From: Ralph Dolmans Date: Thu, 8 Aug 2019 14:43:28 +0000 (+0200) Subject: - Add RPZ/QNAME override test X-Git-Tag: release-1.10.0rc1~28^2~28^2~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7180284d82f9c3e114637c46f8d005c7dbf66336;p=thirdparty%2Funbound.git - Add RPZ/QNAME override test --- diff --git a/testdata/rpz_qname_override.rpl b/testdata/rpz_qname_override.rpl new file mode 100644 index 000000000..d75049306 --- /dev/null +++ b/testdata/rpz_qname_override.rpl @@ -0,0 +1,178 @@ +; config options +server: + module-config: "respip validator iterator" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + +rpz: + name: "rpz.example.com." + rpz-action-override: disabled + zonefile: +TEMPFILE_NAME rpz.example.com +TEMPFILE_CONTENTS rpz.example.com +$ORIGIN rpz.example.com. +a TXT "record zone rpz.example.com" +TEMPFILE_END + +rpz: + name: "rpz2.example.com." + zonefile: +TEMPFILE_NAME rpz2.example.com +TEMPFILE_CONTENTS rpz2.example.com +$ORIGIN rpz2.example.com. +a TXT "record zone rpz2.example.com" +TEMPFILE_END + +rpz: + name: "rpz3.example.com." + rpz-action-override: nodata + zonefile: +TEMPFILE_NAME rpz3.example.com +TEMPFILE_CONTENTS rpz3.example.com +$ORIGIN rpz3.example.com. +b CNAME . +TEMPFILE_END + +rpz: + name: "rpz4.example.com." + rpz-action-override: nxdomain + zonefile: +TEMPFILE_NAME rpz4.example.com +TEMPFILE_CONTENTS rpz4.example.com +$ORIGIN rpz4.example.com. +c CNAME *. +TEMPFILE_END + +rpz: + name: "rpz5.example.com." + rpz-action-override: passthru + zonefile: +TEMPFILE_NAME rpz5.example.com +TEMPFILE_CONTENTS rpz5.example.com +$ORIGIN rpz5.example.com. +d TXT "should be override by passthru" +TEMPFILE_END + +rpz: + name: "rpz6.example.com." + rpz-action-override: cname + rpz-cname-override: "d." + zonefile: +TEMPFILE_NAME rpz6.example.com +TEMPFILE_CONTENTS rpz6.example.com +$ORIGIN rpz6.example.com. +e TXT "should be override by cname" +TEMPFILE_END + +stub-zone: + name: "d." + stub-addr: 10.20.30.40 +CONFIG_END + +SCENARIO_BEGIN Test RPZ action overrides for QNAME trigger + +; d. +RANGE_BEGIN 0 100 + ADDRESS 10.20.30.40 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +d. IN TXT +SECTION ANSWER +d. IN TXT "answer from upstream ns" +ENTRY_END + +RANGE_END + +; check disabled override, should be answered using next policy zone +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +a. IN TXT +ENTRY_END + +STEP 11 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +a. IN TXT +SECTION ANSWER +a TXT "record zone rpz2.example.com" +ENTRY_END + +; check nodata override, would be NXDOMAIN without override +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +b. IN TXT +ENTRY_END + +STEP 21 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +b. IN TXT +SECTION ANSWER +ENTRY_END + +; check nxdomain override, would be NODATA without override +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +c. IN TXT +ENTRY_END + +STEP 31 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +c. IN TXT +SECTION ANSWER +ENTRY_END + +; check passthru override, would be localdata without override +STEP 40 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +d. IN TXT +ENTRY_END + +STEP 41 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +d. IN TXT +SECTION ANSWER +d. IN TXT "answer from upstream ns" +ENTRY_END + +; check cname override, would be localdata without override +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +e. IN TXT +ENTRY_END + +STEP 51 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +e. IN TXT +SECTION ANSWER +e. IN CNAME d. +d. IN TXT "answer from upstream ns" +ENTRY_END + +SCENARIO_END