<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hello, <div class=""><br class=""></div><div class="">I am trying to debug an unbound system whom goal is to provide a local DNS server and our own filtering with RPZ. </div><div class=""><br class=""></div><div class="">I have setup a bind server distributing my RPZ zones and I can successfully AXFR from anywhere for the zone "my-zone.rpz" </div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">I have setup the unbound server and enabled both "module-config: "respip validator iterator" and configured the zone with : </div><div class=""><br class=""></div><div class=""><pre class="op-uc-code-block highlight highlight-text" lang="text">rpz:
name: "<span style="font-family: Menlo; white-space: normal;" class="">my-zone.rpz</span>"
zonefile: "<span style="font-family: Menlo; white-space: normal;" class="">my-zone.rpz</span>"
primary: 1.2.3.4
rpz-log: yes
rpz-log-name: "<span style="font-family: Menlo; white-space: normal;" class="">my-zone.rpz</span>"</pre><div class=""><br class=""></div></div><div class=""><br class=""></div><div class="">When I try to load the zone with : "unbound-control -c /var/unbound/unbound.conf rpz_enable blog.rpz.dynfi" --> "OK" </div><div class=""><br class=""></div><div class="">When I try to transfer zone with : "unbound-control -c /var/unbound/unbound.conf auth_zone_transfer blog.rpz.dynfi" --> "OK" </div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">But IRL (in real life) nothing happens… </div><div class="">My BIND server does not receive the request for zone transfer. </div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">So I might have missed something somewhere… ? </div><div class=""><br class=""></div><div class="">Also I don't know how to use drill to test zone transfer (if this is possible)… ?</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Thanks for your help. </div><div class=""><br class=""></div><div class="">—<br class=""><img apple-inline="yes" id="076D1F90-9BBA-4AAE-A8E9-A8A6A3377FD1" src="cid:9074469A-93B0-41E4-80A1-3D36C1A3F8EA" class=""><br class="">Greg Bernard <br class="">FreeBSD amateur since 20 years</div><div class=""><br class=""></div><div class=""><pre class="op-uc-code-block highlight highlight-text" lang="text"><br class=""></pre><pre class="op-uc-code-block highlight highlight-text" lang="text"><br class=""></pre></div></body></html>