Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
87708bde
Commit
87708bde
authored
Jan 13, 2011
by
Mark Andrews
Browse files
3008. [func] Response policy zones (RPZ) support. [RT #21726]
parent
100b7874
Changes
45
Expand all
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
87708bde
3008. [func] Response policy zones (RPZ) support. [RT #21726]
3007. [bug] Named failed to preserve the case of domain names in
rdata which is no compressable when writing master
files. [RT #22863]
...
...
bin/named/include/named/query.h
View file @
87708bde
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: query.h,v 1.4
3
201
0/12/08 02:46:1
5 marka Exp $ */
/* $Id: query.h,v 1.4
4
201
1/01/13 01:59:2
5 marka Exp $ */
#ifndef NAMED_QUERY_H
#define NAMED_QUERY_H 1
...
...
@@ -26,8 +26,9 @@
#include
<isc/buffer.h>
#include
<isc/netaddr.h>
#include
<dns/types.h>
#include
<dns/rdataset.h>
#include
<dns/rpz.h>
#include
<dns/types.h>
#include
<named/types.h>
...
...
@@ -35,6 +36,7 @@
typedef
struct
ns_dbversion
{
dns_db_t
*
db
;
dns_dbversion_t
*
version
;
isc_boolean_t
acl_checked
;
isc_boolean_t
queryok
;
ISC_LINK
(
struct
ns_dbversion
)
link
;
}
ns_dbversion_t
;
...
...
@@ -55,6 +57,7 @@ struct ns_query {
isc_boolean_t
isreferral
;
isc_mutex_t
fetchlock
;
dns_fetch_t
*
fetch
;
dns_rpz_st_t
*
rpz_st
;
isc_bufferlist_t
namebufs
;
ISC_LIST
(
ns_dbversion_t
)
activeversions
;
ISC_LIST
(
ns_dbversion_t
)
freeversions
;
...
...
bin/named/query.c
View file @
87708bde
This diff is collapsed.
Click to expand it.
bin/named/server.c
View file @
87708bde
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.c,v 1.59
7
2011/01/1
1 23:47:12 tbox
Exp $ */
/* $Id: server.c,v 1.59
8
2011/01/1
3 01:59:25 marka
Exp $ */
/*! \file */
...
...
@@ -1438,6 +1438,114 @@ cleanup:
return
(
result
);
}
static
isc_result_t
configure_rpz
(
dns_view_t
*
view
,
const
cfg_listelt_t
*
element
)
{
const
cfg_obj_t
*
rpz_obj
,
*
policy_obj
;
const
char
*
str
;
dns_fixedname_t
fixed
;
dns_name_t
*
origin
;
dns_rpz_zone_t
*
old
,
*
new
;
dns_zone_t
*
zone
;
isc_result_t
result
;
unsigned
int
l1
,
l2
;
new
=
isc_mem_get
(
view
->
mctx
,
sizeof
(
*
new
));
if
(
new
==
NULL
)
{
result
=
ISC_R_NOMEMORY
;
goto
cleanup
;
}
memset
(
new
,
0
,
sizeof
(
*
new
));
dns_name_init
(
&
new
->
nsdname
,
NULL
);
dns_name_init
(
&
new
->
origin
,
NULL
);
dns_name_init
(
&
new
->
cname
,
NULL
);
ISC_LIST_INITANDAPPEND
(
view
->
rpz_zones
,
new
,
link
);
rpz_obj
=
cfg_listelt_value
(
element
);
policy_obj
=
cfg_tuple_get
(
