That is what I exactly did and noticed that packets are received on bind
and bind is directly forwarding.
See my first email that has packet captures
On Sun, Nov 17, 2024, 18:17 Lee wrote:
> On Sun, Nov 17, 2024 at 1:28 AM Blason R wrote:
> >
> > Nah even that didn't work.
> >
> > If I directly
On Sun, Nov 17, 2024 at 1:28 AM Blason R wrote:
>
> Nah even that didn't work.
>
> If I directly query to bind it blocks or wall garden the request but if I
> send it through windows AD or any other server bind just forwards the request
> to forwarders.
How do you _know_ windows AD or any other
Agree but response for app.hubspot.com.is getting modified and i see issue
with only this domain.
On Sun, Nov 17, 2024, 12:01 Mark Andrews wrote:
> RPZ stands for RESPONSE POLICY ZONE. It does NOT block queries. It
> modifies replies.
> --
> Mark Andrews
>
> On 17 Nov 2024, at 17:28, Blason R w
Nah even that didn't work.
If I directly query to bind it blocks or wall garden the request but if I
send it through windows AD or any other server bind just forwards the
request to forwarders.
On Sat, Nov 16, 2024, 23:55 Lee wrote:
> Hi
>
> On Fri, Nov 15, 2024 at 10:24 PM Blason R wrote:
> >
RPZ stands for RESPONSE POLICY ZONE. It does NOT block queries. It modifies replies. -- Mark AndrewsOn 17 Nov 2024, at 17:28, Blason R wrote:Nah even that didn't work.If I directly query to bind it blocks or wall garden the request but if I send it through windows AD or any other server bind just
Hi
On Fri, Nov 15, 2024 at 10:24 PM Blason R wrote:
>
> Where is that exactly to be added? I added in response-policy
> statement then I tired adding in options stanza but rndc fails
> everytime.
>
<.. snip ..>
> > > > response-policy {
> > > > zone "custom.block";
> > > > ...
> > > > ..
> > >
Blason R skrev den 2024-11-16 04:24:
Where is that exactly to be added? I added in response-policy
statement then I tired adding in options stanza but rndc fails
everytime.
try this
response-policy {
zone "rpz.localhost";
} break-dnssec yes qname-wait-recurse no recursi
Where is that exactly to be added? I added in response-policy
statement then I tired adding in options stanza but rndc fails
everytime.
On Fri, Nov 15, 2024 at 6:35 PM Blason R wrote:
>
> Hmmm - Ok let me try doing that. Thanks for letting me know
>
> On Fri, Nov 15, 2024 at 3:43 PM Lee wrote:
Hmmm - Ok let me try doing that. Thanks for letting me know
On Fri, Nov 15, 2024 at 3:43 PM Lee wrote:
>
> On Thu, Nov 14, 2024 at 1:48 AM Blason R wrote:
> >
> > Hello Team,
> >
> > I am encountering an unusual problem. I am using BIND version BIND
> > 9.18.19-1+ubuntu22.04.1+isc+1-Ubuntu and h
On Thu, Nov 14, 2024 at 1:48 AM Blason R wrote:
>
> Hello Team,
>
> I am encountering an unusual problem. I am using BIND version BIND
> 9.18.19-1+ubuntu22.04.1+isc+1-Ubuntu and have configured BIND RPZ. My
> objective is to block access to app.hubspot.com, for which I have
> established a zone.
>
Remember that when you update a zone you need to increase the serial number (in
SOA record) and tell BIND to reload the zone - e.g. run “rndc reload”.
Nick.
> On 15 Nov 2024, at 6:30 PM, Blason R wrote:
>
> Even I tried that but still no luck
>
> $TTL 180
> @ IN SOA ns
Even I tried that but still no luck
$TTL 180
@ IN SOA ns1.custom.block. ns1.custom.block.
( 2006060301 21600 3600 604800 3600 )
IN NSns1.custom.block.
ns1.custom.block. IN A 172.1.254.243
wg.custom.block.IN A 172.1.254.243
app.hubspot.com
On 14/11/2024 7:48 pm, Blason R wrote:
And here is zone file
$TTL 180
@ IN SOA ns1.custom.block. ns1.custom.block.
( 2006060301 21600 3600 604800 3600 )
IN NSns1.custom.block.
ns1.custom.block. IN A 172.1.xx.xx
wg.custom.block.IN A 172
That's my nginx load balancer ip. Surprisingly this happens only with this
domain.
On Thu, Nov 14, 2024, 17:30 Peter Davies wrote:
> Hi Blason,
>Your configuration looks correct, though BIND will try to resolve the
> "wg.custom.block"
> through your forwarders.
>
> What reply do you get from
Hi Blason,
Your configuration looks correct, though BIND will try to resolve the
"wg.custom.block"
through your forwarders.
What reply do you get from:
dig @172.1.254.243 custom.block soa
/Peter
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
15 matches
Mail list logo
