Tree @ed35e555-c4e7-48a8-b915-3d6462f58f5b/main (Download .tar.gz)
- ..
- 00-lint.tdir
- 01-doc.tdir
- 02-unittest.tdir
- 03-testbound.tdir
- 04-checkconf.tdir
- 05-asynclook.tdir
- 06-ianaports.tdir
- 07-confroot.tdir
- 08-host-lib.tdir
- 09-unbound-control.tdir
- 10-unbound-anchor.tdir
- auth_axfr.tdir
- auth_https.tdir
- clang-analysis.tdir
- ctrl_itr.tdir
- ctrl_pipe.tdir
- dnscrypt_cert.tdir
- dnscrypt_cert_chacha.tdir
- dnstap.tdir
- dnstap_reconnect.tdir
- dnstap_tcp.tdir
- dnstap_tls.tdir
- dnstap_tls_badcert.tdir
- dnstap_tls_badname.tdir
- dnstap_tls_clientauth.tdir
- dnstap_tls_peername.tdir
- doh_downstream.tdir
- doh_downstream_buffer_size.tdir
- doh_downstream_endpoint.tdir
- doh_downstream_notls.tdir
- doh_downstream_post.tdir
- dynlibmod.tdir
- edns_cache.tdir
- fwd_ancil.tdir
- fwd_bogus.tdir
- fwd_capsid.tdir
- fwd_capsid_fallback.tdir
- fwd_capsid_strip.tdir
- fwd_capsid_white.tdir
- fwd_compress_c00c.tdir
- fwd_edns_bksec.tdir
- fwd_edns_probe.tdir
- fwd_malformed.tdir
- fwd_no_edns.tdir
- fwd_oneport.tdir
- fwd_tcp.tdir
- fwd_tcp_tc.tdir
- fwd_tcp_tc6.tdir
- fwd_three.tdir
- fwd_three_service.tdir
- fwd_ttlexpire.tdir
- fwd_udp.tdir
- fwd_udptmout.tdir
- fwd_waitudp.tdir
- fwd_zero.tdir
- hostsfileosx.tdir
- local_nodefault.tdir
- local_norec.tdir
- local_nosnoop.tdir
- nss_compile.tdir
- padding.tdir
- pylib.tdir
- pymod.tdir
- pymod_thread.tdir
- remote-threaded.tdir
- root_anchor.tdir
- root_hints.tdir
- speed_cache.tdir
- speed_local.tdir
- ssl_req_order.tdir
- ssl_req_timeout.tdir
- stat_timer.tdir
- stat_values.tdir
- stream_ssl.tdir
- stream_tcp.tdir
- stub_udp.tdir
- stub_udp6.tdir
- tcp_conn_limit.tdir
- tcp_idle_timeout.tdir
- tcp_req_order.tdir
- tcp_req_size.tdir
- tcp_req_timeout.tdir
- tcp_reuse.tdir
- tcp_sigpipe.tdir
- tls_reuse.tdir
- acl.rpl
- auth_nsec3_ent.rpl
- auth_nsec3_wild.rpl
- auth_xfr.rpl
- auth_xfr_host.rpl
- auth_xfr_ixfr.rpl
- auth_xfr_ixfrisaxfr.rpl
- auth_xfr_ixfrmismatch.rpl
- auth_xfr_ixfrnotimpl.rpl
- auth_xfr_notify.rpl
- auth_xfr_probesoa.rpl
- auth_zonefile.rpl
- auth_zonefile_dnssec.rpl
- auth_zonefile_dnssec_fail.rpl
- auth_zonefile_down.rpl
- auth_zonefile_noup.rpl
- auth_zonefile_root.rpl
- autotrust_10key.rpl
- autotrust_addpend_2exceed.rpl
- autotrust_addpend_early.rpl
- autotrust_addpend_nosign.rpl
- autotrust_addpend_nosignnew.rpl
- autotrust_addpend_once.rpl
- autotrust_addpend_twice.rpl
- autotrust_init.rpl
- autotrust_init_ds.rpl
- autotrust_init_fail.rpl
- autotrust_init_failsig.rpl
- autotrust_init_legacy.rpl
- autotrust_init_sigs.rpl
- autotrust_init_zsk.rpl
- autotrust_missing.rpl
- autotrust_missing_all.rpl
