> From: pgbi...@ml1.net
> I've bind 9.9.2p1 setup to use the RPZ zone provided by spamhaus.
> (1) How/where do you extract a bad domain name from the axfr'd RPZ zone
> file? It's not in what appears to be human-readable form.
As I wrote in answer to your message on Friday, try this command
for the DROP zone:
named-compilezone -j -f raw -F text -o- drop.rpz.spamhaus.org
drop.rpz.spamhaus.org
If you are now using rpz.spamhaus.org, try
named-compilezone -j -f raw -F text -o- rpz.spamhaus.org rpz.spamhaus.org |
head -4
Just now in my copy of that zone, that command suggests trying "forum.ac"
> (2) Once you have that domain, I assume (?) entering it into a browser
> should result in a browser redirect to 127.0.0.1 (?)?
If you use the "CNAME ." policy published by Spamhaus, then your browser
will get NXDOMAIN. You will get 127.0.0.1 only if you override Spamhaus'
policy with a clause similar to this in your response-policy{} statement
zone "rpz.spamhaus.org" policy cname bad-rpz.ml1.net;
and define
bad-rpz.ml1.net. A 127.0.0.1
Before messing with a browser, I'd try `dig forum.ac`
> In which DNS/bind
> log category do I look for evidence of that RPZ-redirection? In the
> query log?
If you read the friendly manual text though the link labeled
"Draft text for BIND9 Administrators Reference Manual (ARM) describing"
http://www.redbarn.org/dns/ratelimits as I suggested last week,
then you should find the "rate-limit" category and the querylog option.
Vernon Schryver v...@rhyolite.com
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
