Why does nslookup not return what I am expecting from my bind server? (RPZ configured)
Solution 1:
The last line in the RPZ zone does not look syntactically valid.
The syntax for an RPZ zone is the same as for regular zones, it only has special semantics for RPZ.
With that in mind it's clear that an A
record can't possibly have rpz-passthru.
as it's value. An A
record can only ever have an IPv4 address as its value.
If you look at the RPZ documentation you will find that the special RPZ directives (like rpz-passthru.
) use the CNAME
record type.
named-checkconf -zj
and/or reading the logs is generally helpful. I would assume that, when using the zone data from the question, the RPZ zone will fail to load and there should be errors about that (I would expect an error about "bad dotted quad" or something along those lines).
As a separate note, I don't believe that last line is really needed, it appears to just (try to) explicitly define what the default behavior would have been.