Unbound and loading rpz files with url questions
Michael Van Der Beek
michael.van at antlabs.com
Wed Apr 14 05:04:30 UTC 2021
Hi Mark,
You might want to look at this:
https://forums.linuxmint.com/viewtopic.php?t=289587
That is what I use with a bit local modification.
It downloads the various lists that you want to block.
However, when you reload unbound you might lose the whole cache contents in unbound.
So your recursor performance will drop each time you update it.
You can modify it to create the combined list of block zones.. get the difference to add or remove domains and just use
To add the zone..
/usr/sbin/unbound-control local_zone <$line>
To remove the zone:
/usr/sbin/unbound-control local_zone_remove <$line2>
This way you won’t lose the cache in unbound and you can dynamically update the rpz as and when you run the script.
Regards,
Michael
From: Unbound-users <unbound-users-bounces at lists.nlnetlabs.nl> On Behalf Of Mark Abram via Unbound-users
Sent: Tuesday, 13 April 2021 3:17 am
To: unbound-users at lists.nlnetlabs.nl
Subject: Unbound and loading rpz files with url questions
I have been using unbound since version 1.10. Recently with the newest version 1.13.1-1 I started implementing rpz zone files and using
frequent curl commands in crontab to refresh 2 zones I have.
https://scripttiger.github.io/alts/rpz/blacklist.txt
https://urlhaus.abuse.ch/downloads/rpz/<https://scripttiger.github.io/alts/rpz/blacklist.txt>
Questions:
1. With first url there is no TTL or SOA header, how in unbound going to handle this? Do I still need to run cron job to perform reloading?
2. This has proper header with TTL and SOA flags. Will unbound do proper reloading of the zone? I am assuming that with this zone url I no longer need cron job.
3. Many posts I have seen having issues with unbound url zone working. Do I need to be aware of any required flags or configuration?
Thank you in advance.
Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20210414/d4a0e086/attachment-0001.htm>
More information about the Unbound-users
mailing list