Discussion:
Unable to resolve the A records, not sure what is wrong
Blason R
2018-06-01 17:36:04 UTC
Permalink
Hi there,

I am writing a RPZ zone and here is my zone file. RPZ is working fine but
somehow A records are not getting resovled hence I am unable to do the
wall-gardening.

Can someone please help


$TTL 3h
@ IN SOA ns1.malware.trap. admin.malware.trap. (
2006060301 ; Serial
21600 ; Refresh
3600 ; Retry
604800 ; Expire
3600 ) ; Minimum TTL

IN NS ns1.malware.trap.
ns1.malware.trap. A 172.16.3.48
wg.malware.trap. A 172.16.3.48
baddomain.co CNAME wg.malware.trap.
block.this CNAME wg.malware.trap.

###############################

;; ANSWER SECTION:
block.this. 5 IN CNAME wg.malware.trap.


***********************************************
;; QUESTION SECTION:
;wg.malware.trap. IN A

Answer not getting what could be wrong??
Bob Harold
2018-06-01 17:57:27 UTC
Permalink
Post by Blason R
Hi there,
I am writing a RPZ zone and here is my zone file. RPZ is working fine but
somehow A records are not getting resovled hence I am unable to do the
wall-gardening.
Can someone please help
$TTL 3h
@ IN SOA ns1.malware.trap. admin.malware.trap. (
2006060301 ; Serial
21600 ; Refresh
3600 ; Retry
604800 ; Expire
3600 ) ; Minimum TTL
IN NS ns1.malware.trap.
ns1.malware.trap. A 172.16.3.48
wg.malware.trap. A 172.16.3.48
baddomain.co CNAME wg.malware.trap.
block.this CNAME wg.malware.trap.
###############################
block.this. 5 IN CNAME wg.malware.trap.
***********************************************
;wg.malware.trap. IN A
Answer not getting what could be wrong??
Not sure what is a normal configuration, but on my servers users cannot
query the RPZ domain, it is only used for RPZ.
Try putting the A record in a normal zone, and CNAME to that, rather than
having the A record in the RPZ zone.
Or try doing a direct query for the A record and see if it resolves.
--
Bob Harold
Blason R
2018-06-01 17:58:44 UTC
Permalink
Well this is I am getting in network.log what could be the issue?

01-Jun-2018 23:27:42.274 client 192.168.5.103#58425 (wg.block.tld): query
'wg.block.tld/A/IN' denied
Post by Bob Harold
Post by Blason R
Hi there,
I am writing a RPZ zone and here is my zone file. RPZ is working fine but
somehow A records are not getting resovled hence I am unable to do the
wall-gardening.
Can someone please help
$TTL 3h
@ IN SOA ns1.malware.trap. admin.malware.trap. (
2006060301 ; Serial
21600 ; Refresh
3600 ; Retry
604800 ; Expire
3600 ) ; Minimum TTL
IN NS ns1.malware.trap.
ns1.malware.trap. A 172.16.3.48
wg.malware.trap. A 172.16.3.48
baddomain.co CNAME wg.malware.trap.
block.this CNAME wg.malware.trap.
###############################
block.this. 5 IN CNAME wg.malware.trap.
***********************************************
;wg.malware.trap. IN A
Answer not getting what could be wrong??
Not sure what is a normal configuration, but on my servers users cannot
query the RPZ domain, it is only used for RPZ.
Try putting the A record in a normal zone, and CNAME to that, rather than
having the A record in the RPZ zone.
Or try doing a direct query for the A record and see if it resolves.
--
Bob Harold
Blason R
2018-06-01 17:59:36 UTC
Permalink
I guess this could be the issue

