3 if [ "${PDNS_DEBUG}" = "YES" ]; then
7 export PDNS
=${PDNS:-${PWD}/../pdns/pdns_server}
8 export PDNSRECURSOR
=${PDNSRECURSOR:-${PWD}/../pdns/recursordist/pdns_recursor}
9 export RECCONTROL
=${RECCONTROL:-${PWD}/../pdns/recursordist/rec_control}
15 echo "config not found or PREFIX not set"
21 echo "config not found or AUTHRUN not set"
34 if [ \
! -x "$PDNSRECURSOR" ]
36 echo "Could not find an executable pdns_recursor at \"$PDNSRECURSOR\", check PDNSRECURSOR"
37 echo "Continuing with configuration anyhow"
42 echo "Could not find an executable pdns_server at \"$PDNS\", check PDNS"
43 echo "Continuing with configuration anyhow"
48 for dir
in recursor-service recursor-service2 recursor-service3 recursor-service4
; do
61 ns.root. 3600 IN A $PREFIX.8
67 SOA
="ns.example.net. hostmaster.example.net. 1 3600 1800 1209600 300"
71 cat > $PREFIX.8/ROOT.zone
<<EOF
74 ns.root. 3600 IN A $PREFIX.8
75 net. 3600 IN NS ns.example.net.
76 net. 3600 IN NS ns2.example.net.
77 ns.example.net. 3600 IN A $PREFIX.10
78 ns2.example.net. 3600 IN A $PREFIX.11
81 ### plain example.net zone
83 cat > $PREFIX.10/example.net.zone
<<EOF
84 example.net. 3600 IN SOA $SOA
85 example.net. 3600 IN NS ns.example.net.
86 example.net. 3600 IN NS ns2.example.net.
87 ns.example.net. 3600 IN A $PREFIX.10
88 ns2.example.net. 3600 IN A $PREFIX.11
89 www.example.net. 3600 IN A 192.0.2.1
90 www2.example.net. 3600 IN A 192.0.2.2
91 www3.example.net. 3600 IN A 192.0.2.3
92 www4.example.net. 3600 IN A 192.0.2.4
93 www5.example.net. 3600 IN A 192.0.2.5
94 default.example.net. 3600 IN A 192.0.2.42
95 weirdtxt.example.net. 3600 IN IN TXT "x\014x"
96 arthur.example.net. 3600 IN NS ns.arthur.example.net.
97 arthur.example.net. 3600 IN NS ns2.arthur.example.net.
98 ns.arthur.example.net. 3600 IN A $PREFIX.12
99 ns2.arthur.example.net. 3600 IN A $PREFIX.13
100 prefect.example.net. 3600 IN NS ns.prefect.example.net.
101 ns.prefect.example.net. 3600 IN A $PREFIX.14
102 marvin.example.net. 3600 IN NS ns.marvin.example.net.
103 ns.marvin.example.net. 3600 IN A $PREFIX.15
104 trillian.example.net. 3600 IN NS ns.trillian.example.net.
105 ns.trillian.example.net. 3600 IN A $PREFIX.16
106 ghost.example.net. 3600 IN NS ns.ghost.example.net.
107 ns.ghost.example.net. 3600 IN A $PREFIX.17
108 ford.example.net. 3600 IN NS ns.ford.example.net.
109 ns.ford.example.net. 3600 IN A $PREFIX.12
110 hijackme.example.net. 3600 IN NS ns.hijackme.example.net.
111 ns.hijackme.example.net. 3600 IN A $PREFIX.20
112 hijacker.example.net. 3600 IN NS ns.hijacker.example.net.
113 ns.hijacker.example.net. 3600 IN A $PREFIX.21
114 answer-cname-in-local.example.net. 3600 IN NS ns.answer-cname-in-local.example.net.
115 pfsbox.answer-cname-in-local.example.net. 3600 IN NS ns.answer-cname-in-local.example.net.
116 box.answer-cname-in-local.example.net. 3600 IN NS ns.answer-cname-in-local.example.net.
117 ns.answer-cname-in-local.example.net. 3600 IN A $PREFIX.22
118 not-auth-zone.example.net. 3600 IN NS ns.not-auth-zone.example.net.
