; config options
server:
	module-config: "respip validator iterator"
	target-fetch-policy: "0 0 0 0 0"
	qname-minimisation: no
	access-control: 192.0.0.0/8 allow

rpz:
	name: "rpz.example.com."
	rpz-log: yes
	rpz-log-name: "rpz.example.com"
	zonefile:
TEMPFILE_NAME rpz.example.com
TEMPFILE_CONTENTS rpz.example.com
$ORIGIN example.com.
rpz	3600	IN	SOA	ns1.rpz.example.com. hostmaster.rpz.example.com. (
		1379078166 28800 7200 604800 7200 )
	3600	IN	NS	ns1.rpz.example.com.
	3600	IN	NS	ns2.rpz.example.com.
$ORIGIN rpz.example.com.
www.gotham.a A 1.2.3.61
www.gotham2.a CNAME g2.target.a.
g2.target.a A 1.2.3.62
www.gotham3.a CNAME g3.target.a.
g3.target.a CNAME g3b.target.a.
g3b.target.a A 1.2.3.63
www.gotham4.a CNAME g4.target.a.
g4.target.a CNAME g4b.target.a.
g4b.target.a CNAME g4c.target.a.
g4c.target.a A 1.2.3.64
w2.gotham5.a A 1.2.3.65
w2.gotham6.a CNAME g6.target.a.
g6.target.a A 1.2.3.66
w2.gotham7.a CNAME g7.target.a.
g7.target.a CNAME g7b.target.a.
g7b.target.a A 1.2.3.66
; ns1.gotham8.a
32.48.30.20.10.rpz-nsip A 1.2.3.68
; ns1.gotham9.a
32.49.30.20.10.rpz-nsip CNAME g9.target.a.
g9.target.a A 1.2.3.69
; ns1.gotham10.a
32.50.30.20.10.rpz-nsip CNAME g10.target.a.
g10.target.a CNAME g10b.target.a.
g10b.target.a A 1.2.3.70
www.gotham11.a CNAME g11.target.a.
www.gotham12.a CNAME g12.target.a.
g12.target.a CNAME g12b.target.a.
www.gotham13.a CNAME g13.target.a.
g13.target.a CNAME g13b.target.a.
g13b.target.a CNAME g13c.target.a.
w2.gotham14.a CNAME g14.target.a.
w2.gotham15.a CNAME g15.target.a.
g15.target.a CNAME g15b.target.a.
; ns1.gotham16.a
32.56.30.20.10.rpz-nsip CNAME g16.target.a.
; ns1.gotham17.a
32.57.30.20.10.rpz-nsip CNAME g17.target.a.
g17.target.a CNAME g17b.target.a.
TEMPFILE_END

stub-zone:
	name: "a."
	stub-addr: 10.20.30.40
CONFIG_END

SCENARIO_BEGIN Test RPZ handling of CNAMEs.

; a.
RANGE_BEGIN 0 1000
	ADDRESS 10.20.30.40
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham5.a. IN NS
SECTION AUTHORITY
gotham5.a. NS ns1.gotham5.a.
SECTION ADDITIONAL
ns1.gotham5.a. A 10.20.30.45
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham6.a. IN NS
SECTION AUTHORITY
gotham6.a. NS ns1.gotham6.a.
SECTION ADDITIONAL
ns1.gotham6.a. A 10.20.30.46
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham7.a. IN NS
SECTION AUTHORITY
gotham7.a. NS ns1.gotham7.a.
SECTION ADDITIONAL
ns1.gotham7.a. A 10.20.30.47
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham8.a. IN NS
SECTION AUTHORITY
gotham8.a. NS ns1.gotham8.a.
SECTION ADDITIONAL
ns1.gotham8.a. A 10.20.30.48
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham9.a. IN NS
SECTION AUTHORITY
gotham9.a. NS ns1.gotham9.a.
SECTION ADDITIONAL
ns1.gotham9.a. A 10.20.30.49
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham10.a. IN NS
SECTION AUTHORITY
gotham10.a. NS ns1.gotham10.a.
SECTION ADDITIONAL
ns1.gotham10.a. A 10.20.30.50
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham14.a. IN NS
SECTION AUTHORITY
gotham14.a. NS ns1.gotham14.a.
SECTION ADDITIONAL
ns1.gotham14.a. A 10.20.30.54
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham15.a. IN NS
SECTION AUTHORITY
gotham15.a. NS ns1.gotham15.a.
SECTION ADDITIONAL
ns1.gotham15.a. A 10.20.30.55
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham16.a. IN NS
SECTION AUTHORITY
gotham16.a. NS ns1.gotham16.a.
SECTION ADDITIONAL
ns1.gotham16.a. A 10.20.30.56
ENTRY_END

ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
gotham17.a. IN NS
SECTION AUTHORITY
gotham17.a. NS ns1.gotham17.a.
SECTION ADDITIONAL
ns1.gotham17.a. A 10.20.30.57
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
target.a. IN A
SECTION ANSWER
target.a. IN A 1.2.3.6
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
g11.target.a. IN A
SECTION ANSWER
g11.target.a. IN A 1.2.3.11
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
g12b.target.a. IN A
SECTION ANSWER
g12b.target.a. A 1.2.3.12
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
g13c.target.a. IN A
SECTION ANSWER
g13c.target.a. A 1.2.3.13
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
g14.target.a. IN A
SECTION ANSWER
g14.target.a. A 1.2.3.14
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
g15b.target.a. IN A
SECTION ANSWER
g15b.target.a. A 1.2.3.15
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
g16.target.a. IN A
SECTION ANSWER
g16.target.a. A 1.2.3.16
ENTRY_END

ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
g17b.target.a. IN A
SECTION ANSWER
g17b.target.a. A 1.2.3.17
ENTRY_END
RANGE_END

; gotham5.a.
RANGE_BEGIN 0 1000
	ADDRESS 10.20.30.45
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.gotham5.a. IN A
SECTION ANSWER
www.gotham5.a. CNAME w2.gotham5.a.
ENTRY_END
RANGE_END

; gotham6.a.
RANGE_BEGIN 0 1000
	ADDRESS 10.20.30.46
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.gotham6.a. IN A
SECTION ANSWER
www.gotham6.a. CNAME w2.gotham6.a.
ENTRY_END
RANGE_END

; gotham7.a.
RANGE_BEGIN 0 1000
	ADDRESS 10.20.30.47
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.gotham7.a. IN A
SECTION ANSWER
www.gotham7.a. CNAME w2.gotham7.a.
ENTRY_END
RANGE_END

; gotham14.a.
RANGE_BEGIN 0 1000
	ADDRESS 10.20.30.54
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.gotham14.a. IN A
SECTION ANSWER
www.gotham14.a. CNAME w2.gotham14.a.
ENTRY_END
RANGE_END

; gotham15.a.
RANGE_BEGIN 0 1000
	ADDRESS 10.20.30.55
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
www.gotham15.a. IN A
SECTION ANSWER
www.gotham15.a. CNAME w2.gotham15.a.
ENTRY_END
RANGE_END

; Test with zero rpz CNAMEs, rpz answer.
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham.a.	IN	A
ENTRY_END

STEP 11 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham.a.	IN	A
SECTION ANSWER
www.gotham.a. A 1.2.3.61
ENTRY_END

; Test with one rpz CNAME, rpz answer.
STEP 20 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham2.a.	IN	A
ENTRY_END

STEP 21 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham2.a.	IN	A
SECTION ANSWER
www.gotham2.a. CNAME g2.target.a.
g2.target.a. A 1.2.3.62
ENTRY_END

; Test with two rpz CNAMEs, rpz answer.
STEP 30 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham3.a.	IN	A
ENTRY_END

STEP 31 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham3.a.	IN	A
SECTION ANSWER
www.gotham3.a. CNAME g3.target.a.
g3.target.a. CNAME g3b.target.a.
g3b.target.a. A 1.2.3.63
ENTRY_END

; Test with three rpz CNAMEs, rpz answer.
STEP 40 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham4.a.	IN	A
ENTRY_END

STEP 41 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham4.a.	IN	A
SECTION ANSWER
www.gotham4.a. CNAME g4.target.a.
g4.target.a. CNAME g4b.target.a.
g4b.target.a. CNAME g4c.target.a.
g4c.target.a. A 1.2.3.64
ENTRY_END

; Test with a CNAME from upstream, zero rpz CNAMEs, rpz answer.
STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham5.a.	IN	A
ENTRY_END

STEP 51 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham5.a.	IN	A
SECTION ANSWER
www.gotham5.a. CNAME w2.gotham5.a.
w2.gotham5.a. A 1.2.3.65
ENTRY_END

; Test with a CNAME from upstream, one rpz CNAME, rpz answer.
STEP 60 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham6.a.	IN	A
ENTRY_END

STEP 61 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham6.a.	IN	A
SECTION ANSWER
www.gotham6.a. CNAME w2.gotham6.a.
w2.gotham6.a. CNAME g6.target.a.
g6.target.a. A 1.2.3.66
ENTRY_END

; Test with a CNAME from upstream, two rpz CNAMEs, rpz answer.
STEP 70 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham7.a.	IN	A
ENTRY_END

STEP 71 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham7.a.	IN	A
SECTION ANSWER
www.gotham7.a. CNAME w2.gotham7.a.
w2.gotham7.a. CNAME g7.target.a.
g7.target.a. CNAME g7b.target.a.
g7b.target.a. A 1.2.3.66
ENTRY_END

; Test with a CNAME from cache, zero rpz CNAMEs, rpz answer.
STEP 80 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham5.a.	IN	A
ENTRY_END

STEP 81 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham5.a.	IN	A
SECTION ANSWER
www.gotham5.a. CNAME w2.gotham5.a.
w2.gotham5.a. A 1.2.3.65
ENTRY_END

; Test with a CNAME from cache, one rpz CNAME, rpz answer.
STEP 90 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham6.a.	IN	A
ENTRY_END

STEP 91 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham6.a.	IN	A
SECTION ANSWER
www.gotham6.a. CNAME w2.gotham6.a.
w2.gotham6.a. CNAME g6.target.a.
g6.target.a. A 1.2.3.66
ENTRY_END

