summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/rpzrecurse/ns2
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 15:59:48 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 15:59:48 +0000
commit3b9b6d0b8e7f798023c9d109c490449d528fde80 (patch)
tree2e1c188dd7b8d7475cd163de9ae02c428343669b /bin/tests/system/rpzrecurse/ns2
parentInitial commit. (diff)
downloadbind9-upstream/1%9.18.19.tar.xz
bind9-upstream/1%9.18.19.zip
Adding upstream version 1:9.18.19.upstream/1%9.18.19upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--bin/tests/system/rpzrecurse/ns2/db.clientip117
-rw-r--r--bin/tests/system/rpzrecurse/ns2/db.clientip216
-rw-r--r--bin/tests/system/rpzrecurse/ns2/db.clientip2117
-rw-r--r--bin/tests/system/rpzrecurse/ns2/db.given21
-rw-r--r--bin/tests/system/rpzrecurse/ns2/db.invalidprefixlength16
-rw-r--r--bin/tests/system/rpzrecurse/ns2/db.log116
-rw-r--r--bin/tests/system/rpzrecurse/ns2/db.log217
-rw-r--r--bin/tests/system/rpzrecurse/ns2/db.log318
-rw-r--r--bin/tests/system/rpzrecurse/ns2/db.passthru20
-rw-r--r--bin/tests/system/rpzrecurse/ns2/db.wildcard117
-rw-r--r--bin/tests/system/rpzrecurse/ns2/db.wildcard2a17
-rw-r--r--bin/tests/system/rpzrecurse/ns2/db.wildcard2b17
-rw-r--r--bin/tests/system/rpzrecurse/ns2/db.wildcard316
-rw-r--r--bin/tests/system/rpzrecurse/ns2/named.clientip.conf37
-rw-r--r--bin/tests/system/rpzrecurse/ns2/named.clientip2.conf37
-rw-r--r--bin/tests/system/rpzrecurse/ns2/named.conf.header.in41
-rw-r--r--bin/tests/system/rpzrecurse/ns2/named.default.conf25
-rw-r--r--bin/tests/system/rpzrecurse/ns2/named.invalidprefixlength.conf30
-rw-r--r--bin/tests/system/rpzrecurse/ns2/named.log.conf39
-rw-r--r--bin/tests/system/rpzrecurse/ns2/named.max.conf161
-rw-r--r--bin/tests/system/rpzrecurse/ns2/named.wildcard1.conf35
-rw-r--r--bin/tests/system/rpzrecurse/ns2/named.wildcard2.conf37
-rw-r--r--bin/tests/system/rpzrecurse/ns2/named.wildcard3.conf35
-rw-r--r--bin/tests/system/rpzrecurse/ns2/named.wildcard4.conf37
-rw-r--r--bin/tests/system/rpzrecurse/ns2/root.hint14
25 files changed, 753 insertions, 0 deletions
diff --git a/bin/tests/system/rpzrecurse/ns2/db.clientip1 b/bin/tests/system/rpzrecurse/ns2/db.clientip1
new file mode 100644
index 0000000..f0d53d2
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/db.clientip1
@@ -0,0 +1,17 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 60
+@ IN SOA root.ns ns 1996072700 3600 1800 86400 60
+ NS ns
+ns A 127.0.0.1
+32.4.0.53.10.rpz-client-ip A 10.53.0.2
+24.0.0.53.10.rpz-client-ip A 10.53.0.1
diff --git a/bin/tests/system/rpzrecurse/ns2/db.clientip2 b/bin/tests/system/rpzrecurse/ns2/db.clientip2
new file mode 100644
index 0000000..dfcc341
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/db.clientip2
@@ -0,0 +1,16 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 60
+@ IN SOA root.ns ns 1996072700 3600 1800 86400 60
+ NS ns
+ns A 127.0.0.1
+24.0.0.53.10.rpz-client-ip A 10.53.0.3
diff --git a/bin/tests/system/rpzrecurse/ns2/db.clientip21 b/bin/tests/system/rpzrecurse/ns2/db.clientip21
new file mode 100644
index 0000000..4ce2af1
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/db.clientip21
@@ -0,0 +1,17 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 60
+@ IN SOA root.ns ns 1996072700 3600 1800 86400 60
+ NS ns
+ns A 127.0.0.1
+32.3.0.53.10.rpz-client-ip A 10.53.0.1
+31.2.0.53.10.rpz-client-ip CNAME .
