RPZ: is this config correct?

George Thessalonikefs george at nlnetlabs.nl
Thu Aug 12 08:15:50 UTC 2021


Hi RayG,

The just released 1.13.2 version includes a fix that should solve your 
problem with downloading the RPZ file via an https url on windows.

The fix was specifically:
- Listen to read or write events after the SSL handshake.
   Sticky events on windows would stick on read when write was needed.

Hope that this indeed solves the issue for you, it did in my testing.

Best regards,
-- George

On 11/05/2021 17:28, RayG wrote:
> Hi George,
> 
> Seems people are having issues with RPZ - can you advise when my particular one will be resolved? Is it the same as the https ones reported below?
> 
> Its been a while now...
> 
> Thanks.
> 
> Ray
> 
> -----Original Message-----
> From: George Thessalonikefs <george at nlnetlabs.nl>
> Sent: 11 May 2021 11:16
> To: unbound-users at lists.nlnetlabs.nl
> Subject: Re: RPZ: is this config correct?
> 
> Hi Andreas,
> 
> On 11/05/2021 09:56, A. Schulze via Unbound-users wrote:
>>
>>
>> Am 10.05.21 um 23:30 schrieb A. Schulze via Unbound-users:
>>>
>>>
>>> Am 01.05.21 um 12:46 schrieb A. Schulze via Unbound-users:
>>>> HTTP works, HTTPS don't.
>>>
>>> Hello George,
>>>
>>> is there anything I could test/check/do to help?
> I am afraid not. I am currently preoccupied with another bug but will get to this right after, will let you know.
> 
>>
>> Update:
>>
>> I now setup
>>
>> * a webserver that
>>    - fetch https://urlhaus.abuse.ch/downloads/rpz/ hourly
>>    - serve that file by http
>>
>> * an unbound instance
>>    - configured to use the rpz from the http location
>>
>> Turns out: the zonefile written by unbound, *has* current data ... as
>> expected ...
>>
>> so only fetch by https is broken somehow.
> Thanks again for clarifying that!
> 
> I'll try to replicate with the systems you shared (Debian Bullseye and Debian Buster) and go from there.
> 
> -- George
> 
> 


More information about the Unbound-users mailing list