<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"><span style="font-family:Noto Sans;">On Wednesday, March 19, 2025 3:01:48 PM CET Bob McDonald wrote:</span></p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> Maybe I'm not understanding all the nuances of the stated goal but doesn't</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">> RPZ handle this?</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">Was my first thought as well, works fine for me.</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">In named.conf:</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"><span style="font-family:Noto Mono;">options {</span></p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"> // RPZ zone</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"> // Source: https://deteque.com/m3aawg-bind-training/named.conf</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"> response-policy {</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"> zone "rpz.local";</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"> };</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">};</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">// Response Policy Zone</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">zone "rpz.local" {</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"> type primary;</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"> file "/path/to/rpz.local.db";</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">};</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"><span style="font-family:Noto Sans;">----</span></p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">In rpz.local.db:</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"><span style="font-family:Noto Mono;">$TTL 300</span></p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">@ IN SOA localhost. admin.localhost. (</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"> 1 ; Serial number</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"> 60 ; Refresh every minute</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"> 60 ; Retry every minute</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"> 43200 ; Expire in 5 days</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"> 60 ) ; Negative cache TTL 1 minute</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"> IN NS LOCALHOST.</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">; Examples</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">example.net IN CNAME localhost.</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;"><span style="font-family:Noto Sans;">----</span></p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">Note that the public domain name records to be redirected via RPZ cannot have a trailing dot.</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">-- </p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">Met vriendelijke groet,</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">Michael De Roover</p>
<br /><p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">Mail: isc@nixmagic.com</p>
<p style="margin-top:0;margin-bottom:0;margin-left:0;margin-right:0;">Web: michael.de.roover.eu.org</p>
</body>
</html>