From: Pieter Lexis Date: Tue, 26 Jul 2016 12:02:33 +0000 (+0200) Subject: Add basic RPZ tests X-Git-Tag: rec-4.0.2~1^2~23 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6de632a5a5fcc26486c142ea5e5ebf65d6cf83fd;p=pdns Add basic RPZ tests --- diff --git a/regression-tests.recursor/RPZ/command b/regression-tests.recursor/RPZ/command new file mode 100755 index 000000000..0cd34addb --- /dev/null +++ b/regression-tests.recursor/RPZ/command @@ -0,0 +1,10 @@ +echo "arthur.example.net RPZ NXDOMAIN" +$SDIG $nameserver 5301 arthur.example.net a recurse 2>&1 +echo "www.arthur.example.net RPZ NODATA" +$SDIG $nameserver 5301 www.arthur.example.net a recurse 2>&1 +echo "srv.arthur.example.net RPZ passthru" +$SDIG $nameserver 5301 srv.arthur.example.net srv recurse 2>&1 +echo "www.example.net RPZ local data to www2.example.net" +$SDIG $nameserver 5301 www.example.net a recurse 2>&1 +echo "www4.example.net RPZ IP trigger action, dropped" +$SDIG $nameserver 5301 www4.example.net a recurse 2>&1 diff --git a/regression-tests.recursor/RPZ/description b/regression-tests.recursor/RPZ/description new file mode 100644 index 000000000..796e68a17 --- /dev/null +++ b/regression-tests.recursor/RPZ/description @@ -0,0 +1 @@ +Test if we can load an RPZ from disk and if the responses are correct diff --git a/regression-tests.recursor/RPZ/expected_result b/regression-tests.recursor/RPZ/expected_result new file mode 100644 index 000000000..2970cf76b --- /dev/null +++ b/regression-tests.recursor/RPZ/expected_result @@ -0,0 +1,15 @@ +arthur.example.net RPZ NXDOMAIN +Reply to question for qname='arthur.example.net.', qtype=A +Rcode: 3 (Non-Existent domain), RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0 +www.arthur.example.net RPZ NODATA +Reply to question for qname='www.arthur.example.net.', qtype=A +Rcode: 0 (No Error), RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0 +srv.arthur.example.net RPZ passthru +Reply to question for qname='srv.arthur.example.net.', qtype=SRV +Rcode: 0 (No Error), RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0 +0 srv.arthur.example.net. IN SRV 15 0 100 389 server2.example.net. +www.example.net RPZ local data to www2.example.net +Reply to question for qname='www.example.net.', qtype=A +Rcode: 0 (No Error), RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0 +0 www.example.net. IN CNAME 0 www2.example.net. +www4.example.net RPZ IP trigger action, dropped diff --git a/regression-tests.recursor/config.sh b/regression-tests.recursor/config.sh index 549c7e0f9..1fd7bf342 100755 --- a/regression-tests.recursor/config.sh +++ b/regression-tests.recursor/config.sh @@ -45,7 +45,7 @@ fi cd configs -for dir in recursor-service recursor-service2; do +for dir in recursor-service recursor-service2 recursor-service3; do mkdir $dir cd $dir @@ -86,6 +86,9 @@ example.net. 3600 IN NS ns2.example.net. ns.example.net. 3600 IN A $PREFIX.10 ns2.example.net. 3600 IN A $PREFIX.11 www.example.net. 3600 IN A 192.0.2.1 +www2.example.net. 3600 IN A 192.0.2.2 +www3.example.net. 3600 IN A 192.0.2.3 +www4.example.net. 3600 IN A 192.0.2.4 weirdtxt.example.net. 3600 IN IN TXT "x\014x" arthur.example.net. 3600 IN NS ns.arthur.example.net. arthur.example.net. 3600 IN NS ns2.arthur.example.net. @@ -536,3 +539,28 @@ socket-dir=$(pwd)/recursor-service2S lowercase-outgoing=yes EOF + +cat > recursor-service3/recursor.conf << EOF +local-port=5301 +socket-dir=$(pwd)/recursor-service3S +lua-config-file=$(pwd)/recursor-service3/config.lua + +EOF + +cat > recursor-service3/config.lua < recursor-service3/rpz.zone <