Queries related to RPZ
Blason R
blason16 at gmail.com
Tue Apr 17 06:34:50 UTC 2018
Is this list spammed? I am receiving lot of SPAM mails.
On Tue, Apr 17, 2018 at 8:52 AM, Blason R <blason16 at gmail.com> wrote:
> Hi All,
>
> I am building DNS RPZ and I am complete no-vice. I will be having around
> 10-20k zones which my DNS will be wallgardening.
>
> Just wondering how this can be done with DNZ RPZ? Since the zones has to
> be included in named.conf.
>
> Plus I am practising DNZ RPZ on my test server and its failing. Can
> someone please guide? Am I making any mistake here?
>
> options {
> listen-on port 53 { 127.0.0.1; any; };
> listen-on-v6 port 53 { ::1; };
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> memstatistics-file "/var/named/data/named_mem_stats.txt";
> allow-query { localhost; 192.168.5.0/24;};
> response-policy { zone "google.com"; };
>
>
> zone "google.com" IN {
> type master;
> file "rpz.file.db";
> };
>
> *****************************************
>
> [root at dnzrpz.isn.in /var/named]# more rpz.file.db
> $TTL 1D
> @ IN SOA ns1.google.com. root.google.com. (
> 2 ;
> 1D ;
> 1H ;
> 1W ;
> 3H ) ;
> @ IN NS ns1.google.com.
> @ IN A 3.3.3.3
>
> google.com IN CNAME @
> www.google.com IN CNAME @
>
> ********************************
>
> [root at dnzrpz.isn.in /var/named]# systemctl status named.service -l
> ● named.service - Berkeley Internet Name Domain (DNS)
> Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor
> preset: disabled)
> Active: failed (Result: exit-code) since Tue 2018-04-17 08:50:55 IST;
> 31s ago
> Process: 937 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING"
> == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo
> "Checking of zone files is disabled"; fi (code=exited, status=1/FAILURE)
>
> *Apr 17 08:50:55 dnzrpz.isn.in <http://dnzrpz.isn.in> bash[937]:
> _default/google.com/IN <http://google.com/IN>: bad zone*
> Apr 17 08:50:55 dnzrpz.isn.in bash[937]: zone localhost.localdomain/IN:
> loaded serial 0
> Apr 17 08:50:55 dnzrpz.isn.in bash[937]: zone localhost/IN: loaded serial
> 0
> Apr 17 08:50:55 dnzrpz.isn.in bash[937]: zone
> 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:
> loaded serial 0
> Apr 17 08:50:55 dnzrpz.isn.in bash[937]: zone 1.0.0.127.in-addr.arpa/IN:
> loaded serial 0
> Apr 17 08:50:55 dnzrpz.isn.in bash[937]: zone 0.in-addr.arpa/IN: loaded
> serial 0
> Apr 17 08:50:55 dnzrpz.isn.in systemd[1]: named.service: control process
> exited, code=exited status=1
> Apr 17 08:50:55 dnzrpz.isn.in systemd[1]: Failed to start Berkeley
> Internet Name Domain (DNS).
> Apr 17 08:50:55 dnzrpz.isn.in systemd[1]: Unit named.service entered
> failed state.
> Apr 17 08:50:55 dnzrpz.isn.in systemd[1]: named.service failed.
> [root at dnzrpz.isn.in /var/named]#
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180417/d60e828e/attachment.html>
More information about the bind-users
mailing list