119 ns.not-auth-zone.example.net. 3600 IN A $PREFIX.23
120 lowercase-outgoing.example.net. 3600 IN NS ns.lowercase-outgoing.example.net.
121 ns.lowercase-outgoing.example.net. 3600 IN A $PREFIX.24
122 nxdomainme.example.net. 3600 IN A $PREFIX.25
126 cp $PREFIX.10/example.net.zone
$PREFIX.11/
128 ### plain delegated zone, no surprises
129 ### also serves as intentionally NON-authoritative for ford
131 cat > $PREFIX.12/arthur.example.net.zone
<<EOF
132 arthur.example.net. 3600 IN SOA $SOA
133 arthur.example.net. 3600 IN NS ns.arthur.example.net.
134 arthur.example.net. 3600 IN NS ns2.arthur.example.net.
135 arthur.example.net. 3600 IN MX mail.arthur.example.net.
136 ns.arthur.example.net. 3600 IN A $PREFIX.12
137 ns2.arthur.example.net. 3600 IN A $PREFIX.13
138 www.arthur.example.net. 3600 IN A 192.0.2.2
139 www2.arthur.example.net. 3600 IN A 192.0.2.6
140 mail.arthur.example.net. 3600 IN A 192.0.2.3
141 big.arthur.example.net. 3600 IN TXT "the quick brown fox jumps over the lazy dog"
142 big.arthur.example.net. 3600 IN TXT "The quick brown fox jumps over the lazy dog"
143 big.arthur.example.net. 3600 IN TXT "THe quick brown fox jumps over the lazy dog"
144 big.arthur.example.net. 3600 IN TXT "THE quick brown fox jumps over the lazy dog"
145 big.arthur.example.net. 3600 IN TXT "THE quick brown fox jumps over the lazy dog"
146 big.arthur.example.net. 3600 IN TXT "THE Quick brown fox jumps over the lazy dog"
147 big.arthur.example.net. 3600 IN TXT "THE QUick brown fox jumps over the lazy dog"
148 big.arthur.example.net. 3600 IN TXT "THE QUIck brown fox jumps over the lazy dog"
149 big.arthur.example.net. 3600 IN TXT "THE QUICk brown fox jumps over the lazy dog"
150 big.arthur.example.net. 3600 IN TXT "THE QUICK brown fox jumps over the lazy dog"
151 big.arthur.example.net. 3600 IN TXT "THE QUICK brown fox jumps over the lazy dog"
152 big.arthur.example.net. 3600 IN TXT "THE QUICK Brown fox jumps over the lazy dog"
153 big.arthur.example.net. 3600 IN TXT "THE QUICK BRown fox jumps over the lazy dog"
154 big.arthur.example.net. 3600 IN TXT "THE QUICK BROwn fox jumps over the lazy dog"
155 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWn fox jumps over the lazy dog"
156 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN fox jumps over the lazy dog"
157 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN fox jumps over the lazy dog"
158 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN Fox jumps over the lazy dog"
159 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOx jumps over the lazy dog"
160 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX jumps over the lazy dog"
161 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX jumps over the lazy dog"
162 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX Jumps over the lazy dog"
163 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUmps over the lazy dog"
164 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMps over the lazy dog"
165 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPs over the lazy dog"
166 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS over the lazy dog"
167 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS over the lazy dog"
168 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS Over the lazy dog"
169 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVer the lazy dog"
170 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVEr the lazy dog"
171 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER the lazy dog"
172 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER the lazy dog"
173 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER The lazy dog"
174 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THe lazy dog"
175 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE lazy dog"
176 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE lazy dog"
177 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE Lazy dog"
178 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE LAzy dog"
179 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE LAZy dog"
180 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE LAZY dog"
181 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE LAZY dog"
182 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE LAZY Dog"
183 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE LAZY DOg"
184 big.arthur.example.net. 3600 IN TXT "THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG"
185 srv.arthur.example.net. 3600 IN SRV 0 100 389 server2.example.net.
