From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Mon, 18 Mar 2024 13:11:43 +0000 (+0100)
Subject: - Add rpz unit test for nsip action override.
X-Git-Tag: release-1.20.0rc1~59
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e46b188fe8b79cdc10cd1f43a91f1d25c7622483;p=thirdparty%2Funbound.git

- Add rpz unit test for nsip action override.
---

diff --git a/doc/Changelog b/doc/Changelog
index 9deac82ff..1086f18e3 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -4,6 +4,7 @@
 	  the reply query_info values, that is better for debug logging.
 	- Fix rpz that copies the cname override completely to the temp
 	  region, so there are no references to the rpz region.
+	- Add rpz unit test for nsip action override.
 
 15 March 2024: Yorgos
 	- Merge #1030: Persist the openssl and expat directories for repeated
diff --git a/testdata/rpz_nsip_override.rpl b/testdata/rpz_nsip_override.rpl
new file mode 100644
index 000000000..8c3b20be3
--- /dev/null
+++ b/testdata/rpz_nsip_override.rpl
@@ -0,0 +1,332 @@
+; config options
+server:
+	module-config: "respip validator iterator"
+	target-fetch-policy: "0 0 0 0 0"
+	qname-minimisation: no
+	access-control: 192.0.0.0/8 allow
+
+rpz:
+	name: "rpz.example.com."
+	rpz-log: yes
+	rpz-log-name: "rpz.example.com"
+	rpz-action-override: "nxdomain"
+	zonefile:
+TEMPFILE_NAME rpz.example.com
+TEMPFILE_CONTENTS rpz.example.com
+$ORIGIN example.com.
+rpz	3600	IN	SOA	ns1.rpz.example.com. hostmaster.rpz.example.com. (
+		1379078166 28800 7200 604800 7200 )
+	3600	IN	NS	ns1.rpz.example.com.
+	3600	IN	NS	ns2.rpz.example.com.
+$ORIGIN rpz.example.com.
+; ns1.gotham.a
+32.41.30.20.10.rpz-nsip A 1.2.3.5
+TEMPFILE_END
+
+rpz:
+	name: "rpz2.example.com."
+	rpz-log: yes
+	rpz-log-name: "rpz2.example.com"
+	rpz-action-override: "nodata"
+	zonefile:
+TEMPFILE_NAME rpz2.example.com
+TEMPFILE_CONTENTS rpz2.example.com
+$ORIGIN example.com.
+rpz2	3600	IN	SOA	ns1.rpz2.example.com. hostmaster.rpz2.example.com. (
+		1379078166 28800 7200 604800 7200 )
+	3600	IN	NS	ns1.rpz2.example.com.
+	3600	IN	NS	ns2.rpz2.example.com.
+$ORIGIN rpz2.example.com.
+; ns1.gotham2.a
+32.42.30.20.10.rpz-nsip A 1.2.3.5
+TEMPFILE_END
+
+rpz:
+	name: "rpz3.example.com."
+	rpz-log: yes
+	rpz-log-name: "rpz3.example.com"
+	rpz-action-override: "passthru"
+	zonefile:
+TEMPFILE_NAME rpz3.example.com
+TEMPFILE_CONTENTS rpz3.example.com
+$ORIGIN example.com.
+rpz3	3600	IN	SOA	ns1.rpz3.example.com. hostmaster.rpz3.example.com. (
+		1379078166 28800 7200 604800 7200 )
+	3600	IN	NS	ns1.rpz3.example.com.
+	3600	IN	NS	ns2.rpz3.example.com.
+$ORIGIN rpz3.example.com.
+; ns1.gotham3.a
+32.43.30.20.10.rpz-nsip A 1.2.3.5
+TEMPFILE_END
+
+rpz:
+	name: "rpz4.example.com."
+	rpz-log: yes
+	rpz-log-name: "rpz4.example.com"
+	rpz-action-override: "drop"
+	zonefile:
+TEMPFILE_NAME rpz4.example.com
+TEMPFILE_CONTENTS rpz4.example.com
+$ORIGIN example.com.
+rpz4	3600	IN	SOA	ns1.rpz4.example.com. hostmaster.rpz4.example.com. (
+		1379078166 28800 7200 604800 7200 )
+	3600	IN	NS	ns1.rpz4.example.com.
+	3600	IN	NS	ns2.rpz4.example.com.
+$ORIGIN rpz4.example.com.
+; ns1.gotham3.a
+32.43.30.20.10.rpz-nsip A 1.2.3.5
+; ns1.gotham4.a
+32.44.30.20.10.rpz-nsip A 1.2.3.5
+TEMPFILE_END
+
+rpz:
+	name: "rpz5.example.com."
+	rpz-log: yes
+	rpz-log-name: "rpz5.example.com"
+	rpz-action-override: "cname"
+	rpz-cname-override: "target.a"
+	zonefile:
+TEMPFILE_NAME rpz5.example.com
+TEMPFILE_CONTENTS rpz5.example.com
+$ORIGIN example.com.
+rpz5	3600	IN	SOA	ns1.rpz5.example.com. hostmaster.rpz5.example.com. (
+		1379078166 28800 7200 604800 7200 )
+	3600	IN	NS	ns1.rpz5.example.com.
