RPZ and static stubs

Tony Finch dot at dotat.at
Tue Oct 31 12:19:09 UTC 2017

Trevor Woolley <twoolley1963 at gmail.com> wrote:
> The issue lies with RPZ's and static stubs.
> Required functionality: Override main domain for some entries, but allow
> look ups for the main domain if not located in the RPZ rewrite zone file.

This caught my eye because I want this to work (though I don't currently
depend on it). I could not reproduce the problem with BIND 9.12.

On my test server I have an `auth` view which has a number of master
and slave zones, and a `rec` view which has static-stub configurations
for the `auth` zones. One of these is cam.ac.uk:

$ curl -Ssf http://[::1]:8053/json |
  jq -r '.views.rec.zones[] | select(.name == "cam.ac.uk") | .type'

I added a test RPZ that fiddles with cam.ac.uk like so:

$ dig +noall +answer cam.ac.uk
cam.ac.uk.              300     IN      CNAME   rpz-block.
$ dig +noall +answer www.cam.ac.uk
www.cam.ac.uk.          300     IN      A

Seems to work fine.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Rockall, Malin: West or southwest 5 to 7. Moderate or rough. Occasional rain,
fog patches at first. Moderate or poor, occasionally very poor at first.

More information about the bind-users mailing list