RPZ: stub nsip testbound scenario

2026-02-03 20:29:28 -05:00 · 2020-11-11 11:21:54 +01:00 · 2020-11-11 11:21:54 +01:00 · 9149a6d1e4
commit 9149a6d1e4
parent 667863770f
1 changed files with 187 additions and 0 deletions
--- a/testdata/rpz_nsip.rpl
+++ b/testdata/rpz_nsip.rpl
@ -0,0 +1,187 @@
+; config options
+server:
+	module-config: "respip validator iterator"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: no
+  access-control: 192.0.0.0/8 allow
+
+rpz:
+	name: "rpz.example.com."
+	zonefile:
+TEMPFILE_NAME rpz.example.com
+TEMPFILE_CONTENTS rpz.example.com
+$ORIGIN example.com.
+rpz	3600	IN	SOA	ns1.rpz.gotham.com. hostmaster.rpz.example.com. (
+		1379078166 28800 7200 604800 7200 )
+	3600	IN	NS	ns1.rpz.example.com.
+	3600	IN	NS	ns2.rpz.example.com.
+$ORIGIN rpz.example.com.
+24.0.0.0.192.rpz-nsip CNAME .
+24.0.1.0.192.rpz-nsip CNAME *.
+24.0.2.0.192.rpz-nsip CNAME rpz-drop.
+24.0.3.0.192.rpz-nsip CNAME rpz-passthru.
+24.0.4.0.192.rpz-nsip CNAME rpz-tcp-only.
+24.0.5.0.192.rpz-nsip A 127.0.0.1
+24.0.5.0.192.rpz-nsip TXT "42"
+TEMPFILE_END
+
+stub-zone:
+	name: "."
+	stub-addr: 1.1.1.1
+CONFIG_END
+
+SCENARIO_BEGIN Test RPZ nsip triggers
+
+; .
+RANGE_BEGIN 0 100
+	ADDRESS 1.1.1.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS ns.root.
+SECTION ADDITIONAL
+ns.root IN A 1.1.1.1
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com. IN NS ns1.com.
+SECTION ADDITIONAL
+ns1.com. IN A 8.8.8.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+aa. IN A
+SECTION AUTHORITY
+aa. IN NS ns1.aa.
+SECTION ADDITIONAL
+ns1.aa. IN A 8.8.0.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+bb. IN A
+SECTION AUTHORITY
+bb. IN NS ns1.bb.
+SECTION ADDITIONAL
+ns1.bb. IN A 8.8.1.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+cc. IN A
+SECTION AUTHORITY
+cc. IN NS ns1.cc.
+SECTION ADDITIONAL
+ns1.cc. IN A 8.8.2.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+dd. IN A
+SECTION AUTHORITY
+dd. IN NS ns1.dd.
+SECTION ADDITIONAL
+ns1.dd. IN A 8.8.3.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+ee. IN A
+SECTION AUTHORITY
+ee. IN NS ns1.ee.
+SECTION ADDITIONAL
+ns1.ee. IN A 8.8.5.8
+ENTRY_END
+
+RANGE_END
+
+; com.
+RANGE_BEGIN 0 100
+	ADDRESS 8.8.8.8
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com. IN NS ns1.com.
+SECTION ADDITIONAL
+ns1.com. IN A 8.8.8.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+gotham.com. IN A
+SECTION AUTHORITY
+gotham.com.	IN NS	ns1.gotham.com.
+SECTION ADDITIONAL
+ns1.gotham.com. IN A 192.0.6.1
+ENTRY_END
+
+RANGE_END
+
+; ns1.gotham.com.
+RANGE_BEGIN 0 100
+	ADDRESS 192.0.6.1
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+gotham.com. IN A
+SECTION ANSWER
+gotham.com. IN A 192.0.6.2
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+gotham.com. IN A
+ENTRY_END
+
+STEP 2 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+gotham.com. IN A
+SECTION ANSWER
+gotham.com. IN A 192.0.6.2
+ENTRY_END
+
+SCENARIO_END