diff options
Diffstat (limited to 'modules/view/tsig.test.integr/module_view_tsig.rpl')
-rw-r--r-- | modules/view/tsig.test.integr/module_view_tsig.rpl | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/modules/view/tsig.test.integr/module_view_tsig.rpl b/modules/view/tsig.test.integr/module_view_tsig.rpl new file mode 100644 index 0000000..fd6d291 --- /dev/null +++ b/modules/view/tsig.test.integr/module_view_tsig.rpl @@ -0,0 +1,114 @@ +; SPDX-License-Identifier: GPL-3.0-or-later +; config options + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN view:tsig test + +RANGE_BEGIN 0 110 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR RD RA NOERROR +SECTION QUESTION +example.cz. IN A +SECTION ANSWER +example.cz. IN A 5.6.7.8 +ENTRY_END + +RANGE_END + +RANGE_BEGIN 0 110 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR RD RA NOERROR +SECTION QUESTION +example.net. IN A +SECTION ANSWER +example.net. IN A 6.6.6.6 +ENTRY_END +RANGE_END + +; policy fallback (no view matched, policy is behind view module) +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +TSIG testkey +Cdjlkef9ZTSeixERZ433Q== +SECTION QUESTION +example.cz. IN A +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH flags rcode question answer +REPLY QR RD RA NOERROR +SECTION QUESTION +example.cz. IN A +SECTION ANSWER +example.cz. IN A 5.6.7.8 +ENTRY_END + +; blocked by view:tsig testkey1 + inner policy.suffix com +; NXDOMAIN expected +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +TSIG testkey1 +Cdjlkef9ZTSeixERZ433Q== +SECTION QUESTION +example.com. IN A +ENTRY_END + +STEP 31 CHECK_ANSWER +ENTRY_BEGIN +MATCH opcode question rcode additional +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +example.com. IN A +SECTION ADDITIONAL +explanation.invalid. 10800 IN TXT "TSIG key testkey1 matched com" +ENTRY_END + +; blocked by view:tsig testkey1 + inner policy.suffix net +; second view rule gets executed if policy in preceding view rule did not match +STEP 32 QUERY +ENTRY_BEGIN +REPLY RD +TSIG testkey1 +Cdjlkef9ZTSeixERZ433Q== +SECTION QUESTION +example.net. IN A +ENTRY_END + +STEP 33 CHECK_ANSWER +ENTRY_BEGIN +MATCH opcode question rcode additional +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +example.net. IN A +SECTION ADDITIONAL +explanation.invalid. 10800 IN TXT "TSIG key testkey1 matched net" +ENTRY_END + +; blocked by view:tsig testkey + inner policy.suffix example (different key) +; third view rule gets executed if policy in preceding view rule did not match +STEP 34 QUERY +ENTRY_BEGIN +REPLY RD +TSIG testkey +Cdjlkef9ZTSeixERZ433Q== +SECTION QUESTION +example. IN A +ENTRY_END + +STEP 35 CHECK_ANSWER +ENTRY_BEGIN +MATCH opcode question rcode additional +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +example. IN A +SECTION ADDITIONAL +explanation.invalid. 10800 IN TXT "TSIG key testkey matched example" +ENTRY_END + +SCENARIO_END |