I don't know what else to check. If possible, I would avoid forwarding by
putting both functions on the same server. You could turn on BIND
debugging - Cricket's "DNS and BIND" book has a chapter on debugging - but
that could be a lot of work.
--
Bob Harold
On Mon, Aug 13, 2018 at 10:58 AM Bl
Its there!!!
On Mon, Aug 13, 2018 at 6:58 PM Bob Harold wrote:
>
>
> --
> Bob Harold
> hostmaster, UMnet, ITcom
> Information and Technology Services (ITS)
> rharo...@umich.edu
> 734-647-6524 desk
>
>
> On Sun, Aug 12, 2018 at 2:38 AM Blason R wrote:
>
>> Hi Bob,
>>
>> I guess my scenario is no
--
Bob Harold
hostmaster, UMnet, ITcom
Information and Technology Services (ITS)
rharo...@umich.edu
734-647-6524 desk
On Sun, Aug 12, 2018 at 2:38 AM Blason R wrote:
> Hi Bob,
>
> I guess my scenario is not exactly understood I believe. Before that if I
> have set forwarder in Global option th
Hi Bob,
I guess my scenario is not exactly understood I believe. Before that if I
have set forwarder in Global option then ideally BIND should forward all
queries to the forwarder, right?
Lets say 192.168.3.15 is client
192.168.3.42 is BIND Server
192.168.3.78 is RPZ server
I have one zone on 19
On Fri, Aug 10, 2018 at 10:53 PM Blason R wrote:
> Infact what I observed that the intermediate DNS servers are not
> forwarding he queries for .com and .net servers to my RPZ servers and it
> tries resolves directly on his own from TLD servers
>
You need to work on the intermediate server to ge
Infact what I observed that the intermediate DNS servers are not forwarding
he queries for .com and .net servers to my RPZ servers and it tries
resolves directly on his own from TLD servers
192.168.3.72 End User
192.168.3.15 [AUTH Server for test.com] and has forwarder to
192.168.3.44 [RPZ]
So, 3
Ok - Now I added like this and it disappeared.
response-policy { zone "whitelist.allow" policy passthru;
zone "malware.trap";
zone "ransomwareips.block"; } qname-wait-recurse no
break-dnssec no;
On Sat, Aug 11, 2018 at 7:51 AM Blason R wro
This is not accepting and giving my syntax error.
named-checkconf /etc/bind/named.conf
/etc/bind/named.conf.options:29: syntax error near '}'
And here is I added
response-policy { zone "whitelist.allow" policy passthru;
zone "malware.trap";
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2018-08-10 at 13:17 +0530, Blason R wrote:
> Nah I dont think that is the answer since you need a termination after
> clause.
Did you actually try the answer below?
> On Fri, Aug 10, 2018 at 12:58 PM Vadim Pavlov wrote:
> Should be:
>
Hello,
Well even though the entry is there in RPZ zone it is still being returned
as nxdomain.
On Fri, Aug 10, 2018, 3:01 PM WILSON Sam wrote:
> I'm sorry, I don't understand the question. Your message shows a query
> and an NXDOMAIN response. That seems to be correct. I don't know whether
>
I'm sorry, I don't understand the question. Your message shows a query and an
NXDOMAIN response. That seems to be correct. I don't know whether your RPZ
configuration is supposed to change that.
Sam
> On 9 Aug 2018, at 18:25, Blason R wrote:
>
> Is it a big?? I mean certain domains from m
Hello All,
I have been debugging my issue from last 30+ hrs without luck and dang its
something related to forwarding. Again here is my quick scenario
I have Windows DNS Server 192.168.1.42 Has Forwarder set to 192.168.1.179
[BIND/RPZ]
Now certain domains when queried from end user e.g 192.168.1
Nah I dont think that is the answer since you need a termination after
clause.
Thanks and Regards,
Lionel F
On Fri, Aug 10, 2018 at 12:58 PM Vadim Pavlov wrote:
> Should be:
>
> response-policy {zone "whitelist.allow" policy passthru;
> zone "malware.trap";
>
Should be:
response-policy {zone "whitelist.allow" policy passthru;
zone "malware.trap";
zone "ransomwareips.block";
} qname-wait-recurse no break-dnssec no;
Vadim
> On 09 Aug 2018, at 20:50, Blason R wrote:
>
> This is the error I am getting
>
>
This is the error I am getting
/etc/bind/named.conf.options:24: expected 'zone' near 'qname-wait-recurse'
On Fri, Aug 10, 2018 at 9:10 AM Blason R wrote:
> Hi there,
>
> Where it should appear? ARM says it should appear inl Global-section of
> response-policy which I tried but getting error.
>
Hi there,
Where it should appear? ARM says it should appear inl Global-section of
response-policy which I tried but getting error.
response-policy {zone "whitelist.allow" policy passthru;
zone "malware.trap";
zone "ransomwareips.block";
Well mine is bit different. I have RPZ and almost 40+ RPZ entries wall
gardened. And in my scenario users are talking to windows based AD/DNS
server and then that server has forwarder set to RPZ.
1. First issue; I observed certain entries from BIND/RPZ zone are being
resolved by windows
On Thu, Aug 9, 2018 at 9:31 AM Blason R wrote:
> For example this one.
>
> 18:59:26.905177 IP 192.168.1.120.65049 > 192.168.1.42.53: 42074+ A?
> 0351dag.com. (29)
> 18:59:26.905299 IP 192.168.1.42.53 > 192.168.1.120.65049: 42074 NXDomain
> 0/1/0 (102)
>
With RPZ, the name is looked up normally f
Is it a big?? I mean certain domains from my rpz feeds are properly getting
resolved while few are giving nxdomain though they appear in zone.
On Thu, Aug 9, 2018, 8:57 PM Sam Wilson wrote:
> On 2018-08-09 14:00:55 +, Blason R said:
>
> > For example this one.
> >
> > 18:59:26.905177 IP 192.
On 2018-08-09 14:00:55 +, Blason R said:
For example this one.
18:59:26.905177 IP 192.168.1.120.65049 > 192.168.1.42.53: 42074+ A?
0351dag.com. (29)
18:59:26.905299 IP 192.168.1.42.53 > 192.168.1.120.65049: 42074
NXDomain 0/1/0 (102)
$ dig 0351dag.com
; <<>> DiG 9.8.3-P1 <<>> 0351dag.c
For example this one.
18:59:26.905177 IP 192.168.1.120.65049 > 192.168.1.42.53: 42074+ A?
0351dag.com. (29)
18:59:26.905299 IP 192.168.1.42.53 > 192.168.1.120.65049: 42074 NXDomain
0/1/0 (102)
On Thu, Aug 9, 2018 at 6:59 PM Blason R wrote:
> Hi Bind-Users,
>
> I would really appreciate if some
Hi Bind-Users,
I would really appreciate if someone can help me understanding my issue
with BIND RPZ server?
I have one windows server say 192.168.1.42 and then RPZ server with
192.168.1.179. I noticed that there are certain domains which are not
getting resolved from end users.
Ideally since th
22 matches
Mail list logo