On Tue, 28 May 2019, Carl Byington via bind-users wrote:
Hi, Carl - thanks for replying.
On zurg, add a new dns zone rpz.ncdot.gov
Your suggestion didn't work for me.
To test your suggestion, I had to add a "forwarders" statement to get
zurg to query buzz/woody; prior to testing, zurg had a zone file for
internal.local that told him he was the Master of the Zone, and the only
entries in it were for andy and sid. I commented that out for testing your
suggestion.
When I implemented your suggestion, queries to zurg for andy and sid
were resolved to their 10/8 addresses (meaning zurg forwarded the request
to buzz/woody and returned an answer without alteration). zurg seemed to
ignore the RPZ config.
Re-reading the ARM, it seemed to me that I needed to add a
zone "rpz.internal.local" { file "rpz.internal.local"; };
statement as well. When I did that, zurg still gave the 10/8 replies.
On zurg, all other names in internal.local will get the normal
processing, with answers via buzz. But when someone uses zurg to lookup
andy.internal.local, it will reply with 192.168.10.10 without even
asking buzz.
That IS what I'm trying to do. Unfortunately, the config you suggested
didn't get me there.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
