RPZ seems to be hit and miss
Alan Clegg
alan at clegg.com
Fri Jan 10 20:23:06 UTC 2014
On Jan 10, 2014, at 1:32 PM, Howard, Christopher Bryan <Christopher-Howard at utc.edu> wrote:
> For reference:
> BIND 9.9.4-P1
> CentOS 6.4
> 64bit arch
>
> We use RPZ to CNAME all of the “bad” domains over to a catch-all type server that can display a message to the user. Until recently it has been working perfectly (or we thought it was :-P ).
>
> The problem:
> RPZ appears to have stopped working properly about a month ago and we didn’t notice it until a domain we specifically added kept resolving. After doing some spot checking, a large portion of the domains in the RPZ zone work as expected. However, some of them are still getting recursively resolved. I’m at a complete loss as to why this is happening.
>
> We were running BIND 9.9.3-P2, but I upgraded it to 9.9.4-P1 in an attempt to fix it, with no luck. I’ve flushed the cache on all of our servers, I’ve restarted the service on all of our servers. I’ve not restarted the actual servers, but I don’t think that would get us anywhere.
Did you accidentally move from RPZ 2 (via patches) to RPZ 1 (included in BIND)?
I shot myself in the foot with this…
AlanC
--
Alan Clegg | +1-919-355-8851 | alan at clegg.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140110/e11a6270/attachment-0001.bin>
More information about the bind-users
mailing list