rpz_obj
,
"policy"
);
if
(
cfg_obj_isvoid
(
policy_obj
))
{
new
->
policy
=
DNS_RPZ_POLICY_GIVEN
;
}
else
{
str
=
cfg_obj_asstring
(
policy_obj
);
new
->
policy
=
dns_rpz_str2policy
(
str
);
INSIST
(
new
->
policy
!=
DNS_RPZ_POLICY_ERROR
);
}
dns_fixedname_init
(
&
fixed
);
origin
=
dns_fixedname_name
(
&
fixed
);
str
=
cfg_obj_asstring
(
cfg_tuple_get
(
rpz_obj
,
"name"
));
result
=
dns_name_fromstring
(
origin
,
str
,
DNS_NAME_DOWNCASE
,
NULL
);
if
(
result
!=
ISC_R_SUCCESS
)
{
cfg_obj_log
(
rpz_obj
,
ns_g_lctx
,
DNS_RPZ_ERROR_LEVEL
,
"invalid zone '%s'"
,
str
);
goto
cleanup
;
}
result
=
dns_name_fromstring2
(
&
new
->
nsdname
,
DNS_RPZ_NSDNAME_ZONE
,
origin
,
DNS_NAME_DOWNCASE
,
view
->
mctx
);
if
(
result
!=
ISC_R_SUCCESS
)
{
cfg_obj_log
(
rpz_obj
,
ns_g_lctx
,
DNS_RPZ_ERROR_LEVEL
,
"invalid zone '%s'"
,
str
);
goto
cleanup
;
}
/*
* The origin is part of 'nsdname' so we don't need to keep it
* seperately.
*/
l1
=
dns_name_countlabels
(
&
new
->
nsdname
);
l2
=
dns_name_countlabels
(
origin
);
dns_name_getlabelsequence
(
&
new
->
nsdname
,
l1
-
l2
,
l2
,
&
new
->
origin
);
/*
* Are we configured to with the reponse policy zone?
*/
result
=
dns_view_findzone
(
view
,
&
new
->
origin
,
&
zone
);
if
(
result
!=
ISC_R_SUCCESS
)
{
cfg_obj_log
(
rpz_obj
,
ns_g_lctx
,
DNS_RPZ_ERROR_LEVEL
,
"unknown zone '%s'"
,
str
);
goto
cleanup
;
}
if
(
dns_zone_gettype
(
zone
)
!=
dns_zone_master
&&
dns_zone_gettype
(
zone
)
!=
dns_zone_slave
)
{
cfg_obj_log
(
rpz_obj
,
ns_g_lctx
,
DNS_RPZ_ERROR_LEVEL
,
"zone '%s' is neither master nor slave"
,
str
);
dns_zone_detach
(
&
zone
);
result
=
DNS_R_NOTMASTER
;
goto
cleanup
;
}
dns_zone_detach
(
&
zone
);
for
(
old
=
ISC_LIST_HEAD
(
view
->
rpz_zones
);
old
!=
new
;
old
=
ISC_LIST_NEXT
(
old
,
link
))
{
++
new
->
num
;
if
(
dns_name_equal
(
&
old
->
origin
,
&
new
->
origin
))
{
cfg_obj_log
(
rpz_obj
,
ns_g_lctx
,
DNS_RPZ_ERROR_LEVEL
,
"duplicate '%s'"
,
str
);
result
=
DNS_R_DUPLICATE
;
goto
cleanup
;
}
}
if
(
new
->
policy
==
DNS_RPZ_POLICY_CNAME
)
{
str
=
cfg_obj_asstring
(
cfg_tuple_get
(
rpz_obj
,
"cname"
));
result
=
dns_name_fromstring
(
&
new
->
cname
,
str
,
0
,
view
->
mctx
);
if
(
result
!=
ISC_R_SUCCESS
)
{
cfg_obj_log
(
rpz_obj
,
ns_g_lctx
,
DNS_RPZ_ERROR_LEVEL
,
"invalid cname '%s'"
,
str
);
goto
cleanup
;
}
}
return
(
ISC_R_SUCCESS
);
cleanup:
dns_rpz_view_destroy
(
view
);
return
(
result
);
}
/*
* Configure 'view' according to 'vconfig', taking defaults from 'config'
* where values are missing in 'vconfig'.
...
...
