RPZ: is this config correct?

A. Schulze sca at andreasschulze.de
Fri May 21 22:13:21 UTC 2021


Hello George,

Am 21.05.21 um 18:05 schrieb George Thessalonikefs via Unbound-users:
> I could reproduce it easily with 1.13.1 and it seems you hit this (https://github.com/NLnetLabs/unbound/issues/429) bug which is already fixed on the master branch.
> 
> With the latest code from master I cannot reproduce it anymore.
>
> Could you verify?

yes, I confirm fetching an auth-zone from https://urlhaus.abuse.ch/downloads/rpz/ as well as from my own https server works well.

One side note on disclosing unbound version:

My own webserver's log
> 2001:db8::53 - - [22/May/2021:00:00:21 +0200] "GET /downloads/rpz HTTP/1.1" 200 210627 "-" "unbound/1.13.2"

The real unbound version is used as http user agent header. This version is disclosed even if
I set 'hide-version: yes' or obfuscate 'version: "foobar/42"'

Maybe the user-agent header could be somehow synchronized with the mentioned settings.

Andreas


More information about the Unbound-users mailing list