Unbound 1.10.0

Wouter Wijngaards wouter at nlnetlabs.nl
Tue Feb 25 11:38:09 UTC 2020


Hi Frederic,

On 2/25/20 10:44 AM, Frederic via Unbound-users wrote:
> Hello All,
> 
> First of all, congratulations for the new Unbound 1.10.0, that's great :o)

Thanks!

> 
> We're testing that new build and we face 2 issues:
> 1. RPZ only checks the exact domain we indicate in the zone file, not the main domain + subdomains
> Ex: if we declare "xvideos.com" as CNAME it'll take care "xvideos.com" only, and not "www.xvideos.com"
> Maybe we missed a point here, if anyone has a trick it'll be nice...

You can make an rpz entry for the subdomains with a *.xvideos.com entry
CNAME.  So for the domain and subdomains, you make two entries, one for
xvideos.com and one for *.xvideos.com.

The RPZ blog from Ralph has more information about it
https://medium.com/nlnetlabs/response-policy-zones-in-unbound-5d453de75f26

> 
> 2. RPZ module seems not compatible with python module:
> We define "respip" in the "module-config" also including "python" but at the restart we get that "fatal error: RPZ requires the respip module"
> If we delete "python" from the module-config we then have no error in the log file
> Ex: module-config: "respip python validator iterator" -> fatal error
> Ex: module-config: "respip validator iterator" -> no error

You need to change the order to please the check conf.  It puts the
python module at the start so that it sees the final message and can
edit that.
module-config: "python respip iterator"
or
module-config: "python respip validator iterator"
should be accepted by the configuration checks in unbound-checkconf.

If the other module order works, we can add it to the accept list for
the configuration checks, to the list of known working module lists.

Best regards, Wouter

> 
> Thanks in advance for your help...
> Bye Fred
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20200225/ee1991b2/attachment.bin>


More information about the Unbound-users mailing list