Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rfc:rpz (draft) for having full support of rpz zones and always_nxdomain #74

Closed
spirillen opened this issue Sep 12, 2019 · 4 comments
Closed

rfc:rpz (draft) for having full support of rpz zones and always_nxdomain #74

spirillen opened this issue Sep 12, 2019 · 4 comments

Comments

@spirillen
Copy link

intro:

I'm building a project to hosts public owned RPZ zones.

The issue is the way unbound handles always_nxdomain as demonstrated in this thread

unbound is not only adding nxdomain from second level domains and down the latter, it also doing so in the opposed direction from fourth or fifth level domains to the second level

Now the question/feature request:

Is there currently a work around for this issue to use the always_nxdomain or actually full support for real RPZ zones, rather than having to build very very big files with

local-zone: "%%b" redirect
local-data: "%%b A !TO_BLACKHOLE!"

Outtro

The main idea with my project is to fully implant the NXDOMAIN as they smarter and faster as you have a straight-up answer and wildcard is fully supporter, any DNS queries don't have to wait up for any redirection timeouts ex. 127.0.0.1 or 0.0.0.0

I'm asking you here as (personal linux) Unbound is the only reliable recursor I have found that could be easily installed on Windows 10.Home.xxxxxxxxxxxxxxx.what.ever.hosts.reset.version.tracking.optimization.version

Ping for inclusion

@ScriptTiger
@ralphdolmans
Copy link
Contributor

Hi,
To be clear: you are talking about nxdomain answers generated using Unbound's local-zone configuration, right? Local-zones should only be applied for matching domains and subdomains. Please check your configuration to make sure you don't have a local-zone matching the parent domain.

@spirillen
Copy link
Author

spirillen commented Sep 12, 2019
edited
Loading

Hi,
To be clear: you are talking about nxdomain answers generated using Unbound's local-zone configuration, right?

Yes 👍

Local-zones should only be applied for matching domains and subdomains. Please check your configuration to make sure you don't have a local-zone matching the parent domain.

Will do this later, as unbound is on a diff PC

@spirillen
Copy link
Author

Found the line in a local file added to the config 👍 now I have to figure out why... but that not your headache

By the way... I can see you are working on integrating full support for RPZ zones in this PR Do you have any idea for the release date ❓ and do you have docs on the layouts for the RPZ zone files?.

I would hate to make a lot of code just to remake it in 2 weeks 😒

@spirillen spirillen mentioned this issue Sep 12, 2019
Closed
@spirillen spirillen mentioned this issue Sep 30, 2019
Closed
@gthess
Copy link
Member

gthess commented Mar 27, 2024

Closing this as RPZ is fully supported since 1.14.0

@gthess gthess closed this as completed Mar 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ralphdolmans @gthess @spirillen