a7-2 A 192.168.7.2
TXT "a7-2 tld2 text"
+
+a8-1 A 192.168.8.1
+ TXT "a8-1 tld2 text"
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300
+
+$INCLUDE include-rpz.inc
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300
+@ SOA include-rpz. hostmaster.ns.include-rpz. ( 1 3600 1200 604800 60 )
+ NS ns.tld3.
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300
+@ SOA include-rpz. hostmaster.ns.include-rpz. ( 2 3600 1200 604800 60 )
+ NS ns.tld3.
+
+a8-1.tld2 CNAME .
zone "bl.tld2";
zone "manual-update-rpz" ede forged;
zone "mixed-case-rpz";
+ zone "include-rpz";
zone "evil-cname" policy cname a12.tld2. ede blocked;
zone "wild-cname" ede blocked;
zone "slow-rpz";
notify no;
};
+zone "include-rpz." {
+ type primary;
+ file "include-rpz.db";
+ notify no;
+};
+
zone "slow-rpz." {
type primary;
file "slow-rpz.db";
cp ns3/mixed-case-rpz-1.db.in ns3/mixed-case-rpz.db
+cp ns3/include-rpz.db.in ns3/include-rpz.db
+cp ns3/include-rpz.inc-1.in ns3/include-rpz.inc
+
# a "big" zone (tested with '-T rpzslow' enabled to slow down loading)
cp ns3/slow-rpz.db.in ns3/slow-rpz.db
$DIG -p ${PORT} @$ns3 walled.tld2 >dig.out.$t.after || setret "failed"
grep "walled\.tld2\..*IN.*A.*10\.0\.0\.1" dig.out.$t.after >/dev/null || setret "failed"
+t=$((t + 1))
+echo_i "checking rpz with included rules can reload (${t})"
+$DIG -p ${PORT} @$ns3 a8-1.tld2 >dig.out.$t.before || setret "failed"
+grep "status: NOERROR" dig.out.$t.before >/dev/null || setret "failed"
+cp ns3/include-rpz.inc-2.in ns3/include-rpz.inc
+rndc_reload ns3 $ns3 include-rpz
+sleep 1
+$DIG -p ${PORT} @$ns3 a8-1.tld2 >dig.out.$t.after || setret "failed"
+grep "status: NXDOMAIN" dig.out.$t.after >/dev/null || setret "failed"
+
t=$((t + 1))
echo_i "checking the default (unset) extended DNS error code (EDE) (${t})"
$DIG -p ${PORT} @$ns3 a6-2.tld2. A >dig.out.$t || setret "failed"
"ns3/bl.tld2.db",
"ns3/evil-cname.db",
"ns3/fast-expire.db",
+ "ns3/include-rpz.db",
+ "ns3/include-rpz.inc",
"ns3/manual-update-rpz.db",
"ns3/mixed-case-rpz.db",
"ns3/named.conf.tmp",
projects / thirdparty / bind9.git / commitdiff