- autotrust_missing_returns.rpl
- autotrust_probefail.rpl
- autotrust_probefailsig.rpl
- autotrust_revoked_use.rpl
- autotrust_revoked_with_invalid.rpl
- autotrust_revtp.rpl
- autotrust_revtp_read.rpl
- autotrust_revtp_use.rpl
- autotrust_rollalgo.rpl
- autotrust_rollalgo_unknown.rpl
- autotrust_rollover.rpl
- autotrust_valid_use.rpl
- black_data.rpl
- black_dnskey.rpl
- black_ds.rpl
- black_ds_entry.rpl
- black_ent.rpl
- black_key_entry.rpl
- black_prime.rpl
- black_prime_entry.rpl
- chaos_trustanchor.rpl
- common.sh
- dns64_lookup.rpl
- domain_insec_ds.rpl
- edns_client_string.rpl
- edns_client_string_opcode.rpl
- edns_keepalive.rpl
- fetch_glue.rpl
- fetch_glue_cname.rpl
- fwd.rpl
- fwd_0ttlservfail.rpl
- fwd_any.rpl
- fwd_cached.rpl
- fwd_droptoomany.rpl
- fwd_error.rpl
- fwd_jostle.rpl
- fwd_jostle_out.rpl
- fwd_lrudrop.rpl
- fwd_minimal.rpl
- fwd_no_cache.rpl
- fwd_notcached.rpl
- fwd_timeout.rpl
- fwd_two.rpl
- host_file.template
- ipsecmod_bogus_ipseckey.crpl
- ipsecmod_enabled.crpl
- ipsecmod_hook.sh
- ipsecmod_ignore_bogus_ipseckey.crpl
- ipsecmod_max_ttl.crpl
- ipsecmod_strict.crpl
- ipsecmod_whitelist.crpl
- iter_class_any.rpl
- iter_cname_cache.rpl
- iter_cname_double.rpl
- iter_cname_nx.rpl
- iter_cname_qnamecopy.rpl
- iter_cycle.rpl
- iter_cycle_noh.rpl
- iter_dname_insec.rpl
- iter_dname_yx.rpl
- iter_dnsseclame_bug.rpl
- iter_dnsseclame_ds.rpl
- iter_dnsseclame_ds_ok.rpl
- iter_dnsseclame_ta.rpl
- iter_dnsseclame_ta_ok.rpl
- iter_domain_sale.rpl
- iter_domain_sale_nschange.rpl
- iter_donotq127.rpl
- iter_dp_turnsuseless.rpl
- iter_ds_locate_ns.rpl
- iter_ds_locate_ns_cname.rpl
- iter_ds_locate_ns_detach.rpl
- iter_ds_locate_ns_nosoa.rpl
- iter_ds_referral.rpl
- iter_ds_reply.rpl
- iter_emptydp.rpl
- iter_emptydp_for_glue.rpl
- iter_fwdfirst.rpl
- iter_fwdfirstequal.rpl
- iter_fwdstub.rpl
- iter_fwdstubroot.rpl
- iter_got6only.rpl
- iter_hint_lame.rpl
- iter_lame_aaaa.rpl
- iter_lame_noaa.rpl
- iter_lame_nosoa.rpl
- iter_lamescrub.rpl
- iter_mod.rpl
- iter_ns_badip.rpl
- iter_ns_spoof.rpl
- iter_pc_a.rpl
- iter_pc_aaaa.rpl
- iter_pcdiff.rpl
- iter_pcdirect.rpl
- iter_pclame.rpl
- iter_pcname.rpl
- iter_pcnamech.rpl
- iter_pcnamechrec.rpl
- iter_pcnamerec.rpl
- iter_pcttl.rpl
- iter_prefetch.rpl
- iter_prefetch_change.rpl
- iter_prefetch_change2.rpl
- iter_prefetch_childns.rpl
- iter_prefetch_fail.rpl
- iter_prefetch_ns.rpl
- iter_primenoglue.rpl
- iter_privaddr.rpl
- iter_ranoaa_lame.rpl
- iter_reclame_one.rpl
- iter_reclame_two.rpl
- iter_recurse.rpl
- iter_req_qname.rpl
- iter_resolve.rpl
- iter_resolve_minimised.rpl
- iter_resolve_minimised_nx.rpl
- iter_resolve_minimised_refused.rpl