+	3600	IN	NS	ns2.rpz5.example.com.
+$ORIGIN rpz5.example.com.
+; ns1.gotham5.a
+32.45.30.20.10.rpz-nsip A 1.2.3.5
+TEMPFILE_END
+
+rpz:
+	name: "rpz6.example.com."
+	rpz-log: yes
+	rpz-log-name: "rpz6.example.com"
+	rpz-action-override: "disabled"
+	zonefile:
+TEMPFILE_NAME rpz6.example.com
+TEMPFILE_CONTENTS rpz6.example.com
+$ORIGIN example.com.
+rpz6	3600	IN	SOA	ns1.rpz6.example.com. hostmaster.rpz6.example.com. (
+		1379078166 28800 7200 604800 7200 )
+	3600	IN	NS	ns1.rpz6.example.com.
+	3600	IN	NS	ns2.rpz6.example.com.
+$ORIGIN rpz6.example.com.
+; ns1.gotham6.a
+32.46.30.20.10.rpz-nsip A 1.2.3.5
+TEMPFILE_END
+
+stub-zone:
+	name: "a."
+	stub-addr: 10.20.30.40
+CONFIG_END
+
+SCENARIO_BEGIN Test RPZ action override with trigger from nsip.
+
+; a.
+RANGE_BEGIN 0 1000
+	ADDRESS 10.20.30.40
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.gotham.a. IN A
+SECTION AUTHORITY
+gotham.a. NS ns1.gotham.a.
+SECTION ADDITIONAL
+ns1.gotham.a. A 10.20.30.41
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.gotham2.a. IN A
+SECTION AUTHORITY
+gotham2.a. NS ns1.gotham2.a.
+SECTION ADDITIONAL
+ns1.gotham2.a. A 10.20.30.42
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.gotham3.a. IN A
+SECTION AUTHORITY
+gotham3.a. NS ns1.gotham3.a.
+SECTION ADDITIONAL
+ns1.gotham3.a. A 10.20.30.43
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.gotham4.a. IN A
+SECTION AUTHORITY
+gotham4.a. NS ns1.gotham4.a.
+SECTION ADDITIONAL
+ns1.gotham4.a. A 10.20.30.44
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.gotham5.a. IN A
+SECTION AUTHORITY
+gotham5.a. NS ns1.gotham5.a.
+SECTION ADDITIONAL
+ns1.gotham5.a. A 10.20.30.45
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.gotham6.a. IN A
+SECTION AUTHORITY
+gotham6.a. NS ns1.gotham6.a.
+SECTION ADDITIONAL
+ns1.gotham6.a. A 10.20.30.46
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+target.a. IN A
+SECTION ANSWER
+target.a. IN A 1.2.3.6
+ENTRY_END
+RANGE_END
+
+; gotham3.a.
+RANGE_BEGIN 0 1000
+	ADDRESS 10.20.30.43
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.gotham3.a. IN A
+SECTION ANSWER
+www.gotham3.a. A 1.2.3.4
+ENTRY_END
+RANGE_END
+
+; gotham6.a.
+RANGE_BEGIN 0 1000
+	ADDRESS 10.20.30.46
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.gotham6.a. IN A
+SECTION ANSWER
+www.gotham6.a. A 1.2.3.4
+ENTRY_END
+RANGE_END
+
+STEP 10 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.gotham.a.	IN	A
+ENTRY_END
+
+STEP 11 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AA NXDOMAIN
+SECTION QUESTION
+www.gotham.a.	IN	A
+SECTION ANSWER
+ENTRY_END
+
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.gotham2.a.	IN	A
+ENTRY_END
+
+STEP 21 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AA NOERROR
+SECTION QUESTION
+www.gotham2.a.	IN	A
+SECTION ANSWER
+ENTRY_END
+
+STEP 30 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.gotham3.a.	IN	A
+ENTRY_END
+
+STEP 31 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.gotham3.a.	IN	A
+SECTION ANSWER
+www.gotham3.a. A 1.2.3.4
+ENTRY_END
+
+STEP 40 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.gotham4.a.	IN	A
+ENTRY_END
+;dropped
+
+STEP 50 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.gotham5.a.	IN	A
+ENTRY_END
+
+STEP 51 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.gotham5.a.	IN	A
+SECTION ANSWER
+www.gotham5.a. CNAME target.a
+target.a A 1.2.3.6
+ENTRY_END
+
+STEP 60 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.gotham6.a.	IN	A
+ENTRY_END
+
+STEP 61 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.gotham6.a.	IN	A
+SECTION ANSWER
+www.gotham6.a. A 1.2.3.4
+ENTRY_END
+
+SCENARIO_END