==> www.trillian.example.net has no RPZ policy attached, so lookup should succeed
Reply to question for qname='www.trillian.example.net.', qtype=A
Rcode: 0 (No Error), RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0
-0 www.trillian.example.net. IN CNAME 15 www2.arthur.example.net.
-0 www2.arthur.example.net. IN A 15 192.0.2.6
+0 www.trillian.example.net. IN CNAME 15 www3.arthur.example.net.
+0 www3.arthur.example.net. IN A 15 192.0.2.6
==> www.hijackme.example.net is served on ns.hijackme.example.net, which should be NXDOMAIN
Reply to question for qname='www.hijackme.example.net.', qtype=A
Rcode: 3 (Non-Existent domain), RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0
Reply to question for qname='not-rpz.example.net.', qtype=A
Rcode: 3 (Non-Existent domain), RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0
0 not-rpz.example.net. IN CNAME 5 rpz-not.com.
+1 . IN SOA 15 ns.example.net. hostmaster.example.net. 1 3600 1800 1209600 300
==> echo-me.wildcard-target.example.net is an RPZ wildcard target
Reply to question for qname='echo-me.wildcard-target.example.net.', qtype=A
Rcode: 3 (Non-Existent domain), RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0
0 echo-me.wildcard-target.example.net. IN CNAME 7200 echo-me.wildcard-target.example.net.walled-garden.example.net.
+1 example.net. IN SOA 15 ns.example.net. hostmaster.example.net. 1 3600 1800 1209600 300
ns2.arthur.example.net. 3600 IN A $PREFIX.13
www.arthur.example.net. 3600 IN A 192.0.2.2
www2.arthur.example.net. 3600 IN A 192.0.2.6
+www3.arthur.example.net. 3600 IN A 192.0.2.6
mail.arthur.example.net. 3600 IN A 192.0.2.3
big.arthur.example.net. 3600 IN TXT "the quick brown fox jumps over the lazy dog"
big.arthur.example.net. 3600 IN TXT "The quick brown fox jumps over the lazy dog"
trillian.example.net. 3600 IN SOA $SOA
trillian.example.net. 3600 IN NS ns.trillian.example.net.
ns.trillian.example.net. 3600 IN A $PREFIX.16
-www.trillian.example.net. 3600 IN CNAME www2.arthur.example.net.
+www.trillian.example.net. 3600 IN CNAME www3.arthur.example.net.
EOF
cat > $PREFIX.16/prequery.lua <<EOF
then
dnspacket:setRcode(pdns.NXDOMAIN)
ret = {}
- ret[1] = newDR(newDN(qname), "CNAME", 3600, "www2.arthur.example.net", 1)
+ ret[1] = newDR(newDN(qname), "CNAME", 3600, "www3.arthur.example.net", 1)
ret[2] = newDR(newDN(""), "SOA", 3600, "$SOA", 2)
dnspacket:addRecords(ret)
return true
arthur.example.net CNAME . ; NXDOMAIN on apex
*.arthur.example.net CNAME *. ; NODATA for everything below the apex
-srv.arthur.example.net CNAME rpz-passthru. ; Allow this name though
+www3.arthur.example.net CNAME rpz-passthru. ; Allow this name through (so that the CNAME from www.trillian.example.net is not blocked)
+srv.arthur.example.net CNAME rpz-passthru. ; Allow this name through
www.example.net CNAME www2.example.net. ; Local-Data Action
www3.example.net CNAME www4.example.net. ; Local-Data Action (to be changed in preresolve)
www5.example.net A 192.0.2.15 ; Override www5.example.net.
projects / thirdparty / pdns.git / commitdiff