- iter_resolve_minimised_timeout.rpl
- iter_scrub_cname_an.rpl
- iter_scrub_dname_insec.rpl
- iter_scrub_dname_rev.rpl
- iter_scrub_dname_sec.rpl
- iter_scrub_ns.rpl
- iter_scrub_ns_fwd.rpl
- iter_scrub_ns_side.rpl
- iter_soamin.rpl
- iter_stub_leak.rpl
- iter_stub_noroot.rpl
- iter_stubfirst.rpl
- iter_stublastresort.rpl
- iter_timeout_ra_aaaa.rpl
- Kexample.com.+003+02854.ds
- Kexample.com.+003+02854.key
- Kexample.com.+003+02854.private
- Kexample.com.+005+16486.ds
- Kexample.com.+005+16486.key
- Kexample.com.+005+16486.private
- Kexample.com.+005+30899.ds
- Kexample.com.+005+30899.key
- Kexample.com.+005+30899.private
- Kexample.com.+005+55582.ds
- Kexample.com.+005+55582.key
- Kexample.com.+005+55582.private
- Kexample.com.+005+60946.ds
- Kexample.com.+005+60946.key
- Kexample.com.+005+60946.private
- Kexample.com.+007+57024.ds
- Kexample.com.+007+57024.key
- Kexample.com.+007+57024.private
- Kexample.com.+008+01443.ds
- Kexample.com.+008+01443.key
- Kexample.com.+008+01443.private
- Kexample.com.+008+29332.ds
- Kexample.com.+008+29332.key
- Kexample.com.+008+29332.private
- Kexample.com.+008+55566.ds
- Kexample.com.+008+55566.key
- Kexample.com.+008+55566.private
- Kexample.com.+009+48886.ds
- Kexample.com.+009+48886.key
- Kexample.com.+009+48886.private
- Kexample.com.+012+60385.ds
- Kexample.com.+012+60385.key
- Kexample.com.+012+60385.private
- local_acl_override.rpl
- local_acl_taglist.rpl
- local_acl_taglist_action.rpl
- local_cname.rpl
- local_ds.rpl
- local_nodefault.rpl
- local_transparent_sametype.rpl
- local_typetransparent.rpl
- localdata.rpl
- net_signed_servfail.rpl
- nomem_cnametopos.rpl
- nsid_ascii.rpl
- nsid_hex.rpl
- nsid_not_set.rpl
- refuse_xfr.rpl
- root_key_sentinel.rpl
- rpz_axfr.rpl
- rpz_ixfr.rpl
- rpz_qname.rpl
- rpz_qname_override.rpl
- rpz_respip.rpl
- rpz_respip_override.rpl
- rrset_rettl.rpl
- rrset_untrusted.rpl
- rrset_updated.rpl
- serve_expired.rpl
- serve_expired_client_timeout.rpl
- serve_expired_reply_ttl.rpl
- serve_expired_servfail.rpl
- serve_expired_ttl.rpl
- serve_expired_ttl_client_timeout.rpl
- serve_expired_zerottl.rpl
- serve_original_ttl.rpl
- stop_nxdomain.rpl
- stop_nxdomain_minimised.rpl
- subnet_cached.crpl
- subnet_derived.crpl
- subnet_format_ip4.crpl
- subnet_max_source.crpl
- subnet_not_whitelisted.crpl
- subnet_val_positive.crpl
- subnet_val_positive_client.crpl
- subnet_without_validator.crpl
- test_ds.sha1
- test_ds.sha384
- test_ldnsrr.1
- test_ldnsrr.2
- test_ldnsrr.3
- test_ldnsrr.4
- test_ldnsrr.5
- test_ldnsrr.c1
- test_ldnsrr.c2
- test_ldnsrr.c3
- test_ldnsrr.c4
- test_ldnsrr.c5
- test_nsec3_hash.1
- test_packets.1
- test_packets.2