186 rp.arthur.example.net. 3600 IN RP ahu.ds9a.nl. counter
187 type1234.arthur.example.net. 3600 IN TYPE1234 \# 2 4142
191 cp $PREFIX.12/arthur.example.net.zone
$PREFIX.13
193 ### zone with various CNAMEs, valid packets
195 cat > $PREFIX.14/prefect.example.net.zone
<<EOF
196 prefect.example.net. 3600 IN SOA $SOA
197 prefect.example.net. 3600 IN NS ns.prefect.example.net.
198 ns.prefect.example.net. 3600 IN A $PREFIX.14
199 www-a.prefect.example.net. 3600 IN CNAME www-a-2.prefect.example.net.
200 ;www-a-2.prefect.example.net. NXDOMAIN
201 www-b.prefect.example.net. 3600 IN CNAME www-b-2.prefect.example.net.
202 www-b-2.prefect.example.net. 3600 IN A 192.0.2.4
203 www-c.prefect.example.net. 3600 IN CNAME www-b-2.prefect.example.net.
204 ;www-c-2.prefect.example.net. NOERROR on A
205 www-c-2.prefect.example.net. 3600 IN AAAA 2001:db8::1
206 www-d.prefect.example.net. 3600 IN CNAME www.arthur.example.net.
209 ### zone with valid in-zone CNAME, invalid NXDOMAIN in response
211 cat > $PREFIX.15/marvin.example.net.zone
<<EOF
212 marvin.example.net. 3600 IN SOA $SOA
213 marvin.example.net. 3600 IN NS ns.marvin.example.net.
214 ns.marvin.example.net. 3600 IN A $PREFIX.15
215 www.marvin.example.net. 3600 IN CNAME android.marvin.example.net.
216 android.marvin.example.net. 3600 IN A 192.0.2.5
219 cat > $PREFIX.15/prequery.lua
<<EOF
225 function prequery ( dnspacket )
226 qname, qtype = dnspacket:getQuestion()
227 if qtype == pdns.A and qname == "www.marvin.example.net."
229 dnspacket:setRcode(pdns.NXDOMAIN)
231 ret[1] = newDR(newDN(qname), "CNAME", 3600, "android.marvin.example.net", 1)
232 ret[2] = newDR(newDN("marvin.example.net"), "SOA", 3600, "$SOA", 2)
233 dnspacket:addRecords(ret)
240 ### zone with working cross-zone CNAME, invalid NXDOMAIN in response
242 cat > $PREFIX.16/trillian.example.net.zone
<<EOF
243 trillian.example.net. 3600 IN SOA $SOA
244 trillian.example.net. 3600 IN NS ns.trillian.example.net.
245 ns.trillian.example.net. 3600 IN A $PREFIX.16
246 www.trillian.example.net. 3600 IN CNAME www2.arthur.example.net.
249 cat > $PREFIX.16/prequery.lua
<<EOF
255 function prequery ( dnspacket )
256 qname, qtype = dnspacket:getQuestion()
257 if qtype == pdns.A and qname == "www.trillian.example.net."
259 dnspacket:setRcode(pdns.NXDOMAIN)
261 ret[1] = newDR(newDN(qname), "CNAME", 3600, "www2.arthur.example.net", 1)
262 ret[2] = newDR(newDN(""), "SOA", 3600, "$SOA", 2)
263 dnspacket:addRecords(ret)
270 ### parent zone for ghost testing
272 cat > $PREFIX.17/ghost.example.net.zone
<<EOF
273 ghost.example.net. 3600 IN SOA $SOA
274 ghost.example.net. 3600 IN NS ns.ghost.example.net.
275 ns.ghost.example.net. 3600 IN A $PREFIX.17
276 1.ghost.example.net. 10 IN NS ns.1.ghost.example.net.
277 ns.1.ghost.example.net. 10 IN A $PREFIX.18
278 2.ghost.example.net. 10 IN NS ns.2.ghost.example.net.
