Local rpz ban list format

Paul Vixie paul at redbarn.org
Sun Apr 11 19:37:59 UTC 2021


On Sun, Apr 11, 2021 at 09:25:04AM -0600, Mark Abram via Unbound-users wrote:
> ???Some examples I found was like this below. Since this is my own static
> list do I need to add the $TTL and other onfo in the header?
>   
>   $TTL 2h
>   @ IN SOA localhost. root.localhost. (1 6h 1h 1w 2h)
>      IN NS    localhost.
>   
>   example.com        CNAME   .

in BIND, a zone must have an SOA and an NS or loading will fail, and so
the RPZ specification calls for these elements. while it's unknown to me
whether Unbound has the same requirement, i suggest you keep your RPZ's
in a portable form, and thus, that you include these elements.

$TTL is unnecessary. the TTL of records in an RPZ is not relevant, and
the SOA.MINIMUM will be the default TTL unless you specify $TTL.

-- 
Paul Vixie


More information about the Unbound-users mailing list