RPZ seems to be hit and miss
Howard, Christopher Bryan
Christopher-Howard at utc.edu
Fri Jan 10 20:52:32 UTC 2014
I¹ve just been using the RPZ built into BIND. I don¹t think I was aware
of RPZ 2.
-Christopher
On 1/10/14, 3:23 PM, "Alan Clegg" <alan at clegg.com> wrote:
>
>On Jan 10, 2014, at 1:32 PM, Howard, Christopher Bryan
><Christopher-Howard at utc.edu> wrote:
>
>> For reference:
>> BIND 9.9.4-P1
>> CentOS 6.4
>> 64bit arch
>>
>> We use RPZ to CNAME all of the ³bad² domains over to a catch-all type
>>server that can display a message to the user. Until recently it has
>>been working perfectly (or we thought it was :-P ).
>>
>> The problem:
>> RPZ appears to have stopped working properly about a month ago and we
>>didn¹t notice it until a domain we specifically added kept resolving.
>>After doing some spot checking, a large portion of the domains in the
>>RPZ zone work as expected. However, some of them are still getting
>>recursively resolved. I¹m at a complete loss as to why this is
>>happening.
>>
>> We were running BIND 9.9.3-P2, but I upgraded it to 9.9.4-P1 in an
>>attempt to fix it, with no luck. I¹ve flushed the cache on all of our
>>servers, I¹ve restarted the service on all of our servers. I¹ve not
>>restarted the actual servers, but I don¹t think that would get us
>>anywhere.
>
>Did you accidentally move from RPZ 2 (via patches) to RPZ 1 (included in
>BIND)?
>
>I shot myself in the foot with thisŠ
>
>AlanC
>--
>Alan Clegg | +1-919-355-8851 | alan at clegg.com
>
More information about the bind-users
mailing list