; config options
server:
	module-config: "respip validator iterator"
	target-fetch-policy: "0 0 0 0 0"
	qname-minimisation: no
	rrset-roundrobin: no

rpz:
	name: "rpz.example.com."
	master: 10.20.30.40
	zonefile:
TEMPFILE_NAME rpz.example.com
TEMPFILE_CONTENTS rpz.example.com
$ORIGIN rpz.example.com.
a	IN	CNAME *.
c	IN	TXT	"hello from initial RPZ"
c	IN	TXT	"another hello from initial RPZ"
d	IN	CNAME .
32.1.123.0.10.rpz-ip	CNAME *.
32.3.123.0.10.rpz-ip	A 10.66.0.3
32.3.123.0.10.rpz-ip	A 10.66.0.4
32.4.123.0.10.rpz-ip	CNAME .
TEMPFILE_END

stub-zone:
	name: "."
	stub-addr: 10.20.30.40

CONFIG_END

SCENARIO_BEGIN Test RPZ QNAME trigger, loaded using AXFR

RANGE_BEGIN 0 100
	ADDRESS 10.20.30.40

ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR NOERROR AA
SECTION QUESTION
.	IN	NS
SECTION ANSWER
.	IN	NS	ns.
SECTION ADDITIONAL
ns.	IN	NS	10.20.30.40
ENTRY_END

ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR NOERROR AA
SECTION QUESTION
b.	IN	TXT
SECTION ANSWER
b.	TXT	"hello from upstream"
ENTRY_END

ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR NOERROR AA
SECTION QUESTION
d.	IN	TXT
SECTION ANSWER
d.	TXT	"hello from upstream"
ENTRY_END

ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR NOERROR AA
SECTION QUESTION
a.rpz-ip.	IN	A
SECTION ANSWER
a.rpz-ip.	IN	A	10.0.123.1
ENTRY_END

ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR NOERROR AA
SECTION QUESTION
c.rpz-ip.	IN	A
SECTION ANSWER
c.rpz-ip.	IN	A	10.0.123.3
ENTRY_END

ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR NOERROR AA
SECTION QUESTION
d.rpz-ip.	IN	A
SECTION ANSWER
d.rpz-ip.	IN	A	10.0.123.4
ENTRY_END

ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
rpz.example.com. IN SOA
SECTION ANSWER
rpz.example.com. IN SOA ns.rpz.example.com. hostmaster.rpz.example.com. 1 3600 900 86400 3600
ENTRY_END

ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR AA NOERROR
SECTION QUESTION
rpz.example.com. IN AXFR
SECTION ANSWER
rpz.example.com. IN SOA ns.rpz.example.com. hostmaster.rpz.example.com. 1 3600 900 86400 3600
b.rpz.example.com. TXT "hello from RPZ"
c.rpz.example.com. TXT "hello from RPZ"
a.rpz.example.com. CNAME .
32.1.123.0.10.rpz-ip.rpz.example.com.	CNAME .
32.3.123.0.10.rpz-ip.rpz.example.com.	A 10.66.0.5
32.3.123.0.10.rpz-ip.rpz.example.com.	A 10.66.0.6
rpz.example.com. IN SOA ns.rpz.example.com. hostmaster.rpz.example.com. 1 3600 900 86400 3600
ENTRY_END

RANGE_END

STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
b.	IN	TXT
ENTRY_END

STEP 2 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
b.	IN	TXT
SECTION ANSWER
b.	IN	TXT	"hello from upstream"
ENTRY_END

STEP 3 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
a.	IN	TXT
ENTRY_END

STEP 4 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
a.	IN	TXT
SECTION ANSWER
ENTRY_END

STEP 5 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
a.rpz-ip.	IN	A
ENTRY_END

STEP 6 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
a.rpz-ip.	IN	A
SECTION ANSWER
ENTRY_END

STEP 7 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
c.	IN	TXT
ENTRY_END

STEP 8 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
c.	IN	TXT
SECTION ANSWER
c.	IN	TXT "another hello from initial RPZ"
c.	IN	TXT "hello from initial RPZ"
ENTRY_END

STEP 9 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
c.rpz-ip.	IN A
ENTRY_END

STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
c.rpz-ip.	IN	A
SECTION ANSWER
c.rpz-ip.	IN	A 10.66.0.4
c.rpz-ip.	IN	A 10.66.0.3
ENTRY_END

STEP 11 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
d.	IN	TXT
ENTRY_END

STEP 12 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NXDOMAIN
SECTION QUESTION
d.	IN	TXT
ENTRY_END

STEP 13 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
d.rpz-ip.	IN	A
ENTRY_END

STEP 14 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NXDOMAIN
SECTION QUESTION
d.rpz-ip.	IN	A
ENTRY_END

STEP 30 TIME_PASSES ELAPSE 10
STEP 40 TRAFFIC

STEP 50 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
b.	IN	TXT
ENTRY_END

STEP 51 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
b.	IN	TXT
SECTION ANSWER
b.	IN	TXT	"hello from RPZ"
ENTRY_END

STEP 52 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
a.	IN	TXT
ENTRY_END

STEP 53 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NXDOMAIN
SECTION QUESTION
a.	IN	TXT
SECTION ANSWER
ENTRY_END

STEP 54 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
a.rpz-ip.	IN	A
ENTRY_END

STEP 55 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NXDOMAIN
SECTION QUESTION
a.rpz-ip.	IN	A
SECTION ANSWER
ENTRY_END

STEP 56 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
c.	IN	TXT
ENTRY_END

STEP 57 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AA NOERROR
SECTION QUESTION
c.	IN	TXT
SECTION ANSWER
c.	IN	TXT "hello from RPZ"
ENTRY_END

STEP 58 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
c.rpz-ip.	IN	A
ENTRY_END

STEP 59 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
c.rpz-ip.	IN	A
SECTION ANSWER
c.rpz-ip.	IN	A 10.66.0.6
c.rpz-ip.	IN	A 10.66.0.5
ENTRY_END

STEP 60 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
d.	IN	TXT
ENTRY_END

STEP 61 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
d.	IN	TXT
SECTION ANSWER
d.	IN	TXT "hello from upstream"
ENTRY_END

STEP 62 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
d.rpz-ip.	IN	A
ENTRY_END

STEP 63 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
d.rpz-ip.	IN	A
SECTION ANSWER
d.rpz-ip.	IN	A 10.0.123.4
ENTRY_END

SCENARIO_END