- test_packets.3
- test_packets.4
- test_packets.5
- test_packets.6
- test_packets.7
- test_packets.8
- test_packets.9
- test_signatures.1
- test_signatures.2
- test_signatures.3
- test_signatures.4
- test_signatures.5
- test_signatures.6
- test_signatures.7
- test_signatures.8
- test_signatures.9
- test_sigs.ecdsa_p256
- test_sigs.ecdsa_p384
- test_sigs.ed25519
- test_sigs.ed448
- test_sigs.gost
- test_sigs.hinfo
- test_sigs.revoked
- test_sigs.rsasha256
- test_sigs.rsasha256_draft
- test_sigs.rsasha512_draft
- test_sigs.sha1_and_256
- trust_cname_chain.rpl
- ttl_max.rpl
- ttl_min.rpl
- ttl_msg.rpl
- val_adbit.rpl
- val_adcopy.rpl
- val_anchor_nx.rpl
- val_anchor_nx_nosig.rpl
- val_ans_dsent.rpl
- val_ans_nx.rpl
- val_any.rpl
- val_any_cname.rpl
- val_any_dname.rpl
- val_cname_loop1.rpl
- val_cname_loop2.rpl
- val_cname_loop3.rpl
- val_cnameinsectopos.rpl
- val_cnamenx_dblnsec.rpl
- val_cnamenx_rcodenx.rpl
- val_cnameqtype.rpl
- val_cnametocloser.rpl
- val_cnametocloser_nosig.rpl
- val_cnametocnamewctoposwc.rpl
- val_cnametodname.rpl
- val_cnametodnametocnametopos.rpl
- val_cnametoinsecure.rpl
- val_cnametonodata.rpl
- val_cnametonodata_nonsec.rpl
- val_cnametonsec.rpl
- val_cnametonx.rpl
- val_cnametooptin.rpl
- val_cnametooptout.rpl
- val_cnametopos.rpl
- val_cnametoposnowc.rpl
- val_cnametoposwc.rpl
- val_cnamewctonodata.rpl
- val_cnamewctonx.rpl
- val_cnamewctoposwc.rpl
- val_deleg_nons.rpl
- val_dnametoolong.rpl
- val_dnametopos.rpl
- val_dnametoposwc.rpl
- val_dnamewc.rpl
- val_ds_afterprime.rpl
- val_ds_cname.rpl
- val_ds_cnamesub.rpl
- val_ds_gost.crpl
- val_ds_gost_downgrade.crpl
- val_ds_sha2.crpl
- val_ds_sha2_downgrade.crpl
- val_ds_sha2_lenient.crpl
- val_dsnsec.rpl
- val_entds.rpl
- val_faildnskey.rpl
- val_faildnskey_ok.rpl
- val_fwdds.rpl
- val_keyprefetch.rpl
- val_keyprefetch_verify.rpl
- val_mal_wc.rpl
- val_negcache_ds.rpl
- val_negcache_dssoa.rpl
- val_negcache_nodata.rpl
- val_negcache_nta.rpl
- val_negcache_nxdomain.rpl
- val_noadwhennodo.rpl
- val_nodata.rpl
- val_nodata_ent.rpl
- val_nodata_entnx.rpl
- val_nodata_entwc.rpl
- val_nodata_failsig.rpl
- val_nodata_failwc.rpl
- val_nodata_hasdata.rpl
- val_nodata_zonecut.rpl
- val_nodatawc.rpl
- val_nodatawc_badce.rpl
- val_nodatawc_nodeny.rpl
- val_nodatawc_one.rpl
- val_nokeyprime.rpl
- val_nsec3_b1_nameerror.rpl
- val_nsec3_b1_nameerror_noce.rpl
- val_nsec3_b1_nameerror_nonc.rpl
- val_nsec3_b1_nameerror_nowc.rpl
- val_nsec3_b21_nodataent.rpl
- val_nsec3_b21_nodataent_wr.rpl
- val_nsec3_b2_nodata.rpl
- val_nsec3_b2_nodata_nons.rpl
- val_nsec3_b3_optout.rpl
- val_nsec3_b3_optout_negcache.rpl
- val_nsec3_b3_optout_noce.rpl
