system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-22 10:48:02 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
freebsd-src/contrib/unbound/testdata/rpz_passthru_clientip.rpl
Cy Schubert 335c7cda12 unbound: Vendor import 1.20.0 
Release notes at
	https://www.nlnetlabs.nl/news/2024/May/08/unbound-1.20.0-released/

Security:	The DNSBomb vulnerability CVE-2024-33655

Merge commit 'c2a80056864d6eda0398fd127dc0ae515b39752b' into main
2024-05-10 14:23:43 -07:00

91 lines
1.6 KiB
Plaintext
Raw Blame History

; config options
server:
module-config: "respip validator iterator"
target-fetch-policy: "0 0 0 0 0"
qname-minimisation: no
access-control: 192.0.0.0/8 allow
rpz:
name: "rpz.example.com."
rpz-log: yes
rpz-log-name: "rpz.example.com"
zonefile:
TEMPFILE_NAME rpz.example.com
TEMPFILE_CONTENTS rpz.example.com
$ORIGIN example.com.
rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
1379078166 28800 7200 604800 7200 )
3600 IN NS ns1.rpz.example.com.
3600 IN NS ns2.rpz.example.com.
$ORIGIN rpz.example.com.
d.a A 127.0.0.1
32.1.5.0.192.rpz-client-ip CNAME rpz-passthru.
32.2.5.0.192.rpz-client-ip CNAME rpz-drop.
TEMPFILE_END
stub-zone:
name: "a."
stub-addr: 10.20.30.40
CONFIG_END
SCENARIO_BEGIN Test RPZ passthru ends processing after clientip.
; a.
RANGE_BEGIN 0 1000
ADDRESS 10.20.30.40
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
d.a. IN A
SECTION ANSWER
d.a. IN A 1.2.3.4
ENTRY_END
RANGE_END
STEP 10 QUERY ADDRESS 192.0.5.1
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
d.a. IN A
ENTRY_END
STEP 11 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
d.a. IN A
SECTION ANSWER
d.a. A 1.2.3.4
ENTRY_END
; This reply should get the rpz data
STEP 20 QUERY ADDRESS 192.0.5.3
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
d.a. IN A
ENTRY_END
STEP 21 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
d.a. IN A
SECTION ANSWER
d.a. A 127.0.0.1
ENTRY_END
; This reply should be dropped.
STEP 30 QUERY ADDRESS 192.0.5.2
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
d.a. IN A
ENTRY_END
SCENARIO_END
Reference in a new issue View git blame Copy permalink