<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px;">
<div style="font-family: Calibri, sans-serif; color: rgb(0, 0, 0); font-size: 14px;">
For reference: </div>
<div style="font-family: Calibri, sans-serif; color: rgb(0, 0, 0); font-size: 14px;">
BIND 9.9.4-P1</div>
<div style="font-family: Calibri, sans-serif; color: rgb(0, 0, 0); font-size: 14px;">
CentOS 6.4</div>
<div style="font-family: Calibri, sans-serif; color: rgb(0, 0, 0); font-size: 14px;">
64bit arch</div>
<div style="font-family: Calibri, sans-serif; color: rgb(0, 0, 0); font-size: 14px;">
<br>
</div>
<div style="font-family: Calibri, sans-serif; color: rgb(0, 0, 0); font-size: 14px;">
We use RPZ to CNAME all of the “bad” domains over to a catch-all type server that can display a message to the user. Until recently it has been working perfectly (or we thought it was :-P ).</div>
<div style="font-family: Calibri, sans-serif; color: rgb(0, 0, 0); font-size: 14px;">
<br>
</div>
<div style="font-family: Calibri, sans-serif; color: rgb(0, 0, 0); font-size: 14px;">
The problem:</div>
<div style="font-family: Calibri, sans-serif; color: rgb(0, 0, 0); font-size: 14px;">
RPZ appears to have stopped working properly about a month ago and we didn’t notice it until a domain we specifically added kept resolving. After doing some spot checking, a large portion of the domains in the RPZ zone work as expected. However, some of them
are still getting recursively resolved. I’m at a complete loss as to why this is happening.</div>
<div style="font-family: Calibri, sans-serif; color: rgb(0, 0, 0); font-size: 14px;">
<br>
</div>
<div style="font-family: Calibri, sans-serif; color: rgb(0, 0, 0); font-size: 14px;">
We were running BIND 9.9.3-P2, but I upgraded it to 9.9.4-P1 in an attempt to fix it, with no luck. I’ve flushed the cache on all of our servers, I’ve restarted the service on all of our servers. I’ve not restarted the actual servers, but I don’t think that
would get us anywhere.</div>
<div style="font-family: Calibri, sans-serif; color: rgb(0, 0, 0); font-size: 14px;">
<br>
</div>
<div style="font-family: Calibri, sans-serif; color: rgb(0, 0, 0); font-size: 14px;">
<br>
</div>
<div style="font-family: Calibri, sans-serif; color: rgb(0, 0, 0); font-size: 14px;">
Here are some examples (note that NXDOMAIN responses are due to IDS blocking the resolution):</div>
<div style="font-family: Calibri, sans-serif; color: rgb(0, 0, 0); font-size: 14px;">
<br>
</div>
<div>
<p style="font-size: 14px; color: rgb(0, 0, 0); margin: 0px;"><font face="Courier New">$ host ads5.woamobile.com</font></p>
<p style="font-size: 14px; color: rgb(0, 0, 0); margin: 0px;"><font face="Courier New">ads5.woamobile.com is an alias for catchall.utc.edu.</font></p>
<p style="font-size: 14px; color: rgb(0, 0, 0); margin: 0px;"><font face="Courier New">catchall.utc.edu has address 192.168.56.23</font></p>
<font face="Courier New"></font>
<p style="font-size: 14px; color: rgb(0, 0, 0); margin: 0px;"><font face="Courier New">$ host WhateverIWantToPutHere.ads5.woamobile.com</font></p>
<p style="font-size: 14px; color: rgb(0, 0, 0); margin: 0px;"><font face="Courier New">WhateverIWantToPutHere.ads5.woamobile.com is an alias for catchall.utc.edu.</font></p>
<p style="font-size: 14px; color: rgb(0, 0, 0); margin: 0px;"><font face="Courier New">catchall.utc.edu has address 192.168.56.23</font></p>
<p style="font-size: 14px; color: rgb(0, 0, 0); margin: 0px;"><font face="Courier New"><br>
</font></p>
<p style="font-size: 14px; color: rgb(0, 0, 0); margin: 0px;"><font face="Courier New">$ host adsafeprotected.com</font></p>
<p style="font-size: 14px; color: rgb(0, 0, 0); margin: 0px;"><font face="Courier New">Host adsafeprotected.com not found: 3(NXDOMAIN)</font></p>
<p style="font-size: 14px; color: rgb(0, 0, 0); margin: 0px;"><font face="Courier New">$ host WhateverIWantToPutHere.adsafeprotected.com</font></p>
<p style="font-size: 14px; color: rgb(0, 0, 0); margin: 0px;"><font face="Courier New">WhateverIWantToPutHere.adsafeprotected.com is an alias for catchall.utc.edu.</font></p>
