[Pdns-users] Problem configuring rpz
Bill Pye
bill.pye at phoenix-systems.co.uk
Mon Jun 22 09:57:13 UTC 2020
Hi all
I'm a home user of your excellent software and by no means an expert in DNS. A while ago I was experimenting with setting-up rpz files on my DNS servers, that all worked OK. Recently I've been trying to configure the rpz via AXFR from ioc2rpz here: [ https://ioc2rpz.net/ | https://ioc2rpz.net/ ]
After a bit of trial and error (normal for me!) I have this working quite well but I did hit a 'problem' and have a couple of questions.
While reading the documentation of the feed it mentioned that the feeds were updated every thirty minutes, PDNS-recursor documentation states that the zones default is used if not specified in the config file:
"refresh
An integer describing the interval between checks for updates. By default, the RPZ zone’s default is used"
That sounded reasonable so I left that alone and started with one feed which contained four records. Strangely that resulted in an IXFR being done every second, I left that running for a while (i.e. for about 12 hours) and it never stopped. Is this a bug and should I file one on github?
Next a question, the documentation states the Refresh is an "integer" but it doesn't mention that it's a per-second "integer" - should that be added to the documentation? . Could the fact that if it's left empty be responsible for my once-per-second IXFR? As the feed said it was updated every thirty minutes override that once-per-second?
The relevant SOA record from my feed is this:
dns-bh.ioc2rpz. 604800 IN SOA ioc2rpz-srv1.ioc2rpz.net. ioc2rpz.ioc2rpz.com. 1591664280 43200 900 2592000 7200
Obviously that has a refresh of 15 minutes which is not the 30 mins the document says but should my once-per-second IXFR be happening with that SOA? Once I added a refresh to my rpzmaster entry it all worked as expected. :)
I hope that all makes sense but if I've missed something or it isn't too clear then just let me know.
Regards
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200622/1f41327a/attachment-0001.htm>
More information about the Pdns-users
mailing list