diff --git a/bin/tests/system/rpzrecurse/ns2/db.given b/bin/tests/system/rpzrecurse/ns2/db.given
new file mode 100644
index 0000000..d464a53
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/db.given
@@ -0,0 +1,21 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$ORIGIN given.zone.
+$TTL 3600
+@ IN SOA ns.given.zone. hostmaster.given.zone. 1 600 300 604800 3600
+ IN NS ns.given.zone.
+
+ns.given.zone. IN A 127.0.0.1
+; this should be ignored as it matches an earlier passthru entry.
+example.com CNAME .
+; this should be ignored as it matches an earlier wildcard passthru entry.
+www.example.com CNAME .
diff --git a/bin/tests/system/rpzrecurse/ns2/db.invalidprefixlength b/bin/tests/system/rpzrecurse/ns2/db.invalidprefixlength
new file mode 100644
index 0000000..f496670
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/db.invalidprefixlength
@@ -0,0 +1,16 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 60
+@ IN SOA root.ns ns 1996072700 3600 1800 86400 60
+ NS ns
+ns A 127.0.0.1
+1000.4.0.53.10.rpz-client-ip A 10.53.0.1
diff --git a/bin/tests/system/rpzrecurse/ns2/db.log1 b/bin/tests/system/rpzrecurse/ns2/db.log1
new file mode 100644
index 0000000..495885b
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/db.log1
@@ -0,0 +1,16 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 60
+@ IN SOA root.ns ns 1996072700 3600 1800 86400 60
+ NS ns
+ns A 127.0.0.1
+32.4.0.53.10.rpz-client-ip A 10.53.0.4
diff --git a/bin/tests/system/rpzrecurse/ns2/db.log2 b/bin/tests/system/rpzrecurse/ns2/db.log2
new file mode 100644
index 0000000..91ff8c5
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/db.log2
@@ -0,0 +1,17 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 60
+@ IN SOA root.ns ns 1996072700 3600 1800 86400 60
+ NS ns
+ns A 127.0.0.1
+32.4.0.53.10.rpz-client-ip A 10.53.0.4
+32.3.0.53.10.rpz-client-ip A 10.53.0.3
diff --git a/bin/tests/system/rpzrecurse/ns2/db.log3 b/bin/tests/system/rpzrecurse/ns2/db.log3
new file mode 100644
index 0000000..65ed980
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/db.log3
@@ -0,0 +1,18 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 60
+@ IN SOA root.ns ns 1996072700 3600 1800 86400 60
+ NS ns
+ns A 127.0.0.1
+32.4.0.53.10.rpz-client-ip A 10.53.0.4
+32.3.0.53.10.rpz-client-ip A 10.53.0.3
+32.2.0.53.10.rpz-client-ip A 10.53.0.2
diff --git a/bin/tests/system/rpzrecurse/ns2/db.passthru b/bin/tests/system/rpzrecurse/ns2/db.passthru
new file mode 100644
index 0000000..eac3533
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/db.passthru
@@ -0,0 +1,20 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$ORIGIN passthru.zone.
+$TTL 3600
+@ IN SOA ns.passthru.zone. hostmaster.passthru.zone. 1 600 300 604800 3600
+ IN NS ns.passthru.zone.
+
+ns.passthru.zone. IN A 127.0.0.1
+
+example.com CNAME rpz-passthru.
+*.example.com CNAME rpz-passthru.
diff --git a/bin/tests/system/rpzrecurse/ns2/db.wildcard1 b/bin/tests/system/rpzrecurse/ns2/db.wildcard1
new file mode 100644
index 0000000..3e5c78f
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/db.wildcard1
@@ -0,0 +1,17 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 60
+@ IN SOA root.ns ns 1996072700 3600 1800 86400 60
+ NS ns
+ns A 127.0.0.1
+*.test1.example.net CNAME .
+test1.example.net CNAME .
diff --git a/bin/tests/system/rpzrecurse/ns2/db.wildcard2a b/bin/tests/system/rpzrecurse/ns2/db.wildcard2a
new file mode 100644
index 0000000..3e5c78f
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/db.wildcard2a
@@ -0,0 +1,17 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 60
+@ IN SOA root.ns ns 1996072700 3600 1800 86400 60
+ NS ns
+ns A 127.0.0.1
+*.test1.example.net CNAME .
+test1.example.net CNAME .
diff --git a/bin/tests/system/rpzrecurse/ns2/db.wildcard2b b/bin/tests/system/rpzrecurse/ns2/db.wildcard2b
new file mode 100644
index 0000000..f8e6123
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/db.wildcard2b
@@ -0,0 +1,17 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 60
+@ IN SOA root.ns ns 1996072700 3600 1800 86400 60
+ NS ns
+ns A 127.0.0.1
+*.test2.example.net CNAME .
+test2.example.net CNAME .
diff --git a/bin/tests/system/rpzrecurse/ns2/db.wildcard3 b/bin/tests/system/rpzrecurse/ns2/db.wildcard3
new file mode 100644
index 0000000..5354c04
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/db.wildcard3
@@ -0,0 +1,16 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 60
+@ IN SOA root.ns ns 1996072700 3600 1800 86400 60
+ NS ns
+ns A 127.0.0.1
+*.test1.example.net CNAME .
diff --git a/bin/tests/system/rpzrecurse/ns2/named.clientip.conf b/bin/tests/system/rpzrecurse/ns2/named.clientip.conf
new file mode 100644
index 0000000..a9ec4ca
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/named.clientip.conf
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+# common configuration
+include "named.conf.header";
+
+view "recursive" {
+ zone "." {
+ type hint;
+ file "root.hint";
+ };
+
+ # policy configuration to be tested
+ response-policy {
+ zone "clientip1";
+ zone "clientip2";
+ } qname-wait-recurse no
+ nsdname-enable yes
+ nsip-enable yes;
+
+ # policy zones to be tested
+ zone "clientip1" { type primary; file "db.clientip1"; };
+ zone "clientip2" { type primary; file "db.clientip2"; };
+
+ recursion yes;
+ dnssec-validation yes;
+};
diff --git a/bin/tests/system/rpzrecurse/ns2/named.clientip2.conf b/bin/tests/system/rpzrecurse/ns2/named.clientip2.conf
new file mode 100644
index 0000000..39b67d8
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/named.clientip2.conf
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+# common configuration
+include "named.conf.header";
+
+view "recursive" {
+ zone "." {
+ type hint;
+ file "root.hint";
+ };
+
+ servfail-ttl 0;
+
+ # policy configuration to be tested
+ response-policy {
+ zone "clientip21";
+ } qname-wait-recurse no
+ nsdname-enable yes
+ nsip-enable yes;
+
+ # policy zones to be tested
+ zone "clientip21" { type primary; file "db.clientip21"; };
+
+ recursion yes;
+ dnssec-validation yes;
+};
diff --git a/bin/tests/system/rpzrecurse/ns2/named.conf.header.in b/bin/tests/system/rpzrecurse/ns2/named.conf.header.in
new file mode 100644
index 0000000..2fb1678
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/named.conf.header.in
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port @PORT@;
+ session-keyfile "session.key";
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion yes;
+ dnssec-validation yes;
