Hi Everyone, I'm a brand new user of the mailing list. I work for ThreatSTOP which makes RPZ's available on a variety of DNS platforms.
Recently we've been asked to support unbound. Several years ago I looked at this and, at the time, there was no way to use a TSIG key to secure zone transfers and looking at the documentation today that seems to still be the case. I have an ubuntu based example server running that I am able to get RPZ into by means of an external shell script that does a dig and sed pipeline. Is this the preferred method? And/or has someone got clear documentation on how to do this better? I will be happy to contribute my example configs (and RPZ update script) back to the project if there are no better ones around. I have two questions, assuming that the shell script method is the correct approach 1. Once I have updated the rpz zonefile, should I use "unbound-control reload" to get the new RPZ in or is there a better alternative (auth_zone_reload )? 2. I think I'm correct that unbound-control log_reopen should be called in the postrotate stanza of a logroate.d config ? Thanks in advance for any and all assistance Regards Francis Francis Turner Threat STOP Global SE JP Cell: +81-8080404701 | US Cell: +1-760-402-7676 Office: +1-760-542-1550 | Line: francisturner fran...@threatstop.com<mailto:fran...@threatstop.com> | www.threatstop.com<http://www.threatstop.com/> Weaponize Your Threat Intelligence "If You Don't Build It, They Definitely Will Not Come" - P. Vixie
