Why does nslookup not return what I am expecting from my bind server? (RPZ configured)

linux ubuntu domain-name-system bind rpz

Solution 1:

The last line in the RPZ zone does not look syntactically valid.

The syntax for an RPZ zone is the same as for regular zones, it only has special semantics for RPZ.

With that in mind it's clear that an A record can't possibly have rpz-passthru. as it's value. An A record can only ever have an IPv4 address as its value.

If you look at the RPZ documentation you will find that the special RPZ directives (like rpz-passthru.) use the CNAME record type.

named-checkconf -zj and/or reading the logs is generally helpful. I would assume that, when using the zone data from the question, the RPZ zone will fail to load and there should be errors about that (I would expect an error about "bad dotted quad" or something along those lines).

As a separate note, I don't believe that last line is really needed, it appears to just (try to) explicitly define what the default behavior would have been.

Related

Tomcat and IIS 7 both on different ip's and different ports
How do you setup multiple instances of vsftpd to run on different listen ports?
Network dropouts on Debian 5, how to find a cause
Setup openvpn as interface device only
Splitting up RDS roles
KVM Win 7 Pro + RH virtio net driver
Archiving Amazon AWS instances
Postfix server block outgoing fake domain permit only one domain
Nginx mutliple rewrite rules per location
reached the maximum partitions on my virtual machine
Simple Vyatta configuration / BGP routes not injecting into routing table
Do cPHulk Brute Force Protection Settings Effect Hosts? [closed]