Commit b17b2aa1 authored by Grigorii Demidov's avatar Grigorii Demidov

rpz processing test

parent 4ca77f3c
; config options
stub-addr: 1.2.3.4
feature-list: policy=policy:add(policy.rpz(policy.DENY, '{{INSTALL_DIR}}/sets/resolver/zone.rpz'))
CONFIG_END
SCENARIO_BEGIN policy.rpz test
RANGE_BEGIN 0 110
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RD RA NOERROR
SECTION QUESTION
example.cz. IN A
SECTION ANSWER
example.cz. IN A 5.6.7.8
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RD RA NOERROR
SECTION QUESTION
dummy.example.cz. IN A
SECTION ANSWER
dummy.example.cz. IN A 9.10.11.12
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RD RA NOERROR
SECTION QUESTION
nic.cz. IN A
SECTION ANSWER
nic.cz. IN A 13.14.15.16
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RD RA NOERROR
SECTION QUESTION
dummy.nic.cz. IN A
SECTION ANSWER
dummy.nic.cz. IN A 17.18.19.20
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RD RA NOERROR
SECTION QUESTION
example.com. IN A
SECTION ANSWER
example.com. IN A 21.22.23.24
ENTRY_END
RANGE_END
; blocked by example.cz CNAME .
; NXDOMAIN expected
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
example.cz. IN A
ENTRY_END
STEP 20 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NXDOMAIN
SECTION QUESTION
example.cz. IN A
SECTION ANSWER
ENTRY_END
; blocked by *.example.cz CNAME *.
; NXDOMAIN expected
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
dummy.example.cz. IN A
ENTRY_END
STEP 40 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NXDOMAIN
SECTION QUESTION
dummy.example.cz. IN A
SECTION ANSWER
ENTRY_END
; blocked nic.cz CNAME rpz-drop.
; SERVFAIL expected
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
nic.cz. IN A
ENTRY_END
STEP 60 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA SERVFAIL
SECTION QUESTION
nic.cz. IN A
SECTION ANSWER
ENTRY_END
; matches *.nic.cz CNAME rpz-tcp-only.
; TC flag expected
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
dummy.nic.cz. IN A
ENTRY_END
STEP 60 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR TC RD RA NOERROR
SECTION QUESTION
dummy.nic.cz. IN A
SECTION ANSWER
ENTRY_END
; matches example.com CNAME rpz-passthru.
; rpz not affected
STEP 70 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
example.com. IN A
ENTRY_END
STEP 80 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
example.com. IN A
SECTION ANSWER
example.com. IN A 21.22.23.24
ENTRY_END
SCENARIO_END
$TTL 30
@ SOA nonexistent.nodomain.none. dummy.nodomain.none. 1 12h 15m 3w 2h
NS nonexistant.nodomain.none.
example.cz CNAME .
*.example.cz CNAME *.
nic.cz CNAME rpz-drop.
*.nic.cz CNAME rpz-tcp-only.
example.com CNAME rpz-passthru.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment