diff options
Diffstat (limited to 'tests/integration/deckard/sets/resolver/module_policy_deny_suff_comm.rpl')
| -rw-r--r-- | tests/integration/deckard/sets/resolver/module_policy_deny_suff_comm.rpl | 150 |
1 files changed, 150 insertions, 0 deletions
diff --git a/tests/integration/deckard/sets/resolver/module_policy_deny_suff_comm.rpl b/tests/integration/deckard/sets/resolver/module_policy_deny_suff_comm.rpl new file mode 100644 index 0000000..8cfbb33 --- /dev/null +++ b/tests/integration/deckard/sets/resolver/module_policy_deny_suff_comm.rpl @@ -0,0 +1,150 @@ +do-ip6: no + +; config options + stub-addr: 1.2.3.4 + trust-anchor: "example.com. IN DS 438 10 2 33F8133EB48EDB093839E985600EB7B7009EB5AC312D11CCA9007F6B 71D94D7B" + feature-list: policy=policy:add(policy.suffix_common(policy.DENY, policy.todnames({'example.cz', 'nic.cz'}), todname('cz'))) + query-minimization: off +CONFIG_END + +SCENARIO_BEGIN DENY policy test, uses policy.common_suffix and policy.todnames + +RANGE_BEGIN 0 110 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR RD RA NOERROR +SECTION QUESTION +example.cz. IN A +SECTION ANSWER +example.cz. IN A 5.6.7.8 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR RD RA NOERROR +SECTION QUESTION +dummy.example.cz. IN A +SECTION ANSWER +dummy.example.cz. IN A 9.10.11.12 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR RD RA NOERROR +SECTION QUESTION +nic.cz. IN A +SECTION ANSWER +nic.cz. IN A 13.14.15.16 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR RD RA NOERROR +SECTION QUESTION +dummy.nic.cz. IN A +SECTION ANSWER +dummy.nic.cz. IN A 17.18.19.20 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR RD RA NOERROR +SECTION QUESTION +example.com. IN A +SECTION ANSWER +example.com. IN A 21.22.23.24 +ENTRY_END +RANGE_END + +; blocked by policy, must return NXDOMAIN +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example.cz. IN A +ENTRY_END + +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH flags rcode question answer +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +example.cz. IN A +SECTION ANSWER +ENTRY_END + +; blocked by policy, must return NXDOMAIN +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +dummy.example.cz. IN A +ENTRY_END + +STEP 40 CHECK_ANSWER +ENTRY_BEGIN +MATCH flags rcode question answer +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +dummy.example.cz. IN A +SECTION ANSWER +ENTRY_END + +; blocked by policy, must return NXDOMAIN +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +nic.cz. IN A +ENTRY_END + +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH flags rcode question answer +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +nic.cz. IN A +SECTION ANSWER +ENTRY_END + +; blocked by policy, must return NXDOMAIN +STEP 70 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +dummy.nic.cz. IN A +ENTRY_END + +STEP 80 CHECK_ANSWER +ENTRY_BEGIN +MATCH flags rcode question answer +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +dummy.nic.cz. IN A +SECTION ANSWER +ENTRY_END + +; does not match the policy, so script must retun valid answer +STEP 90 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example.com. IN A +ENTRY_END + +STEP 100 CHECK_ANSWER +ENTRY_BEGIN +MATCH flags rcode question answer +REPLY QR RD RA NOERROR +SECTION QUESTION +example.com. IN A +SECTION ANSWER +example.com. IN A 21.22.23.24 +ENTRY_END +SCENARIO_END |