RPZ in dns views
Doug Barton
dougb at dougbarton.us
Sat Jan 23 07:40:09 UTC 2016
On 01/22/2016 05:30 PM, Rama Krishna Prasad Chunduru wrote:
> Hi All,
> I am trying to use RPZ ( Response Policy Zone) in DNS views (BIND
> 9.8.2) but i am getting the below error
>
> service named restart
>
> Stopping named: [ OK ]
>
> Starting named:
>
> Error in named configuration:
>
> /etc/named.conf:92: when using 'view' statements, all zones must be in views
>
> [FAILED]
That error message is pretty clear. :)
Whenever you edit named.conf, especially if you're doing it by hand, you
should run named-checkconf and make sure you don't get any errors.
That's what the service script is doing for you, and it's even telling
you exactly which line to look at (92).
> view "second-key-view" {
>
> match-clients{
>
> second-key-acl;
>
> //key secret-key;
>
> };
>
>
> zone "bbc.com <http://bbc.com>"
>
> {
>
> type master;
>
> file "views/firstkey";
>
> allow-query {none;};
>
> };
>
>
>
> response-policy {
>
> zone "youtube.com <http://youtube.com>";
>
> };
>
> };
You ended the view with the close-curly-bracket immediately above. You
probably want to comment out (or completely remove) the zone declaration
below.
> zone "youtube.com <http://youtube.com>"
>
> {
>
> type master;
>
> file "dummy-block";
>
> allow-query {none;};
>
> };
>
>
> view ...
hope this helps,
Doug
More information about the bind-users
mailing list