Re: Rewrite/Override QTYPE with RPZ

2018-11-08 Thread Tom 
Fore example "example.com" and "*.example.com" are blacklisted. I would 
like to return a real ip address for special query types like MX or TXT, 
but not for A or .


Tom


On 08.11.18 16:44, Barry Margolin wrote:

In article ,
  Tom  wrote:


Hi all
Is there a way to override/rewrite QTYPE (ex. MX) with RPZ? If no, is
this planned in future releases of BIND?


What would be the point? If a query is for MX, and you return A instead,
the client won't be able to do anything with it.


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Rewrite/Override QTYPE with RPZ

2018-11-08 Thread Kevin Darcy 
The only scenario in which I could see this being accepted by the client,
is if the replacement is a CNAME, since that's a "universal" type. But it's
still unclear what the ultimate intent would be.

   -
Kevin

On Thu, Nov 8, 2018 at 10:45 AM Barry Margolin  wrote:

> In article ,
>  Tom  wrote:
>
> > Hi all
> > Is there a way to override/rewrite QTYPE (ex. MX) with RPZ? If no, is
> > this planned in future releases of BIND?
>
> What would be the point? If a query is for MX, and you return A instead,
> the client won't be able to do anything with it.
>
> --
> Barry Margolin
> Arlington, MA
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Openssl issue

2018-11-08 Thread Stewart, Larry C Sr CTR DISA JT (USA) 
Please disregard apparently Openssl does not see the /dev/random in my chroot 
directory as a valid random provider. So its off to google and oracle to see 
what it will take to make a valid /dev/random available from within the jail. 

Larry Stewart, CISSP
Contractor - Jacobs Technology
Network Engineer
Office: 520-538-4227
DSN: 879-4227
Cell phone: 520-227-8251
larry.c.stewart@mail.mil


-Original Message-
From: Stewart, Larry C Sr CTR DISA JT (USA) 
Sent: Thursday, November 8, 2018 11:12 AM
To: bind-users 
Subject: Openssl issue

I am running Solaris 10 and I downloaded bind 9.12.3 today and compiled it 
using the enable threads option, the prefix=/ option and the --without-gost 
option just as I have in the past when compiling 9.10. The compilation seems to 
go well but when I run named with -t /nithr -u nithr named fails to start and I 
get daemon.crit openssl_link.c:296: fatal error:and Openssl pseudorandom number 
generator cannot be initialized (see the 'PRNG not seeded message in the 
Openssl FAQ). Then exiting (due to fatal error in library).

My chrooted directory does contain /dev/random

Does anyone have any suggestions on how to overcome this issue?

Larry Stewart, CISSP
Contractor - Jacobs Technology
Network Engineer
Office: 520-538-4227
DSN: 879-4227
Cell phone: 520-227-8251
larry.c.stewart@mail.mil




smime.p7s
Description: S/MIME cryptographic signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Openssl issue

2018-11-08 Thread Howard, Christopher 
I had that exact same issue. I had to drop down to 9.11 to get it to work.

-Christopher


On Thu, 2018-11-08 at 18:12 +, Stewart, Larry C Sr CTR DISA JT (USA) wrote:

I am running Solaris 10 and I downloaded bind 9.12.3 today and compiled it 
using the enable threads option, the prefix=/ option and the --without-gost 
option just as I have in the past when compiling 9.10. The compilation seems to 
go well but when I run named with -t /nithr -u nithr named fails to start and I 
get daemon.crit openssl_link.c:296: fatal error:and Openssl pseudorandom number 
generator cannot be initialized (see the 'PRNG not seeded message in the 
Openssl FAQ). Then exiting (due to fatal error in library).


My chrooted directory does contain /dev/random


Does anyone have any suggestions on how to overcome this issue?


Larry Stewart, CISSP

Contractor - Jacobs Technology

Network Engineer

Office: 520-538-4227

DSN: 879-4227

Cell phone: 520-227-8251

larry.c.stewart@mail.mil




___

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list


bind-users mailing list

bind-users@lists.isc.org

https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Openssl issue

2018-11-08 Thread Stewart, Larry C Sr CTR DISA JT (USA) 
I am running Solaris 10 and I downloaded bind 9.12.3 today and compiled it 
using the enable threads option, the prefix=/ option and the --without-gost 
option just as I have in the past when compiling 9.10. The compilation seems to 
go well but when I run named with -t /nithr -u nithr named fails to start and I 
get daemon.crit openssl_link.c:296: fatal error:and Openssl pseudorandom number 
generator cannot be initialized (see the 'PRNG not seeded message in the 
Openssl FAQ). Then exiting (due to fatal error in library).

My chrooted directory does contain /dev/random

Does anyone have any suggestions on how to overcome this issue?

Larry Stewart, CISSP
Contractor - Jacobs Technology
Network Engineer
Office: 520-538-4227
DSN: 879-4227
Cell phone: 520-227-8251
larry.c.stewart@mail.mil




smime.p7s
Description: S/MIME cryptographic signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Rewrite/Override QTYPE with RPZ

2018-11-08 Thread Barry Margolin 
In article ,
 Tom  wrote:

> Hi all
> Is there a way to override/rewrite QTYPE (ex. MX) with RPZ? If no, is 
> this planned in future releases of BIND?

What would be the point? If a query is for MX, and you return A instead, 
the client won't be able to do anything with it.

-- 
Barry Margolin
Arlington, MA
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Rewrite/Override QTYPE with RPZ

2018-11-08 Thread Tom 

Hi all
Is there a way to override/rewrite QTYPE (ex. MX) with RPZ? If no, is 
this planned in future releases of BIND?


Regards,
Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users