diff options
Diffstat (limited to '')
25 files changed, 753 insertions, 0 deletions
diff --git a/bin/tests/system/rpzrecurse/ns2/db.clientip1 b/bin/tests/system/rpzrecurse/ns2/db.clientip1 new file mode 100644 index 0000000..f0d53d2 --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/db.clientip1 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 60 +@ IN SOA root.ns ns 1996072700 3600 1800 86400 60 + NS ns +ns A 127.0.0.1 +32.4.0.53.10.rpz-client-ip A 10.53.0.2 +24.0.0.53.10.rpz-client-ip A 10.53.0.1 diff --git a/bin/tests/system/rpzrecurse/ns2/db.clientip2 b/bin/tests/system/rpzrecurse/ns2/db.clientip2 new file mode 100644 index 0000000..dfcc341 --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/db.clientip2 @@ -0,0 +1,16 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 60 +@ IN SOA root.ns ns 1996072700 3600 1800 86400 60 + NS ns +ns A 127.0.0.1 +24.0.0.53.10.rpz-client-ip A 10.53.0.3 diff --git a/bin/tests/system/rpzrecurse/ns2/db.clientip21 b/bin/tests/system/rpzrecurse/ns2/db.clientip21 new file mode 100644 index 0000000..4ce2af1 --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/db.clientip21 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 60 +@ IN SOA root.ns ns 1996072700 3600 1800 86400 60 + NS ns +ns A 127.0.0.1 +32.3.0.53.10.rpz-client-ip A 10.53.0.1 +31.2.0.53.10.rpz-client-ip CNAME . diff --git a/bin/tests/system/rpzrecurse/ns2/db.given b/bin/tests/system/rpzrecurse/ns2/db.given new file mode 100644 index 0000000..d464a53 --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/db.given @@ -0,0 +1,21 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$ORIGIN given.zone. +$TTL 3600 +@ IN SOA ns.given.zone. hostmaster.given.zone. 1 600 300 604800 3600 + IN NS ns.given.zone. + +ns.given.zone. IN A 127.0.0.1 +; this should be ignored as it matches an earlier passthru entry. +example.com CNAME . +; this should be ignored as it matches an earlier wildcard passthru entry. +www.example.com CNAME . diff --git a/bin/tests/system/rpzrecurse/ns2/db.invalidprefixlength b/bin/tests/system/rpzrecurse/ns2/db.invalidprefixlength new file mode 100644 index 0000000..f496670 --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/db.invalidprefixlength @@ -0,0 +1,16 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 60 +@ IN SOA root.ns ns 1996072700 3600 1800 86400 60 + NS ns +ns A 127.0.0.1 +1000.4.0.53.10.rpz-client-ip A 10.53.0.1 diff --git a/bin/tests/system/rpzrecurse/ns2/db.log1 b/bin/tests/system/rpzrecurse/ns2/db.log1 new file mode 100644 index 0000000..495885b --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/db.log1 @@ -0,0 +1,16 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 60 +@ IN SOA root.ns ns 1996072700 3600 1800 86400 60 + NS ns +ns A 127.0.0.1 +32.4.0.53.10.rpz-client-ip A 10.53.0.4 diff --git a/bin/tests/system/rpzrecurse/ns2/db.log2 b/bin/tests/system/rpzrecurse/ns2/db.log2 new file mode 100644 index 0000000..91ff8c5 --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/db.log2 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 60 +@ IN SOA root.ns ns 1996072700 3600 1800 86400 60 + NS ns +ns A 127.0.0.1 +32.4.0.53.10.rpz-client-ip A 10.53.0.4 +32.3.0.53.10.rpz-client-ip A 10.53.0.3 diff --git a/bin/tests/system/rpzrecurse/ns2/db.log3 b/bin/tests/system/rpzrecurse/ns2/db.log3 new file mode 100644 index 0000000..65ed980 --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/db.log3 @@ -0,0 +1,18 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 60 +@ IN SOA root.ns ns 1996072700 3600 1800 86400 60 + NS ns +ns A 127.0.0.1 +32.4.0.53.10.rpz-client-ip A 10.53.0.4 +32.3.0.53.10.rpz-client-ip A 10.53.0.3 +32.2.0.53.10.rpz-client-ip A 10.53.0.2 diff --git a/bin/tests/system/rpzrecurse/ns2/db.passthru b/bin/tests/system/rpzrecurse/ns2/db.passthru