279 ns.2.ghost.example.net. 10 IN A $PREFIX.19
282 cat > $PREFIX.17/prequery.lua
<<EOF
283 posix = require 'posix'
290 function prequery ( dnspacket )
291 qname, qtype = dnspacket:getQuestion()
292 if (string.sub(tostring(qname), -20) == "1.ghost.example.net." and posix.stat('drop-1')) or
293 (string.sub(tostring(qname), -20) == "2.ghost.example.net." and posix.stat('drop-2'))
295 dnspacket:setRcode(pdns.NXDOMAIN)
297 ret[1] = newDR(newDN("ghost.example.net"), "SOA", 3600, "$SOA", 2)
298 dnspacket:addRecords(ret)
305 ### ghost domain with ever-changing NSset
307 cat > $PREFIX.18/1.ghost.example.net.zone
<<EOF
308 1.ghost.example.net. 3600 IN SOA $SOA
309 1.ghost.example.net. 20 IN NS ns.1.ghost.example.net.
310 ns.1.ghost.example.net. 20 IN A $PREFIX.18
311 *.www.1.ghost.example.net. 20 IN A 192.0.2.7
314 cat > $PREFIX.18/prequery.lua
<<EOF
322 function prequery ( dnspacket )
324 qname, qtype = dnspacket:getQuestion()
325 if qtype == pdns.A and string.sub(tostring(qname), -24) == "www.1.ghost.example.net."
327 dnspacket:setRcode(pdns.NOERROR)
329 -- www.1.ghost.example.net. 20 IN A 192.0.2.7
330 ret[1] = newDR(newDN(qname), "A", 20, "192.0.2.7", 1)
331 -- 1.ghost.example.net. 20 IN NS ns.1.ghost.example.net.
332 ret[2] = newDR(newDN("1.ghost.example.net"), "NS", 20, "ns"..i..".1.ghost.example.net", 2)
333 -- ns.1.ghost.example.net. 20 IN A $PREFIX.18
334 ret[3] = newDR(newDN("ns"..i..".1.ghost.example.net"), "A", 20, "$PREFIX.18", 3)
335 dnspacket:addRecords(ret)
342 ### ghost domain with static NSset
344 cat > $PREFIX.19/2.ghost.example.net.zone
<<EOF
345 2.ghost.example.net. 3600 IN SOA $SOA
346 2.ghost.example.net. 20 IN NS ns.2.ghost.example.net.
347 ns.2.ghost.example.net. 20 IN A $PREFIX.19
348 *.www.2.ghost.example.net. 20 IN A 192.0.2.8
350 cat > $PREFIX.19/prequery.lua
<<EOF
356 function prequery ( dnspacket )
357 qname, qtype = dnspacket:getQuestion()
358 if qtype == pdns.A and string.sub(tostring(qname), -25) == ".www.2.ghost.example.net."
360 dnspacket:setRcode(pdns.NOERROR)
362 ret[1] = newDR(newDN(qname), "A", 20, "192.0.2.8", 1)
363 ret[2] = newDR(newDN("2.ghost.example.net"), "NS", 20, "ns.2.ghost.example.net", 2)
364 ret[3] = newDR(newDN("ns.2.ghost.example.net"), "A", 20, "$PREFIX.19", 3)
365 dnspacket:addRecords(ret)
372 ### plain domain as target for hijacking
374 cat > $PREFIX.20/hijackme.example.net.zone
<<EOF
375 hijackme.example.net. 3600 IN SOA $SOA
376 hijackme.example.net. 20 IN NS ns.hijackme.example.net.
377 ns.hijackme.example.net. 20 IN A $PREFIX.20
378 www.hijackme.example.net. 20 IN A 192.0.2.20
381 ### domain designed to hijack the A of ns.hijackme.example.net
383 cat > $PREFIX.21/hijacker.example.net.zone
<<EOF
384 hijacker.example.net. 3600 IN SOA $SOA
385 hijacker.example.net. 20 IN NS ns.hijackme.example.net.
386 ;ns.hijackme.example.net. 20 IN A $PREFIX.21
390 cat > $PREFIX.21/hijackme.example.net.zone
<<EOF
391 hijackme.example.net. 3600 IN SOA $SOA
392 hijackme.example.net. 20 IN NS ns.hijackme.example.net.
