3 if [ "${PDNS_DEBUG}" = "YES" ]; then
7 export PDNS
=${PDNS:-${PWD}/../pdns/pdns_server}
8 export PDNSRECURSOR
=${PDNSRECURSOR:-${PWD}/../pdns/recursordist/pdns_recursor}
9 export RECCONTROL
=${RECCONTROL:-${PWD}/../pdns/recursordist/rec_control}
15 echo "config not found or PREFIX not set"
21 echo "config not found or AUTHRUN not set"
34 if [ \
! -x "$PDNSRECURSOR" ]
36 echo "Could not find an executable pdns_recursor at \"$PDNSRECURSOR\", check PDNSRECURSOR"
37 echo "Continuing with configuration anyhow"
42 echo "Could not find an executable pdns_server at \"$PDNS\", check PDNS"
43 echo "Continuing with configuration anyhow"
48 for dir
in recursor-service recursor-service2 recursor-service3 recursor-service4
; do
61 ns.root. 3600 IN A $PREFIX.8
67 SOA
="ns.example.net. hostmaster.example.net. 1 3600 1800 1209600 300"
71 cat > $PREFIX.8/ROOT.zone
<<EOF
74 ns.root. 3600 IN A $PREFIX.8
75 net. 3600 IN NS ns.example.net.
76 net. 3600 IN NS ns2.example.net.
77 ns.example.net. 3600 IN A $PREFIX.10
78 ns2.example.net. 3600 IN A $PREFIX.11
81 ### plain example.net zone
83 cat > $PREFIX.10/example.net.zone
<<EOF
84 example.net. 3600 IN SOA $SOA
85 example.net. 3600 IN NS ns.example.net.
86 example.net. 3600 IN NS ns2.example.net.
87 ns.example.net. 3600 IN A $PREFIX.10
88 ns2.example.net. 3600 IN A $PREFIX.11
89 www.example.net. 3600 IN A 192.0.2.1
90 www2.example.net. 3600 IN A 192.0.2.2
91 www3.example.net. 3600 IN A 192.0.2.3
92 www4.example.net. 3600 IN A 192.0.2.4
93 www5.example.net. 3600 IN A 192.0.2.5
94 default.example.net. 3600 IN A 192.0.2.42
95 weirdtxt.example.net. 3600 IN IN TXT "x\014x"
96 arthur.example.net. 3600 IN NS ns.arthur.example.net.
97 arthur.example.net. 3600 IN NS ns2.arthur.example.net.
98 ns.arthur.example.net. 3600 IN A $PREFIX.12
99 ns2.arthur.example.net. 3600 IN A $PREFIX.13
100 prefect.example.net. 3600 IN NS ns.prefect.example.net.
101 ns.prefect.example.net. 3600 IN A $PREFIX.14
102 marvin.example.net. 3600 IN NS ns.marvin.example.net.
103 ns.marvin.example.net. 3600 IN A $PREFIX.15
104 trillian.example.net. 3600 IN NS ns.trillian.example.net.
105 ns.trillian.example.net. 3600 IN A $PREFIX.16
106 ghost.example.net. 3600 IN NS ns.ghost.example.net.
107 ns.ghost.example.net. 3600 IN A $PREFIX.17
108 ford.example.net. 3600 IN NS ns.ford.example.net.
109 ns.ford.example.net. 3600 IN A $PREFIX.12
110 hijackme.example.net. 3600 IN NS ns.hijackme.example.net.
111 ns.hijackme.example.net. 3600 IN A $PREFIX.20
112 hijacker.example.net. 3600 IN NS ns.hijacker.example.net.
113 ns.hijacker.example.net. 3600 IN A $PREFIX.21
114 answer-cname-in-local.example.net. 3600 IN NS ns.answer-cname-in-local.example.net.
115 pfsbox.answer-cname-in-local.example.net. 3600 IN NS ns.answer-cname-in-local.example.net.
116 box.answer-cname-in-local.example.net. 3600 IN NS ns.answer-cname-in-local.example.net.
117 ns.answer-cname-in-local.example.net. 3600 IN A $PREFIX.22
118 not-auth-zone.example.net. 3600 IN NS ns.not-auth-zone.example.net.
