rpz fail
Lee
ler762 at gmail.com
Sun Aug 25 03:25:33 UTC 2019
tl,dr: https://github.com/StevenBlack/hosts/issues/451
Can someone please explain why using this as my rpz zone does NOT
block everything for *.2o7.net?
$ cat db.test-rpz
$ORIGIN rpz.test.
$TTL 1s
@ IN SOA localhost. admin ( 2019082405 6h 15 1d 1s )
IN NS localhost.
2o7.net CNAME .
*.2o7.net CNAME .
bcbsks.com.102.112.2o7.net CNAME .
; ======== end
but using this does block all of 2o7.net? (or at least all I've tried)
$ cat db.test-rpz
$ORIGIN rpz.test.
$TTL 1s
@ IN SOA localhost. admin ( 2019082407 6h 15 1d 1s )
IN NS localhost.
2o7.net CNAME .
*.2o7.net CNAME .
; bcbsks.com.102.112.2o7.net CNAME .
; === end ===
With "; bcbsks.com.102.112.2o7.net CNAME ." commented out both
dig @127.0.0.1 appleglobal.112.2o7.net
dig @127.0.0.1 appleglobal.2o7.net
work as expected & have
;; ADDITIONAL SECTION:
rpz.test. 1 IN SOA localhost.
admin.rpz.test. 2019082407 21600 15 86400 1
With "bcbsks.com.102.112.2o7.net CNAME ." not commented out
dig @127.0.0.1 appleglobal.112.2o7.net
-- returns an ip address with the ANSWER, AUTHORITY & ADDITIONAL SECTION
dig @127.0.0.1 appleglobal.2o7.net
-- doesn't return an ip address & additional info is
;; ADDITIONAL SECTION:
rpz.test. 1 IN SOA localhost.
admin.rpz.test. 2019082406 21600 15 86400 1
Am I just missing something or is this a bug?
I get the same behavior on debian with 9.11.5-P4-5~bpo9+1-Debian
and windows 10 with 9.11.9 (from
ftp://ftp.isc.org/isc/bind9/9.11.9/BIND9.11.9.x64.zip)
TIA
Lee
More information about the bind-users
mailing list