393 ns.hijackme.example.net. 20 IN A $PREFIX.21
394 www.hijackme.example.net. 20 IN A 192.0.2.21
398 ## Several domains where one gets overwritten as a local auth zone
400 cat > $PREFIX.22/box.answer-cname-in-local.example.net.zone
<<EOF
401 box.answer-cname-in-local.example.net. 3600 IN SOA $SOA
402 box.answer-cname-in-local.example.net. 20 IN NS ns.answer-cname-in-local.example.net.
404 global.box.answer-cname-in-local.example.net. 20 IN NS ns.answer-cname-in-local.example.net.
405 service.box.answer-cname-in-local.example.net. 20 IN CNAME pfs.global.box.answer-cname-in-local.example.net.
409 cat > $PREFIX.22/global.box.answer-cname-in-local.example.net.zone
<<EOF
410 global.box.answer-cname-in-local.example.net. 3600 IN SOA $SOA
411 global.box.answer-cname-in-local.example.net. 20 IN NS ns.answer-cname-in-local.example.net.
413 pfs.global.box.answer-cname-in-local.example.net. 20 IN CNAME vip-metropole.pfsbox.answer-cname-in-local.example.net.
417 cat > $PREFIX.22/pfsbox.answer-cname-in-local.example.net.zone
<<EOF
418 pfsbox.answer-cname-in-local.example.net. 3600 IN SOA $SOA
419 pfsbox.answer-cname-in-local.example.net. 20 IN NS ns.answer-cname-in-local.example.net.
421 vip-metropole.pfsbox.answer-cname-in-local.example.net. 20 IN A 10.0.0.1
422 vip-reunion.pfsbox.answer-cname-in-local.example.net. 20 IN A 10.1.1.1
426 # Used for the auth-zones test, to test a CNAME inside an auth-zone to a name
427 # outside of and auth-zone
429 cat > $PREFIX.23/not-auth-zone.example.net.zone
<<EOF
430 not-auth-zone.example.net. 3600 IN SOA $SOA
431 not-auth-zone.example.net. 20 IN NS ns.not-auth-zone.example.net.
433 ns.not-auth-zone.example.net. 20 IN A $PREFIX.23
434 host1.not-auth-zone.example.net. 20 IN A 127.0.0.57
437 cat > $PREFIX.23/france.auth-zone.example.net.zone
<<EOF
438 france.auth-zone.example.net. 3600 IN SOA $SOA
439 france.auth-zone.example.net. 3600 IN NS ns1.auth-zone.example.net
440 www.france.auth-zone.example.net. 3600 IN A 192.0.2.23
441 france.auth-zone.example.net. 3600 IN A 192.0.2.223
444 # And for the recursor
445 cat > recursor-service
/global.box.answer-cname-in-local.example.net.zone
<<EOF
446 global.box.answer-cname-in-local.example.net. 3600 IN SOA $SOA
447 global.box.answer-cname-in-local.example.net. 20 IN NS ns.answer-cname-in-local.example.net.
449 pfs.global.box.answer-cname-in-local.example.net. 20 IN CNAME vip-reunion.pfsbox.answer-cname-in-local.example.net.
453 # For the auth-zones test
454 cat > recursor-service
/auth-zone.example.net.zone
<<EOF
455 auth-zone.example.net. 3600 IN SOA $SOA
456 auth-zone.example.net. 20 IN NS localhost.example.net.
458 host1.auth-zone.example.net. 20 IN A 127.0.0.55
459 host1.auth-zone.example.net. 20 IN AAAA 2001:DB8::1:45BA
461 host2.auth-zone.example.net. 20 IN CNAME host1.another-auth-zone.example.net.
463 host3.auth-zone.example.net. 20 IN CNAME host1.not-auth-zone.example.net.
464 *.wild.auth-zone.example.net. 3600 IN TXT "Hi there!"
465 france.auth-zone.example.net. 20 IN NS ns1.auth-zone.example.net.
466 ns1.auth-zone.example.net. 20 IN A $PREFIX.23
467 *.something.auth-zone.example.net. 20 IN CNAME host1.auth-zone.example.net.
471 cat > $PREFIX.24/lowercase-outgoing.example.net.zone
<<EOF
472 lowercase-outgoing.example.net. 3600 IN SOA $SOA
473 lowercase-outgoing.example.net. 20 IN NS ns.lowercase-outgoing.example.net.
