Please disregard my question. I found the error in my entry. The IP address would be 16.0.0.251.205 - everything is working as expected
Marek Abram (Mark) [email protected] > On Jul 11, 2021, at 6:39 PM, Marek Abram <[email protected]> wrote: > > Reading unbound blog and RPZ draft I tried implementing rpm response IP > address trigger. > > My unbound.conf contains like "module-config: "respip validator iterator”. > As an example the rpz file has the following entry > > 16.205.251.0.0.rpz-ip CNAME *. > > When I perform dig ns-1756.awsdns-27.co.uk <http://ns-1756.awsdns-27.co.uk/> > it returns actual IP - which I think it should filter and return NODATA. > > ; <<>> DiG 9.17.11 <<>> ns-1756.awsdns-27.co.uk > <http://ns-1756.awsdns-27.co.uk/> > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30242 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 1232 > ;; QUESTION SECTION: > ;ns-1756.awsdns-27.co.uk <http://ns-1756.awsdns-27.co.uk/>. IN A > > ;; ANSWER SECTION: > ns-1756.awsdns-27.co.uk <http://ns-1756.awsdns-27.co.uk/>. 14400 IN > A 205.251.198.220 > > ;; Query time: 450 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) > ;; WHEN: Sun Jul 11 18:37:28 MDT 2021 > ;; MSG SIZE rcvd: 68 > > > Am I doing it right? > > > Marek Abram (Mark) > [email protected] <mailto:[email protected]> > > > > >
