Response IP Address trigger

Marek Abram marek.w.abram at gmail.com
Mon Jul 12 00:39:37 UTC 2021


Reading unbound blog and RPZ draft I tried implementing rpm response IP address trigger.

My unbound.conf contains like "module-config: "respip validator iterator”.
As an example the rpz file has the following entry

16.205.251.0.0.rpz-ip CNAME *.

When I perform dig ns-1756.awsdns-27.co.uk <http://ns-1756.awsdns-27.co.uk/> it returns actual IP - which I think it should filter and return NODATA.

; <<>> DiG 9.17.11 <<>> ns-1756.awsdns-27.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30242
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ns-1756.awsdns-27.co.uk.	IN	A

;; ANSWER SECTION:
ns-1756.awsdns-27.co.uk. 14400	IN	A	205.251.198.220

;; Query time: 450 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sun Jul 11 18:37:28 MDT 2021
;; MSG SIZE  rcvd: 68


Am I doing it right?


Marek Abram (Mark)
marek.w.abram at gmail.com





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20210711/82821de7/attachment.htm>


More information about the Unbound-users mailing list