119 ns.not-auth-zone.example.net. 3600 IN A $PREFIX.23
120 lowercase-outgoing.example.net. 3600 IN NS ns.lowercase-outgoing.example.net.
121 ns.lowercase-outgoing.example.net. 3600 IN A $PREFIX.24
122 nxdomainme.example.net. 3600 IN A $PREFIX.25
126 cp $PREFIX.10/example.net.zone
$PREFIX.11/
128 ### plain delegated zone, no surprises
129 ### also serves as intentionally NON-authoritative for ford
131 cat > $PREFIX.12/arthur.example.net.zone
<<EOF
132 arthur.example.net. 3600 IN SOA $SOA
133 arthur.example.net. 3600 IN NS ns.arthur.example.net.
134 arthur.example.net. 3600 IN NS ns2.arthur.example.net.
135 arthur.example.net. 3600 IN MX 10 mail.arthur.example.net.
136 ns.arthur.example.net. 3600 IN A $PREFIX.12
137 ns2.arthur.example.net. 3600 IN A $PREFIX.13
138 www.arthur.example.net. 3600 IN A 192.0.2.2
139 www2.arthur.example.net. 3600 IN A 192.0.2.6
140 www3.arthur.example.net. 3600 IN A 192.0.2.6
141 mail.arthur.example.net. 3600 IN A 192.0.2.3
142 big.arthur.example.net. 3600 IN TXT "the quick brown fox jumps over the lazy dog"
143 big.arthur.example.net. 3600 IN TXT "The quick brown fox jumps over the lazy dog"
144 big.arthur.example.net. 3600 IN TXT "THe quick brown fox jumps over the lazy dog"
145 big.arthur.example.net. 3600 IN TXT "THE quick brown fox jumps over the lazy dog"
146 big.arthur.example.net. 3600 IN TXT "THE quick brown fox jumps over the lazy dog"
147 big.arthur.example.net. 3600 IN TXT "THE Quick brown fox jumps over the lazy dog"
148 big.arthur.example.net. 3600 IN TXT "THE QUick brown fox jumps over the lazy dog"
149 big.arthur.example.net. 3600 IN TXT "THE QUIck brown fox jumps over the lazy dog"
150 big.arthur.example.net. 3600 IN TXT "THE QUICk brown fox jumps over the lazy dog"
151 big.arthur.example.net. 3600 IN TXT "THE QUICK brown fox jumps over the lazy dog"
152 big.arthur.example.net. 3600 IN TXT "THE QUICK brown fox jumps over the lazy dog"
153 big.arthur.example.net. 3600 IN TXT "THE QUICK Brown fox jumps over the lazy dog"
154 big.arthur.example.net. 3600 IN TXT "THE QUICK BRown fox jumps over the lazy dog"
155 big.arthur.example.net. 3600 IN TXT "THE QUICK BROwn fox jumps over the lazy dog"
156 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWn fox jumps over the lazy dog"
157 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN fox jumps over the lazy dog"
158 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN fox jumps over the lazy dog"
159 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN Fox jumps over the lazy dog"
160 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOx jumps over the lazy dog"
161 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX jumps over the lazy dog"
162 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX jumps over the lazy dog"
163 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX Jumps over the lazy dog"
164 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUmps over the lazy dog"
165 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMps over the lazy dog"
166 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPs over the lazy dog"
167 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS over the lazy dog"
168 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS over the lazy dog"
169 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS Over the lazy dog"
170 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVer the lazy dog"
171 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVEr the lazy dog"
172 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER the lazy dog"
173 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER the lazy dog"
174 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER The lazy dog"
175 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THe lazy dog"
176 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE lazy dog"
177 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE lazy dog"
178 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE Lazy dog"
179 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE LAzy dog"
180 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE LAZy dog"
181 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE LAZY dog"
182 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE LAZY dog"
183 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE LAZY Dog"
184 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE LAZY DOg"
185 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG"
186 srv.arthur.example.net. 3600 IN SRV 0 100 389 server2.example.net.
