[External] Re: Request assistance configuring RPZ
David Bank
dbank at ncdot.gov
Wed May 29 13:05:41 UTC 2019
On Tue, 28 May 2019, Carl Byington via bind-users wrote:
Hi, Carl - thanks for replying.
> On zurg, add a new dns zone rpz.ncdot.gov
Your suggestion didn't work for me.
To test your suggestion, I had to add a "forwarders" statement to get
zurg to query buzz/woody; prior to testing, zurg had a zone file for
internal.local that told him he was the Master of the Zone, and the only
entries in it were for andy and sid. I commented that out for testing your
suggestion.
When I implemented your suggestion, queries to zurg for andy and sid
were resolved to their 10/8 addresses (meaning zurg forwarded the request
to buzz/woody and returned an answer without alteration). zurg seemed to
ignore the RPZ config.
Re-reading the ARM, it seemed to me that I needed to add a
zone "rpz.internal.local" { file "rpz.internal.local"; };
statement as well. When I did that, zurg still gave the 10/8 replies.
> On zurg, all other names in internal.local will get the normal
> processing, with answers via buzz. But when someone uses zurg to lookup
> andy.internal.local, it will reply with 192.168.10.10 without even
> asking buzz.
That IS what I'm trying to do. Unfortunately, the config you suggested
didn't get me there.
More information about the bind-users
mailing list