+ querylog yes;
+
+ # let ns3 start dnsrpzd
+ include "../dnsrps-secondary.conf";
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm @DEFAULT_HMAC@;
+};
+
+controls {
+ inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
diff --git a/bin/tests/system/rpzrecurse/ns2/named.default.conf b/bin/tests/system/rpzrecurse/ns2/named.default.conf
new file mode 100644
index 0000000..929b88f
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/named.default.conf
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+# common configuration
+include "named.conf.header";
+
+view "recursive" {
+ zone "." {
+ type hint;
+ file "root.hint";
+ };
+
+ recursion yes;
+ dnssec-validation yes;
+};
diff --git a/bin/tests/system/rpzrecurse/ns2/named.invalidprefixlength.conf b/bin/tests/system/rpzrecurse/ns2/named.invalidprefixlength.conf
new file mode 100644
index 0000000..2f2b735
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/named.invalidprefixlength.conf
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+# common configuration
+include "named.conf.header";
+
+view "recursive" {
+ zone "." {
+ type hint;
+ file "root.hint";
+ };
+
+ # policy configuration to be tested
+ response-policy {
+ zone "invalidprefixlength";
+ };
+
+ # policy zones to be tested
+ zone "invalidprefixlength" { type primary; file "db.invalidprefixlength"; };
+};
diff --git a/bin/tests/system/rpzrecurse/ns2/named.log.conf b/bin/tests/system/rpzrecurse/ns2/named.log.conf
new file mode 100644
index 0000000..a19367e
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/named.log.conf
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+# common configuration
+include "named.conf.header";
+
+view "recursive" {
+ zone "." {
+ type hint;
+ file "root.hint";
+ };
+
+ # policy configuration to be tested
+ response-policy {
+ zone "log1" log no;
+ zone "log2" log yes;
+ zone "log3"; # missing log clause
+ } qname-wait-recurse no
+ nsdname-enable yes
+ nsip-enable yes;
+
+ # policy zones to be tested
+ zone "log1" { type primary; file "db.log1"; };
+ zone "log2" { type primary; file "db.log2"; };
+ zone "log3" { type primary; file "db.log3"; };
+
+ recursion yes;
+ dnssec-validation yes;
+};
diff --git a/bin/tests/system/rpzrecurse/ns2/named.max.conf b/bin/tests/system/rpzrecurse/ns2/named.max.conf
new file mode 100644
index 0000000..b07783b
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/named.max.conf
@@ -0,0 +1,161 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+# common configuration
+include "named.conf.header";
+
+view "recursive" {
+ zone "." {
+ type hint;
+ file "root.hint";
+ };
+
+ # policy configuration to be tested
+ response-policy {
+ zone "max1";
+ zone "max2";
+ zone "max3";
+ zone "max4";
+ zone "max5";
+ zone "max6";
+ zone "max7";
+ zone "max8";
+ zone "max9";
+ zone "max10";
+ zone "max11";
+ zone "max12";
+ zone "max13";
+ zone "max14";
+ zone "max15";
+ zone "max16";
+ zone "max17";
+ zone "max18";
+ zone "max19";
+ zone "max20";
+ zone "max21";
+ zone "max22";
+ zone "max23";
+ zone "max24";
+ zone "max25";
+ zone "max26";
+ zone "max27";
+ zone "max28";
+ zone "max29";
+ zone "max30";
+ zone "max31";
+ zone "max32";
+ zone "max33";
+ zone "max34";
+ zone "max35";
+ zone "max36";
+ zone "max37";
+ zone "max38";
+ zone "max39";
+ zone "max40";
+ zone "max41";
+ zone "max42";
+ zone "max43";
+ zone "max44";
+ zone "max45";
+ zone "max46";
+ zone "max47";
+ zone "max48";
+ zone "max49";
+ zone "max50";
+ zone "max51";
+ zone "max52";
+ zone "max53";
+ zone "max54";
+ zone "max55";
+ zone "max56";
+ zone "max57";
+ zone "max58";
+ zone "max59";
+ zone "max60";
+ zone "max61";
