rpz: add testbound nsdname script (stub)

diff --git a/services/rpz.c b/services/rpz.c
index 51018b8bdd6dd1717a5946c2a9bd4c448a95601e..646c9093edd7db5bc220187552a5b93309f3081c 100644 (file)
--- a/services/rpz.c
+++ b/services/rpz.c
@@ -1676,6 +1676,7 @@ rpz_delegation_point_zone_lookup(struct delegpt* dp, struct local_zones* zones,
        struct local_zone* z = NULL;
 
        rpz_log_dname("delegation point", dp->name, dp->namelen);
+       // XXX: do we want this?
        z = rpz_find_zone(zones, dp->name, dp->namelen, qclass, 0, 0, 0);
 
        if(z == NULL) {

diff --git a/testdata/rpz_nsdname.rpl b/testdata/rpz_nsdname.rpl
new file mode 100644 (file)
index 0000000..7587ccf
--- /dev/null
+++ b/testdata/rpz_nsdname.rpl
@@ -0,0 +1,388 @@
+; config options
+server:
+       module-config: "respip validator iterator"
+       target-fetch-policy: "0 0 0 0 0"
+       qname-minimisation: no
+  access-control: 192.0.0.0/8 allow
+
+rpz:
+       name: "rpz.example.com."
+       zonefile:
+TEMPFILE_NAME rpz.example.com
+TEMPFILE_CONTENTS rpz.example.com
+$ORIGIN example.com.
+rpz    3600    IN      SOA     ns1.rpz.example.com. hostmaster.rpz.example.com. (
+               1379078166 28800 7200 604800 7200 )
+       3600    IN      NS      ns1.rpz.example.com.
+       3600    IN      NS      ns2.rpz.example.com.
+$ORIGIN rpz.example.com.
+gotham.aa.rpz-nsdname CNAME .
+gotham.bb.rpz-nsdname CNAME *.
+gotham.cc.rpz-nsdname CNAME rpz-drop.
+gotham.com.rpz-nsdname CNAME rpz-passthru.
+gotham.dd.rpz-nsdname CNAME rpz-tcp-only.
+gotham.ee.rpz-nsdname A 127.0.0.1
+gotham.ff.rpz-nsdname TXT "42"
+TEMPFILE_END
+
+stub-zone:
+       name: "."
+       stub-addr: 1.1.1.1
+CONFIG_END
+
+SCENARIO_BEGIN Test RPZ nsip triggers
+
+; . --------------------------------------------------------------------------
+RANGE_BEGIN 0 100
+       ADDRESS 1.1.1.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS ns.root.
+SECTION ADDITIONAL
+ns.root IN A 1.1.1.1
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com. IN NS ns1.com.
+SECTION ADDITIONAL
+ns1.com. IN A 8.8.8.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+aa. IN A
+SECTION AUTHORITY
+aa. IN NS ns1.aa.
+SECTION ADDITIONAL
+ns1.aa. IN A 8.8.0.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+bb. IN A
+SECTION AUTHORITY
+bb. IN NS ns1.bb.
+SECTION ADDITIONAL
+ns1.bb. IN A 8.8.1.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+cc. IN A
+SECTION AUTHORITY
+cc. IN NS ns1.cc.
+SECTION ADDITIONAL
+ns1.cc. IN A 8.8.2.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+dd. IN A
+SECTION AUTHORITY
+dd. IN NS ns1.dd.
+SECTION ADDITIONAL
+ns1.dd. IN A 8.8.3.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+ee. IN A
+SECTION AUTHORITY
+ee. IN NS ns1.ee.
+SECTION ADDITIONAL
+ns1.ee. IN A 8.8.5.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+ff. IN A
+SECTION AUTHORITY
+ff. IN NS ns1.ff.
+SECTION ADDITIONAL
+ns1.ff. IN A 8.8.6.8
+ENTRY_END
+
+RANGE_END
+
+; com. -----------------------------------------------------------------------
+RANGE_BEGIN 0 100
+       ADDRESS 8.8.8.8
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com. IN NS ns1.com.
+SECTION ADDITIONAL
+ns1.com. IN A 8.8.8.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+gotham.com. IN A
+SECTION AUTHORITY
+gotham.com.    IN NS   ns1.gotham.com.
+SECTION ADDITIONAL
+ns1.gotham.com. IN A 192.0.6.1
+ENTRY_END
+
+RANGE_END
+
