; config options
server:
	target-fetch-policy: "0 0 0 0 0"
	qname-minimisation: no
	minimal-responses: yes
	; respip is before dns64 in the module list.
	module-config: "respip dns64 validator iterator"
	dns64-prefix: 64:ff9b::0/96
	response-ip: 10.20.30.42/32 always_refuse
	response-ip: 10.20.30.43/32 redirect
	response-ip-data: 10.20.30.43/32 "A 4.5.6.3"
	response-ip: 5.6.7.9/32 redirect
	response-ip-data: 5.6.7.9/32 "A 4.5.6.7"
	response-ip: 5.6.7.10/32 always_nxdomain
	response-ip: 64:ff9b::506:70B/128 redirect
	response-ip-data: 64:ff9b::506:70B/128 "AAAA 2001:db8::4"

rpz:
	name: "rpz.example.com."
	rpz-log: yes
	zonefile:
TEMPFILE_NAME rpz.example.com
TEMPFILE_CONTENTS rpz.example.com
$ORIGIN example.com.
rpz	3600	IN	SOA	ns1.rpz.example.com. hostmaster.rpz.example.com. (
		1379078166 28800 7200 604800 7200 )
	3600	IN	NS	ns1.rpz.example.com.
	3600	IN	NS	ns2.rpz.example.com.
$ORIGIN rpz.example.com.
32.44.30.20.10.rpz-ip CNAME .
32.12.7.6.5.rpz-ip CNAME .
32.13.7.6.5.rpz-ip A 4.5.6.13
32.14.7.6.5.rpz-ip CNAME alias.example.com.
TEMPFILE_END

stub-zone:
	name: "."
	stub-addr: 193.0.14.129		# K.ROOT-SERVERS.NET.
CONFIG_END

SCENARIO_BEGIN Test respip and dns64 lookup.

; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 1000
	ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com.	IN NS	a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net.	IN	A	192.5.6.30
ENTRY_END
RANGE_END

; a.gtld-servers.net.
RANGE_BEGIN 0 1000
	ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com.	IN NS	a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net.	IN	A	192.5.6.30
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com.	IN NS	ns.example.com.
SECTION ADDITIONAL
ns.example.com.	IN	A	1.2.3.4
ENTRY_END
RANGE_END

; ns.example.com.
RANGE_BEGIN 0 1000
	ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com.	IN NS	ns.example.com.
SECTION ADDITIONAL
ns.example.com.	IN	A	1.2.3.4
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
www2.example.com. IN A 10.20.30.42
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www3.example.com. IN A
SECTION ANSWER
www3.example.com. IN A 10.20.30.43
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www4.example.com. IN A
SECTION ANSWER
www4.example.com. IN A 10.20.30.44
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4.example.com. IN AAAA
SECTION ANSWER
; NO AAAA present
SECTION AUTHORITY
example.com. IN SOA a. b. 1 2 3 4 5
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4.example.com. IN A
SECTION ANSWER
ip4.example.com. IN A 5.6.7.8
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-2.example.com. IN AAAA
SECTION ANSWER
; NO AAAA present
SECTION AUTHORITY
example.com. IN SOA a. b. 1 2 3 4 5
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-2.example.com. IN A
SECTION ANSWER
ip4-2.example.com. IN A 5.6.7.9
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-3.example.com. IN AAAA
SECTION ANSWER
; NO AAAA present
SECTION AUTHORITY
example.com. IN SOA a. b. 1 2 3 4 5
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-3.example.com. IN A
SECTION ANSWER
ip4-3.example.com. IN A 5.6.7.10
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-4.example.com. IN AAAA
SECTION ANSWER
; NO AAAA present
SECTION AUTHORITY
example.com. IN SOA a. b. 1 2 3 4 5
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-4.example.com. IN A
SECTION ANSWER
ip4-4.example.com. IN A 5.6.7.11
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-5.example.com. IN AAAA
SECTION ANSWER
; NO AAAA present
SECTION AUTHORITY
example.com. IN SOA a. b. 1 2 3 4 5
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-5.example.com. IN A
SECTION ANSWER
ip4-5.example.com. IN A 5.6.7.12
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-6.example.com. IN AAAA
SECTION ANSWER
; NO AAAA present
SECTION AUTHORITY
example.com. IN SOA a. b. 1 2 3 4 5
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-6.example.com. IN A
SECTION ANSWER
ip4-6.example.com. IN A 5.6.7.13
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-7.example.com. IN AAAA
SECTION ANSWER
; NO AAAA present
SECTION AUTHORITY
example.com. IN SOA a. b. 1 2 3 4 5
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ip4-7.example.com. IN A
SECTION ANSWER
ip4-7.example.com. IN A 5.6.7.14
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
alias.example.com. IN A
SECTION ANSWER
alias.example.com. IN A 4.5.6.14
ENTRY_END
RANGE_END

STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.example.com. IN A
ENTRY_END

; The query is unaltered.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. IN A 10.20.30.40
ENTRY_END

STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www2.example.com. IN A
ENTRY_END

; The query is altered by respip, A query refused.
STEP 30 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA REFUSED
SECTION QUESTION
www2.example.com. IN A
SECTION ANSWER
ENTRY_END

STEP 40 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www3.example.com. IN A
ENTRY_END

; The query is altered by respip, with redirect.
STEP 50 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www3.example.com. IN A
SECTION ANSWER
www3.example.com. IN A 4.5.6.3
ENTRY_END

STEP 60 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
ip4.example.com. IN AAAA
ENTRY_END

; synthesize from A record 5.6.7.8 with DNS64.
STEP 70 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
ip4.example.com. IN AAAA
SECTION ANSWER
ip4.example.com. IN AAAA 64:ff9b::506:708
ENTRY_END

STEP 80 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
ip4-2.example.com. IN AAAA
ENTRY_END

; The dns64 subquery is altered by respip, with redirect.
; and the respip result is dns64 synthesized.
STEP 90 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
ip4-2.example.com. IN AAAA
SECTION ANSWER
ip4-2.example.com. IN AAAA 64:ff9b::405:607
ENTRY_END

STEP 100 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
ip4-3.example.com. IN AAAA
ENTRY_END

; The dns64 subquery is altered by respip, with nxdomain.
; and the respip result is dns64 synthesized.
STEP 110 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
ip4-3.example.com. IN AAAA
SECTION ANSWER
SECTION AUTHORITY
example.com. IN SOA a. b. 1 2 3 4 5
ENTRY_END

STEP 120 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
ip4-4.example.com. IN AAAA
ENTRY_END

; The dns64 subquery is synthesized, respip operates on the
; synthesized AAAA result, and makes a redirect.
STEP 130 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
ip4-4.example.com. IN AAAA
SECTION ANSWER
ip4-4.example.com. IN AAAA 2001:db8::4
ENTRY_END

STEP 140 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www4.example.com. IN A
ENTRY_END

; The query is blocked by rpz.
STEP 150 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NXDOMAIN
SECTION QUESTION
www4.example.com. IN A
SECTION ANSWER
ENTRY_END

STEP 160 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
ip4-5.example.com. IN AAAA
ENTRY_END

; The dns64 subquery is blocked by RPZ.
STEP 170 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
ip4-5.example.com. IN AAAA
SECTION ANSWER
SECTION AUTHORITY
example.com. IN SOA a. b. 1 2 3 4 5
ENTRY_END

STEP 180 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
ip4-6.example.com. IN AAAA
ENTRY_END

; The dns64 subquery is redirected by RPZ.
STEP 190 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
ip4-6.example.com. IN AAAA
SECTION ANSWER
ip4-6.example.com. AAAA 64:ff9b::405:60d
ENTRY_END

STEP 200 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
ip4-7.example.com. IN AAAA
ENTRY_END

; The dns64 subquery is a CNAME by RPZ.
; that CNAME resolves to an A record, dns64 synthesizes that A record.
STEP 210 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
ip4-7.example.com. IN AAAA
SECTION ANSWER
ip4-7.example.com. CNAME alias.example.com.
alias.example.com. AAAA 64:ff9b::405:60e
ENTRY_END

SCENARIO_END