187 rp.arthur.example.net. 3600 IN RP ahu.ds9a.nl. counter
188 type1234.arthur.example.net. 3600 IN TYPE1234 \# 2 4142
192 cp $PREFIX.12/arthur.example.net.zone
$PREFIX.13
194 ### zone with various CNAMEs, valid packets
196 cat > $PREFIX.14/prefect.example.net.zone
<<EOF
197 prefect.example.net. 3600 IN SOA $SOA
198 prefect.example.net. 3600 IN NS ns.prefect.example.net.
199 ns.prefect.example.net. 3600 IN A $PREFIX.14
200 www-a.prefect.example.net. 3600 IN CNAME www-a-2.prefect.example.net.
201 ;www-a-2.prefect.example.net. NXDOMAIN
202 www-b.prefect.example.net. 3600 IN CNAME www-b-2.prefect.example.net.
203 www-b-2.prefect.example.net. 3600 IN A 192.0.2.4
204 www-c.prefect.example.net. 3600 IN CNAME www-b-2.prefect.example.net.
205 ;www-c-2.prefect.example.net. NOERROR on A
206 www-c-2.prefect.example.net. 3600 IN AAAA 2001:db8::1
207 www-d.prefect.example.net. 3600 IN CNAME www.arthur.example.net.
210 ### zone with valid in-zone CNAME, invalid NXDOMAIN in response
212 cat > $PREFIX.15/marvin.example.net.zone
<<EOF
213 marvin.example.net. 3600 IN SOA $SOA
214 marvin.example.net. 3600 IN NS ns.marvin.example.net.
215 ns.marvin.example.net. 3600 IN A $PREFIX.15
216 www.marvin.example.net. 3600 IN CNAME android.marvin.example.net.
217 android.marvin.example.net. 3600 IN A 192.0.2.5
220 cat > $PREFIX.15/prequery.lua
<<EOF
226 function prequery ( dnspacket )
227 qname, qtype = dnspacket:getQuestion()
228 if qtype == pdns.A and qname == "www.marvin.example.net."
230 dnspacket:setRcode(pdns.NXDOMAIN)
232 ret[1] = newDR(newDN(qname), "CNAME", 3600, "android.marvin.example.net", 1)
233 ret[2] = newDR(newDN("marvin.example.net"), "SOA", 3600, "$SOA", 2)
234 dnspacket:addRecords(ret)
241 ### zone with working cross-zone CNAME, invalid NXDOMAIN in response
243 cat > $PREFIX.16/trillian.example.net.zone
<<EOF
244 trillian.example.net. 3600 IN SOA $SOA
245 trillian.example.net. 3600 IN NS ns.trillian.example.net.
246 ns.trillian.example.net. 3600 IN A $PREFIX.16
247 www.trillian.example.net. 3600 IN CNAME www3.arthur.example.net.
250 cat > $PREFIX.16/prequery.lua
<<EOF
256 function prequery ( dnspacket )
257 qname, qtype = dnspacket:getQuestion()
258 if qtype == pdns.A and qname == "www.trillian.example.net."
260 dnspacket:setRcode(pdns.NXDOMAIN)
262 ret[1] = newDR(newDN(qname), "CNAME", 3600, "www3.arthur.example.net", 1)
263 ret[2] = newDR(newDN(""), "SOA", 3600, "$SOA", 2)
264 dnspacket:addRecords(ret)
271 ### parent zone for ghost testing
273 cat > $PREFIX.17/ghost.example.net.zone
<<EOF
274 ghost.example.net. 3600 IN SOA $SOA
275 ghost.example.net. 3600 IN NS ns.ghost.example.net.
276 ns.ghost.example.net. 3600 IN A $PREFIX.17
277 1.ghost.example.net. 10 IN NS ns.1.ghost.example.net.
278 ns.1.ghost.example.net. 10 IN A $PREFIX.18
279 2.ghost.example.net. 10 IN NS ns.2.ghost.example.net.
