replace "SERVFAIL" to "NXDOMAIN" with rpz
sami.rahal at sofrecom.com
sami.rahal at sofrecom.com
Mon Jun 19 08:39:32 UTC 2023
Hello Thank you for your feedback,
yes it works like that! for that does not work for a domain name that already has the return code "SERVFAIL" and we want to change this code by "NXDDOMAIN" like this domain name "antlauncher.com"
regards Rahal
-----Message d'origine-----
De : bind-users <bind-users-bounces at lists.isc.org> De la part de bind-users-request at lists.isc.org
Envoyé : samedi 17 juin 2023 06:23
À : bind-users at lists.isc.org
Objet : bind-users Digest, Vol 4262, Issue 1
Send bind-users mailing list submissions to
bind-users at lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/bind-users
or, via email, send a message with subject or body 'help' to
bind-users-request at lists.isc.org
You can reach the person managing the list at
bind-users-owner at lists.isc.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of bind-users digest..."
Today's Topics:
1. replace "SERVFAIL" to "NXDOMAIN" with rpz
(sami.rahal at sofrecom.com)
2. Re: replace "SERVFAIL" to "NXDOMAIN" with rpz (Crist Clark)
3. Re: replace "SERVFAIL" to "NXDOMAIN" with rpz (Fred Morris)
4. Re: replace "SERVFAIL" to "NXDOMAIN" with rpz (Ond?ej Sur?)
----------------------------------------------------------------------
Message: 1
Date: Fri, 16 Jun 2023 20:39:43 +0000
From: sami.rahal at sofrecom.com
To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: replace "SERVFAIL" to "NXDOMAIN" with rpz
Message-ID: <9c4465dc103645149093f4d3f60cf89a at sofrecom.com>
Content-Type: text/plain; charset="us-ascii"
Hello
For monitoring reasons I try to change the return code of a domain name from "SERVFAIL" to "NXDOMAIN" with the rpz classic configuration of BIND9.16.42 as follows:
example.com IN CNAME.
*.example.com IN CNAME .
But it still doesn't work, I still have the message " SERVFAIL", is it feasible or not please ?
Kind regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230616/aa23b454/attachment-0001.htm>
------------------------------
Message: 2
Date: Fri, 16 Jun 2023 20:29:16 -0700
From: Crist Clark <cjc+bind-users at pumpky.net>
To: sami.rahal at sofrecom.com
Cc: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: Re: replace "SERVFAIL" to "NXDOMAIN" with rpz
Message-ID:
<CAAcrURK2=+uqQ+_AvVbiAV2jpagOhd=ozRfQ_SCazBn-rUZXig at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
That should return a NXDOMAIN. Returning SERVFAIL is never a normal RPZ action. Something is wrong with your configuration.
On Fri, Jun 16, 2023 at 1:39?PM <sami.rahal at sofrecom.com> wrote:
>
>
> Hello
>
> For monitoring reasons I try to change the return code of a domain
> name from "SERVFAIL" to "NXDOMAIN" with the rpz classic configuration
> of
> BIND9.16.42 as follows:
>
> example.com IN CNAME.
>
> *.example.com IN CNAME .
>
> But it still doesn't work, I still have the message " SERVFAIL", is
> it feasible or not please ?
>
> Kind regards
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230616/42776b6c/attachment-0001.htm>
------------------------------
Message: 3
Date: Fri, 16 Jun 2023 21:40:11 -0700 (PDT)
From: Fred Morris <m3047 at m3047.net>
To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: Re: replace "SERVFAIL" to "NXDOMAIN" with rpz
Message-ID: <alpine.LSU.2.21.2306162134190.27806 at flame.m3047>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Admittedly, since I'm writing software to do "off label" stuff with DNS I make mistakes. But I have seen things along this line (interactions between RPZ and regular resolution in the context of "broken" domains): in some cases it has seemed impossible to ameliorate / mitigate SERVFAIL utilizing RPZ.
I'll try to pay more attention and see if I can isolate a test case if the problem recurs. (I was kind of hoping someone would have a solution!)
--
Fred Morris
On Fri, 16 Jun 2023, Crist Clark wrote:
>
> That should return a NXDOMAIN. Returning SERVFAIL is never a normal
> RPZ action. Something is wrong with your configuration.
>
> On Fri, Jun 16, 2023 at 1:39?PM <sami.rahal at sofrecom.com> wrote:
>>
>> For monitoring reasons I try to change the return code of a domain
>> name from "SERVFAIL" to "NXDOMAIN" with the rpz classic configuration
>> of
>> BIND9.16.42 as follows:
>>
>> example.com IN CNAME.
>>
>> *.example.com IN CNAME .
>>
>> But it still doesn't work, I still have the message " SERVFAIL", is
>> it feasible or not please ?
>>
------------------------------
Message: 4
Date: Sat, 17 Jun 2023 07:22:50 +0200
From: Ond?ej Sur? <ondrej at isc.org>
To: Fred Morris <m3047 at m3047.net>
Cc: bind-users at lists.isc.org
Subject: Re: replace "SERVFAIL" to "NXDOMAIN" with rpz
Message-ID: <F1DB32B3-CD74-44F3-8589-ED3386CBCA70 at isc.org>
Content-Type: text/plain; charset="us-ascii"
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230617/a5b1eca8/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: favicon.ico
Type: image/x-icon
Size: 766 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230617/a5b1eca8/attachment.bin>
------------------------------
Subject: Digest Footer
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
------------------------------
End of bind-users Digest, Vol 4262, Issue 1
*******************************************
More information about the bind-users
mailing list