Local rpz ban list format
Mark Abram
marek.w.abram at gmail.com
Sun Apr 11 21:28:54 UTC 2021
Thankx Alex. I have studied this document, however it does not cover all the "header" requirements for a local file.
The document as I read it gives an example of the file with only one header line as in
"$ORIGIN [zone name]". I don't think this is a standard spec.
What Paul has suggested works in unbound. But what I am not sure about why I need to specify any sort of TTL values
for a local rpz file I manage to ban permanently some bad hosts. I want indefinite TTL for banned hosts. Maybe I am not understanding it completely but with Pauls suggested header values it works and blocks my hosts.
Mark Abram
marek.w.abram at gmail.com
On Apr 11 2021, at 3:08 pm, Alex Band <alex at nlnetlabs.nl> wrote:
>
>
> Hi Mark,
>
>
> > On 11 Apr 2021, at 17:25, Mark Abram via Unbound-users <unbound-users at lists.nlnetlabs.nl> wrote:
>
> >
>
> > Reading the spec for rpz zone files it is not clear to me what and if I need to specify any sort of specific headers and values.
>
> > I have a static rpz file called rpz.block.hosts.zone where I keep manual entries of my own banned hosts.
>
> >
>
> > Some examples I found was like this below. Since this is my own static list do I need to add the $TTL and other onfo in the header?
>
> >
>
> >
>
> > $TTL 2h
>
> > @ IN SOA localhost. root.localhost. (1 6h 1h 1w 2h)
>
> > IN NS localhost.
>
> > ;
>
> > ;
>
> > example.com CNAME .
>
>
> Does this document help?
>
>
> https://unbound.readthedocs.io/en/latest/topics/filtering/rpz.html
>
>
> Please note that additional RPZ triggers are underway:
>
>
> https://github.com/NLnetLabs/unbound/tree/rpz-triggers
>
>
> Kind regards,
>
>
> Alex
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20210411/41d3b4a8/attachment.htm>
More information about the Unbound-users
mailing list