mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 12:54:27 +00:00
270 lines
5.1 KiB
Plaintext
270 lines
5.1 KiB
Plaintext
|
; config options
|
||
|
server:
|
||
|
module-config: "respip validator iterator"
|
||
|
target-fetch-policy: "0 0 0 0 0"
|
||
|
qname-minimisation: no
|
||
|
access-control: 192.0.0.0/8 allow
|
||
|
|
||
|
rpz:
|
||
|
name: "rpz.example.com."
|
||
|
rpz-log: yes
|
||
|
rpz-log-name: "rpz.example.com"
|
||
|
rpz-action-override: "nxdomain"
|
||
|
zonefile:
|
||
|
TEMPFILE_NAME rpz.example.com
|
||
|
TEMPFILE_CONTENTS rpz.example.com
|
||
|
$ORIGIN example.com.
|
||
|
rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
|
||
|
1379078166 28800 7200 604800 7200 )
|
||
|
3600 IN NS ns1.rpz.example.com.
|
||
|
3600 IN NS ns2.rpz.example.com.
|
||
|
$ORIGIN rpz.example.com.
|
||
|
32.1.5.0.192.rpz-client-ip CNAME rpz-passthru.
|
||
|
32.2.5.0.192.rpz-client-ip A 1.2.3.5
|
||
|
TEMPFILE_END
|
||
|
|
||
|
rpz:
|
||
|
name: "rpz2.example.com."
|
||
|
rpz-log: yes
|
||
|
rpz-log-name: "rpz2.example.com"
|
||
|
rpz-action-override: "nodata"
|
||
|
zonefile:
|
||
|
TEMPFILE_NAME rpz2.example.com
|
||
|
TEMPFILE_CONTENTS rpz2.example.com
|
||
|
$ORIGIN example.com.
|
||
|
rpz2 3600 IN SOA ns1.rpz2.example.com. hostmaster.rpz2.example.com. (
|
||
|
1379078166 28800 7200 604800 7200 )
|
||
|
3600 IN NS ns1.rpz2.example.com.
|
||
|
3600 IN NS ns2.rpz2.example.com.
|
||
|
$ORIGIN rpz2.example.com.
|
||
|
32.4.5.0.192.rpz-client-ip A 1.2.3.5
|
||
|
TEMPFILE_END
|
||
|
|
||
|
rpz:
|
||
|
name: "rpz3.example.com."
|
||
|
rpz-log: yes
|
||
|
rpz-log-name: "rpz3.example.com"
|
||
|
rpz-action-override: "passthru"
|
||
|
zonefile:
|
||
|
TEMPFILE_NAME rpz3.example.com
|
||
|
TEMPFILE_CONTENTS rpz3.example.com
|
||
|
$ORIGIN example.com.
|
||
|
rpz3 3600 IN SOA ns1.rpz3.example.com. hostmaster.rpz3.example.com. (
|
||
|
1379078166 28800 7200 604800 7200 )
|
||
|
3600 IN NS ns1.rpz3.example.com.
|
||
|
3600 IN NS ns2.rpz3.example.com.
|
||
|
$ORIGIN rpz3.example.com.
|
||
|
32.5.5.0.192.rpz-client-ip A 1.2.3.5
|
||
|
TEMPFILE_END
|
||
|
|
||
|
rpz:
|
||
|
name: "rpz4.example.com."
|
||
|
rpz-log: yes
|
||
|
rpz-log-name: "rpz4.example.com"
|
||
|
rpz-action-override: "drop"
|
||
|
zonefile:
|
||
|
TEMPFILE_NAME rpz4.example.com
|
||
|
TEMPFILE_CONTENTS rpz4.example.com
|
||
|
$ORIGIN example.com.
|
||
|
rpz4 3600 IN SOA ns1.rpz4.example.com. hostmaster.rpz4.example.com. (
|
||
|
1379078166 28800 7200 604800 7200 )
|
||
|
3600 IN NS ns1.rpz4.example.com.
|
||
|
3600 IN NS ns2.rpz4.example.com.
|
||
|
$ORIGIN rpz4.example.com.
