Unbound and loading rpz files with url questions

Wed Apr 14 15:19:57 UTC 2021

Thanks Michael,

I do this differently. I have a conversion utility that efficiently coverts any non-rpz files into proper rpz with standard SOA header.

Each of the loaded/converted files becomes a separate zone file. This way I can manage each zone file separately and use unbound-control auth_zone_reload command. The advantage of doing this is that I can disable/enable zones with unbound commands and also each zone may have different override directive for finer control.

Mark

On Apr 13 2021, at 11:04 pm, Michael Van Der Beek  <michael.van at antlabs.com>  wrote:

>   
>   
> Hi Mark,
>   
>   
>   
> You might want to look at this:
>   
> https://forums.linuxmint.com/viewtopic.php?t=289587
>   
>   
>   
> That is what I use with a bit local modification.
>   
> It downloads the various lists that you want to block.
>   
> However, when you reload unbound you might lose the whole cache contents in unbound.
>   
> So your recursor performance will drop each time you update it.
>   
>   
>   
> You can modify it to create the combined list of block zones.. get the difference to add or remove domains and just use
>   
> To add the zone..
>   
> /usr/sbin/unbound-control local_zone  <$line>
>   
>   
>   
> To remove the zone:
>   
> /usr/sbin/unbound-control local_zone_remove  <$line2>
>   
>   
>   
> This way you won’t lose the cache in unbound and you can dynamically update the rpz as and when you run the script.
>   
>   
>   
> Regards,
>   
>   
>   
> Michael
>   
>   
>   
>   
>   
>   
>   
>   
> From:   Unbound-users  <unbound-users-bounces at lists.nlnetlabs.nl>   On Behalf Of   Mark Abram via Unbound-users
>   
> Sent:   Tuesday, 13 April 2021 3:17 am
>   
> To:   unbound-users at lists.nlnetlabs.nl
>   
> Subject:   Unbound and loading rpz files with url questions
>   
>   
>   
>   
>   
>   
>   
> I have been using unbound since version 1.10. Recently with the newest version 1.13.1-1 I started implementing rpz zone files and using
>   
>   
>   
> frequent curl commands in crontab to refresh 2 zones I have.
>   
>   
>   
> 
>   
>   
>   
> https://scripttiger.github.io/alts/rpz/blacklist.txt
>   
>   
>   
> https://urlhaus.abuse.ch/downloads/rpz/ (https://scripttiger.github.io/alts/rpz/blacklist.txt)
>   
>   
>   
>   
>   
>   
> Questions:
>   
>   
>   
> 1. With first url there is no TTL or SOA header, how in unbound going to handle this? Do I still need to run cron job to perform reloading?
>   
>   
>   
> 2. This has proper header with TTL and SOA flags. Will unbound do proper reloading of the zone? I am assuming that with this zone url I no longer need cron job.
>   
>   
>   
> 3. Many posts I have seen having issues with unbound url zone working. Do I need to be aware of any required flags or configuration?
>   
>   
>   
> 
>   
>   
>   
> Thank you in advance.
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
> Mark
>   
>   
>   
>   
>   
>   
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20210414/e926e42f/attachment.htm>