new file mode 100644 index 0000000..eac3533 --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/db.passthru @@ -0,0 +1,20 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$ORIGIN passthru.zone. +$TTL 3600 +@ IN SOA ns.passthru.zone. hostmaster.passthru.zone. 1 600 300 604800 3600 + IN NS ns.passthru.zone. + +ns.passthru.zone. IN A 127.0.0.1 + +example.com CNAME rpz-passthru. +*.example.com CNAME rpz-passthru. diff --git a/bin/tests/system/rpzrecurse/ns2/db.wildcard1 b/bin/tests/system/rpzrecurse/ns2/db.wildcard1 new file mode 100644 index 0000000..3e5c78f --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/db.wildcard1 @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 60 +@ IN SOA root.ns ns 1996072700 3600 1800 86400 60 + NS ns +ns A 127.0.0.1 +*.test1.example.net CNAME . +test1.example.net CNAME . diff --git a/bin/tests/system/rpzrecurse/ns2/db.wildcard2a b/bin/tests/system/rpzrecurse/ns2/db.wildcard2a new file mode 100644 index 0000000..3e5c78f --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/db.wildcard2a @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 60 +@ IN SOA root.ns ns 1996072700 3600 1800 86400 60 + NS ns +ns A 127.0.0.1 +*.test1.example.net CNAME . +test1.example.net CNAME . diff --git a/bin/tests/system/rpzrecurse/ns2/db.wildcard2b b/bin/tests/system/rpzrecurse/ns2/db.wildcard2b new file mode 100644 index 0000000..f8e6123 --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/db.wildcard2b @@ -0,0 +1,17 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 60 +@ IN SOA root.ns ns 1996072700 3600 1800 86400 60 + NS ns +ns A 127.0.0.1 +*.test2.example.net CNAME . +test2.example.net CNAME . diff --git a/bin/tests/system/rpzrecurse/ns2/db.wildcard3 b/bin/tests/system/rpzrecurse/ns2/db.wildcard3 new file mode 100644 index 0000000..5354c04 --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/db.wildcard3 @@ -0,0 +1,16 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 60 +@ IN SOA root.ns ns 1996072700 3600 1800 86400 60 + NS ns +ns A 127.0.0.1 +*.test1.example.net CNAME . diff --git a/bin/tests/system/rpzrecurse/ns2/named.clientip.conf b/bin/tests/system/rpzrecurse/ns2/named.clientip.conf new file mode 100644 index 0000000..8df90a3 --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/named.clientip.conf @@ -0,0 +1,37 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +# common configuration +include "named.conf.header"; + +view "recursive" { + zone "." { + type hint; + file "root.hint"; + }; + + # policy configuration to be tested + response-policy { + zone "clientip1"; + zone "clientip2"; + } qname-wait-recurse no + nsdname-enable yes + nsip-enable yes; + + # policy zones to be tested + zone "clientip1" { type master; file "db.clientip1"; }; + zone "clientip2" { type master; file "db.clientip2"; }; + + recursion yes; + dnssec-validation yes; +}; diff --git a/bin/tests/system/rpzrecurse/ns2/named.clientip2.conf b/bin/tests/system/rpzrecurse/ns2/named.clientip2.conf new file mode 100644 index 0000000..8c15909 --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/named.clientip2.conf @@ -0,0 +1,37 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +# common configuration +include "named.conf.header"; + +view "recursive" { + zone "." { + type hint; + file "root.hint"; + }; + + servfail-ttl 0; + + # policy configuration to be tested + response-policy { + zone "clientip21"; + } qname-wait-recurse no + nsdname-enable yes + nsip-enable yes; + + # policy zones to be tested + zone "clientip21" { type master; file "db.clientip21"; }; + + recursion yes; + dnssec-validation yes; +}; diff --git a/bin/tests/system/rpzrecurse/ns2/named.conf.header.in b/bin/tests/system/rpzrecurse/ns2/named.conf.header.in new file mode 100644 index 