+ zone "max62";
+ zone "max63";
+ zone "max64";
+ } qname-wait-recurse no
+ nsdname-enable yes
+ nsip-enable yes;
+
+ # policy zones to be tested
+ zone "max1" { type primary; file "db.max1.local"; };
+ zone "max2" { type primary; file "db.max2.local"; };
+ zone "max3" { type primary; file "db.max3.local"; };
+ zone "max4" { type primary; file "db.max4.local"; };
+ zone "max5" { type primary; file "db.max5.local"; };
+ zone "max6" { type primary; file "db.max6.local"; };
+ zone "max7" { type primary; file "db.max7.local"; };
+ zone "max8" { type primary; file "db.max8.local"; };
+ zone "max9" { type primary; file "db.max9.local"; };
+ zone "max10" { type primary; file "db.max10.local"; };
+ zone "max11" { type primary; file "db.max11.local"; };
+ zone "max12" { type primary; file "db.max12.local"; };
+ zone "max13" { type primary; file "db.max13.local"; };
+ zone "max14" { type primary; file "db.max14.local"; };
+ zone "max15" { type primary; file "db.max15.local"; };
+ zone "max16" { type primary; file "db.max16.local"; };
+ zone "max17" { type primary; file "db.max17.local"; };
+ zone "max18" { type primary; file "db.max18.local"; };
+ zone "max19" { type primary; file "db.max19.local"; };
+ zone "max20" { type primary; file "db.max20.local"; };
+ zone "max21" { type primary; file "db.max21.local"; };
+ zone "max22" { type primary; file "db.max22.local"; };
+ zone "max23" { type primary; file "db.max23.local"; };
+ zone "max24" { type primary; file "db.max24.local"; };
+ zone "max25" { type primary; file "db.max25.local"; };
+ zone "max26" { type primary; file "db.max26.local"; };
+ zone "max27" { type primary; file "db.max27.local"; };
+ zone "max28" { type primary; file "db.max28.local"; };
+ zone "max29" { type primary; file "db.max29.local"; };
+ zone "max30" { type primary; file "db.max30.local"; };
+ zone "max31" { type primary; file "db.max31.local"; };
+ zone "max32" { type primary; file "db.max32.local"; };
+ zone "max33" { type primary; file "db.max33.local"; };
+ zone "max34" { type primary; file "db.max34.local"; };
+ zone "max35" { type primary; file "db.max35.local"; };
+ zone "max36" { type primary; file "db.max36.local"; };
+ zone "max37" { type primary; file "db.max37.local"; };
+ zone "max38" { type primary; file "db.max38.local"; };
+ zone "max39" { type primary; file "db.max39.local"; };
+ zone "max40" { type primary; file "db.max40.local"; };
+ zone "max41" { type primary; file "db.max41.local"; };
+ zone "max42" { type primary; file "db.max42.local"; };
+ zone "max43" { type primary; file "db.max43.local"; };
+ zone "max44" { type primary; file "db.max44.local"; };
+ zone "max45" { type primary; file "db.max45.local"; };
+ zone "max46" { type primary; file "db.max46.local"; };
+ zone "max47" { type primary; file "db.max47.local"; };
+ zone "max48" { type primary; file "db.max48.local"; };
+ zone "max49" { type primary; file "db.max49.local"; };
+ zone "max50" { type primary; file "db.max50.local"; };
+ zone "max51" { type primary; file "db.max51.local"; };
+ zone "max52" { type primary; file "db.max52.local"; };
+ zone "max53" { type primary; file "db.max53.local"; };
+ zone "max54" { type primary; file "db.max54.local"; };
+ zone "max55" { type primary; file "db.max55.local"; };
+ zone "max56" { type primary; file "db.max56.local"; };
+ zone "max57" { type primary; file "db.max57.local"; };
+ zone "max58" { type primary; file "db.max58.local"; };
+ zone "max59" { type primary; file "db.max59.local"; };
+ zone "max60" { type primary; file "db.max60.local"; };
+ zone "max61" { type primary; file "db.max61.local"; };