280 ns.2.ghost.example.net. 10 IN A $PREFIX.19
283 cat > $PREFIX.17/prequery.lua
<<EOF
284 posix = require 'posix'
291 function prequery ( dnspacket )
292 qname, qtype = dnspacket:getQuestion()
293 if (string.sub(tostring(qname), -20) == "1.ghost.example.net." and posix.stat('drop-1')) or
294 (string.sub(tostring(qname), -20) == "2.ghost.example.net." and posix.stat('drop-2'))
296 dnspacket:setRcode(pdns.NXDOMAIN)
298 ret[1] = newDR(newDN("ghost.example.net"), "SOA", 3600, "$SOA", 2)
299 dnspacket:addRecords(ret)
306 ### ghost domain with ever-changing NSset
308 cat > $PREFIX.18/1.ghost.example.net.zone
<<EOF
309 1.ghost.example.net. 3600 IN SOA $SOA
310 1.ghost.example.net. 20 IN NS ns.1.ghost.example.net.
311 ns.1.ghost.example.net. 20 IN A $PREFIX.18
312 *.www.1.ghost.example.net. 20 IN A 192.0.2.7
315 cat > $PREFIX.18/prequery.lua
<<EOF
323 function prequery ( dnspacket )
325 qname, qtype = dnspacket:getQuestion()
326 if qtype == pdns.A and string.sub(tostring(qname), -24) == "www.1.ghost.example.net."
328 dnspacket:setRcode(pdns.NOERROR)
330 -- www.1.ghost.example.net. 20 IN A 192.0.2.7
331 ret[1] = newDR(newDN(qname), "A", 20, "192.0.2.7", 1)
332 -- 1.ghost.example.net. 20 IN NS ns.1.ghost.example.net.
333 ret[2] = newDR(newDN("1.ghost.example.net"), "NS", 20, "ns"..i..".1.ghost.example.net", 2)
334 -- ns.1.ghost.example.net. 20 IN A $PREFIX.18
335 ret[3] = newDR(newDN("ns"..i..".1.ghost.example.net"), "A", 20, "$PREFIX.18", 3)
336 dnspacket:addRecords(ret)
343 ### ghost domain with static NSset
345 cat > $PREFIX.19/2.ghost.example.net.zone
<<EOF
346 2.ghost.example.net. 3600 IN SOA $SOA
347 2.ghost.example.net. 20 IN NS ns.2.ghost.example.net.
348 ns.2.ghost.example.net. 20 IN A $PREFIX.19
349 *.www.2.ghost.example.net. 20 IN A 192.0.2.8
351 cat > $PREFIX.19/prequery.lua
<<EOF
357 function prequery ( dnspacket )
358 qname, qtype = dnspacket:getQuestion()
359 if qtype == pdns.A and string.sub(tostring(qname), -25) == ".www.2.ghost.example.net."
361 dnspacket:setRcode(pdns.NOERROR)
363 ret[1] = newDR(newDN(qname), "A", 20, "192.0.2.8", 1)
364 ret[2] = newDR(newDN("2.ghost.example.net"), "NS", 20, "ns.2.ghost.example.net", 2)
365 ret[3] = newDR(newDN("ns.2.ghost.example.net"), "A", 20, "$PREFIX.19", 3)
366 dnspacket:addRecords(ret)
373 ### plain domain as target for hijacking
375 cat > $PREFIX.20/hijackme.example.net.zone
<<EOF
376 hijackme.example.net. 3600 IN SOA $SOA
377 hijackme.example.net. 20 IN NS ns.hijackme.example.net.
378 ns.hijackme.example.net. 20 IN A $PREFIX.20
379 www.hijackme.example.net. 20 IN A 192.0.2.20
382 ### domain designed to hijack the A of ns.hijackme.example.net
384 cat > $PREFIX.21/hijacker.example.net.zone
<<EOF
385 hijacker.example.net. 3600 IN SOA $SOA
386 hijacker.example.net. 20 IN NS ns.hijackme.example.net.
387 ;ns.hijackme.example.net. 20 IN A $PREFIX.21
391 cat > $PREFIX.21/hijackme.example.net.zone
<<EOF
392 hijackme.example.net. 3600 IN SOA $SOA
393 hijackme.example.net. 20 IN NS ns.hijackme.example.net.