|
||
|
32.5.5.0.192.rpz-client-ip A 1.2.3.5
|
||
|
32.6.5.0.192.rpz-client-ip A 1.2.3.5
|
||
|
TEMPFILE_END
|
||
|
|
||
|
rpz:
|
||
|
name: "rpz5.example.com."
|
||
|
rpz-log: yes
|
||
|
rpz-log-name: "rpz5.example.com"
|
||
|
rpz-action-override: "cname"
|
||
|
rpz-cname-override: "target.a"
|
||
|
zonefile:
|
||
|
TEMPFILE_NAME rpz5.example.com
|
||
|
TEMPFILE_CONTENTS rpz5.example.com
|
||
|
$ORIGIN example.com.
|
||
|
rpz5 3600 IN SOA ns1.rpz5.example.com. hostmaster.rpz5.example.com. (
|
||
|
1379078166 28800 7200 604800 7200 )
|
||
|
3600 IN NS ns1.rpz5.example.com.
|
||
|
3600 IN NS ns2.rpz5.example.com.
|
||
|
$ORIGIN rpz5.example.com.
|
||
|
32.7.5.0.192.rpz-client-ip A 1.2.3.5
|
||
|
TEMPFILE_END
|
||
|
|
||
|
rpz:
|
||
|
name: "rpz6.example.com."
|
||
|
rpz-log: yes
|
||
|
rpz-log-name: "rpz6.example.com"
|
||
|
rpz-action-override: "disabled"
|
||
|
zonefile:
|
||
|
TEMPFILE_NAME rpz6.example.com
|
||
|
TEMPFILE_CONTENTS rpz6.example.com
|
||
|
$ORIGIN example.com.
|
||
|
rpz6 3600 IN SOA ns1.rpz6.example.com. hostmaster.rpz6.example.com. (
|
||
|
1379078166 28800 7200 604800 7200 )
|
||
|
3600 IN NS ns1.rpz6.example.com.
|
||
|
3600 IN NS ns2.rpz6.example.com.
|
||
|
$ORIGIN rpz6.example.com.
|
||
|
32.8.5.0.192.rpz-client-ip A 1.2.3.5
|
||
|
TEMPFILE_END
|
||
|
|
||
|
stub-zone:
|
||
|
name: "a."
|
||
|
stub-addr: 10.20.30.40
|
||
|
CONFIG_END
|
||
|
|
||
|
SCENARIO_BEGIN Test RPZ action override with trigger from clientip.
|
||
|
|
||
|
; a.
|
||
|
RANGE_BEGIN 0 1000
|
||
|
ADDRESS 10.20.30.40
|
||
|
ENTRY_BEGIN
|
||
|
MATCH opcode qtype qname
|
||
|
ADJUST copy_id
|
||
|
REPLY QR NOERROR
|
||
|
SECTION QUESTION
|
||
|
d.a. IN A
|
||
|
SECTION ANSWER
|
||
|
d.a. IN A 1.2.3.4
|
||
|
ENTRY_END
|
||
|
|
||
|
ENTRY_BEGIN
|
||
|
MATCH opcode qtype qname
|
||
|
ADJUST copy_id
|
||
|
REPLY QR NOERROR
|
||
|
SECTION QUESTION
|
||
|
target.a. IN A
|
||
|
SECTION ANSWER
|
||
|
target.a. IN A 1.2.3.6
|
||
|
ENTRY_END
|
||
|
RANGE_END
|
||
|
|
||
|
STEP 10 QUERY ADDRESS 192.0.5.2
|
||
|
ENTRY_BEGIN
|
||
|
REPLY RD
|
||
|
SECTION QUESTION
|
||
|
d.a. IN A
|
||
|
ENTRY_END
|
||
|
|
||
|
STEP 11 CHECK_ANSWER
|
||
|
ENTRY_BEGIN
|
||
|
MATCH all
|
||
|
REPLY QR RD RA AA NXDOMAIN
|
||
|
SECTION QUESTION
|
||
|
d.a. IN A
|
||
|
