.	IN	TXT
+ENTRY_END
+
+STEP 21 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AA NOERROR
+SECTION QUESTION
+b.	IN	TXT
+SECTION ANSWER
+ENTRY_END
+
+; check nxdomain override, would be NODATA without override 
+STEP 30 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+c.	IN	TXT
+ENTRY_END
+
+STEP 31 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AA NXDOMAIN
+SECTION QUESTION
+c.	IN	TXT
+SECTION ANSWER
+ENTRY_END
+
+; check passthru override, would be localdata without override 
+STEP 40 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+d.	IN	TXT
+ENTRY_END
+
+STEP 41 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+d.	IN	TXT
+SECTION ANSWER
+d. IN TXT "answer from upstream ns"
+ENTRY_END
+
+; check cname override, would be localdata without override 
+STEP 50 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+e.	IN	TXT
+ENTRY_END
+
+STEP 51 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AA NOERROR
+SECTION QUESTION
+e.	IN	TXT
+SECTION ANSWER
+e. IN CNAME d.
+d. IN TXT "answer from upstream ns"
+ENTRY_END
+
+SCENARIO_END