ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
65e144e0dee64e5087bf2d41f615af7fb7badd44
bind9/bin/tests/system/rpz/test2
Evan Hunt 55bbac8bfe [v9_9] RPZ speed up (phase 1, single RPZ) 
3496.	[func]		Improvements to RPZ performance. The "response-policy"
			syntax now includes a "min-ns-dots" clause, with
			default 1, to exclude top-level domains from
			NSIP and NSDNAME checking. --enable-rpz-nsip and
                        --enable-rpz-nsdname are now the default. [RT #32251]

    Response policy (rpz) changes to
      - add zone statistics
      - speed up by adding min-ns-dots to the response-policy syntax
         with a default of 1
      - detect and reject policy zones with a database other than rbt
         only rbtdb has rpz hooks
      - allow empty response-policy{} statement
      - make --enable-rpz-nsip and --enable-rpz-nsdname the default
2013-02-25 14:32:36 -08:00

75 lines
2.3 KiB
Plaintext
Raw Blame History

; Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; Use comment lines instead of blank lines to combine update requests into
; single requests
; Separate update requests for distinct TLDs with blank lines or 'send'
; End the file with a blank line or 'send'
; CNAME targets are absolute even without trailing "."
; IP tests
server 10.53.0.3 5300
; NODATA a3-1.tld2
; 1
update add 32.1.3.168.192.rpz-ip.bl 300 CNAME *.
;
; NXDOMAIN for 192.168.4.0/24, the network of a4-1.tld2 and a4-2.tld2
; 4
update add 24.0.4.168.192.rpz-ip.bl 300 CNAME .
;
; old passthru in NXDOMAIN CIDR block to leave a4-1.tld2 unchanged
; 3
update add 32.1.4.168.192.rpz-ip.bl 300 CNAME 32.1.4.168.192
;
; NODATA for a4-3.tld2
; 8
update add 32.3.4.168.192.rpz-ip.bl 300 CNAME *.
;
; NXDOMAIN for IPv6 a3-1.tld2
; 9
update add 128.1.zz.3.2.2001.rpz-ip.bl 300 CNAME .
;
; apply the policy with the lexically smaller trigger address of 192.168.5.1
; to an RRset of more than one A RR
; 11
update add 32.1.5.168.192.rpz-ip.bl 300 A 127.0.0.1
update add 32.2.5.168.192.rpz-ip.bl 300 A 127.0.0.2
;
; prefer first conflicting IP zone for a5-3.tld2
; 12
update add 32.3.5.168.192.rpz-ip.bl 300 A 127.0.0.1
send
update add 32.3.5.168.192.rpz-ip.bl-2 300 A 127.0.0.2
send
; prefer QNAME to IP for a5-4.tld2
; 13
update add 32.4.5.168.192.rpz-ip.bl 300 CNAME a12.tld2.
update add a5-4.tld2.bl 300 CNAME a14.tld4.
;
; poke hole in NXDOMAIN CIDR block to leave a4-4.tld2 unchanged
; 15
update add 32.4.4.168.192.rpz-ip.bl 300 CNAME rpz-passthru.
;
; assert in rbtdb.c
; 16
update add 32.16.1.16.172.rpz-ip.bl 300 CNAME .
send
update add c2.crash2.tld3.bl-2 300 A 127.0.0.16
send
View Git Blame Copy Permalink