From 6e39dfd4b2017c6ea95f135aaa3499887e45bc4b Mon Sep 17 00:00:00 2001 From: Pieter Lexis Date: Wed, 27 Jul 2016 12:44:09 +0200 Subject: [PATCH] RPZ tests: add test for #4086 --- regression-tests.recursor/RPZ/command | 14 +++++++++----- regression-tests.recursor/RPZ/expected_result | 18 +++++++++++++----- regression-tests.recursor/config.sh | 1 + 3 files changed, 23 insertions(+), 10 deletions(-) diff --git a/regression-tests.recursor/RPZ/command b/regression-tests.recursor/RPZ/command index 0cd34addb..482bae86f 100755 --- a/regression-tests.recursor/RPZ/command +++ b/regression-tests.recursor/RPZ/command @@ -1,10 +1,14 @@ -echo "arthur.example.net RPZ NXDOMAIN" +echo "==> arthur.example.net RPZ NXDOMAIN" $SDIG $nameserver 5301 arthur.example.net a recurse 2>&1 -echo "www.arthur.example.net RPZ NODATA" +echo "==> www.arthur.example.net RPZ NODATA" $SDIG $nameserver 5301 www.arthur.example.net a recurse 2>&1 -echo "srv.arthur.example.net RPZ passthru" +echo "==> srv.arthur.example.net RPZ passthru" $SDIG $nameserver 5301 srv.arthur.example.net srv recurse 2>&1 -echo "www.example.net RPZ local data to www2.example.net" +echo "==> www.example.net RPZ local data to www2.example.net" $SDIG $nameserver 5301 www.example.net a recurse 2>&1 -echo "www4.example.net RPZ IP trigger action, dropped" +echo "==> www4.example.net RPZ IP trigger action, dropped" $SDIG $nameserver 5301 www4.example.net a recurse 2>&1 +echo "==> trillian.example.net NXDOMAIN" +$SDIG $nameserver 5301 trillian.example.net a recurse 2>&1 +echo "==> www.trillian.example.net has no RPZ policy attached, so lookup should succeed" +$SDIG $nameserver 5301 www.trillian.example.net a recurse 2>&1 diff --git a/regression-tests.recursor/RPZ/expected_result b/regression-tests.recursor/RPZ/expected_result index 2970cf76b..7af91de77 100644 --- a/regression-tests.recursor/RPZ/expected_result +++ b/regression-tests.recursor/RPZ/expected_result @@ -1,15 +1,23 @@ -arthur.example.net RPZ NXDOMAIN +==> arthur.example.net RPZ NXDOMAIN Reply to question for qname='arthur.example.net.', qtype=A Rcode: 3 (Non-Existent domain), RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0 -www.arthur.example.net RPZ NODATA +==> www.arthur.example.net RPZ NODATA Reply to question for qname='www.arthur.example.net.', qtype=A Rcode: 0 (No Error), RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0 -srv.arthur.example.net RPZ passthru +==> srv.arthur.example.net RPZ passthru Reply to question for qname='srv.arthur.example.net.', qtype=SRV Rcode: 0 (No Error), RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0 0 srv.arthur.example.net. IN SRV 15 0 100 389 server2.example.net. -www.example.net RPZ local data to www2.example.net +==> www.example.net RPZ local data to www2.example.net Reply to question for qname='www.example.net.', qtype=A Rcode: 0 (No Error), RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0 0 www.example.net. IN CNAME 0 www2.example.net. -www4.example.net RPZ IP trigger action, dropped +==> www4.example.net RPZ IP trigger action, dropped +==> trillian.example.net NXDOMAIN +Reply to question for qname='trillian.example.net.', qtype=A +Rcode: 3 (Non-Existent domain), RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0 +==> www.trillian.example.net has no RPZ policy attached, so lookup should succeed +Reply to question for qname='www.trillian.example.net.', qtype=A +Rcode: 0 (No Error), RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0 +0 www.trillian.example.net. IN CNAME 15 www2.arthur.example.net. +0 www2.arthur.example.net. IN A 15 192.0.2.6 diff --git a/regression-tests.recursor/config.sh b/regression-tests.recursor/config.sh index 60fb2b1bc..e510533bc 100755 --- a/regression-tests.recursor/config.sh +++ b/regression-tests.recursor/config.sh @@ -563,6 +563,7 @@ arthur.example.net CNAME . ; NXDOMAIN on apex srv.arthur.example.net CNAME rpz-passthru. ; Allow this name though www.example.net CNAME www2.example.net. ; Local-Data Action www3.example.net CNAME www4.example.net. ; Local-Data Action (to be changed in preresolve) +trillian.example.net CNAME . ; NXDOMAIN on apex, allows all sub-names (#4086) 32.4.2.0.192.rpz-ip CNAME rpz-drop. ; www4.example.net resolves to 192.0.2.4, drop A responses with that IP EOF -- 2.49.0