diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 00:55:53 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 00:55:53 +0000 |
| commit | 3d0386f27ca66379acf50199e1d1298386eeeeb8 (patch) | |
| tree | f87bd4a126b3a843858eb447e8fd5893c3ee3882 /tests/deckard/sets/resolver/module_policy_rpz.rpl | |
| parent | Initial commit. (diff) | |
| download | knot-resolver-upstream.tar.xz knot-resolver-upstream.zip | |
Adding upstream version 3.2.1.upstream/3.2.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/deckard/sets/resolver/module_policy_rpz.rpl')
| -rw-r--r-- | tests/deckard/sets/resolver/module_policy_rpz.rpl | 153 |
1 files changed, 153 insertions, 0 deletions
diff --git a/tests/deckard/sets/resolver/module_policy_rpz.rpl b/tests/deckard/sets/resolver/module_policy_rpz.rpl new file mode 100644 index 0000000..e1588f1 --- /dev/null +++ b/tests/deckard/sets/resolver/module_policy_rpz.rpl @@ -0,0 +1,153 @@ +; config options + stub-addr: 1.2.3.4 + feature-list: policy=policy:add(policy.rpz(policy.DENY, '{{INSTALL_DIR}}/sets/resolver/zone.rpz')) + query-minimization: off +CONFIG_END + +SCENARIO_BEGIN policy.rpz test + +RANGE_BEGIN 0 110 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR RD RA NOERROR +SECTION QUESTION +example.cz. IN A +SECTION ANSWER +example.cz. IN A 5.6.7.8 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR RD RA NOERROR +SECTION QUESTION +dummy.example.cz. IN A +SECTION ANSWER +dummy.example.cz. IN A 9.10.11.12 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR RD RA NOERROR +SECTION QUESTION +nic.cz. IN A +SECTION ANSWER +nic.cz. IN A 13.14.15.16 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR RD RA NOERROR +SECTION QUESTION +dummy.nic.cz. IN A +SECTION ANSWER +dummy.nic.cz. IN A 17.18.19.20 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR RD RA NOERROR +SECTION QUESTION +example.com. IN A +SECTION ANSWER +example.com. IN A 21.22.23.24 +ENTRY_END +RANGE_END + +; blocked by example.cz CNAME . +; NXDOMAIN expected +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example.cz. IN A +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH flags rcode question answer +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +example.cz. IN A +SECTION ANSWER +ENTRY_END + +; blocked by *.example.cz CNAME *. +; NXDOMAIN expected +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +dummy.example.cz. IN A +ENTRY_END + +STEP 40 CHECK_ANSWER +ENTRY_BEGIN +MATCH flags rcode question answer +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +dummy.example.cz. IN A +SECTION ANSWER +ENTRY_END + +; blocked nic.cz CNAME rpz-drop. +; SERVFAIL expected +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +nic.cz. IN A +ENTRY_END + +STEP 55 CHECK_ANSWER +ENTRY_BEGIN +MATCH flags rcode question answer +REPLY QR RD RA SERVFAIL +SECTION QUESTION +nic.cz. IN A +SECTION ANSWER +ENTRY_END + +; matches *.nic.cz CNAME rpz-tcp-only. +; TC flag expected +STEP 60 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +dummy.nic.cz. IN A +ENTRY_END + +STEP 65 CHECK_ANSWER +ENTRY_BEGIN +MATCH flags rcode question answer +REPLY QR TC RD RA NOERROR +SECTION QUESTION +dummy.nic.cz. IN A +SECTION ANSWER +ENTRY_END + +; matches example.com CNAME rpz-passthru. +; rpz not affected +STEP 70 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example.com. IN A +ENTRY_END + +STEP 80 CHECK_ANSWER +ENTRY_BEGIN +MATCH flags rcode question answer +REPLY QR RD RA NOERROR +SECTION QUESTION +example.com. IN A +SECTION ANSWER +example.com. IN A 21.22.23.24 +ENTRY_END + +SCENARIO_END |