+; aa. ------------------------------------------------------------------------
+RANGE_BEGIN 0 100
+       ADDRESS 8.8.0.8
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+aa. IN NS
+SECTION ANSWER
+aa. IN NS ns1.aa.
+SECTION ADDITIONAL
+ns1.aa. IN A 8.8.0.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+gotham.aa. IN A
+SECTION AUTHORITY
+gotham.aa.     IN NS   ns1.gotham.aa.
+SECTION ADDITIONAL
+ns1.gotham.aa. IN A 192.0.0.1
+ENTRY_END
+
+RANGE_END
+
+; bb. ------------------------------------------------------------------------
+RANGE_BEGIN 0 100
+       ADDRESS 8.8.1.8
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+bb. IN NS
+SECTION ANSWER
+bb. IN NS ns1.bb.
+SECTION ADDITIONAL
+ns1.bb. IN A 8.8.1.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+gotham.bb. IN A
+SECTION AUTHORITY
+gotham.bb.     IN NS   ns1.gotham.bb.
+SECTION ADDITIONAL
+ns1.gotham.bb. IN A 192.0.1.1
+ENTRY_END
+
+RANGE_END
+
+; ff. ------------------------------------------------------------------------
+RANGE_BEGIN 0 100
+       ADDRESS 8.8.6.8
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+ff. IN NS
+SECTION ANSWER
+ff. IN NS ns1.ff.
+SECTION ADDITIONAL
+ns1.ff. IN A 8.8.6.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+gotham.ff. IN A
+SECTION AUTHORITY
+gotham.ff. IN NS ns1.gotham.ff.
+SECTION ADDITIONAL
+ns1.gotham.ff. IN A 192.0.5.1
+ENTRY_END
+
+RANGE_END
+
+; ns1.gotham.com. ------------------------------------------------------------
+RANGE_BEGIN 0 100
+       ADDRESS 192.0.6.1
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+gotham.com. IN A
+SECTION ANSWER
+gotham.com. IN A 192.0.6.2
+ENTRY_END
+
+RANGE_END
+
+; ns1.gotham.aa. -------------------------------------------------------------
+RANGE_BEGIN 0 100
+       ADDRESS 192.0.0.1
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+gotham.aa. IN A
+SECTION ANSWER
+gotham.aa. IN A 192.0.0.2
+ENTRY_END
+
+RANGE_END
+
+; ns1.gotham.bb. -------------------------------------------------------------
+RANGE_BEGIN 0 100
+       ADDRESS 192.0.1.1
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+gotham.bb. IN A
+SECTION ANSWER
+gotham.bb. IN A 192.0.1.2
+ENTRY_END
+
+RANGE_END
+
+; ns1.gotham.ff. -------------------------------------------------------------
+RANGE_BEGIN 0 100
+       ADDRESS 192.0.5.1
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+gotham.ff. IN A
+SECTION ANSWER
+gotham.ff. IN A 192.0.5.2
+ENTRY_END
+
+RANGE_END
+
+; ----------------------------------------------------------------------------
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+gotham.com. IN A
+ENTRY_END
+
+STEP 2 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+gotham.com. IN A
+SECTION ANSWER
+gotham.com. IN A 192.0.6.2
+ENTRY_END
+
+STEP 10 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+gotham.aa. IN A
+ENTRY_END
+
+STEP 11 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NXDOMAIN
+SECTION QUESTION
+gotham.aa. IN A
+SECTION ANSWER
+ENTRY_END
+
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+gotham.bb. IN A
+ENTRY_END
+
+STEP 21 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+gotham.bb. IN A
+SECTION ANSWER
+ENTRY_END
+
+STEP 30 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+gotham.ff. IN A
+ENTRY_END
+
+STEP 31 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+gotham.ff. IN A
+SECTION ANSWER
+gotham.ff. IN A 127.0.0.1
+ENTRY_END
+
+SCENARIO_END