RPZ Was Re: providing CNAMEs for local data (fwd)
Peter Russel
jpgpi250 at gmail.com
Fri Nov 25 07:53:03 UTC 2022
allow and deny can be in a single rpz file.
Example: I'm retrieving (daily) the most abused top level domains, parsing
them into an rpz file from https://www.spamhaus.org/statistics/tlds/.
Some domains I use however need to be allowed. Todays RPZ looks like this
(and it works):
$TTL 30
@ SOA jpgpi250.github.io. hostmaster.jpgpi250.github.io. 2211241509 86400
1800 604800 30
NS localhost.
;
*.surf CNAME .
*.fit CNAME .
*.ml CNAME .
*.top CNAME .
*.cyou CNAME .
*.gq CNAME .
*.cn CNAME .
*.live CNAME .
*.ga CNAME .
*.cf CNAME .
neofusgate.samsung.com.cn CNAME rpz-passthru.
dcs-vod.mp.lura.live CNAME rpz-passthru.
drm.mp.lura.live CNAME rpz-passthru.
the unbound configuration looks like this:
rpz:
name: tld
zonefile: zonefiles/tld.zone
url: http://127.0.0.1/tld.rpz
# no rpz-action-override here (exceptions - rpz-passthru)
# rpz-action-override: nxdomain
rpz-signal-nxdomain-ra: yes
rpz-log: yes
rpz-log-name: tld
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20221125/1600ef90/attachment.htm>
More information about the Unbound-users
mailing list