Hi Nath.
What have you got on SrvB for biopyrenees.net, or net?
On SrvB, please do "dig @ sri.biopyrenees.net" (please use the
actual address rather than "localhost") and paste the full result here. I
am interested in flags and the query time right now.

Cheers, Greg

On Wed, 22 Mar 2023 at 11:52, BONIN Nathanael <boni...@mipih.fr> wrote:

> Hi there,
> We are using RPZ zone for some times now, but recently we found a weird
> behavior from some domains. Let me explain !
> We have 2 NS server : Recursive one (let’s call him SrvA) and one bebind
> (let’s call him SrvB, with global forwarder : SrvA ). My RPZ zone is on
> SrvA.
> If we took a little diagram, we have :
> User ===== > SrvB ===== > SrvA ===== > Internet
> If we create an A record tatata.google.com / (that doesn’t exist
> at google.com) on RPZ zone :
>    - On SrvA with : dig @localhost tatata.google.com we got IP :
>    => GREAT !
>    - On SrvB with : dig @localhost tatata.google.com (that point on
>    SrvA), we got IP : => WONDERFUL !
> If we create another A record sri.biopyrenees.net / (that doesn’t
> exist at biopyrenees.net) on RPZ zone :
>    - On SrvA with : dig @localhost sri.biopyrenees.net, we got IP :
> => YOUPI !
>    - On SrvB with : dig @localhost sri.biopyrenees.net, we got : NXDOMAIN
>    => WHATTTT ?
> Why for some domain, the RPZ isn’t working ?
> An exemple of what I wrote on my RPZ zone :
> tatata.google.com                       A
> sri.biopyrenees.net                     A
> Is it normal ? Is there a way to have the good answer on my SrvB ?
> With tcpdump, I see the same behavior with a record that works and with
> the record that doesn’t work…
> Thanks for your help.
> Nath.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list

Reply via email to