SECTION ANSWER
|
||
|
ENTRY_END
|
||
|
|
||
|
STEP 20 QUERY ADDRESS 192.0.5.1
|
||
|
ENTRY_BEGIN
|
||
|
REPLY RD
|
||
|
SECTION QUESTION
|
||
|
d.a. IN A
|
||
|
ENTRY_END
|
||
|
|
||
|
STEP 21 CHECK_ANSWER
|
||
|
ENTRY_BEGIN
|
||
|
MATCH all
|
||
|
REPLY QR RD RA AA NXDOMAIN
|
||
|
SECTION QUESTION
|
||
|
d.a. IN A
|
||
|
SECTION ANSWER
|
||
|
ENTRY_END
|
||
|
|
||
|
STEP 30 QUERY ADDRESS 192.0.5.3
|
||
|
ENTRY_BEGIN
|
||
|
REPLY RD
|
||
|
SECTION QUESTION
|
||
|
d.a. IN A
|
||
|
ENTRY_END
|
||
|
|
||
|
STEP 31 CHECK_ANSWER
|
||
|
ENTRY_BEGIN
|
||
|
MATCH all
|
||
|
REPLY QR RD RA NOERROR
|
||
|
SECTION QUESTION
|
||
|
d.a. IN A
|
||
|
SECTION ANSWER
|
||
|
d.a. IN A 1.2.3.4
|
||
|
ENTRY_END
|
||
|
|
||
|
STEP 40 QUERY ADDRESS 192.0.5.4
|
||
|
ENTRY_BEGIN
|
||
|
REPLY RD
|
||
|
SECTION QUESTION
|
||
|
d.a. IN A
|
||
|
ENTRY_END
|
||
|
|
||
|
STEP 41 CHECK_ANSWER
|
||
|
ENTRY_BEGIN
|
||
|
MATCH all
|
||
|
REPLY QR RD RA AA NOERROR
|
||
|
SECTION QUESTION
|
||
|
d.a. IN A
|
||
|
SECTION ANSWER
|
||
|
ENTRY_END
|
||
|
|
||
|
STEP 50 QUERY ADDRESS 192.0.5.5
|
||
|
ENTRY_BEGIN
|
||
|
REPLY RD
|
||
|
SECTION QUESTION
|
||
|
d.a. IN A
|
||
|
ENTRY_END
|
||
|
|
||
|
STEP 51 CHECK_ANSWER
|
||
|
ENTRY_BEGIN
|
||
|
MATCH all
|
||
|
REPLY QR RD RA NOERROR
|
||
|
SECTION QUESTION
|
||
|
d.a. IN A
|
||
|
SECTION ANSWER
|
||
|
d.a. IN A 1.2.3.4
|
||
|
ENTRY_END
|
||
|
|
||
|
STEP 60 QUERY ADDRESS 192.0.5.6
|
||
|
ENTRY_BEGIN
|
||
|
REPLY RD
|
||
|
SECTION QUESTION
|
||
|
d.a. IN A
|
||
|
ENTRY_END
|
||
|
; dropped.
|
||
|
|
||
|
STEP 70 QUERY ADDRESS 192.0.5.7
|
||
|
ENTRY_BEGIN
|
||
|
REPLY RD
|
||
|
SECTION QUESTION
|
||
|
d.a. IN A
|
||
|
ENTRY_END
|
||
|
|
||
|
STEP 71 CHECK_ANSWER
|
||
|
ENTRY_BEGIN
|
||
|
MATCH all
|
||
|
REPLY QR RD RA AA NOERROR
|
||
|
SECTION QUESTION
|
||
|
d.a. IN A
|
||
|
SECTION ANSWER
|
||
|
d.a. CNAME target.a.
|
||
|
target.a. A 1.2.3.6
|
||
|
ENTRY_END
|
||
|
|
||
|
STEP 80 QUERY ADDRESS 192.0.5.8
|
||
|
ENTRY_BEGIN
|
||
|
REPLY RD
|
||
|
SECTION QUESTION
|
||
|
d.a. IN A
|
||
|
ENTRY_END
|
||
|
|
||
|
STEP 81 CHECK_ANSWER
|
||
|
ENTRY_BEGIN
|
||
|
MATCH all
|
||
|
REPLY QR RD RA NOERROR
|
||
|
SECTION QUESTION
|
||
|
d.a. IN A
|
||
|
SECTION ANSWER
|
||
|
d.a. IN A 1.2.3.4
|
||
|
ENTRY_END
|
||
|
|
||
|
SCENARIO_END
|