RPZ: is this config correct?
George Thessalonikefs
george at nlnetlabs.nl
Mon Nov 9 11:06:58 UTC 2020
Hi RayG,
You are correct that the file should be written by unbound. Are you sure
that unbound has write permissions in that directory?
You could also use IP addresses for XFRs and they will be probed for the
SOA value and also tried if the url does not work.
However, I don't think that they offer the service over XFR. At least
they only advertise the url on their website.
Best regards,
-- George
On 07/11/2020 16:17, RayG via Unbound-users wrote:
> Hi,
>
> No response to this post as yet?
>
> Any help appreciated.
>
> RayG
>
> *From:*RayG <rgsub1 at btinternet.com>
> *Sent:* 14 October 2020 15:59
> *To:* 'unbound-users at lists.nlnetlabs.nl' <unbound-users at lists.nlnetlabs.nl>
> *Subject:* RPZ: is this config correct?
>
> I have created the following RPZ entry for unbound and added respip to
> the module configuration.
>
> rpz:
>
> name: "rpz.urlhaus.abuse.ch."
>
> zonefile: "c:\programdata\unbound\logs\URLHaus.rpz"
>
> url: https://urlhaus.abuse.ch/downloads/rpz
> <https://urlhaus.abuse.ch/downloads/rpz>
>
> rpz-log: yes
>
> rpz-log-name: "URLHausRPZ"
>
> If I understand things correctly unbound should fetch the zone file
> using the URL and store the data in the zonefile. I created an empty
> zone file but it is not being populated by unbound. I cannot see any
> relevant issues in the log file. I also do not (have not yet) seen any
> entries in the log file with the appended log name item.
>
> Do I have the correct configuration and understanding?
>
> Following on would it be correct to add these masters to the configuration:
>
> master: 151.101.130.49
>
> master: 151.101.66.49
>
> master: 151.101.194.49
>
> master: 151.101.2.49
>
> C:\>dig urlhaus.abuse.ch.
>
> ; <<>> DiG 9.16.6 <<>> urlhaus.abuse.ch.
>
> ;; global options: +cmd
>
> ;; Got answer:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1870
>
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
>
> ; EDNS: version: 0, flags:; udp: 4096
>
> ;; QUESTION SECTION:
>
> ;urlhaus.abuse.ch. IN A
>
> ;; ANSWER SECTION:
>
> urlhaus.abuse.ch. 3037 IN CNAME p2.shared.global.fastly.net.
>
> p2.shared.global.fastly.net. 29 IN A 151.101.130.49
>
> p2.shared.global.fastly.net. 29 IN A 151.101.194.49
>
> p2.shared.global.fastly.net. 29 IN A 151.101.2.49
>
> p2.shared.global.fastly.net. 29 IN A 151.101.66.49
>
> The URL Returns data like this:
>
> $TTL 30
>
> @ SOA rpz.urlhaus.abuse.ch. hostmaster.urlhaus.abuse.ch. 2010141440 300
> 1800 604800 30
>
> NS localhost.
>
> ;
>
> ; abuse.ch URLhaus Response Policy Zones (RPZ)
>
> ; Last updated: 2020-10-14 14:40:12 (UTC)
>
> ;
>
> ; Terms Of Use: https://urlhaus.abuse.ch/api/
> <https://urlhaus.abuse.ch/api/>
>
> ; For questions please contact urlhaus [at] abuse.ch
>
> ;
>
> testentry.rpz.urlhaus.abuse.ch CNAME . ; Test entry for testing URLhaus RPZ
>
> 1am.co.nz CNAME . ; Malware download (2020-08-17), see
> https://urlhaus.abuse.ch/host/1am.co.nz/
> <https://urlhaus.abuse.ch/host/1am.co.nz/>
>
> 1ca.co.za CNAME . ; Malware download (2020-08-28), see
> https://urlhaus.abuse.ch/host/1ca.co.za/
> <https://urlhaus.abuse.ch/host/1ca.co.za/>
>
> 1med.kiev.ua CNAME . ; Malware download (2020-10-14), see
> https://urlhaus.abuse.ch/host/1med.kiev.ua/
> <https://urlhaus.abuse.ch/host/1med.kiev.ua/>
>
> 21robo.com CNAME . ; Malware download (2019-02-20), see
> https://urlhaus.abuse.ch/host/21robo.com/
> <https://urlhaus.abuse.ch/host/21robo.com/>
>
More information about the Unbound-users
mailing list