@@ -2781,6 +2889,29 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
}
}
/*
* Make the list of response policy zone names for views that
* are used for real lookups and so care about hints.
*/
zonelist
=
NULL
;
if
(
view
->
rdclass
==
dns_rdataclass_in
&&
need_hints
)
{
obj
=
NULL
;
result
=
ns_config_get
(
maps
,
"response-policy"
,
&
obj
);
if
(
result
==
ISC_R_SUCCESS
)
cfg_map_get
(
obj
,
"zone"
,
&
zonelist
);
}
if
(
zonelist
!=
NULL
)
{
for
(
element
=
cfg_list_first
(
zonelist
);
element
!=
NULL
;
element
=
cfg_list_next
(
element
))
{
result
=
configure_rpz
(
view
,
element
);
if
(
result
!=
ISC_R_SUCCESS
)
goto
cleanup
;
dns_rpz_set_need
(
ISC_TRUE
);
}
}
result
=
ISC_R_SUCCESS
;
cleanup:
...
...
bin/tests/system/Makefile.in
View file @
87708bde
...
...
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.3
3
201
0
/0
6/23 23:46:58 tbox
Exp $
# $Id: Makefile.in,v 1.3
4
201
1
/0
1/13 01:59:25 marka
Exp $
srcdir
=
@srcdir@
VPATH
=
@srcdir@
...
...
@@ -21,7 +21,7 @@ top_srcdir = @top_srcdir@
@BIND9_MAKE_INCLUDES@
SUBDIRS
=
filter-aaaa lwresd tkey
SUBDIRS
=
filter-aaaa lwresd
rpz
tkey
TARGETS
=
@BIND9_MAKE_RULES@
...
...
bin/tests/system/README
View file @
87708bde
...
...
@@ -17,6 +17,7 @@ involving a different DNS setup. They are:
nsupdate/ Dynamic update and IXFR tests
resolver/ Regression tests for resolver bugs that have been fixed
(not a complete resolver test suite)
rpz/ Tests of response policy zone (RPZ) rewriting
stub/ Tests of stub zone functionality
unknown/ Unknown type and class tests
upforwd/ Update forwarding tests
...
...
@@ -57,4 +58,4 @@ The tests can be run individually like this:
To run all the tests, just type "make test".
$Id: README,v 1.1
4
201
0
/0
8/25 23:46:37 tbox
Exp $
$Id: README,v 1.1
5
201
1
/0
1/13 01:59:25 marka
Exp $
bin/tests/system/conf.sh.in
View file @
87708bde
...
...
@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: conf.sh.in,v 1.5
7
201
0/12/23 04:07:59
marka Exp $
# $Id: conf.sh.in,v 1.5
8
201
1/01/13 01:59:26
marka Exp $
#
# Common configuration data for system tests, to be sourced into
...
...
@@ -55,7 +55,7 @@ JOURNALPRINT=$TOP/bin/tools/named-journalprint
SUBDIRS
=
"acl allow_query addzone autosign cacheclean checkconf checknames
dlv @DLZ_SYSTEM_TEST@ dlzexternal dns64 dnssec forward glue gost ixfr limits
lwresd masterfile masterformat metadata notify nsupdate pending pkcs11
resolver rrsetorder sortlist smartsign staticstub stub tkey
resolver
rpz
rrsetorder sortlist smartsign staticstub stub tkey
tsig tsiggss unknown upforwd views xfer xferquota zonechecks"
# PERL will be an empty string if no perl interpreter was found.
...
...
bin/tests/system/rpz/Makefile.in
0 → 100644
View file @
87708bde
# Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.2 2011/01/13 01:59:26 marka Exp $
srcdir
=
@srcdir@
VPATH
=
@srcdir@
top_srcdir
=
@top_srcdir@
@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@
CINCLUDES
=
CDEFINES
=
CWARNINGS
=
DNSLIBS
=
ISCLIBS
=
.