0000000..77c3c6a --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/named.conf.header.in @@ -0,0 +1,41 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +controls { /* empty */ }; + +options { + query-source address 10.53.0.2; + notify-source 10.53.0.2; + transfer-source 10.53.0.2; + port @PORT@; + session-keyfile "session.key"; + pid-file "named.pid"; + listen-on { 10.53.0.2; }; + listen-on-v6 { none; }; + recursion yes; + dnssec-validation yes; + querylog yes; + + # let ns3 start dnsrpzd + include "../dnsrps-slave.conf"; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + diff --git a/bin/tests/system/rpzrecurse/ns2/named.default.conf b/bin/tests/system/rpzrecurse/ns2/named.default.conf new file mode 100644 index 0000000..929b88f --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/named.default.conf @@ -0,0 +1,25 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +# common configuration +include "named.conf.header"; + +view "recursive" { + zone "." { + type hint; + file "root.hint"; + }; + + recursion yes; + dnssec-validation yes; +}; diff --git a/bin/tests/system/rpzrecurse/ns2/named.invalidprefixlength.conf b/bin/tests/system/rpzrecurse/ns2/named.invalidprefixlength.conf new file mode 100644 index 0000000..c7dad28 --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/named.invalidprefixlength.conf @@ -0,0 +1,30 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +# common configuration +include "named.conf.header"; + +view "recursive" { + zone "." { + type hint; + file "root.hint"; + }; + + # policy configuration to be tested + response-policy { + zone "invalidprefixlength"; + }; + + # policy zones to be tested + zone "invalidprefixlength" { type master; file "db.invalidprefixlength"; }; +}; diff --git a/bin/tests/system/rpzrecurse/ns2/named.log.conf b/bin/tests/system/rpzrecurse/ns2/named.log.conf new file mode 100644 index 0000000..c3b4df6 --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/named.log.conf @@ -0,0 +1,39 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +# common configuration +include "named.conf.header"; + +view "recursive" { + zone "." { + type hint; + file "root.hint"; + }; + + # policy configuration to be tested + response-policy { + zone "log1" log no; + zone "log2" log yes; + zone "log3"; # missing log clause + } qname-wait-recurse no + nsdname-enable yes + nsip-enable yes; + + # policy zones to be tested + zone "log1" { type master; file "db.log1"; }; + zone "log2" { type master; file "db.log2"; }; + zone "log3" { type master; file "db.log3"; }; + + recursion yes; + dnssec-validation yes; +}; diff --git a/bin/tests/system/rpzrecurse/ns2/named.max.conf b/bin/tests/system/rpzrecurse/ns2/named.max.conf new file mode 100644 index 0000000..5b9f8a2 --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/named.max.conf @@ -0,0 +1,161 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +# common configuration +include "named.conf.header"; + +view "recursive" { + zone "." { + type hint; + file "root.hint"; + }; + + # policy configuration to be tested + response-policy { + zone "max1"; + zone "max2"; + zone "max3"; + zone "max4"; + zone "max5"; + zone "max6"; + zone "max7"; + zone "max8"; + zone "max9"; + zone "max10"; + zone "max11"; + zone "max12"; + zone "max13"; + zone "max14"; + zone "max15"; + zone "max16"; + zone "max17"; + zone "max18"; + zone "max19"; + zone "max20"; + zone "max21"; + zone "max22"; + zone "max23"; + zone "max24"; + zone "max25"; + zone "max26"; + zone "max27"; + zone "max28"; + zone "max29"; + zone "max30"; + zone "max31"; + zone "max32"; + zone "max33"; + zone "max34"; + zone "max35"; + zone "max36"; + zone "max37"; + zone "max38"; + zone "max39"; + zone "max40"; + zone "max41"; + zone "max42"; + zone "max43"; + zone "max44"; + zone "max45"; + zone "max46"; + zone "max47"; + zone "max48"; + zone "max49"; + zone "max50"; + zone "max51"; + zone "max52"; + zone "max53"; + zone "max54"; + zone "max55"; + zone "max56"; + zone "max57"; + zone "max58"; + zone "max59"; + zone "max60"; + zone "max61"; + zone "max62"; + zone "max63"; + zone "max64"; + } qname-wait-recurse no + nsdname-enable yes + nsip-enable yes; + + # policy zones to be tested + zone "max1" { type master; file "db.max1.local"; }; + zone "max2" { type master; file "db.max2.local"; }; + zone "max3" { type master; file "db.max3.local"; }; + zone "max4" { type master; file "db.max4.local"; }; + zone "max5" { type master; file "db.max5.local"; }; + zone "max6" { type master; file "db.max6.local"; }; + zone "max7" { type master; file "db.max7.local"; }; + zone "max8" { type master; file "db.max8.local"; }; + zone "max9" { type master; file "db.max9.local"; }; + zone "max10" { type master; file "db.max10.local"; }; + zone "max11" { type master; file "db.max11.local"; }; + zone "max12" { type master; file "db.max12.local"; }; + zone "max13" { type master; file "db.max13.local"; }; + zone "max14" { type master; file "db.max14.local"; }; + zone "max15" { type master; file "db.max15.local"; }; + zone "max16" { type master; file "db.max16.local"; }; + zone "max17" { type master; file "db.max17.local"; }; + zone "max18" { type master; file "db.max18.local"; }; + zone "max19" { type master; file "db.max19.local"; }; + zone "max20" { type master; file "db.max20.local"; }; + zone "max21" { type master; file "db.max21.local"; }; + zone "max22" { type master; file "db.max22.local"; }; + zone "max23" { type master; file "db.max23.local"; }; + zone "max24" { type master; file "db.max24.local"; }; + zone "max25" { type master; file "db.max25.local"; }; + zone "max26" { type master; file "db.max26.local"; }; + zone "max27" { type master; file "db.max27.local"; }; + zone "max28" { type master; file "db.max28.local"; }; + zone "max29" { type master; file "db.max29.local"; }; + zone "max30" { type master; file "db.max30.local"; }; + zone "max31" { type master; file "db.max31.local"; }; + zone "max32" { type master; file "db.max32.local"; }; + zone "max33" { type master; file "db.max33.local"; }; + zone "max34" { type master; file "db.max34.local"; }; + zone "max35" { type master; file "db.max35.local"; }; + zone "max36" { type master; file "db.max36.local"; }; + zone "max37" { type master; file "db.max37.local"; }; + zone "max38" { type master; file "db.max38.local"; }; + zone "max39" { type master; file "db.max39.local"; }; + zone "max40" { type master; file "db.max40.local"; }; + zone "max41" { type master; file "db.max41.local"; }; + zone "max42" { type master; file "db.max42.local"; }; + zone "max43" { type master; file "db.max43.local"; }; + zone "max44" { type master; file "db.max44.local"; }; + zone "max45" { type master; file "db.max45.local"; }; + zone "max46" { type master; file "db.max46.local"; }; + zone "max47" { type master; file "db.max47.local"; }; + zone "max48" { type master; file "db.max48.local"; }; + zone "max49" { type master; file "db.max49.local"; }; + zone "max50" { type master; file "db.max50.local"; }; + zone "max51" { type master; file "db.max51.local"; }; + zone "max52" { type master; file "db.max52.local"; }; + zone "max53" { type master; file "db.max53.local"; }; + zone "max54" { type master; file "db.max54.local"; }; + zone "max55" { type master; file "db.max55.local"; }; + zone "max56" { type master; file "db.max56.local"; }; + zone "max57" { type master; file "db.max57.local"; }; + zone "max58" { type master; file "db.max58.local"; }; + zone "max59" { type master; file "db.max59.local"; }; + zone "max60" { type master; file "db.max60.local"; }; + zone "max61" { type master; file "db.max61.local"; }; + zone "max62" { type master; file "db.max62.local"; }; + zone "max63" { type master; file "db.max63.local"; }; + zone "max64" { type master; file "db.max64.local"; }; + + recursion yes; + dnssec-validation yes; +}; diff --git a/bin/tests/system/rpzrecurse/ns2/named.wildcard1.conf b/bin/tests/system/rpzrecurse/ns2/named.wildcard1.conf new file mode 100644 index 0000000..f9e205d --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/named.wildcard1.conf @@ -0,0 +1,35 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +# common configuration +include "named.conf.header"; + +view "recursive" { + zone "." { + type hint; + file "root.hint"; + }; + + # policy configuration to be tested + response-policy { + zone "wildcard1" policy NXDOMAIN; + } qname-wait-recurse yes + nsdname-enable yes + nsip-enable yes; + + # policy zones to be tested + zone "wildcard1" { type master; file "db.wildcard1"; }; + + recursion yes; + dnssec-validation yes; +}; diff --git a/bin/tests/system/rpzrecurse/ns2/named.wildcard2.conf b/bin/tests/system/rpzrecurse/ns2/named.wildcard2.conf new file mode 100644 index 0000000..31d05c6 --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/named.wildcard2.conf @@ -0,0 +1,37 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +# common configuration +include "named.conf.header"; + +view "recursive" { + zone "." { + type hint; + file "root.hint"; + }; + + # policy configuration to be tested + response-policy { + zone "wildcard2a" policy NXDOMAIN; + zone "wildcard2b" policy NXDOMAIN; + } qname-wait-recurse yes + nsdname-enable yes + nsip-enable yes; + + # policy zones to be tested + zone "wildcard2a" { type master; file "db.wildcard2a"; }; + zone "wildcard2b" { type master; file "db.wildcard2b"; }; + + recursion yes; + dnssec-validation yes; +}; diff --git a/bin/tests/system/rpzrecurse/ns2/named.wildcard3.conf b/bin/tests/system/rpzrecurse/ns2/named.wildcard3.conf new file mode 100644 index 0000000..7164d70 --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/named.wildcard3.conf @@ -0,0 +1,35 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +# common configuration +include "named.conf.header"; + +view "recursive" { + zone "." { + type hint; + file "root.hint"; + }; + + # policy configuration to be tested + response-policy { + zone "wildcard3" policy NXDOMAIN; + } qname-wait-recurse yes + nsdname-enable yes + nsip-enable yes; + + # policy zones to be tested + zone "wildcard3" { type master; file "db.wildcard3"; }; + + recursion yes; + dnssec-validation yes; +}; diff --git a/bin/tests/system/rpzrecurse/ns2/named.wildcard4.conf b/bin/tests/system/rpzrecurse/ns2/named.wildcard4.conf new file mode 100644 index 0000000..b6a76d0 --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/named.wildcard4.conf @@ -0,0 +1,37 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +# common configuration +include "named.conf.header"; + +view "recursive" { + # policy configuration to be tested + response-policy { + zone "passthru.zone" policy passthru; + zone "given.zone" policy given; + } qname-wait-recurse yes + nsdname-enable yes + nsip-enable yes; + + # policy zones to be tested + zone "passthru.zone" { type master; file "db.passthru"; }; + zone "given.zone" { type master; file "db.given"; }; + + zone "." { + type hint; + file "root.hint"; + }; + + recursion yes; + dnssec-validation yes; +}; diff --git a/bin/tests/system/rpzrecurse/ns2/root.hint b/bin/tests/system/rpzrecurse/ns2/root.hint new file mode 100644 index 0000000..ced47f3 --- /dev/null +++ b/bin/tests/system/rpzrecurse/ns2/root.hint @@ -0,0 +1,14 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 999999 +. IN NS ns.example. +ns.example. IN A 10.53.0.1 |