- val_nsec3_b3_optout_nonc.rpl
- val_nsec3_b4_wild.rpl
- val_nsec3_b4_wild_wr.rpl
- val_nsec3_b5_wcnodata.rpl
- val_nsec3_b5_wcnodata_noce.rpl
- val_nsec3_b5_wcnodata_nonc.rpl
- val_nsec3_b5_wcnodata_nowc.rpl
- val_nsec3_cname_ds.rpl
- val_nsec3_cname_par.rpl
- val_nsec3_cname_sub.rpl
- val_nsec3_cnametocnamewctoposwc.rpl
- val_nsec3_entnodata_optout.rpl
- val_nsec3_entnodata_optout_badopt.rpl
- val_nsec3_entnodata_optout_match.rpl
- val_nsec3_iter_high.rpl
- val_nsec3_nodatawccname.rpl
- val_nsec3_nods.rpl
- val_nsec3_nods_badopt.rpl
- val_nsec3_nods_badsig.rpl
- val_nsec3_nods_negcache.rpl
- val_nsec3_nods_soa.rpl
- val_nsec3_optout_ad.rpl
- val_nsec3_optout_cache.rpl
- val_nsec3_wcany.rpl
- val_nsec3_wcany_nodeny.rpl
- val_nx.rpl
- val_nx_failwc.rpl
- val_nx_nodeny.rpl
- val_nx_nowc.rpl
- val_nx_nsec3_collision.rpl
- val_nx_nsec3_params.rpl
- val_nx_overreach.rpl
- val_pos_truncns.rpl
- val_positive.rpl
- val_positive_nosigs.rpl
- val_positive_wc.rpl
- val_positive_wc_nodeny.rpl
- val_qds_badanc.rpl
- val_qds_oneanc.rpl
- val_qds_twoanc.rpl
- val_refer_unsignadd.rpl
- val_referd.rpl
- val_referglue.rpl
- val_rrsig.rpl
- val_secds.rpl
- val_secds_nosig.rpl
- val_spurious_ns.rpl
- val_stub_noroot.rpl
- val_stubds.rpl
- val_ta_algo_dnskey.rpl
- val_ta_algo_dnskey_dp.rpl
- val_ta_algo_missing.rpl
- val_ta_algo_missing_dp.rpl
- val_twocname.rpl
- val_unalgo_anchor.rpl
- val_unalgo_ds.rpl
- val_unsec_cname.rpl
- val_unsecds.rpl
- val_unsecds_negcache.rpl
- val_unsecds_qtypeds.rpl
- val_wild_pos.rpl
- version_bind.rpl
- version_bind_hide.rpl
- views.rpl
rpz_qname_override.rpl @ed35e555-c4e7-48a8-b915-3d6462f58f5b/main — raw · history · blame
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 | ; config options server: module-config: "respip validator iterator" target-fetch-policy: "0 0 0 0 0" qname-minimisation: no rpz: name: "rpz.example.com." rpz-action-override: disabled zonefile: TEMPFILE_NAME rpz.example.com TEMPFILE_CONTENTS rpz.example.com $ORIGIN rpz.example.com. a TXT "record zone rpz.example.com" TEMPFILE_END rpz: name: "rpz2.example.com." zonefile: TEMPFILE_NAME rpz2.example.com TEMPFILE_CONTENTS rpz2.example.com $ORIGIN rpz2.example.com. a TXT "record zone rpz2.example.com" TEMPFILE_END rpz: name: "rpz3.example.com." rpz-action-override: nodata zonefile: TEMPFILE_NAME rpz3.example.com TEMPFILE_CONTENTS rpz3.example.com $ORIGIN rpz3.example.com. b CNAME . TEMPFILE_END rpz: name: "rpz4.example.com." rpz-action-override: nxdomain zonefile: TEMPFILE_NAME rpz4.example.com TEMPFILE_CONTENTS rpz4.example.com $ORIGIN rpz4.example.com. c CNAME *. TEMPFILE_END rpz: name: "rpz5.example.com." rpz-action-override: passthru zonefile: TEMPFILE_NAME rpz5.example.com TEMPFILE_CONTENTS rpz5.example.com $ORIGIN rpz5.example.com. d TXT "should be override by passthru" TEMPFILE_END rpz: name: "rpz6.example.com." rpz-action-override: cname rpz-cname-override: "d." zonefile: TEMPFILE_NAME rpz6.example.com TEMPFILE_CONTENTS rpz6.example.com $ORIGIN rpz6.example.com. e TXT "should be override by cname" TEMPFILE_END rpz: name: "rpz7.example.com." rpz-action-override: drop zonefile: TEMPFILE_NAME rpz7.example.com TEMPFILE_CONTENTS rpz7.example.com $ORIGIN rpz7.example.com. f TXT "should be override by drop policy" TEMPFILE_END stub-zone: name: "d." stub-addr: 10.20.30.40 CONFIG_END SCENARIO_BEGIN Test RPZ action overrides for QNAME trigger ; d. RANGE_BEGIN 0 100 ADDRESS 10.20.30.40 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id REPLY QR NOERROR SECTION QUESTION d. IN TXT SECTION ANSWER d. IN TXT "answer from upstream ns" ENTRY_END RANGE_END ; check disabled override, should be answered using next policy zone STEP 10 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION a. IN TXT ENTRY_END STEP 11 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA AA NOERROR SECTION QUESTION a. IN TXT SECTION ANSWER a TXT "record zone rpz2.example.com" ENTRY_END ; check nodata override, would be NXDOMAIN without override STEP 20 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION b. IN TXT ENTRY_END STEP 21 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA AA NOERROR SECTION QUESTION b. IN TXT SECTION ANSWER ENTRY_END ; check nxdomain override, would be NODATA without override STEP 30 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION c. IN TXT ENTRY_END STEP 31 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA AA NXDOMAIN SECTION QUESTION c. IN TXT SECTION ANSWER ENTRY_END ; check passthru override, would be localdata without override STEP 40 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION d. IN TXT ENTRY_END STEP 41 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA NOERROR SECTION QUESTION d. IN TXT SECTION ANSWER d. IN TXT "answer from upstream ns" ENTRY_END ; check cname override, would be localdata without override STEP 50 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION e. IN TXT ENTRY_END STEP 51 CHECK_ANSWER ENTRY_BEGIN MATCH all REPLY QR RD RA AA NOERROR SECTION QUESTION e. IN TXT SECTION ANSWER e. IN CNAME d. d. IN TXT "answer from upstream ns" ENTRY_END ; check drop override, would be localdata without override STEP 60 QUERY ENTRY_BEGIN REPLY RD SECTION QUESTION f. IN TXT ENTRY_END ; no answer is checked at exit of testbound. SCENARIO_END |