RPZ: stub nsip testbound scenario

diff --git a/testdata/rpz_nsip.rpl b/testdata/rpz_nsip.rpl
new file mode 100644 (file)
index 0000000..d07199c
--- /dev/null
+++ b/testdata/rpz_nsip.rpl
@@ -0,0 +1,187 @@
+; config options
+server:
+       module-config: "respip validator iterator"
+       target-fetch-policy: "0 0 0 0 0"
+       qname-minimisation: no
+  access-control: 192.0.0.0/8 allow
+
+rpz:
+       name: "rpz.example.com."
+       zonefile:
+TEMPFILE_NAME rpz.example.com
+TEMPFILE_CONTENTS rpz.example.com
+$ORIGIN example.com.
+rpz    3600    IN      SOA     ns1.rpz.gotham.com. hostmaster.rpz.example.com. (
+               1379078166 28800 7200 604800 7200 )
+       3600    IN      NS      ns1.rpz.example.com.
+       3600    IN      NS      ns2.rpz.example.com.
+$ORIGIN rpz.example.com.
+24.0.0.0.192.rpz-nsip CNAME .
+24.0.1.0.192.rpz-nsip CNAME *.
+24.0.2.0.192.rpz-nsip CNAME rpz-drop.
+24.0.3.0.192.rpz-nsip CNAME rpz-passthru.
+24.0.4.0.192.rpz-nsip CNAME rpz-tcp-only.
+24.0.5.0.192.rpz-nsip A 127.0.0.1
+24.0.5.0.192.rpz-nsip TXT "42"
+TEMPFILE_END
+
+stub-zone:
+       name: "."
+       stub-addr: 1.1.1.1
+CONFIG_END
+
+SCENARIO_BEGIN Test RPZ nsip triggers
+
+; .
+RANGE_BEGIN 0 100
+       ADDRESS 1.1.1.1
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS ns.root.
+SECTION ADDITIONAL
+ns.root IN A 1.1.1.1
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN A
+SECTION AUTHORITY
+com. IN NS ns1.com.
+SECTION ADDITIONAL
+ns1.com. IN A 8.8.8.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+aa. IN A
+SECTION AUTHORITY
+aa. IN NS ns1.aa.
+SECTION ADDITIONAL
+ns1.aa. IN A 8.8.0.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+bb. IN A
+SECTION AUTHORITY
+bb. IN NS ns1.bb.
+SECTION ADDITIONAL
+ns1.bb. IN A 8.8.1.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+cc. IN A
+SECTION AUTHORITY
+cc. IN NS ns1.cc.
+SECTION ADDITIONAL
+ns1.cc. IN A 8.8.2.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+dd. IN A
+SECTION AUTHORITY
+dd. IN NS ns1.dd.
+SECTION ADDITIONAL
+ns1.dd. IN A 8.8.3.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+ee. IN A
+SECTION AUTHORITY
+ee. IN NS ns1.ee.
+SECTION ADDITIONAL
+ns1.ee. IN A 8.8.5.8
+ENTRY_END
+
+RANGE_END
+
+; com.
+RANGE_BEGIN 0 100
+       ADDRESS 8.8.8.8
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+com. IN NS
+SECTION ANSWER
+com. IN NS ns1.com.
+SECTION ADDITIONAL
+ns1.com. IN A 8.8.8.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+gotham.com. IN A
+SECTION AUTHORITY
+gotham.com.    IN NS   ns1.gotham.com.
+SECTION ADDITIONAL
+ns1.gotham.com. IN A 192.0.6.1
+ENTRY_END
+
+RANGE_END
+
+; ns1.gotham.com.
+RANGE_BEGIN 0 100
+       ADDRESS 192.0.6.1
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+gotham.com. IN A
+SECTION ANSWER
+gotham.com. IN A 192.0.6.2
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+gotham.com. IN A
+ENTRY_END
+
+STEP 2 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+gotham.com. IN A
+SECTION ANSWER
+gotham.com. IN A 192.0.6.2
+ENTRY_END
+
+SCENARIO_END