v9.12.1 RPZ 'map' format returns fatal error: incompatible masterfile-format or database for a response policy zone
aclion at yepmail.net
aclion at yepmail.net
Mon Apr 23 01:51:07 UTC 2018
> Can you point to where in the docs/ARM/wiki/whatever it says that?
Found it!
ftp://ftp.isc.org/isc/bind9/9.11.2b1/doc/arm/Bv9ARM.ch06.html
Response Policy Zone (RPZ) Rewriting
BIND 9 includes a limited mechanism to modify DNS responses for requests analogous to email anti-spam DNS blacklists. Responses can be changed to deny the existence of domains (NXDOMAIN), deny the existence of IP addresses for domains (NODATA), or contain other IP addresses or data.
Response policy zones are named in the response-policy option for the view or among the global options if there is no response-policy option for the view. Response policy zones are ordinary DNS zones containing RRsets that can be queried normally if allowed. It is usually best to restrict those queries with something like allow-query { localhost; };.
Note that zones using masterfile-format map cannot be used as policy zones.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
I paid attention to the "Response policy zones are ordinary DNS zones", thought that meant 'in all ways', and didn't read on apparently :-/
AC
More information about the bind-users
mailing list