475 ns.lowercase-outgoing.example.net. 20 IN A $PREFIX.24
476 host.lowercase-outgoing.example.net. 20 IN A 127.0.0.57
479 cat > $PREFIX.24/prequery.lua
<<EOF
480 filename = "questions.txt"
483 file = io.open(filename, "w")
491 function prequery ( dnspacket )
492 qname, qtype = dnspacket:getQuestion()
493 file = io.open('questions.txt', "a")
494 file:write(tostring(qname) .. "\n")
501 cat > recursor-service
/another-auth-zone.example.net.zone
<<EOF
502 another-auth-zone.example.net. 3600 IN SOA $SOA
503 another-auth-zone.example.net. 20 IN NS localhost.example.net.
505 host1.another-auth-zone.example.net. 20 IN A 127.0.0.56
510 cat > $dir/pdns.conf
<<EOF
511 module-dir=../../../regression-tests/modules
515 ## TODO remove when switching circle-ci and travis to 4.3
517 bind-config=named.conf
523 distributor-threads=1
526 if [ -e $dir/prequery.lua
]
528 echo 'lua-prequery-script=prequery.lua' >> $dir/pdns.conf
531 cat > $dir/named.conf
<<EOF
536 for zone
in $
(ls $dir |
grep '\.zone$' |
sed 's/\.zone$//')
539 if [ $realzone = ROOT
]
543 cat >> $dir/named.conf
<<EOF
550 ln -s ..
/..
/run-auth
$dir/run
553 cat > recursor-service
/forward-zones-file
<< EOF
554 # Some comment that should be ignored
555 forward-zones-test.non-existing.powerdns.com=8.8.8.8
556 forward-zones-test2.non-existing.powerdns.com=8.8.8.8# This comment should be ignored as well
559 cat > recursor-service
/recursor.conf
<<EOF
562 forward-zones-file=$(pwd)/recursor-service/forward-zones-file
564 socket-dir=/tmp/recursor-service
565 auth-zones=global.box.answer-cname-in-local.example.net=$(pwd)/recursor-service/global.box.answer-cname-in-local.example.net.zone,auth-zone.example.net=$(pwd)/recursor-service/auth-zone.example.net.zone,another-auth-zone.example.net=$(pwd)/recursor-service/another-auth-zone.example.net.zone
570 cat > recursor-service
2/recursor.conf
<<EOF
572 socket-dir=/tmp/recursor-service2
573 lowercase-outgoing=yes
577 cat > recursor-service
3/recursor.conf
<< EOF
579 socket-dir=/tmp/recursor-service3
580 lua-config-file=$(pwd)/recursor-service3/config.lua
581 lua-dns-script=$(pwd)/recursor-service3/script.lua
585 cat > recursor-service
3/config.lua
<<EOF
586 rpzFile("$(pwd)/recursor-service3/rpz.zone", {policyName="myRPZ"})
587 rpzFile("$(pwd)/recursor-service3/rpz2.zone", {policyName="mySecondRPZ"})
588 rpzFile("$(pwd)/recursor-service3/rpz3.zone", {policyName="cappedTTLRPZ", maxTTL=5})
589 rpzFile("$(pwd)/recursor-service3/rpz4.zone", {policyName="defPolicyTTL", defpol=Policy.Custom, defcontent="default.example.net", defttl=10, maxTTL=20})
590 rpzFile("$(pwd)/recursor-service3/rpz5.zone", {policyName="defPolicyCappedTTL", defpol=Policy.Custom, defcontent="default.example.net", defttl=50, maxTTL=20})
591 rpzFile("$(pwd)/recursor-service3/rpz6.zone", {policyName="defPolicyWithoutTTL", defpol=Policy.Custom, defcontent="default.example.net"})
592 rpzFile("$(pwd)/recursor-service3/rpz7.zone", {policyName="defPolicyWithoutTTLCapped", defpol=Policy.Custom, defcontent="default.example.net", maxTTL=50})
595 IFS
=.
read REV_PREFIX1 REV_PREFIX2 REV_PREFIX3
<<< $
(echo $PREFIX) # This will bite us in the ass if we ever test on IPv6
597 cat > recursor-service
3/rpz.zone
<<EOF
599 \$ORIGIN domain.example.