DNSDEPLIBS
=
ISCDEPLIBS
=
DEPLIBS
=
LIBS
=
@LIBS@
TARGETS
=
rpz@EXEEXT@
RPZOBJS
=
rpz.@O@
SRCS
=
rpz.c
@BIND9_MAKE_RULES@
all
:
rpz@EXEEXT@
rpz@EXEEXT@
:
${RPZOBJS}
${LIBTOOL_MODE_LINK}
${PURIFY}
${CC}
${CFLAGS}
${LDFLAGS}
-o
$@
${RPZOBJS}
${LIBS}
clean distclean
::
rm
-f
${TARGETS}
bin/tests/system/rpz/clean.sh
0 → 100644
View file @
87708bde
# Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: clean.sh,v 1.2 2011/01/13 01:59:26 marka Exp $
# Clean up after rpz tests.
rm
-f
dig.out
*
nsupdate.tmp
rm
-f
*
/named.memstats
*
/named.run
*
/session.key
rm
-f
ns3/bl
*
.db
*
/
*
.jnl
bin/tests/system/rpz/ns1/named.conf
0 → 100644
View file @
87708bde
/*
*
Copyright
(
C
)
2010
Internet
Systems
Consortium
,
Inc
. (
"ISC"
)
*
*
Permission
to
use
,
copy
,
modify
,
and
/
or
distribute
this
software
for
any
*
purpose
with
or
without
fee
is
hereby
granted
,
provided
that
the
above
*
copyright
notice
and
this
permission
notice
appear
in
all
copies
.
*
*
THE
SOFTWARE
IS
PROVIDED
"AS IS"
AND
ISC
DISCLAIMS
ALL
WARRANTIES
WITH
*
REGARD
TO
THIS
SOFTWARE
INCLUDING
ALL
IMPLIED
WARRANTIES
OF
MERCHANTABILITY
*
AND
FITNESS
.
IN
NO
EVENT
SHALL
ISC
BE
LIABLE
FOR
ANY
SPECIAL
,
DIRECT
,
*
INDIRECT
,
OR
CONSEQUENTIAL
DAMAGES
OR
ANY
DAMAGES
WHATSOEVER
RESULTING
FROM
*
LOSS
OF
USE
,
DATA
OR
PROFITS
,
WHETHER
IN
AN
ACTION
OF
CONTRACT
,
NEGLIGENCE
*
OR
OTHER
TORTIOUS
ACTION
,
ARISING
OUT
OF
OR
IN
CONNECTION
WITH
THE
USE
OR
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
/* $
Id
:
named
.
conf
,
v
1
.
2
2011
/
01
/
13
01
:
59
:
26
marka
Exp
$ */
controls
{ /*
empty
*/ };
options
{
query
-
source
address
10
.
53
.
0
.
1
;
notify
-
source
10
.
53
.
0
.
1
;
transfer
-
source
10
.
53
.
0
.
1
;
port
5300
;
session
-
keyfile
"session.key"
;
pid
-
file
"named.pid"
;
listen
-
on
{
10
.
53
.
0
.
1
; };
listen
-
on
-
v6
{
none
; };
notify
no
;
};
zone
"."
{
type
master
;
file
"root.db"
;};
bin/tests/system/rpz/ns1/root.db
0 → 100644
View file @
87708bde
; Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: root.db,v 1.2 2011/01/13 01:59:26 marka Exp $
$TTL 120
@ SOA s1. hostmaster.ns.s1. ( 1 3600 1200 604800 60 )
@ NS s1
s1. A 10.53.0.1
; rewrite responses from this zone
tld2. NS ns.tld2.
ns.tld2. A 10.53.0.2
; requests come from here
tld3. NS ns.tld3.
ns.tld3. A 10.53.0.3
bin/tests/system/rpz/ns2/hints
0 → 100644
View file @
87708bde
; Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: hints,v 1.2 2011/01/13 01:59:26 marka Exp $
. 0 NS s1.
s1. 0 A 10.53.0.1
bin/tests/system/rpz/ns2/named.conf
0 → 100644
View file @
87708bde
/*
*
Copyright
(
C
)
2010
Internet
Systems
Consortium
,
Inc
. (
"ISC"
)
*
*
Permission
to
use
,
copy
,
modify
,
and
/
or
distribute
this
software
for
any
*
purpose
with
or
without
fee
is
hereby
granted
,
provided
that
the
above
*
copyright
notice
and
this
permission
notice
appear
in
all
copies
.
