summaryrefslogtreecommitdiffstats
path: root/tests/deckard/sets/resolver/module_policy_rpz.rpl
diff options
context:
space:
mode:
Diffstat (limited to 'tests/deckard/sets/resolver/module_policy_rpz.rpl')
-rw-r--r--tests/deckard/sets/resolver/module_policy_rpz.rpl153
1 files changed, 153 insertions, 0 deletions
diff --git a/tests/deckard/sets/resolver/module_policy_rpz.rpl b/tests/deckard/sets/resolver/module_policy_rpz.rpl
new file mode 100644
index 0000000..e1588f1
--- /dev/null
+++ b/tests/deckard/sets/resolver/module_policy_rpz.rpl
@@ -0,0 +1,153 @@
+; config options
+ stub-addr: 1.2.3.4
+ feature-list: policy=policy:add(policy.rpz(policy.DENY, '{{INSTALL_DIR}}/sets/resolver/zone.rpz'))
+ query-minimization: off
+CONFIG_END
+
+SCENARIO_BEGIN policy.rpz test
+
+RANGE_BEGIN 0 110
+ ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+example.cz. IN A
+SECTION ANSWER
+example.cz. IN A 5.6.7.8
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+dummy.example.cz. IN A
+SECTION ANSWER
+dummy.example.cz. IN A 9.10.11.12
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+nic.cz. IN A
+SECTION ANSWER
+nic.cz. IN A 13.14.15.16
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+dummy.nic.cz. IN A
+SECTION ANSWER
+dummy.nic.cz. IN A 17.18.19.20
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION ANSWER
+example.com. IN A 21.22.23.24
+ENTRY_END
+RANGE_END
+
+; blocked by example.cz CNAME .
+; NXDOMAIN expected
+STEP 10 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+example.cz. IN A
+ENTRY_END
+
+STEP 20 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH flags rcode question answer
+REPLY QR RD RA AA NXDOMAIN
+SECTION QUESTION
+example.cz. IN A
+SECTION ANSWER
+ENTRY_END
+
+; blocked by *.example.cz CNAME *.
+; NXDOMAIN expected
+STEP 30 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+dummy.example.cz. IN A
+ENTRY_END
+
+STEP 40 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH flags rcode question answer
+REPLY QR RD RA AA NXDOMAIN
+SECTION QUESTION
+dummy.example.cz. IN A
+SECTION ANSWER
+ENTRY_END
+
+; blocked nic.cz CNAME rpz-drop.
+; SERVFAIL expected
+STEP 50 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+nic.cz. IN A
+ENTRY_END
+
+STEP 55 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH flags rcode question answer
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+nic.cz. IN A
+SECTION ANSWER
+ENTRY_END
+
+; matches *.nic.cz CNAME rpz-tcp-only.
+; TC flag expected
+STEP 60 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+dummy.nic.cz. IN A
+ENTRY_END
+
+STEP 65 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH flags rcode question answer
+REPLY QR TC RD RA NOERROR
+SECTION QUESTION
+dummy.nic.cz. IN A
+SECTION ANSWER
+ENTRY_END
+
+; matches example.com CNAME rpz-passthru.
+; rpz not affected
+STEP 70 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+example.com. IN A
+ENTRY_END
+
+STEP 80 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH flags rcode question answer
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+example.com. IN A
+SECTION ANSWER
+example.com. IN A 21.22.23.24
+ENTRY_END
+
+SCENARIO_END
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-09 05:40:50 +0000