RPZ in dns views
Rama Krishna Prasad Chunduru
rkpchunduru at gmail.com
Sat Jan 23 01:30:04 UTC 2016
Hi All,
I am trying to use RPZ ( Response Policy Zone) in DNS views (BIND 9.8.2)
but i am getting the below error
service named restart
Stopping named: [ OK ]
Starting named:
Error in named configuration:
/etc/named.conf:92: when using 'view' statements, all zones must be in views
[FAILED]
I am pasting the named.conf file and "dummy-block" which has the zone info
below
*named.conf*
options {
// DNS tables are located in the /var/named directory
directory "/var/named";
// Forward any unresolved requests to our ISP's name server
forwarders {
4.2.2.1;
};
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;
listen-on port 53 { 127.0.0.1; any; };
allow-query { localhost; any; };
allow-query-cache { localhost; any; };
recursion yes;
/*
* Added the below lines to make DNS + TSIG
*/
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
key "secret-key" {
algorithm "hmac-md5";
secret
"PUp7RAfTglybAoctQR3aUW+cLpNDyjlMWUvCoHPxiWr9e0budWUQ6jp9MmrhaINa1DFZgvtuxxkOw7oCnU4qzQ==";
};
key "second-secret-key" {
algorithm "hmac-md5";
secret
"sjz+sH4PGPPKPXLeTM7oG3WbmCIwxxcWLA+qaGaazmvLY0TvbPZ9xZi+B5JuYWMA8rpzUYi26kFiBODIOw9Rdg==";
};
key "third-secret-key" {
algorithm "hmac-md5";
secret
"cQiZnv+4GZb0rEFkagYw8cFowSeC2Yj6dXXT7pvdllJoMW0Gt7Nhv07Y5EyZUTcS2hX5Ngbu7syyZ6IGUkCvqA==";
};
acl "first-key-acl" {
key secret-key;
};
acl "second-key-acl"{
key second-secret-key;
};
acl "third-key-acl"{
key third-secret-key;
};
view "second-key-view" {
match-clients{
second-key-acl;
//key secret-key;
};
zone "bbc.com"
{
type master;
file "views/firstkey";
allow-query {none;};
};
response-policy {
zone "youtube.com";
};
};
zone "youtube.com"
{
type master;
file "dummy-block";
allow-query {none;};
};
view "secret-key-vew" {
match-clients{
first-key-acl;
//key secret-key;
};
zone "abc.com"
{
type master;
file "views/secondkey";
allow-query {none;};
};
};
view default {
match-clients { any; };
match-destinations { any; };
include "/etc/named.rfc1912.zones";
};
*dummy-block*
youtube.com. 14400 IN SOA ns.youtube.com. root.ns.youtube.com. (
2004123001;
86000;
7200;
1209600;
600)
youtube.com. 14400 IN NS ns.youtube.com.
ns.youtube.com. 14400 IN A 10.255.246.110
I appreciate your help on this.
Thanks,
Rama
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160122/084fe6b8/attachment-0001.html>
More information about the bind-users
mailing list