From 33445be8dfc6849d0a94a22e85f828058f3a3430 Mon Sep 17 00:00:00 2001
From: tcarpay <tom@nlnetlabs.nl>
Date: Tue, 31 Aug 2021 15:22:44 +0200
Subject: [PATCH] add setup of RPZ and full tests of earlier implemented EDEs

---
 testdata/ede.tdir/ede.conf         |  9 +++++++--
 testdata/ede.tdir/ede.test         | 24 ++++++++++++++++++++----
 testdata/ede.tdir/rpz.nlnetlabs.nl |  4 ++++
 3 files changed, 31 insertions(+), 6 deletions(-)
 create mode 100644 testdata/ede.tdir/rpz.nlnetlabs.nl

diff --git a/testdata/ede.tdir/ede.conf b/testdata/ede.tdir/ede.conf
index 1b9635432..e5b0f73f5 100644
--- a/testdata/ede.tdir/ede.conf
+++ b/testdata/ede.tdir/ede.conf
@@ -11,6 +11,11 @@ server:
 	# @TODO change this to local file
 	auto-trust-anchor-file: "/var/lib/unbound/root.key"
 
-server:
+	module-config: "respip validator iterator"
+
 	local-zone: hopsa.kidee. always_refuse
-	local-data: "hopsa.kidee. TXT hela hola"
\ No newline at end of file
+	local-data: "hopsa.kidee. TXT hela hola"
+
+rpz:
+	name: rpz.nlnetlabs.nl
+	zonefile: rpz.nlnetlabs.nl
\ No newline at end of file
diff --git a/testdata/ede.tdir/ede.test b/testdata/ede.tdir/ede.test
index d07b86650..5167a32cc 100644
--- a/testdata/ede.tdir/ede.test
+++ b/testdata/ede.tdir/ede.test
@@ -24,18 +24,34 @@ echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
 # query with bad edns keepalive
 dig @127.0.0.1 -p $UNBOUND_PORT +tcp +ednsopt=11:010203 > keepalive.txt
 
+if ! grep -q "OPT=15: 00 00 71 75 65 72 79 20 77 69 74 68 20 62 61 64 20 65 64 6e 73 20 6b 65 65 70 61 6c 69 76 65" keepalive.txt
+then
+	echo "Incorect bad edns keepalive output"
+	exit 1
+fi
+
 # refused nonrec (cache snoop) (Not Auth)
-dig @127.0.0.1 -p $UNBOUND_PORT +norec > snoop.text
+dig @127.0.0.1 -p $UNBOUND_PORT +norec > snoop.txt
+
+if ! grep -q "OPT=15: 00 14" snoop.txt
+then
+	echo "Incorect cache snoop output"
+	exit 1
+fi
 
 # @TODO dnssec bogus local zones something
-dig @127.0.0.1 qwerqwer.hopsa.kidee. TXT +dnssec > bogus.txt
+dig @127.0.0.1 -p $UNBOUND_PORT qwerqwer.hopsa.kidee. TXT +dnssec > bogus.txt
 
-# refused, not auth ???
+if ! grep -q "OPT=15: 00 0f" bogus.txt
+then
+	echo "Incorect DNSSEC local zone output"
+	exit 1
+fi
 
 
 # DNAME expansion
 
-
+# RPZ
 
 
 
diff --git a/testdata/ede.tdir/rpz.nlnetlabs.nl b/testdata/ede.tdir/rpz.nlnetlabs.nl
new file mode 100644
index 000000000..3326bdb92
--- /dev/null
+++ b/testdata/ede.tdir/rpz.nlnetlabs.nl
@@ -0,0 +1,4 @@
+$ORIGIN rpz.nlnetlabs.nl.
+
+drop.example.com.rpz.nlnetlabs.nl. CNAME rpz-drop.
+32.34.216.184.93.rpz-ip.rpz.nlnetlabs.nl. A 192.0.2.1
\ No newline at end of file
-- 
2.47.2