do-ip6: no

; config options
	stub-addr: 1.2.3.4
	trust-anchor: "example.com.		IN DS 438 10 2 33F8133EB48EDB093839E985600EB7B7009EB5AC312D11CCA9007F6B 71D94D7B"
	feature-list: policy=policy:add(policy.suffix_common(policy.DENY, policy.todnames({'example.cz', 'nic.cz'}), todname('cz')))
	query-minimization: off
CONFIG_END

SCENARIO_BEGIN DENY policy test, uses policy.common_suffix and policy.todnames

RANGE_BEGIN 0 110
	ADDRESS 1.2.3.4 
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RD RA NOERROR
SECTION QUESTION
example.cz. IN A
SECTION ANSWER
example.cz. IN A 5.6.7.8
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RD RA NOERROR
SECTION QUESTION
dummy.example.cz. IN A
SECTION ANSWER
dummy.example.cz. IN A 9.10.11.12
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RD RA NOERROR
SECTION QUESTION
nic.cz. IN A
SECTION ANSWER
nic.cz. IN A 13.14.15.16
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RD RA NOERROR
SECTION QUESTION
dummy.nic.cz. IN A
SECTION ANSWER
dummy.nic.cz. IN A 17.18.19.20
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR RD RA NOERROR
SECTION QUESTION
example.com. IN A
SECTION ANSWER
example.com. IN A 21.22.23.24
ENTRY_END
RANGE_END

; blocked by policy, must return NXDOMAIN
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
example.cz. IN A
ENTRY_END

STEP 20 CHECK_ANSWER
ENTRY_BEGIN
MATCH flags rcode question answer
REPLY QR RD RA AA NXDOMAIN
SECTION QUESTION
example.cz. IN A
SECTION ANSWER
ENTRY_END

; blocked by policy, must return NXDOMAIN
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
dummy.example.cz. IN A
ENTRY_END

STEP 40 CHECK_ANSWER
ENTRY_BEGIN
MATCH flags rcode question answer
REPLY QR RD RA AA NXDOMAIN
SECTION QUESTION
dummy.example.cz. IN A
SECTION ANSWER
ENTRY_END

; blocked by policy, must return NXDOMAIN
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
nic.cz. IN A
ENTRY_END

STEP 60 CHECK_ANSWER
ENTRY_BEGIN
MATCH flags rcode question answer
REPLY QR RD RA AA NXDOMAIN
SECTION QUESTION
nic.cz. IN A
SECTION ANSWER
ENTRY_END

; blocked by policy, must return NXDOMAIN
STEP 70 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
dummy.nic.cz. IN A
ENTRY_END

STEP 80 CHECK_ANSWER
ENTRY_BEGIN
MATCH flags rcode question answer
REPLY QR RD RA AA NXDOMAIN
SECTION QUESTION
dummy.nic.cz. IN A
SECTION ANSWER
ENTRY_END

; does not match the policy, so script must retun valid answer
STEP 90 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
example.com. IN A
ENTRY_END

STEP 100 CHECK_ANSWER
ENTRY_BEGIN
MATCH flags rcode question answer
REPLY QR RD RA NOERROR
SECTION QUESTION
example.com. IN A
SECTION ANSWER
example.com. IN A 21.22.23.24
ENTRY_END
SCENARIO_END