tl,dr: https://github.com/StevenBlack/hosts/issues/451
Can someone please explain why using this as my rpz zone does NOT block everything for *.2o7.net? $ cat db.test-rpz $ORIGIN rpz.test. $TTL 1s @ IN SOA localhost. admin ( 2019082405 6h 15 1d 1s ) IN NS localhost. 2o7.net CNAME . *.2o7.net CNAME . bcbsks.com.102.112.2o7.net CNAME . ; ======== end but using this does block all of 2o7.net? (or at least all I've tried) $ cat db.test-rpz $ORIGIN rpz.test. $TTL 1s @ IN SOA localhost. admin ( 2019082407 6h 15 1d 1s ) IN NS localhost. 2o7.net CNAME . *.2o7.net CNAME . ; bcbsks.com.102.112.2o7.net CNAME . ; === end === With "; bcbsks.com.102.112.2o7.net CNAME ." commented out both dig @127.0.0.1 appleglobal.112.2o7.net dig @127.0.0.1 appleglobal.2o7.net work as expected & have ;; ADDITIONAL SECTION: rpz.test. 1 IN SOA localhost. admin.rpz.test. 2019082407 21600 15 86400 1 With "bcbsks.com.102.112.2o7.net CNAME ." not commented out dig @127.0.0.1 appleglobal.112.2o7.net -- returns an ip address with the ANSWER, AUTHORITY & ADDITIONAL SECTION dig @127.0.0.1 appleglobal.2o7.net -- doesn't return an ip address & additional info is ;; ADDITIONAL SECTION: rpz.test. 1 IN SOA localhost. admin.rpz.test. 2019082406 21600 15 86400 1 Am I just missing something or is this a bug? I get the same behavior on debian with 9.11.5-P4-5~bpo9+1-Debian and windows 10 with 9.11.9 (from ftp://ftp.isc.org/isc/bind9/9.11.9/BIND9.11.9.x64.zip) TIA Lee _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users