394 ns.hijackme.example.net. 20 IN A $PREFIX.21
395 www.hijackme.example.net. 20 IN A 192.0.2.21
399 ## Several domains where one gets overwritten as a local auth zone
401 cat > $PREFIX.22/box.answer-cname-in-local.example.net.zone
<<EOF
402 box.answer-cname-in-local.example.net. 3600 IN SOA $SOA
403 box.answer-cname-in-local.example.net. 20 IN NS ns.answer-cname-in-local.example.net.
405 global.box.answer-cname-in-local.example.net. 20 IN NS ns.answer-cname-in-local.example.net.
406 service.box.answer-cname-in-local.example.net. 20 IN CNAME pfs.global.box.answer-cname-in-local.example.net.
410 cat > $PREFIX.22/global.box.answer-cname-in-local.example.net.zone
<<EOF
411 global.box.answer-cname-in-local.example.net. 3600 IN SOA $SOA
412 global.box.answer-cname-in-local.example.net. 20 IN NS ns.answer-cname-in-local.example.net.
414 pfs.global.box.answer-cname-in-local.example.net. 20 IN CNAME vip-metropole.pfsbox.answer-cname-in-local.example.net.
418 cat > $PREFIX.22/pfsbox.answer-cname-in-local.example.net.zone
<<EOF
419 pfsbox.answer-cname-in-local.example.net. 3600 IN SOA $SOA
420 pfsbox.answer-cname-in-local.example.net. 20 IN NS ns.answer-cname-in-local.example.net.
422 vip-metropole.pfsbox.answer-cname-in-local.example.net. 20 IN A 10.0.0.1
423 vip-reunion.pfsbox.answer-cname-in-local.example.net. 20 IN A 10.1.1.1
427 # Used for the auth-zones test, to test a CNAME inside an auth-zone to a name
428 # outside of and auth-zone
430 cat > $PREFIX.23/not-auth-zone.example.net.zone
<<EOF
431 not-auth-zone.example.net. 3600 IN SOA $SOA
432 not-auth-zone.example.net. 20 IN NS ns.not-auth-zone.example.net.
434 ns.not-auth-zone.example.net. 20 IN A $PREFIX.23
435 host1.not-auth-zone.example.net. 20 IN A 127.0.0.57
438 cat > $PREFIX.23/france.auth-zone.example.net.zone
<<EOF
439 france.auth-zone.example.net. 3600 IN SOA $SOA
440 france.auth-zone.example.net. 3600 IN NS ns1.auth-zone.example.net
441 www.france.auth-zone.example.net. 3600 IN A 192.0.2.23
442 france.auth-zone.example.net. 3600 IN A 192.0.2.223
445 # And for the recursor
446 cat > recursor-service
/global.box.answer-cname-in-local.example.net.zone
<<EOF
447 global.box.answer-cname-in-local.example.net. 3600 IN SOA $SOA
448 global.box.answer-cname-in-local.example.net. 20 IN NS ns.answer-cname-in-local.example.net.
450 pfs.global.box.answer-cname-in-local.example.net. 20 IN CNAME vip-reunion.pfsbox.answer-cname-in-local.example.net.
454 # For the auth-zones test
455 cat > recursor-service
/auth-zone.example.net.zone
<<EOF
456 auth-zone.example.net. 3600 IN SOA $SOA
457 auth-zone.example.net. 20 IN NS localhost.example.net.
459 host1.auth-zone.example.net. 20 IN A 127.0.0.55
460 host1.auth-zone.example.net. 20 IN AAAA 2001:DB8::1:45BA
462 host2.auth-zone.example.net. 20 IN CNAME host1.another-auth-zone.example.net.
464 host3.auth-zone.example.net. 20 IN CNAME host1.not-auth-zone.example.net.
465 *.wild.auth-zone.example.net. 3600 IN TXT "Hi there!"
466 france.auth-zone.example.net. 20 IN NS ns1.auth-zone.example.net.
467 ns1.auth-zone.example.net. 20 IN A $PREFIX.23
468 *.something.auth-zone.example.net. 20 IN CNAME host1.auth-zone.example.net.
472 cat > $PREFIX.24/lowercase-outgoing.example.net.zone
<<EOF
473 lowercase-outgoing.example.net. 3600 IN SOA $SOA
474 lowercase-outgoing.example.net. 20 IN NS ns.lowercase-outgoing.example.net.