*
*
THE
SOFTWARE
IS
PROVIDED
"AS IS"
AND
ISC
DISCLAIMS
ALL
WARRANTIES
WITH
*
REGARD
TO
THIS
SOFTWARE
INCLUDING
ALL
IMPLIED
WARRANTIES
OF
MERCHANTABILITY
*
AND
FITNESS
.
IN
NO
EVENT
SHALL
ISC
BE
LIABLE
FOR
ANY
SPECIAL
,
DIRECT
,
*
INDIRECT
,
OR
CONSEQUENTIAL
DAMAGES
OR
ANY
DAMAGES
WHATSOEVER
RESULTING
FROM
*
LOSS
OF
USE
,
DATA
OR
PROFITS
,
WHETHER
IN
AN
ACTION
OF
CONTRACT
,
NEGLIGENCE
*
OR
OTHER
TORTIOUS
ACTION
,
ARISING
OUT
OF
OR
IN
CONNECTION
WITH
THE
USE
OR
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
/* $
Id
:
named
.
conf
,
v
1
.
2
2011
/
01
/
13
01
:
59
:
26
marka
Exp
$ */
controls
{ /*
empty
*/ };
options
{
query
-
source
address
10
.
53
.
0
.
2
;
notify
-
source
10
.
53
.
0
.
2
;
transfer
-
source
10
.
53
.
0
.
2
;
port
5300
;
pid
-
file
"named.pid"
;
session
-
keyfile
"session.key"
;
listen
-
on
{
10
.
53
.
0
.
2
; };
listen
-
on
-
v6
{
none
; };
notify
no
;
};
zone
"."
{
type
hint
;
file
"hints"
; };
zone
"tld2."
{
type
master
;
file
"tld2.db"
;};
zone
"sub1.tld2."
{
type
master
;
file
"tld2.db"
;};
zone
"sub2.sub1.tld2."
{
type
master
;
file
"tld2.db"
;};
bin/tests/system/rpz/ns2/tld2.db
0 → 100644
View file @
87708bde
; Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: tld2.db,v 1.2 2011/01/13 01:59:26 marka Exp $
; RPZ rewrite responses from this zone
$TTL 120
@ SOA tld2. hostmaster.ns.tld2. ( 1 3600 1200 604800 60 )
NS @
A 10.53.0.2
nodata TXT "nodata"
a12 A 12.12.12.12
a0-1 A 192.168.0.1
AAAA 2001:2::1
TXT "a0-1 text"
a3-1 A 192.168.3.1
AAAA 2001:2:3::1
TXT "a3-1 text"
a3-2 A 192.168.3.2
AAAA 2001:2:3::2
TXT "a3-2 text"
a4-1 A 192.168.4.1
AAAA 2001:2:4::1
TXT "a4-1 text"
a4-1-aaaa AAAA 2001:2:4::1
a4-2 A 192.168.4.2
AAAA 2001:2:4::2
TXT "a4-2 text"
a4-3 A 192.168.4.3
AAAA 2001:2:4::3
TXT "a4-3 text"
a4-4 A 192.168.4.4
AAAA 2001:2:4::4
TXT "a4-4 text"
a4-5 CNAME a12
bin/tests/system/rpz/ns3/base.db
0 → 100644
View file @
87708bde
; Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: base.db,v 1.2 2011/01/13 01:59:26 marka Exp $
; RPZ test
$TTL 120
@ SOA tld3. hostmaster.ns.tld3. ( 1 3600 1200 604800 60 )
@ NS ns.utld.
