Yorgos Thessalonikefs via Unbound-users wrote:
Hi Otto,From a quick test here locally (1.22.0) the tagged client does get the view local-data and also gets RPZ filtering applied. The minimal configuration I used is: ''' server: module-config: "respip validator iterator" define-tag: "test-client" access-control-tag: 127.0.0.0/8 "test-client" access-control-view: 127.0.0.0/8 "test-client" rpz: name: "rpz.test.zone" zonefile: "/var/unbound/etc/zones/rpz/rpz.test.zone" rpz-action-override: nxdomain rpz-log: yes rpz-log-name: "rpz.test" tags: "test-client" view: name: "test-client" view-first: yes local-zone: "test.internal" static local-data: "test.internal A 10.0.0.1" ''' If the above does not work for you a couple of pointers: - Is the incoming traffic using the expected 10.0.0.1 IP? - Are you using proxy-protocol-port? - Other configuration that interferes with the above? Mainly for the access-control part? - Maybe the content of the RPZ? Try using just a single record for testing (you still need to SOA record as well). Best regards, -- Yorgos
Hello Yorgos, Thank you very much for the suggestions and for being able to do a quick test to confirm the functionality on your end. I just reviewed your configuration, tried again, and things do seem to be working as expected! It's possible I left off the "test-client" tag within the RPZ zone definition, but then unwittingly added it as I typed out the email (after I had reset back to my "known-working" state). Apologies for barking up the wrong tree! Time to get some more sleep before trying to change my Unbound configuration :-). Cheers, Otto