<p style="font-size: 14px; color: rgb(0, 0, 0); margin: 0px;"><font face="Courier New">catchall.utc.edu has address 192.168.56.23</font></p>
<p style="font-size: 14px; color: rgb(0, 0, 0); margin: 0px;"><font face="Courier New"><br>
</font></p>
<p style="margin: 0px;"><font face="Courier New">$ host conduit-services.com</font></p>
<p style="margin: 0px;"><font face="Courier New">conduit-services.com is an alias for catchall.utc.edu.</font></p>
<p style="margin: 0px;"><font face="Courier New">catchall.utc.edu has address 192.168.56.23</font></p>
<p style="margin: 0px;"><font face="Courier New">$ host asdfasdf.conduit-services.com</font></p>
<p style="margin: 0px;"><font face="Courier New">asdfasdf.conduit-services.com is an alias for catchall.utc.edu.</font></p>
<p style="margin: 0px;"><font face="Courier New">catchall.utc.edu has address 192.168.56.23</font></p>
<p style="margin: 0px;"><font face="Courier New">$ host sp-translation.conduit-services.com</font></p>
<p style="margin: 0px;"></p>
<p style="margin: 0px;"><font face="Courier New">Host sp-translation.conduit-services.com not found: 3(NXDOMAIN)</font></p>
<div style="font-family: Calibri, sans-serif; font-size: 14px; color: rgb(0, 0, 0);">
<br>
</div>
</div>
<div style="font-family: Calibri, sans-serif; font-size: 14px; color: rgb(0, 0, 0);">
<br>
</div>
<div>
<div style="font-family: Calibri, sans-serif;"><font class="Apple-style-span" color="#000000"><font class="Apple-style-span" face="Calibri"><font face="Calibri,sans-serif">And here is what</font>’<font face="Calibri,sans-serif">s in the zone file:</font></font></font></div>
<div style="font-family: Calibri, sans-serif;"><font class="Apple-style-span" color="#000000"><font class="Apple-style-span" face="Calibri"><font face="Calibri,sans-serif"><br>
</font></font></font></div>
<div>
<p style="margin: 0px;"><font face="Courier New">ads5.woamobile.com IN CNAME catchall.utc.edu.</font></p>
<p style="margin: 0px;"><font face="Courier New">*.ads5.woamobile.com IN CNAME catchall.utc.edu.</font></p>
<p style="margin: 0px;"><font face="Courier New"><br>
</font></p>
<p style="margin: 0px;"><font face="Courier New">adsafeprotected.com IN CNAME catchall.utc.edu.</font></p>
<p style="margin: 0px;"><font face="Courier New">*.adsafeprotected.com IN CNAME catchall.utc.edu.</font></p>
<p style="margin: 0px;"><font face="Courier New"><br>
</font></p>
</div>
<div>
<p style="margin: 0px;"><font face="Courier New">conduit-services.com IN CNAME catchall.utc.edu.</font></p>
<p style="margin: 0px;"><font face="Courier New">*.conduit-services.com IN CNAME catchall.utc.edu.</font></p>
</div>
<div style="font-family: Calibri, sans-serif; color: rgb(0, 0, 0); font-size: 14px;">
<font class="Apple-style-span" color="#000000"><font class="Apple-style-span" face="Calibri"><br>
</font></font></div>
<div style="font-family: Calibri, sans-serif; color: rgb(0, 0, 0); font-size: 14px;">
<font class="Apple-style-span" color="#000000"><font class="Apple-style-span" face="Calibri">I can provide other information as needed.</font></font></div>
<div style="font-family: Calibri, sans-serif; color: rgb(0, 0, 0); font-size: 14px;">
<font class="Apple-style-span" color="#000000"><font class="Apple-style-span" face="Calibri"><br>
</font></font></div>
<div style="font-family: Calibri, sans-serif; color: rgb(0, 0, 0); font-size: 14px;">
Does anyone have any experience with RPZ and have a clue why it seems to be selectively resolving records?</div>
<div style="font-family: Calibri, sans-serif; color: rgb(0, 0, 0); font-size: 14px;">
<font class="Apple-style-span" color="#000000"><font class="Apple-style-span" face="Calibri"><br>
</font></font></div>
<div style="font-family: Calibri, sans-serif; color: rgb(0, 0, 0); font-size: 14px;">
<font class="Apple-style-span" color="#000000"><font class="Apple-style-span" face="Calibri">-Christo<font face="Calibri,sans-serif" style="color: rgb(0, 0, 0); font-size: 14px;">pher</font></font></font></div>
</div>
</body>
</html>