476 ns.lowercase-outgoing.example.net. 20 IN A $PREFIX.24
477 host.lowercase-outgoing.example.net. 20 IN A 127.0.0.57
480 cat > $PREFIX.24/prequery.lua
<<EOF
481 filename = "questions.txt"
484 file = io.open(filename, "w")
492 function prequery ( dnspacket )
493 qname, qtype = dnspacket:getQuestion()
494 file = io.open('questions.txt', "a")
495 file:write(tostring(qname) .. "\n")
502 cat > recursor-service
/another-auth-zone.example.net.zone
<<EOF
503 another-auth-zone.example.net. 3600 IN SOA $SOA
504 another-auth-zone.example.net. 20 IN NS localhost.example.net.
506 host1.another-auth-zone.example.net. 20 IN A 127.0.0.56
511 cat > $dir/pdns.conf
<<EOF
512 module-dir=../../../regression-tests/modules
516 bind-config=named.conf
522 distributor-threads=1
525 if [ -e $dir/prequery.lua
]
527 echo 'lua-prequery-script=prequery.lua' >> $dir/pdns.conf
530 cat > $dir/named.conf
<<EOF
535 for zone
in $
(ls $dir |
grep '\.zone$' |
sed 's/\.zone$//')
538 if [ $realzone = ROOT
]
542 cat >> $dir/named.conf
<<EOF
549 ln -s ..
/..
/run-auth
$dir/run
552 cat > recursor-service
/forward-zones-file
<< EOF
553 # Some comment that should be ignored
554 forward-zones-test.non-existing.powerdns.com=8.8.8.8
555 forward-zones-test2.non-existing.powerdns.com=8.8.8.8# This comment should be ignored as well
558 cat > recursor-service
/recursor.conf
<<EOF
561 forward-zones-file=$(pwd)/recursor-service/forward-zones-file
563 socket-dir=/tmp/recursor-service
564 auth-zones=global.box.answer-cname-in-local.example.net=$(pwd)/recursor-service/global.box.answer-cname-in-local.example.net.zone,auth-zone.example.net=$(pwd)/recursor-service/auth-zone.example.net.zone,another-auth-zone.example.net=$(pwd)/recursor-service/another-auth-zone.example.net.zone
569 cat > recursor-service
2/recursor.conf
<<EOF
571 socket-dir=/tmp/recursor-service2
572 lowercase-outgoing=yes
576 cat > recursor-service
3/recursor.conf
<< EOF
578 socket-dir=/tmp/recursor-service3
579 lua-config-file=$(pwd)/recursor-service3/config.lua
580 lua-dns-script=$(pwd)/recursor-service3/script.lua
581 security-poll-suffix=
585 cat > recursor-service
3/config.lua
<<EOF
586 rpzFile("$(pwd)/recursor-service3/rpz.zone", {policyName="myRPZ"})
587 rpzFile("$(pwd)/recursor-service3/rpz2.zone", {policyName="mySecondRPZ"})
588 rpzFile("$(pwd)/recursor-service3/rpz3.zone", {policyName="cappedTTLRPZ", maxTTL=5})
589 rpzFile("$(pwd)/recursor-service3/rpz4.zone", {policyName="defPolicyTTL", defpol=Policy.Custom, defcontent="default.example.net", defttl=10, maxTTL=20})
590 rpzFile("$(pwd)/recursor-service3/rpz5.zone", {policyName="defPolicyCappedTTL", defpol=Policy.Custom, defcontent="default.example.net", defttl=50, maxTTL=20})
591 rpzFile("$(pwd)/recursor-service3/rpz6.zone", {policyName="defPolicyWithoutTTL", defpol=Policy.Custom, defcontent="default.example.net"})
592 rpzFile("$(pwd)/recursor-service3/rpz7.zone", {policyName="defPolicyWithoutTTLCapped", defpol=Policy.Custom, defcontent="default.example.net", maxTTL=50})
595 IFS
=.
read REV_PREFIX1 REV_PREFIX2 REV_PREFIX3
<<< $
(echo $PREFIX) # This will bite us in the ass if we ever test on IPv6
597 cat > recursor-service
3/rpz.zone
<<EOF
599 \$ORIGIN domain.example.
