Using a DLZ as RPZ?
Jesus Cea
jcea at jcea.es
Sat Nov 29 03:33:48 UTC 2025
Hi there.
I wrote a DLZ module and it is working fairly well and fast (no database
requests, everything is in RAM running bloom filters).
I configured my named (9.18.42) to use that DLZ as a RPZ database and...
nothing happens. Apparently my DLZ is not called at all.
Before digging in the source code and trying to debug this, I would like
to be sure that what I want to do can be actually done. I get no
warning/error with my configuration. Something like:
"""
options {
...
response-policy {
zone "z";
};
};
dlz "jcea-dlz" {
database "dlopen /home/jcea-dlz.so";
search no;
};
zone "z" {
type primary;
file "DUMMY";
dlz jcea-dlz;
};
"""
I see accesses to my DLZ when querying the domain "z", as expected, but
no when requesting foreign domains that I expect to be used as RPZ.
I have defined a "rpz" log channel with "debug 99" and the file is
created but with zero size, apparently the RPZ is not used at all.
So I would like to know if my configuration can be corrected or DLZ
simply can not be used as RPZ, at all.
Running 9.18.42.
Thanks!
--
Jesús Cea Avión _/_/ _/_/_/ _/_/_/
jcea at jcea.es - https://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/
Twitter: @jcea _/_/ _/_/ _/_/_/_/_/
jabber / xmpp:jcea at jabber.org _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20251129/9001ef5a/attachment.sig>
More information about the bind-users
mailing list