NetBSD/external/bsd/unbound/dist/testdata/rpz_nsdname.rpl

; config options
server:
	module-config: "respip validator iterator"
	target-fetch-policy: "0 0 0 0 0"
	qname-minimisation: no
  access-control: 192.0.0.0/8 allow

rpz:
	name: "rpz.example.com."
	rpz-log: yes
	rpz-log-name: "rpz.example.com"
	zonefile:
TEMPFILE_NAME rpz.example.com
TEMPFILE_CONTENTS rpz.example.com
$ORIGIN example.com.
rpz	3600	IN	SOA	ns1.rpz.example.com. hostmaster.rpz.example.com. (
		1379078166 28800 7200 604800 7200 )
	3600	IN	NS	ns1.rpz.example.com.
	3600	IN	NS	ns2.rpz.example.com.
$ORIGIN rpz.example.com.
ns1.gotham.aa.rpz-nsdname CNAME .
ns1.gotham.bb.rpz-nsdname CNAME *.
ns1.gotham.cc.rpz-nsdname CNAME rpz-drop.
ns1.gotham.com.rpz-nsdname CNAME rpz-passthru.
ns1.gotham.dd.rpz-nsdname CNAME rpz-tcp-only.
ns1.gotham.ff.rpz-nsdname A 127.0.0.1
ns1.gotham.ff.rpz-nsdname TXT "42"
TEMPFILE_END

stub-zone:
	name: "."
	stub-addr: 1.1.1.1
CONFIG_END

SCENARIO_BEGIN Test RPZ nsip triggers

; . --------------------------------------------------------------------------
RANGE_BEGIN 0 100
	ADDRESS 1.1.1.1
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS ns.root.
SECTION ADDITIONAL
ns.root IN A 1.1.1.1
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN A
SECTION AUTHORITY
com. IN NS ns1.com.
SECTION ADDITIONAL
ns1.com. IN A 8.8.8.8
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
aa. IN A
SECTION AUTHORITY
aa. IN NS ns1.aa.
SECTION ADDITIONAL
ns1.aa. IN A 8.8.0.8
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
bb. IN A
SECTION AUTHORITY
bb. IN NS ns1.bb.
SECTION ADDITIONAL
ns1.bb. IN A 8.8.1.8
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
cc. IN A
SECTION AUTHORITY
cc. IN NS ns1.cc.
SECTION ADDITIONAL
ns1.cc. IN A 8.8.2.8
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
dd. IN A
SECTION AUTHORITY
dd. IN NS ns1.dd.
SECTION ADDITIONAL
ns1.dd. IN A 8.8.3.8
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
ee. IN A
SECTION AUTHORITY
ee. IN NS ns1.ee.
SECTION ADDITIONAL
ns1.ee. IN A 8.8.5.8
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
ff. IN A
SECTION AUTHORITY
ff. IN NS ns1.ff.
SECTION ADDITIONAL
ns1.ff. IN A 8.8.6.8
ENTRY_END

RANGE_END

; com. -----------------------------------------------------------------------
RANGE_BEGIN 0 100
	ADDRESS 8.8.8.8

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS ns1.com.
SECTION ADDITIONAL
ns1.com. IN A 8.8.8.8
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham.com. IN A
SECTION AUTHORITY
gotham.com.	IN NS	ns1.gotham.com.
SECTION ADDITIONAL
ns1.gotham.com. IN A 192.0.6.1
ENTRY_END

RANGE_END

; aa. ------------------------------------------------------------------------
RANGE_BEGIN 0 100
	ADDRESS 8.8.0.8

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
aa. IN NS
SECTION ANSWER
aa. IN NS ns1.aa.
SECTION ADDITIONAL
ns1.aa. IN A 8.8.0.8
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham.aa. IN A
SECTION AUTHORITY
gotham.aa.	IN NS	ns1.gotham.aa.
SECTION ADDITIONAL
ns1.gotham.aa. IN A 192.0.0.1
ENTRY_END

RANGE_END

; bb. ------------------------------------------------------------------------
RANGE_BEGIN 0 100
	ADDRESS 8.8.1.8

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
bb. IN NS
SECTION ANSWER
bb. IN NS ns1.bb.
SECTION ADDITIONAL
ns1.bb. IN A 8.8.1.8
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham.bb. IN A
SECTION AUTHORITY
gotham.bb.	IN NS	ns1.gotham.bb.
SECTION ADDITIONAL
ns1.gotham.bb. IN A 192.0.1.1
ENTRY_END

