Add basic RPZ tests

diff --git a/regression-tests.recursor/RPZ/command b/regression-tests.recursor/RPZ/command
new file mode 100755 (executable)
index 0000000..0cd34ad
--- /dev/null
+++ b/regression-tests.recursor/RPZ/command
@@ -0,0 +1,10 @@
+echo "arthur.example.net RPZ NXDOMAIN"
+$SDIG $nameserver 5301 arthur.example.net a recurse 2>&1
+echo "www.arthur.example.net RPZ NODATA"
+$SDIG $nameserver 5301 www.arthur.example.net a recurse 2>&1
+echo "srv.arthur.example.net RPZ passthru"
+$SDIG $nameserver 5301 srv.arthur.example.net srv recurse 2>&1
+echo "www.example.net RPZ local data to www2.example.net"
+$SDIG $nameserver 5301 www.example.net a recurse 2>&1
+echo "www4.example.net RPZ IP trigger action, dropped"
+$SDIG $nameserver 5301 www4.example.net a recurse 2>&1

diff --git a/regression-tests.recursor/RPZ/description b/regression-tests.recursor/RPZ/description
new file mode 100644 (file)
index 0000000..796e68a
--- /dev/null
+++ b/regression-tests.recursor/RPZ/description
@@ -0,0 +1 @@
+Test if we can load an RPZ from disk and if the responses are correct

diff --git a/regression-tests.recursor/RPZ/expected_result b/regression-tests.recursor/RPZ/expected_result
new file mode 100644 (file)
index 0000000..2970cf7
--- /dev/null
+++ b/regression-tests.recursor/RPZ/expected_result
@@ -0,0 +1,15 @@
+arthur.example.net RPZ NXDOMAIN
+Reply to question for qname='arthur.example.net.', qtype=A
+Rcode: 3 (Non-Existent domain), RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0
+www.arthur.example.net RPZ NODATA
+Reply to question for qname='www.arthur.example.net.', qtype=A
+Rcode: 0 (No Error), RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0
+srv.arthur.example.net RPZ passthru
+Reply to question for qname='srv.arthur.example.net.', qtype=SRV
+Rcode: 0 (No Error), RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0
+0      srv.arthur.example.net. IN      SRV     15      0 100 389 server2.example.net.
+www.example.net RPZ local data to www2.example.net
+Reply to question for qname='www.example.net.', qtype=A
+Rcode: 0 (No Error), RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0
+0      www.example.net.        IN      CNAME   0       www2.example.net.
+www4.example.net RPZ IP trigger action, dropped

diff --git a/regression-tests.recursor/config.sh b/regression-tests.recursor/config.sh
index 549c7e0f94f60e30795abcc3369a97694d93b653..1fd7bf342345c11b54676c9d9f14ef0559c10234 100755 (executable)
--- a/regression-tests.recursor/config.sh
+++ b/regression-tests.recursor/config.sh
@@ -45,7 +45,7 @@ fi
 
 cd configs
 
-for dir in recursor-service recursor-service2; do
+for dir in recursor-service recursor-service2 recursor-service3; do
   mkdir $dir
   cd $dir
 
@@ -86,6 +86,9 @@ example.net.             3600 IN NS  ns2.example.net.
 ns.example.net.          3600 IN A   $PREFIX.10
 ns2.example.net.         3600 IN A   $PREFIX.11
 www.example.net.         3600 IN A   192.0.2.1
+www2.example.net.        3600 IN A   192.0.2.2
+www3.example.net.        3600 IN A   192.0.2.3
+www4.example.net.        3600 IN A   192.0.2.4
 weirdtxt.example.net.    3600 IN IN  TXT "x\014x"
 arthur.example.net.      3600 IN NS  ns.arthur.example.net.
 arthur.example.net.      3600 IN NS  ns2.arthur.example.net.
@@ -536,3 +539,28 @@ socket-dir=$(pwd)/recursor-service2S
 lowercase-outgoing=yes
 
 EOF
+
+cat > recursor-service3/recursor.conf << EOF
+local-port=5301
+socket-dir=$(pwd)/recursor-service3S
+lua-config-file=$(pwd)/recursor-service3/config.lua
+
+EOF
+
+cat > recursor-service3/config.lua <<EOF
+rpzFile("$(pwd)/recursor-service3/rpz.zone", {policyName="myRPZ"})
+EOF
+
+cat > recursor-service3/rpz.zone <<EOF
+\$TTL 2h;
+\$ORIGIN domain.example.
+@ SOA $SOA
+@ NS ns.example.net.
+
+arthur.example.net     CNAME .                   ; NXDOMAIN on apex
+*.arthur.example.net   CNAME *.                  ; NODATA for everything below the apex
+srv.arthur.example.net CNAME rpz-passthru.       ; Allow this name though
+www.example.net        CNAME www2.example.net.   ; Local-Data Action
+
+32.4.2.0.192.rpz-ip    CNAME rpz-drop.           ; www4.example.net resolves to 192.0.2.4, drop A responses with that IP
+EOF