; config options server: module-config: "respip validator iterator" target-fetch-policy: "0 0 0 0 0" qname-minimisation: no access-control: 192.0.0.0/8 allow rpz: name: "rpz.example.com." rpz-log: yes rpz-log-name: "rpz.example.com" rpz-action-override: "nxdomain" zonefile: TEMPFILE_NAME rpz.example.com TEMPFILE_CONTENTS rpz.example.com $ORIGIN example.com. rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( 1379078166 28800 7200 604800 7200 ) 3600 IN NS ns1.rpz.example.com. 3600 IN NS ns2.rpz.example.com. $ORIGIN rpz.example.com. ; ns1.gotham.a 32.41.30.20.10.rpz-nsip A 1.2.3.5 TEMPFILE_END rpz: name: "rpz2.example.com." rpz-log: yes rpz-log-name: "rpz2.example.com" rpz-action-override: "nodata" zonefile: TEMPFILE_NAME rpz2.example.com TEMPFILE_CONTENTS rpz2.example.com $ORIGIN example.com. rpz2 3600 IN SOA ns1.rpz2.example.com. hostmaster.rpz2.example.com. ( 1379078166 28800 7200 604800 7200 ) 3600 IN NS ns1.rpz2.example.com. 3600 IN NS ns2.rpz2.example.com. $ORIGIN rpz2.example.com. ; ns1.gotham2.a 32.42.30.20.10.rpz-nsip A 1.2.3.5 TEMPFILE_END rpz: name: "rpz3.example.com." rpz-log: yes rpz-log-name: "rpz3.example.com" rpz-action-override: "passthru" zonefile: TEMPFILE_NAME rpz3.example.com TEMPFILE_CONTENTS rpz3.example.com $ORIGIN example.com. rpz3 3600 IN SOA ns1.rpz3.example.com. hostmaster.rpz3.example.com. ( 1379078166 28800 7200 604800 7200 ) 3600 IN NS ns1.rpz3.example.com. 3600 IN NS ns2.rpz3.example.com. $ORIGIN rpz3.example.com. ; ns1.gotham3.a 32.43.30.20.10.rpz-nsip A 1.2.3.5 TEMPFILE_END rpz: name: "rpz4.example.com." rpz-log: yes rpz-log-name: "rpz4.example.com" rpz-action-override: "drop" zonefile: TEMPFILE_NAME rpz4.example.com TEMPFILE_CONTENTS rpz4.example.com $ORIGIN example.com. rpz4 3600 IN SOA ns1.rpz4.example.com. hostmaster.rpz4.example.com. ( 1379078166 28800 7200 604800 7200 ) 3600 IN NS ns1.rpz4.example.com. 3600 IN NS ns2.rpz4.example.com. $ORIGIN rpz4.example.com. ; ns1.gotham3.a 32.43.30.20.10.rpz-nsip A 1.2.3.5 ; ns1.gotham4.a 32.44.30.20.10.rpz-nsip A 1.2.3.5 TEMPFILE_END rpz: name: "rpz5.example.com." rpz-log: yes rpz-log-name: "rpz5.example.com" rpz-action-override: "cname" rpz-cname-override: "target.a" zonefile: TEMPFILE_NAME rpz5.example.com TEMPFILE_CONTENTS rpz5.example.com $ORIGIN example.com. rpz5 3600 IN SOA ns1.rpz5.example.com. hostmaster.rpz5.example.com. ( 1379078166 28800 7200 604800 7200 ) 3600 IN NS ns1.rpz5.example.com. 3600 IN NS ns2.rpz5.example.com. $ORIGIN rpz5.example.com. ; ns1.gotham5.a 32.45.30.20.10.rpz-nsip A 1.2.3.5 TEMPFILE_END rpz: name: "rpz6.example.com." rpz-log: yes rpz-log-name: "rpz6.example.com" rpz-action-override: "disabled" zonefile: TEMPFILE_NAME rpz6.example.com TEMPFILE_CONTENTS rpz6.example.com $ORIGIN example.com. rpz6 3600 IN SOA ns1.rpz6.example.com. hostmaster.rpz6.example.com. ( 1379078166 28800 7200 604800 7200 ) 3600 IN NS ns1.rpz6.example.com. 3600 IN NS ns2.rpz6.example.com. $ORIGIN rpz6.example.com. ; ns1.gotham6.a 32.46.30.20.10.rpz-nsip A 1.2.3.5 TEMPFILE_END stub-zone: name: "a." stub-addr: 10.20.30.40 CONFIG_END SCENARIO_BEGIN Test RPZ action override with trigger from nsip. ; a. RANGE_BEGIN 0 1000 ADDRESS 10.20.30.40 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION www.gotham.a. IN A SECTION AUTHORITY gotham.a. NS ns1.gotham.a. SECTION ADDITIONAL ns1.gotham.a. A 10.20.30.41 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION www.gotham2.a. IN A SECTION AUTHORITY gotham2.a. NS ns1.gotham2.a. SECTION ADDITIONAL ns1.gotham2.a. A 10.20.30.42 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION www.gotham3.a. IN A SECTION AUTHORITY gotham3.a. NS ns1.gotham3.a. SECTION ADDITIONAL ns1.gotham3.a. A 10.20.30.43 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION www.gotham4.a. IN A SECTION AUTHORITY gotham4.a. NS ns1.gotham4.a. SECTION ADDITIONAL ns1.gotham4.a. A 10.20.30.44 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION www.gotham5.a. IN A SECTION AUTHORITY gotham5.a. NS ns1.gotham5.a. SECTION ADDITIONAL ns1.gotham5.a. A 10.20.30.45 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION www.gotham6.a. IN A SECTION AUTHORITY gotham6.a. NS ns1.gotham6.a. SECTION ADDITIONAL ns1.gotham6.a. A 10.20.30.46 ENTRY_END ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION target.a. IN A SECTION ANSWER target.a. IN A 1.2.3.6 ENTRY_END RANGE_END ; gotham3.a. RANGE_BEGIN 0 1000 ADDRESS 10.20.30.43 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION www.gotham3.a. IN A SECTION ANSWER www.gotham3.a. A 1.2.3.4 ENTRY_END RANGE_END ; gotham6.a. RANGE_BEGIN 0 1000 ADDRESS 10.20.30.46 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION www.gotham6.a. IN A SECTION ANSWER www.gotham6.a. A 1.2.3.4 ENTRY_END RANGE_END STEP 10 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION www.gotham.a. IN A ENTRY_END STEP 11 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA AA NXDOMAIN SECTION QUESTION www.gotham.a. IN A SECTION ANSWER ENTRY_END STEP 20 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION www.gotham2.a. IN A ENTRY_END STEP 21 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA AA NOERROR SECTION QUESTION www.gotham2.a. IN A SECTION ANSWER ENTRY_END STEP 30 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION www.gotham3.a. IN A ENTRY_END STEP 31 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION www.gotham3.a. IN A SECTION ANSWER www.gotham3.a. A 1.2.3.4 ENTRY_END STEP 40 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION www.gotham4.a. IN A ENTRY_END ;dropped STEP 50 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION www.gotham5.a. IN A ENTRY_END STEP 51 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION www.gotham5.a. IN A SECTION ANSWER www.gotham5.a. CNAME target.a target.a A 1.2.3.6 ENTRY_END STEP 60 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION www.gotham6.a. IN A ENTRY_END STEP 61 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION www.gotham6.a. IN A SECTION ANSWER www.gotham6.a. A 1.2.3.4 ENTRY_END SCENARIO_END