Response IP Address trigger
Marek Abram
marek.w.abram at gmail.com
Mon Jul 12 00:39:37 UTC 2021
Reading unbound blog and RPZ draft I tried implementing rpm response IP address trigger.
My unbound.conf contains like "module-config: "respip validator iterator”.
As an example the rpz file has the following entry
16.205.251.0.0.rpz-ip CNAME *.
When I perform dig ns-1756.awsdns-27.co.uk <http://ns-1756.awsdns-27.co.uk/> it returns actual IP - which I think it should filter and return NODATA.
; <<>> DiG 9.17.11 <<>> ns-1756.awsdns-27.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30242
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ns-1756.awsdns-27.co.uk. IN A
;; ANSWER SECTION:
ns-1756.awsdns-27.co.uk. 14400 IN A 205.251.198.220
;; Query time: 450 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sun Jul 11 18:37:28 MDT 2021
;; MSG SIZE rcvd: 68
Am I doing it right?
Marek Abram (Mark)
marek.w.abram at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20210711/82821de7/attachment.htm>
More information about the Unbound-users
mailing list