zone "malware.trap" {
type master;
file "/var/lib/bind/zones/malware.trap.db";
allow-query { localhost;};
Post by Blason R
Well this is I am getting in network.log what could be the issue?
01-Jun-2018 23:27:42.274 client 192.168.5.103#58425 (wg.block.tld): query
'wg.block.tld/A/IN' denied
Post by Bob Harold
Post by Blason R
Hi there,
I am writing a RPZ zone and here is my zone file. RPZ is working fine
but somehow A records are not getting resovled hence I am unable to do the
wall-gardening.
Can someone please help
$TTL 3h
@ IN SOA ns1.malware.trap. admin.malware.trap.
(
2006060301 ; Serial
21600 ; Refresh
3600 ; Retry
604800 ; Expire
3600 ) ; Minimum TTL
IN NS ns1.malware.trap.
ns1.malware.trap. A 172.16.3.48
wg.malware.trap. A 172.16.3.48
baddomain.co CNAME wg.malware.trap.
block.this CNAME wg.malware.trap.
###############################
block.this. 5 IN CNAME wg.malware.trap.
***********************************************
;wg.malware.trap. IN A
Answer not getting what could be wrong??
Not sure what is a normal configuration, but on my servers users cannot
query the RPZ domain, it is only used for RPZ.
Try putting the A record in a normal zone, and CNAME to that, rather than
having the A record in the RPZ zone.
Or try doing a direct query for the A record and see if it resolves.
--
Bob Harold
Blason R
2018-06-01 18:01:29 UTC
Permalink
Yes that was the issue :) and got resolved.
Post by Blason R
I guess this could be the issue
zone "malware.trap" {
type master;
file "/var/lib/bind/zones/malware.trap.db";
allow-query { localhost;};
Post by Blason R
Well this is I am getting in network.log what could be the issue?
01-Jun-2018 23:27:42.274 client 192.168.5.103#58425 (wg.block.tld): query
'wg.block.tld/A/IN' denied
Post by Bob Harold
Post by Blason R
Hi there,
I am writing a RPZ zone and here is my zone file. RPZ is working fine
but somehow A records are not getting resovled hence I am unable to do the
wall-gardening.
Can someone please help
$TTL 3h
@ IN SOA ns1.malware.trap.
admin.malware.trap. (
2006060301 ; Serial
21600 ; Refresh
3600 ; Retry
604800 ; Expire
3600 ) ; Minimum TTL
IN NS ns1.malware.trap.
ns1.malware.trap. A 172.16.3.48
wg.malware.trap. A 172.16.3.48
baddomain.co CNAME wg.malware.trap.
block.this CNAME wg.malware.trap.
###############################
block.this. 5 IN CNAME wg.malware.trap.
***********************************************
;wg.malware.trap. IN A
Answer not getting what could be wrong??
Not sure what is a normal configuration, but on my servers users cannot
query the RPZ domain, it is only used for RPZ.
Try putting the A record in a normal zone, and CNAME to that, rather
than having the A record in the RPZ zone.
Or try doing a direct query for the A record and see if it resolves.
--
Bob Harold
Bob Harold
2018-06-01 18:03:22 UTC
Permalink
Post by Blason R
Yes that was the issue :) and got resolved.
Glad it was an easy fix.
--
Bob Harold
Post by Blason R
Post by Blason R
I guess this could be the issue
zone "malware.trap" {
type master;
file "/var/lib/bind/zones/malware.trap.db";
allow-query { localhost;};
Post by Blason R
Well this is I am getting in network.log what could be the issue?
query 'wg.block.tld/A/IN' denied
Post by Bob Harold
Post by Blason R
Hi there,
I am writing a RPZ zone and here is my zone file. RPZ is working fine
but somehow A records are not getting resovled hence I am unable to do the
wall-gardening.
Can someone please help
$TTL 3h
@ IN SOA ns1.malware.trap.
admin.malware.trap. (
2006060301 ; Serial
21600 ; Refresh
3600 ; Retry
604800 ; Expire
3600 ) ; Minimum TTL
IN NS ns1.malware.trap.
ns1.malware.trap. A 172.16.3.48
wg.malware.trap. A 172.16.3.48
baddomain.co CNAME wg.malware.trap.
block.this CNAME wg.malware.trap.
###############################
block.this. 5 IN CNAME wg.malware.trap.
***********************************************
;wg.malware.trap. IN A
Answer not getting what could be wrong??
Not sure what is a normal configuration, but on my servers users cannot
query the RPZ domain, it is only used for RPZ.
Try putting the A record in a normal zone, and CNAME to that, rather
than having the A record in the RPZ zone.
Or try doing a direct query for the A record and see if it resolves.
--
Bob Harold
Loading...