On Sat, Feb 28, 2026 at 10:42:25AM -0500, [email protected] wrote:
> > # unbound-control auth_zone_reload rpz.test
> ?
> ? $ nslookup whitehouse.com
> > DO NOT use web browser! (porn)
> > Useful only for testing block filters.
>
> Oops I typed the last part to quickly.
>
> Restarting unbound with
> rcctl restart unbound
> works but that's overkill.
> It should by reloading just the zone
> # unbound-control auth_zone_reload rpz.test
> ok
> (after editing the rpz.zone file)
>
> My biggest mistake is the nslookup.
> In testing use
> nslookup whitehouse.com 127.0.0.1
> The 127.0.0.1 is important so it
> goes to unbound instead of what's
> configured in resolc.conf!
>
> I did append 127.0.0.1 in my testing but
> forgot to type it when creating my post
> and that was a big boo boo.
>
Some general advice: don't use nslookup for testing or diagnosis, it
hide many useful data. Better use dig.
As for the general question: try to establish if this is an OpenBSD
specific issue or not. If you can reproduce on another type of OS,
this is an thing for upstream. It's only interesting for this list if
it is OpenBSD specific.
-Otto
