module_policy_deny_suff_patt.rpl 2.54 KB
Newer Older
1 2 3 4
; config options
	stub-addr: 1.2.3.4
        feature-list: policy=policy:add(policy.suffix(policy.DENY, {todname('nic.cz')}))
        feature-list: policy=policy:add(policy.pattern(policy.DENY, '\8example[0-8]\2cz'))
5
	query-minimization: off
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
CONFIG_END

SCENARIO_BEGIN DENY policy test; uses policy.suffix, policy.pattern, todname

RANGE_BEGIN 0 110
	ADDRESS 1.2.3.4 
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RD RA NOERROR
SECTION QUESTION
nic.cz. IN A
SECTION ANSWER
nic.cz. IN A 5.6.7.8
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RD RA NOERROR
SECTION QUESTION
dummy.nic.cz. IN A
SECTION ANSWER
dummy.nic.cz. IN A 9.10.11.12
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RD RA NOERROR
SECTION QUESTION
example0.cz. IN A
SECTION ANSWER
example0.cz. IN A 13.14.15.16
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RD RA NOERROR
SECTION QUESTION
dummy.example0.cz. IN A
SECTION ANSWER
dummy.example0.cz. IN A 17.18.19.20
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RD RA NOERROR
SECTION QUESTION
example9.cz. IN A
SECTION ANSWER
example9.cz. IN A 21.22.23.24
ENTRY_END
RANGE_END

; denied by policy.suffix(policy.DENY, {todname('nic.cz')})
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
nic.cz. IN A
ENTRY_END

STEP 20 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
74
REPLY QR RD RA AA NXDOMAIN
75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90
SECTION QUESTION
nic.cz. IN A
SECTION ANSWER
ENTRY_END

; denied by policy.suffix(policy.DENY, {todname('nic.cz')})
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
dummy.nic.cz. IN A
ENTRY_END

STEP 40 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
91
REPLY QR RD RA AA NXDOMAIN
92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107
SECTION QUESTION
dummy.nic.cz. IN A
SECTION ANSWER
ENTRY_END

; denied by policy.pattern(policy.DENY, todname('example[0-8].cz')
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
example0.cz. IN A
ENTRY_END

STEP 60 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
108
REPLY QR RD RA AA NXDOMAIN
109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124
SECTION QUESTION
example0.cz. IN A
SECTION ANSWER
ENTRY_END

; denied by policy.pattern(policy.DENY, todname('example[0-8].cz')
STEP 70 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
dummy.example0.cz. IN A
ENTRY_END

STEP 80 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
125
REPLY QR RD RA AA NXDOMAIN
126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148
SECTION QUESTION
dummy.example0.cz. IN A
SECTION ANSWER
ENTRY_END

; does not match any policy; allowed
STEP 90 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
example9.cz. IN A
ENTRY_END

STEP 100 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
example9.cz. IN A
SECTION ANSWER
example9.cz. IN A 21.22.23.24
ENTRY_END
SCENARIO_END