v9.12.1 RPZ 'map' format returns fatal error: incompatible masterfile-format or database for a response policy zone
aclion at yepmail.net
aclion at yepmail.net
Mon Apr 23 00:26:13 UTC 2018
I run
named -v
BIND 9.12.1 <id:b2307b2>
I use RPZ. For a long time , I've used 'text' format zone files.
I want to switch to 'map' format.
these are my (testing) zonefiles, text format
cat rpz.whitelist.local.zone
$TTL 300
$ORIGIN rpz.whitelist.local.
@ IN SOA localhost. soa.example.com. (
1524440808 ;
2H ;
1800 ;
7D ;
5 ;
)
IN NS localhost.
goodexample.net CNAME .
*.goodexample.net CNAME .
cat rpz.blacklist.local.zone
$TTL 300
$ORIGIN rpz.whitelist.local.
@ IN SOA localhost. soa.example.com. (
1524440808 ;
2H ;
1800 ;
7D ;
5 ;
)
IN NS localhost.
badexample.net CNAME .
*.badexample.net CNAME .
I convert (no errors) the text zone files to map format with
named-compilezone -f text -F map \
-o rpz.whitelist.local.map rpz.whitelist.local rpz.whitelist.local.zone
named-compilezone -f text -F map \
-o rpz.blacklist.local.map rpz.blacklist.local rpz.blacklist.local.zone
In my bind conf,
named.conf
view "internal" {
...
response-policy {
zone "rpz.whitelist.local" policy PASSTHRU;
zone "rpz.blacklist.local";
};
zone "rpz.whitelist.local" IN {
type master;
file "/namedb/master/rpz.whitelist.local.map";
masterfile-format map;
allow-query { localhost; };
allow-transfer { none; };
allow-update { none; };
};
zone "rpz.blacklist.local" IN {
type master;
file "/namedb/master/rpz.blacklist.local.map";
masterfile-format map;
allow-query { localhost; };
allow-transfer { none; };
allow-update { none; };
};
...
When I restart my server, for each of the 2 rpz 'map' zones, I see in log
Apr 22 16:45:06 katana named[42520]: 22-Apr-2018 16:45:06.504 general: error: zone 'rpz.blacklist.perm.local': incompatible masterfile-format or database for a response policy zone
Apr 22 16:45:06 katana named[42520]: 22-Apr-2018 16:45:06.505 general: error: reloading configuration failed: not implemented
which is, apparently, fatal to server start.
Switch back to 'text' file & format, and all's good.
Searching, I'm finding nothing on the error.
Any help with figuring out the problem and a fix would be appreciated!
AC
More information about the bind-users
mailing list