<div dir="ltr">Hi All,<div>   I am trying to use RPZ ( Response Policy Zone) in DNS views (<span style="font-family:Menlo;font-size:11px">BIND 9.8.2) but i am getting the below error</span></div><div><span style="font-family:Menlo;font-size:11px"><br></span></div><div><p style="margin:0px;font-size:11px;font-family:Menlo">service named restart</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">Stopping named:                                            [<span style="color:rgb(52,189,38)">  OK  </span>]</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">Starting named: </p>
<p style="margin:0px;font-size:11px;font-family:Menlo">Error in named configuration:</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">/etc/named.conf:92: when using 'view' statements, all zones must be in views</p>
<p style="margin:0px;font-size:11px;font-family:Menlo">                                                           [<span style="color:rgb(195,55,32)">FAILED</span>]</p><p style="margin:0px;font-size:11px;font-family:Menlo">I am pasting the named.conf file and "dummy-block" which has the zone info below</p><p style="margin:0px;font-size:11px;font-family:Menlo"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo"><b>named.conf</b></p><p style="margin:0px;font-size:11px;font-family:Menlo"><b><br></b></p><p style="margin:0px;font-size:11px;font-family:Menlo">options {</p><p style="margin:0px;font-size:11px;font-family:Menlo"><span class="" style="white-space:pre">  </span>// DNS tables are located in the /var/named directory</p><p style="margin:0px;font-size:11px;font-family:Menlo"><span class="" style="white-space:pre">    </span>directory "/var/named";</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo"><span class="" style="white-space:pre">     </span>// Forward any unresolved requests to our ISP's name server</p><p style="margin:0px;font-size:11px;font-family:Menlo"><span class="" style="white-space:pre">  </span>forwarders {</p><p style="margin:0px;font-size:11px;font-family:Menlo"><span class="" style="white-space:pre">             </span>4.2.2.1;</p><p style="margin:0px;font-size:11px;font-family:Menlo"><span class="" style="white-space:pre"> </span>};</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo"><span class="" style="white-space:pre">    </span>/*</p><p style="margin:0px;font-size:11px;font-family:Menlo"><span class="" style="white-space:pre">       </span> * If there is a firewall between you and nameservers you want</p><p style="margin:0px;font-size:11px;font-family:Menlo"><span class="" style="white-space:pre">   </span> * to talk to, you might need to uncomment the query-source</p><p style="margin:0px;font-size:11px;font-family:Menlo"><span class="" style="white-space:pre">      </span> * directive below.  Previous versions of BIND always asked</p><p style="margin:0px;font-size:11px;font-family:Menlo"><span class="" style="white-space:pre">     </span> * questions using port 53, but BIND 8.1 uses an unprivileged</p><p style="margin:0px;font-size:11px;font-family:Menlo"><span class="" style="white-space:pre">    </span> * port by default.</p><p style="margin:0px;font-size:11px;font-family:Menlo"><span class="" style="white-space:pre">      </span> */</p><p style="margin:0px;font-size:11px;font-family:Menlo"><span class="" style="white-space:pre">      </span> query-source address * port 53;</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px">         </p><p style="margin:0px;font-size:11px;font-family:Menlo">          listen-on port 53 { 127.0.0.1; any; };</p><p style="margin:0px;font-size:11px;font-family:Menlo">          allow-query     { localhost; any; };</p><p style="margin:0px;font-size:11px;font-family:Menlo">          allow-query-cache       { localhost; any; };</p><p style="margin:0px;font-size:11px;font-family:Menlo">          recursion yes;</p><p style="margin:0px;font-size:11px;font-family:Menlo">          /*</p><p style="margin:0px;font-size:11px;font-family:Menlo">           * Added the below lines to make DNS + TSIG</p><p style="margin:0px;font-size:11px;font-family:Menlo">           */</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo">          dnssec-enable    yes;</p><p style="margin:0px;font-size:11px;font-family:Menlo">          dnssec-validation yes;</p><p style="margin:0px;font-size:11px;font-family:Menlo">          dnssec-lookaside auto;</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo">        /* Path to ISC DLV key */</p><p style="margin:0px;font-size:11px;font-family:Menlo"><span class="" style="white-space:pre">        </span>bindkeys-file "/etc/named.iscdlv.key";</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo">};</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo">key "secret-key" {</p><p style="margin:0px;font-size:11px;font-family:Menlo">    algorithm "hmac-md5";</p><p style="margin:0px;font-size:11px;font-family:Menlo">    secret "PUp7RAfTglybAoctQR3aUW+cLpNDyjlMWUvCoHPxiWr9e0budWUQ6jp9MmrhaINa1DFZgvtuxxkOw7oCnU4qzQ==";</p><p style="margin:0px;font-size:11px;font-family:Menlo">};</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo">key "second-secret-key" {</p><p style="margin:0px;font-size:11px;font-family:Menlo">      algorithm "hmac-md5";</p><p style="margin:0px;font-size:11px;font-family:Menlo">      secret "sjz+sH4PGPPKPXLeTM7oG3WbmCIwxxcWLA+qaGaazmvLY0TvbPZ9xZi+B5JuYWMA8rpzUYi26kFiBODIOw9Rdg==";</p><p style="margin:0px;font-size:11px;font-family:Menlo">};</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo">key "third-secret-key" {</p><p style="margin:0px;font-size:11px;font-family:Menlo">      algorithm "hmac-md5";</p><p style="margin:0px;font-size:11px;font-family:Menlo">      secret "cQiZnv+4GZb0rEFkagYw8cFowSeC2Yj6dXXT7pvdllJoMW0Gt7Nhv07Y5EyZUTcS2hX5Ngbu7syyZ6IGUkCvqA==";</p><p style="margin:0px;font-size:11px;font-family:Menlo">};</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo">acl "first-key-acl" {</p><p style="margin:0px;font-size:11px;font-family:Menlo">  key secret-key;</p><p style="margin:0px;font-size:11px;font-family:Menlo">};</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo">acl "second-key-acl"{</p><p style="margin:0px;font-size:11px;font-family:Menlo">   key second-secret-key;</p><p style="margin:0px;font-size:11px;font-family:Menlo">};</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo">acl "third-key-acl"{</p><p style="margin:0px;font-size:11px;font-family:Menlo">   key third-secret-key;</p><p style="margin:0px;font-size:11px;font-family:Menlo">};</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo">view  "second-key-view" {</p><p style="margin:0px;font-size:11px;font-family:Menlo">    match-clients{</p><p style="margin:0px;font-size:11px;font-family:Menlo">           second-key-acl;</p><p style="margin:0px;font-size:11px;font-family:Menlo">            //key secret-key;</p><p style="margin:0px;font-size:11px;font-family:Menlo">     };</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo">    </p><p style="margin:0px;font-size:11px;font-family:Menlo">   zone "<a href="http://bbc.com">bbc.com</a>" </p><p style="margin:0px;font-size:11px;font-family:Menlo">   {</p><p style="margin:0px;font-size:11px;font-family:Menlo">     type master;</p><p style="margin:0px;font-size:11px;font-family:Menlo">     file "views/firstkey";</p><p style="margin:0px;font-size:11px;font-family:Menlo">     allow-query  {none;};</p><p style="margin:0px;font-size:11px;font-family:Menlo">   };</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px">     </p><p style="margin:0px;font-size:11px;font-family:Menlo">   response-policy {</p><p style="margin:0px;font-size:11px;font-family:Menlo">         zone "<a href="http://youtube.com">youtube.com</a>";</p><p style="margin:0px;font-size:11px;font-family:Menlo">   };</p><p style="margin:0px;font-size:11px;font-family:Menlo">};</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo">zone "<a href="http://youtube.com">youtube.com</a>" </p><p style="margin:0px;font-size:11px;font-family:Menlo"> {</p><p style="margin:0px;font-size:11px;font-family:Menlo">   type master;</p><p style="margin:0px;font-size:11px;font-family:Menlo">    file "dummy-block";</p><p style="margin:0px;font-size:11px;font-family:Menlo">   allow-query  {none;};</p><p style="margin:0px;font-size:11px;font-family:Menlo"> };</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo">view  "secret-key-vew"  {</p><p style="margin:0px;font-size:11px;font-family:Menlo">    match-clients{</p><p style="margin:0px;font-size:11px;font-family:Menlo">           first-key-acl;</p><p style="margin:0px;font-size:11px;font-family:Menlo">            //key secret-key;</p><p style="margin:0px;font-size:11px;font-family:Menlo">     };</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo">    zone "<a href="http://abc.com">abc.com</a>" </p><p style="margin:0px;font-size:11px;font-family:Menlo">    {</p><p style="margin:0px;font-size:11px;font-family:Menlo">      type master;</p><p style="margin:0px;font-size:11px;font-family:Menlo">      file "views/secondkey";</p><p style="margin:0px;font-size:11px;font-family:Menlo">     allow-query  {none;};</p><p style="margin:0px;font-size:11px;font-family:Menlo">    };</p><p style="margin:0px;font-size:11px;font-family:Menlo">};</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo">view default {</p><p style="margin:0px;font-size:11px;font-family:Menlo">        match-clients      { any; };</p><p style="margin:0px;font-size:11px;font-family:Menlo">        match-destinations { any; };</p><p style="margin:0px;font-size:11px;font-family:Menlo">        include "/etc/named.rfc1912.zones";</p><p style="margin:0px;font-size:11px;font-family:Menlo">};</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo"><b>dummy-block</b></p><p style="margin:0px;font-size:11px;font-family:Menlo"><b><br></b></p><p style="margin:0px;font-size:11px;font-family:Menlo"><a href="http://youtube.com">youtube.com</a>. 14400 IN SOA <a href="http://ns.youtube.com">ns.youtube.com</a>. <a href="http://root.ns.youtube.com">root.ns.youtube.com</a>. (</p><p style="margin:0px;font-size:11px;font-family:Menlo"><span class="" style="white-space:pre">     </span>2004123001;</p><p style="margin:0px;font-size:11px;font-family:Menlo"><span class="" style="white-space:pre">      </span>86000;</p><p style="margin:0px;font-size:11px;font-family:Menlo"><span class="" style="white-space:pre">   </span>7200;</p><p style="margin:0px;font-size:11px;font-family:Menlo"><span class="" style="white-space:pre">    </span>1209600;</p><p style="margin:0px;font-size:11px;font-family:Menlo"><span class="" style="white-space:pre"> </span>600)</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo"><a href="http://youtube.com">youtube.com</a>. 14400 IN NS <a href="http://ns.youtube.com">ns.youtube.com</a>.</p><p style="margin:0px;font-size:11px;font-family:Menlo;min-height:13px"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo">








</p><p style="margin:0px;font-size:11px;font-family:Menlo"><a href="http://ns.youtube.com">ns.youtube.com</a>. 14400 IN A 10.255.246.110</p><div><br></div><div><br></div><p style="margin:0px;font-size:11px;font-family:Menlo">I appreciate your help on this.</p><p style="margin:0px;font-size:11px;font-family:Menlo"><br></p><p style="margin:0px;font-size:11px;font-family:Menlo">Thanks,</p><p style="margin:0px;font-size:11px;font-family:Menlo">Rama</p></div></div>