; Test with a CNAME from cache, two rpz CNAMEs, rpz answer.
STEP 100 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham7.a.	IN	A
ENTRY_END

STEP 101 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham7.a.	IN	A
SECTION ANSWER
www.gotham7.a. CNAME w2.gotham7.a.
w2.gotham7.a. CNAME g7.target.a.
g7.target.a. CNAME g7b.target.a.
g7b.target.a. A 1.2.3.66
ENTRY_END

; Test with lookup from nameserver, zero rpz CNAMEs, rpz nsip answer.
STEP 110 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham8.a.	IN	A
ENTRY_END

STEP 111 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham8.a.	IN	A
SECTION ANSWER
www.gotham8.a. A 1.2.3.68
ENTRY_END

; Test with lookup from nameserver, one rpz CNAME, rpz nsip answer.
STEP 120 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham9.a.	IN	A
ENTRY_END

STEP 121 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham9.a.	IN	A
SECTION ANSWER
www.gotham9.a. CNAME g9.target.a.
g9.target.a. A 1.2.3.69
ENTRY_END

; Test with lookup from nameserver, two rpz CNAMEs, rpz nsip answer.
STEP 130 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham10.a.	IN	A
ENTRY_END

STEP 131 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham10.a.	IN	A
SECTION ANSWER
www.gotham10.a. CNAME g10.target.a.
g10.target.a. CNAME g10b.target.a.
g10b.target.a. A 1.2.3.70
ENTRY_END

; Test with one rpz CNAME, upstream answer.
STEP 140 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham11.a.	IN	A
ENTRY_END

STEP 141 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham11.a.	IN	A
SECTION ANSWER
www.gotham11.a. CNAME g11.target.a.
g11.target.a. A 1.2.3.11
ENTRY_END

; Test with two rpz CNAMEs, upstream answer.
STEP 150 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham12.a.	IN	A
ENTRY_END

STEP 151 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham12.a.	IN	A
SECTION ANSWER
www.gotham12.a. CNAME g12.target.a.
g12.target.a. CNAME g12b.target.a.
g12b.target.a. A 1.2.3.12
ENTRY_END

; Test with three rpz CNAMEs, upstream answer.
STEP 160 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham13.a.	IN	A
ENTRY_END

STEP 161 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
www.gotham13.a.	IN	A
SECTION ANSWER
www.gotham13.a. CNAME g13.target.a.
g13.target.a. CNAME g13b.target.a.
g13b.target.a. CNAME g13c.target.a.
g13c.target.a. A 1.2.3.13
ENTRY_END

; Test with a CNAME from upstream, one rpz CNAME, upstream answer.
STEP 170 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham14.a.	IN	A
ENTRY_END

STEP 171 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham14.a.	IN	A
SECTION ANSWER
www.gotham14.a. CNAME w2.gotham14.a.
w2.gotham14.a. CNAME g14.target.a.
g14.target.a. A 1.2.3.14
ENTRY_END

; Test with a CNAME from upstream, two rpz CNAMEs, upstream answer.
STEP 180 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham15.a.	IN	A
ENTRY_END

STEP 181 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham15.a.	IN	A
SECTION ANSWER
www.gotham15.a. CNAME w2.gotham15.a.
w2.gotham15.a. CNAME g15.target.a.
g15.target.a. CNAME g15b.target.a.
g15b.target.a. A 1.2.3.15
ENTRY_END

; Test with a CNAME from cache, one rpz CNAME, upstream answer.
STEP 190 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham14.a.	IN	A
ENTRY_END

STEP 191 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham14.a.	IN	A
SECTION ANSWER
www.gotham14.a. CNAME w2.gotham14.a.
w2.gotham14.a. CNAME g14.target.a.
g14.target.a. A 1.2.3.14
ENTRY_END

; Test with a CNAME from cache, two rpz CNAMEs, upstream answer.
STEP 200 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham15.a.	IN	A
ENTRY_END

STEP 201 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham15.a.	IN	A
SECTION ANSWER
www.gotham15.a. CNAME w2.gotham15.a.
w2.gotham15.a. CNAME g15.target.a.
g15.target.a. CNAME g15b.target.a.
g15b.target.a. A 1.2.3.15
ENTRY_END

; Test with lookup from nameserver, one rpz nsip CNAME, upstream answer.
STEP 210 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham16.a.	IN	A
ENTRY_END

STEP 211 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham16.a.	IN	A
SECTION ANSWER
www.gotham16.a. CNAME g16.target.a.
g16.target.a. A 1.2.3.16
ENTRY_END

; Test with lookup from nameserver, two rpz nsip CNAMEs, upstream answer.
STEP 220 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
www.gotham17.a.	IN	A
ENTRY_END

STEP 221 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
www.gotham17.a.	IN	A
SECTION ANSWER
www.gotham17.a. CNAME g17.target.a.
g17.target.a. CNAME g17b.target.a.
g17b.target.a. A 1.2.3.17
ENTRY_END

SCENARIO_END