On Fri, Jun 1, 2018 at 2:01 PM Blason R <blaso...@gmail.com> wrote: > Yes that was the issue :) and got resolved. >
Glad it was an easy fix. -- Bob Harold > On Fri, Jun 1, 2018 at 11:29 PM, Blason R <blaso...@gmail.com> wrote: > >> I guess this could be the issue >> >> zone "malware.trap" { >> type master; >> file "/var/lib/bind/zones/malware.trap.db"; >> allow-query { localhost;}; >> >> >> On Fri, Jun 1, 2018 at 11:28 PM, Blason R <blaso...@gmail.com> wrote: >> >>> Well this is I am getting in network.log what could be the issue? >>> >>> 01-Jun-2018 23:27:42.274 client 192.168.5.103#58425 (wg.block.tld): >>> query 'wg.block.tld/A/IN' denied >>> >>> >>> On Fri, Jun 1, 2018 at 11:27 PM, Bob Harold <rharo...@umich.edu> wrote: >>> >>>> >>>> On Fri, Jun 1, 2018 at 1:36 PM Blason R <blaso...@gmail.com> wrote: >>>> >>>>> Hi there, >>>>> >>>>> I am writing a RPZ zone and here is my zone file. RPZ is working fine >>>>> but somehow A records are not getting resovled hence I am unable to do the >>>>> wall-gardening. >>>>> >>>>> Can someone please help >>>>> >>>>> >>>>> $TTL 3h >>>>> @ IN SOA ns1.malware.trap. >>>>> admin.malware.trap. ( >>>>> 2006060301 ; Serial >>>>> 21600 ; Refresh >>>>> 3600 ; Retry >>>>> 604800 ; Expire >>>>> 3600 ) ; Minimum TTL >>>>> >>>>> IN NS ns1.malware.trap. >>>>> ns1.malware.trap. A 172.16.3.48 >>>>> wg.malware.trap. A 172.16.3.48 >>>>> baddomain.co CNAME wg.malware.trap. >>>>> block.this CNAME wg.malware.trap. >>>>> >>>>> ############################### >>>>> >>>>> ;; ANSWER SECTION: >>>>> block.this. 5 IN CNAME wg.malware.trap. >>>>> >>>>> >>>>> *********************************************** >>>>> ;; QUESTION SECTION: >>>>> ;wg.malware.trap. IN A >>>>> >>>>> Answer not getting what could be wrong?? >>>>> >>>> >>>> Not sure what is a normal configuration, but on my servers users cannot >>>> query the RPZ domain, it is only used for RPZ. >>>> Try putting the A record in a normal zone, and CNAME to that, rather >>>> than having the A record in the RPZ zone. >>>> Or try doing a direct query for the A record and see if it resolves. >>>> >>>> -- >>>> Bob Harold >>>> >>>> >>> >>> >> >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users