+ zone "max62" { type primary; file "db.max62.local"; };
+ zone "max63" { type primary; file "db.max63.local"; };
+ zone "max64" { type primary; file "db.max64.local"; };
+
+ recursion yes;
+ dnssec-validation yes;
+};
diff --git a/bin/tests/system/rpzrecurse/ns2/named.wildcard1.conf b/bin/tests/system/rpzrecurse/ns2/named.wildcard1.conf
new file mode 100644
index 0000000..23ef4eb
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/named.wildcard1.conf
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+# common configuration
+include "named.conf.header";
+
+view "recursive" {
+ zone "." {
+ type hint;
+ file "root.hint";
+ };
+
+ # policy configuration to be tested
+ response-policy {
+ zone "wildcard1" policy NXDOMAIN;
+ } qname-wait-recurse yes
+ nsdname-enable yes
+ nsip-enable yes;
+
+ # policy zones to be tested
+ zone "wildcard1" { type primary; file "db.wildcard1"; };
+
+ recursion yes;
+ dnssec-validation yes;
+};
diff --git a/bin/tests/system/rpzrecurse/ns2/named.wildcard2.conf b/bin/tests/system/rpzrecurse/ns2/named.wildcard2.conf
new file mode 100644
index 0000000..b570b47
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/named.wildcard2.conf
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+# common configuration
+include "named.conf.header";
+
+view "recursive" {
+ zone "." {
+ type hint;
+ file "root.hint";
+ };
+
+ # policy configuration to be tested
+ response-policy {
+ zone "wildcard2a" policy NXDOMAIN;
+ zone "wildcard2b" policy NXDOMAIN;
+ } qname-wait-recurse yes
+ nsdname-enable yes
+ nsip-enable yes;
+
+ # policy zones to be tested
+ zone "wildcard2a" { type primary; file "db.wildcard2a"; };
+ zone "wildcard2b" { type primary; file "db.wildcard2b"; };
+
+ recursion yes;
+ dnssec-validation yes;
+};
diff --git a/bin/tests/system/rpzrecurse/ns2/named.wildcard3.conf b/bin/tests/system/rpzrecurse/ns2/named.wildcard3.conf
new file mode 100644
index 0000000..befb7d2
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/named.wildcard3.conf
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+# common configuration
+include "named.conf.header";
+
+view "recursive" {
+ zone "." {
+ type hint;
+ file "root.hint";
+ };
+
+ # policy configuration to be tested
+ response-policy {
+ zone "wildcard3" policy NXDOMAIN;
+ } qname-wait-recurse yes
+ nsdname-enable yes
+ nsip-enable yes;
+
+ # policy zones to be tested
+ zone "wildcard3" { type primary; file "db.wildcard3"; };
+
+ recursion yes;
+ dnssec-validation yes;
+};
diff --git a/bin/tests/system/rpzrecurse/ns2/named.wildcard4.conf b/bin/tests/system/rpzrecurse/ns2/named.wildcard4.conf
new file mode 100644
index 0000000..e18f496
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/named.wildcard4.conf
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+# common configuration
+include "named.conf.header";
+
+view "recursive" {
+ # policy configuration to be tested
+ response-policy {
+ zone "passthru.zone" policy passthru;
+ zone "given.zone" policy given;
+ } qname-wait-recurse yes
+ nsdname-enable yes
+ nsip-enable yes;
+
+ # policy zones to be tested
+ zone "passthru.zone" { type primary; file "db.passthru"; };
+ zone "given.zone" { type primary; file "db.given"; };
+
+ zone "." {
+ type hint;
+ file "root.hint";
+ };
+
+ recursion yes;
+ dnssec-validation yes;
+};
diff --git a/bin/tests/system/rpzrecurse/ns2/root.hint b/bin/tests/system/rpzrecurse/ns2/root.hint
new file mode 100644
index 0000000..ced47f3
--- /dev/null
+++ b/bin/tests/system/rpzrecurse/ns2/root.hint
@@ -0,0 +1,14 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 999999
+. IN NS ns.example.
+ns.example. IN A 10.53.0.1