; Poke the radix tree a little.
128.1111.2222.3333.4444.5555.6666.7777.8888.rpz-ip CNAME .
128.1111.2222.3333.4444.5555.6666.zz.rpz-ip CNAME .
128.1111.2222.3333.4444.5555.zz.8888.rpz-ip CNAME .
128.1111.2222.3333.4444.zz.8888.rpz-ip CNAME .
128.zz.3333.4444.0.0.8888.rpz-ip CNAME .
128.zz.3333.4444.0.7777.8888.rpz-ip CNAME .
128.zz.3333.4444.0.8777.8888.rpz-ip CNAME .
127.zz.3333.4444.0.8777.8888.rpz-ip CNAME .
bin/tests/system/rpz/ns3/hints
0 → 100644
View file @
87708bde
; Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: hints,v 1.2 2011/01/13 01:59:27 marka Exp $
. 0 NS s1.
s1. 0 A 10.53.0.1
bin/tests/system/rpz/ns3/named.conf
0 → 100644
View file @
87708bde
/*
*
Copyright
(
C
)
2010
Internet
Systems
Consortium
,
Inc
. (
"ISC"
)
*
*
Permission
to
use
,
copy
,
modify
,
and
/
or
distribute
this
software
for
any
*
purpose
with
or
without
fee
is
hereby
granted
,
provided
that
the
above
*
copyright
notice
and
this
permission
notice
appear
in
all
copies
.
*
*
THE
SOFTWARE
IS
PROVIDED
"AS IS"
AND
ISC
DISCLAIMS
ALL
WARRANTIES
WITH
*
REGARD
TO
THIS
SOFTWARE
INCLUDING
ALL
IMPLIED
WARRANTIES
OF
MERCHANTABILITY
*
AND
FITNESS
.
IN
NO
EVENT
SHALL
ISC
BE
LIABLE
FOR
ANY
SPECIAL
,
DIRECT
,
*
INDIRECT
,
OR
CONSEQUENTIAL
DAMAGES
OR
ANY
DAMAGES
WHATSOEVER
RESULTING
FROM
*
LOSS
OF
USE
,
DATA
OR
PROFITS
,
WHETHER
IN
AN
ACTION
OF
CONTRACT
,
NEGLIGENCE
*
OR
OTHER
TORTIOUS
ACTION
,
ARISING
OUT
OF
OR
IN
CONNECTION
WITH
THE
USE
OR
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
/* $
Id
:
named
.
conf
,
v
1
.
2
2011
/
01
/
13
01
:
59
:
27
marka
Exp
$ */
controls
{ /*
empty
*/ };
options
{
query
-
source
address
10
.
53
.
0
.
3
;
notify
-
source
10
.
53
.
0
.
3
;
transfer
-
source
10
.
53
.
0
.
3
;
port
5300
;
pid
-
file
"named.pid"
;
session
-
keyfile
"session.key"
;
listen
-
on
{
10
.
53
.
0
.
3
; };
listen
-
on
-
v6
{
none
; };
notify
no
;
response
-
policy
{
zone
"bl"
;
zone
"bl-given"
policy
given
;
zone
"bl-no-op"
policy
no
-
op
;
zone
"bl-nodata"
policy
nodata
;
zone
"bl-nxdomain"
policy
nxdomain
;
zone
"bl-cname"
policy
cname
nodata
.
tld2
.;
};
};
key
rndc_key
{
secret
"1234abcd8765"
;
algorithm
hmac
-
md5
;
};
controls
{
inet
10
.
53
.
0
.
3
port
9953
allow
{
any
; }
keys
{
rndc_key
; };
};
logging
{
category
queries
{
default_stderr
; };
category
query
-
errors
{
default_stderr
; };
};
zone
"."
{
type
hint
;
file
"hints"
; };
zone
"bl."
{
type
master
;
file
"bl.db"
;
allow
-
update
{
any
;};
};
zone
"bl-given."
{
type