RANGE_END

; dd. ------------------------------------------------------------------------
RANGE_BEGIN 0 100
	ADDRESS 8.8.3.8

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
dd. IN NS
SECTION ANSWER
dd. IN NS ns1.dd.
SECTION ADDITIONAL
ns1.dd. IN A 8.8.3.8
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham.dd. IN A
SECTION AUTHORITY
gotham.dd.	IN NS	ns1.gotham.dd.
SECTION ADDITIONAL
ns1.gotham.dd. IN A 192.0.3.1
ENTRY_END

RANGE_END

; ff. ------------------------------------------------------------------------
RANGE_BEGIN 0 100
	ADDRESS 8.8.6.8

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
ff. IN NS
SECTION ANSWER
ff. IN NS ns1.ff.
SECTION ADDITIONAL
ns1.ff. IN A 8.8.6.8
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham.ff. IN A
SECTION AUTHORITY
gotham.ff. IN NS ns1.gotham.ff.
SECTION ADDITIONAL
ns1.gotham.ff. IN A 192.0.5.1
ENTRY_END

RANGE_END

; ns1.gotham.com. ------------------------------------------------------------
RANGE_BEGIN 0 100
	ADDRESS 192.0.6.1

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
gotham.com. IN A
SECTION ANSWER
gotham.com. IN A 192.0.6.2
ENTRY_END

RANGE_END

; ns1.gotham.aa. -------------------------------------------------------------
RANGE_BEGIN 0 100
	ADDRESS 192.0.0.1

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
gotham.aa. IN A
SECTION ANSWER
gotham.aa. IN A 192.0.0.2
ENTRY_END

RANGE_END

; ns1.gotham.bb. -------------------------------------------------------------
RANGE_BEGIN 0 100
	ADDRESS 192.0.1.1

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
gotham.bb. IN A
SECTION ANSWER
gotham.bb. IN A 192.0.1.2
ENTRY_END

RANGE_END

; ns1.gotham.dd. -------------------------------------------------------------
RANGE_BEGIN 0 100
	ADDRESS 192.0.3.1

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
gotham.dd. IN A
SECTION ANSWER
gotham.dd. IN A 192.0.3.2
ENTRY_END

RANGE_END

; ns1.gotham.ff. -------------------------------------------------------------
RANGE_BEGIN 0 100
	ADDRESS 192.0.5.1

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
gotham.ff. IN A
SECTION ANSWER
gotham.ff. IN A 192.0.5.2
ENTRY_END

RANGE_END

; ----------------------------------------------------------------------------

STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
gotham.com. IN A
ENTRY_END

STEP 2 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
gotham.com. IN A
SECTION ANSWER
gotham.com. IN A 192.0.6.2
ENTRY_END

STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
gotham.aa. IN A
ENTRY_END

STEP 11 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR AA RD RA NXDOMAIN
SECTION QUESTION
gotham.aa. IN A
SECTION ANSWER
ENTRY_END

STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
gotham.bb. IN A
ENTRY_END

STEP 21 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
gotham.bb. IN A
SECTION ANSWER
ENTRY_END

STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
gotham.ff. IN A
ENTRY_END

STEP 31 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
gotham.ff. IN A
SECTION ANSWER
gotham.ff. IN A 127.0.0.1
ENTRY_END

STEP 40 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
gotham.dd. IN A
ENTRY_END

; should come back truncated because TCP is required.
STEP 41 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA TC NOERROR
SECTION QUESTION
gotham.dd. IN A
SECTION ANSWER
ENTRY_END

STEP 42 QUERY
ENTRY_BEGIN
MATCH TCP
REPLY RD
SECTION QUESTION
gotham.dd. IN A
ENTRY_END

STEP 43 CHECK_ANSWER
ENTRY_BEGIN
MATCH all TCP
REPLY QR RD RA NOERROR
SECTION QUESTION
gotham.dd. IN A
SECTION ANSWER
gotham.dd. IN A 192.0.3.2
ENTRY_END

SCENARIO_END