mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 23:00:56 -05:00
- Fix to add test for rpz-signal-nxdomain-ra.
This commit is contained in:
W.C.A. Wijngaards
parent
392c1f0f54
commit
cbdc138df7
2 changed files with 83 additions and 0 deletions
|
|
@ -3,6 +3,7 @@
|
||||||
RPZ nxdomain reply. The option rpz-signal-nxdomain-ra allows to
|
RPZ nxdomain reply. The option rpz-signal-nxdomain-ra allows to
|
||||||
signal that a domain is externally blocked to clients when it
|
signal that a domain is externally blocked to clients when it
|
||||||
is blocked with NXDOMAIN by unsetting RA.
|
is blocked with NXDOMAIN by unsetting RA.
|
||||||
|
- Fix to add test for rpz-signal-nxdomain-ra.
|
||||||
|
|
||||||
22 December 2021: George
|
22 December 2021: George
|
||||||
- contrib/aaaa-filter-iterator.patch file renewed diff content to
|
- contrib/aaaa-filter-iterator.patch file renewed diff content to
|
||||||
|
|
|
||||||
82
testdata/rpz_signal_nxdomain_ra.rpl
vendored
Normal file
82
testdata/rpz_signal_nxdomain_ra.rpl
vendored
Normal file
|
|
@ -0,0 +1,82 @@
|
||||||
|
; config options
|
||||||
|
server:
|
||||||
|
module-config: "respip validator iterator"
|
||||||
|
target-fetch-policy: "0 0 0 0 0"
|
||||||
|
qname-minimisation: no
|
||||||
|
|
||||||
|
rpz:
|
||||||
|
name: "rpz.example.com."
|
||||||
|
rpz-signal-nxdomain-ra: yes
|
||||||
|
zonefile:
|
||||||
|
TEMPFILE_NAME rpz.example.com
|
||||||
|
TEMPFILE_CONTENTS rpz.example.com
|
||||||
|
$ORIGIN example.com.
|
||||||
|
rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
|
||||||
|
1379078166 28800 7200 604800 7200 )
|
||||||
|
3600 IN NS ns1.rpz.example.com.
|
||||||
|
3600 IN NS ns2.rpz.example.com.
|
||||||
|
$ORIGIN rpz.example.com.
|
||||||
|
a.a CNAME .
|
||||||
|
b.a CNAME .
|
||||||
|
TEMPFILE_END
|
||||||
|
|
||||||
|
stub-zone:
|
||||||
|
name: "a."
|
||||||
|
stub-addr: 10.20.30.40
|
||||||
|
CONFIG_END
|
||||||
|
|
||||||
|
SCENARIO_BEGIN Test RPZ qname trigger and signal NXDOMAIN with unset RA.
|
||||||
|
|
||||||
|
RANGE_BEGIN 0 100
|
||||||
|
ADDRESS 10.20.30.40
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
a. IN NS
|
||||||
|
SECTION ANSWER
|
||||||
|
a. IN NS ns.a.
|
||||||
|
SECTION ADDITIONAL
|
||||||
|
ns.a IN A 10.20.30.40
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
a.a. IN TXT
|
||||||
|
SECTION ANSWER
|
||||||
|
a.a. IN TXT "upstream txt rr a.a."
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH opcode qtype qname
|
||||||
|
ADJUST copy_id
|
||||||
|
REPLY QR NOERROR
|
||||||
|
SECTION QUESTION
|
||||||
|
b.a. IN TXT
|
||||||
|
SECTION ANSWER
|
||||||
|
b.a. IN TXT "upstream txt rr b.a."
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
RANGE_END
|
||||||
|
|
||||||
|
STEP 10 QUERY
|
||||||
|
ENTRY_BEGIN
|
||||||
|
REPLY RD
|
||||||
|
SECTION QUESTION
|
||||||
|
a.a. IN TXT
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
STEP 11 CHECK_ANSWER
|
||||||
|
ENTRY_BEGIN
|
||||||
|
MATCH all
|
||||||
|
REPLY QR RD AA NXDOMAIN
|
||||||
|
SECTION QUESTION
|
||||||
|
a.a. IN TXT
|
||||||
|
SECTION ANSWER
|
||||||
|
ENTRY_END
|
||||||
|
|
||||||
|
SCENARIO_END
|
||||||
Loading…
Reference in a new issue