603 arthur.example.net CNAME . ; NXDOMAIN on apex
604 *.arthur.example.net CNAME *. ; NODATA for everything below the apex
605 srv.arthur.example.net CNAME rpz-passthru. ; Allow this name though
606 www.example.net CNAME www2.example.net. ; Local-Data Action
607 www3.example.net CNAME www4.example.net. ; Local-Data Action (to be changed in preresolve)
608 www5.example.net A 192.0.2.15 ; Override www5.example.net.
609 trillian.example.net CNAME . ; NXDOMAIN on apex, allows all sub-names (#4086)
610 *.wildcard-target.example.net CNAME *.walled-garden.example.net. ; Special form of Local Data: a CNAME RR with a wildcarded target name
612 32.4.2.0.192.rpz-ip CNAME rpz-drop. ; www4.example.net resolves to 192.0.2.4, drop A responses with that IP
614 ns.hijackme.example.net.rpz-nsdname CNAME . ; NXDOMAIN for anything hosted on ns.hijackme.example.net
615 ns.marvin.example.net.rpz-nsdname CNAME . ; NXDOMAIN for anything hosted on ns.marvin.example.net (we disable RPZ in preresolve though)
616 32.24.$REV_PREFIX3.$REV_PREFIX2.$REV_PREFIX1.rpz-nsip CNAME . ; The IP for ns.lowercase-outgoing.example.net, should yield NXDOMAIN
620 cat > recursor-service
3/rpz2.zone
<<EOF
622 \$ORIGIN domain.example.
626 www5.example.net A 192.0.2.25 ; Override www5.example.net.
630 cat > recursor-service
3/rpz3.zone
<<EOF
632 \$ORIGIN domain.example.
636 capped-ttl.example.net 50 IN A 192.0.2.35 ; exceeds the maxTTL setting
637 unsupported.example.net 50 IN CNAME rpz-unsupported. ; unsupported target
638 unsupported2.example.net 50 IN CNAME 32.3.2.0.192.rpz-unsupported. ; also unsupported target
639 not-rpz.example.net 50 IN CNAME rpz-not.com. ; this one is not a special RPZ target
643 cat > recursor-service
3/rpz4.zone
<<EOF
645 \$ORIGIN domain.example.
649 defpol-with-ttl.example.net 50 IN A 192.0.2.35 ; will be overridden by the default policy and the default TTL
653 cat > recursor-service
3/rpz5.zone
<<EOF
655 \$ORIGIN domain.example.
659 defpol-with-ttl-capped.example.net 100 IN A 192.0.2.35 ; will be overridden by the default policy and the default TTL (but capped by maxTTL)
663 cat > recursor-service
3/rpz6.zone
<<EOF
665 \$ORIGIN domain.example.
669 defpol-without-ttl.example.net A 192.0.2.35 ; will be overridden by the default policy, but with the zone's TTL
673 cat > recursor-service
3/rpz7.zone
<<EOF
675 \$ORIGIN domain.example.
679 defpol-without-ttl-capped.example.net A 192.0.2.35 ; will be overridden by the default policy, but with the zone's TTL capped by maxTTL
683 cat > recursor-service
3/script.lua
<<EOF
685 if dq.qname:equal('www5.example.net') then
686 dq:discardPolicy('myRPZ')
691 function preresolve(dq)
692 if dq.qname:equal("nxdomainme.example.net") then
693 dq.rcode = pdns.NXDOMAIN
696 if dq.qname:equal("android.marvin.example.net") then
697 dq.wantsRPZ = false -- disable RPZ
699 if dq.appliedPolicy.policyKind == pdns.policykinds.Custom then
700 if dq.qname:equal("www3.example.net") then
701 dq.appliedPolicy.policyCustom = "www2.example.net"
708 cat > recursor-service
4/recursor.conf
<<EOF
710 socket-dir=/tmp/recursor-service4
712 forward-zones=net.=$PREFIX.10;$PREFIX.11