RPZ seems to be hit and miss

Howard, Christopher Bryan Christopher-Howard at utc.edu
Fri Jan 10 18:32:27 UTC 2014 

For reference:
BIND 9.9.4-P1
CentOS 6.4
64bit arch

We use RPZ to CNAME all of the “bad” domains over to a catch-all type server that can display a message to the user.  Until recently it has been working perfectly (or we thought it was :-P ).

The problem:
RPZ appears to have stopped working properly about a month ago and we didn’t notice it until a domain we specifically added kept resolving.  After doing some spot checking, a large portion of the domains in the RPZ zone work as expected.  However, some of them are still getting recursively resolved.  I’m at a complete loss as to why this is happening.

We were running BIND 9.9.3-P2, but I upgraded it to 9.9.4-P1 in an attempt to fix it, with no luck.  I’ve flushed the cache on all of our servers, I’ve restarted the service on all of our servers.  I’ve not restarted the actual servers, but I don’t think that would get us anywhere.


Here are some examples (note that NXDOMAIN responses are due to IDS blocking the resolution):


$ host ads5.woamobile.com

ads5.woamobile.com is an alias for catchall.utc.edu.

catchall.utc.edu has address 192.168.56.23

$ host WhateverIWantToPutHere.ads5.woamobile.com

WhateverIWantToPutHere.ads5.woamobile.com is an alias for catchall.utc.edu.

catchall.utc.edu has address 192.168.56.23


$ host adsafeprotected.com

Host adsafeprotected.com not found: 3(NXDOMAIN)

$ host WhateverIWantToPutHere.adsafeprotected.com

WhateverIWantToPutHere.adsafeprotected.com is an alias for catchall.utc.edu.

catchall.utc.edu has address 192.168.56.23


$ host conduit-services.com

conduit-services.com is an alias for catchall.utc.edu.

catchall.utc.edu has address 192.168.56.23

$ host asdfasdf.conduit-services.com

asdfasdf.conduit-services.com is an alias for catchall.utc.edu.

catchall.utc.edu has address 192.168.56.23

$ host sp-translation.conduit-services.com

Host sp-translation.conduit-services.com not found: 3(NXDOMAIN)


And here is what’s in the zone file:


ads5.woamobile.com              IN      CNAME   catchall.utc.edu.

*.ads5.woamobile.com            IN      CNAME   catchall.utc.edu.


adsafeprotected.com             IN      CNAME   catchall.utc.edu.

*.adsafeprotected.com           IN      CNAME   catchall.utc.edu.


conduit-services.com            IN      CNAME   catchall.utc.edu.

*.conduit-services.com          IN      CNAME   catchall.utc.edu.

I can provide other information as needed.

Does anyone have any experience with RPZ and have a clue why it seems to be selectively resolving records?

-Christopher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140110/82e3ee60/attachment.html>

More information about the bind-users mailing list