603 arthur.example.net CNAME . ; NXDOMAIN on apex
604 *.arthur.example.net CNAME *. ; NODATA for everything below the apex
605 www3.arthur.example.net CNAME rpz-passthru. ; Allow this name through (so that the CNAME from www.trillian.example.net is not blocked)
606 srv.arthur.example.net CNAME rpz-passthru. ; Allow this name through
607 www.example.net CNAME www2.example.net. ; Local-Data Action
608 www3.example.net CNAME www4.example.net. ; Local-Data Action (to be changed in preresolve)
609 www5.example.net A 192.0.2.15 ; Override www5.example.net.
610 trillian.example.net CNAME . ; NXDOMAIN on apex, allows all sub-names (#4086)
611 *.wildcard-target.example.net CNAME *.walled-garden.example.net. ; Special form of Local Data: a CNAME RR with a wildcarded target name
613 32.4.2.0.192.rpz-ip CNAME rpz-drop. ; www4.example.net resolves to 192.0.2.4, drop A responses with that IP
615 ns.hijackme.example.net.rpz-nsdname CNAME . ; NXDOMAIN for anything hosted on ns.hijackme.example.net
616 ns.marvin.example.net.rpz-nsdname CNAME . ; NXDOMAIN for anything hosted on ns.marvin.example.net (we disable RPZ in preresolve though)
617 32.24.$REV_PREFIX3.$REV_PREFIX2.$REV_PREFIX1.rpz-nsip CNAME . ; The IP for ns.lowercase-outgoing.example.net, should yield NXDOMAIN
621 cat > recursor-service
3/rpz2.zone
<<EOF
623 \$ORIGIN domain.example.
627 www5.example.net A 192.0.2.25 ; Override www5.example.net.
631 cat > recursor-service
3/rpz3.zone
<<EOF
633 \$ORIGIN domain.example.
637 capped-ttl.example.net 50 IN A 192.0.2.35 ; exceeds the maxTTL setting
638 unsupported.example.net 50 IN CNAME rpz-unsupported. ; unsupported target
639 unsupported2.example.net 50 IN CNAME 32.3.2.0.192.rpz-unsupported. ; also unsupported target
640 not-rpz.example.net 50 IN CNAME rpz-not.com. ; this one is not a special RPZ target
644 cat > recursor-service
3/rpz4.zone
<<EOF
646 \$ORIGIN domain.example.
650 defpol-with-ttl.example.net 50 IN A 192.0.2.35 ; will be overridden by the default policy and the default TTL
654 cat > recursor-service
3/rpz5.zone
<<EOF
656 \$ORIGIN domain.example.
660 defpol-with-ttl-capped.example.net 100 IN A 192.0.2.35 ; will be overridden by the default policy and the default TTL (but capped by maxTTL)
664 cat > recursor-service
3/rpz6.zone
<<EOF
666 \$ORIGIN domain.example.
670 defpol-without-ttl.example.net A 192.0.2.35 ; will be overridden by the default policy, but with the zone's TTL
674 cat > recursor-service
3/rpz7.zone
<<EOF
676 \$ORIGIN domain.example.
680 defpol-without-ttl-capped.example.net A 192.0.2.35 ; will be overridden by the default policy, but with the zone's TTL capped by maxTTL
684 cat > recursor-service
3/script.lua
<<EOF
686 if dq.qname:equal('www5.example.net') then
687 dq:discardPolicy('myRPZ')
692 function preresolve(dq)
693 if dq.qname:equal("nxdomainme.example.net") then
694 dq.rcode = pdns.NXDOMAIN
697 if dq.qname:equal("android.marvin.example.net") then
698 dq.wantsRPZ = false -- disable RPZ
703 function policyEventFilter(event)
704 if event.appliedPolicy.policyKind == pdns.policykinds.Custom then
705 if event.qname:equal("www3.example.net") then
706 event.appliedPolicy.policyCustom = "www2.example.net"
714 cat > recursor-service
4/recursor.conf
<<EOF
716 socket-dir=/tmp/recursor-service4
718 forward-zones=net.=$PREFIX.10;$PREFIX.11