[RPZ] Problem implementing RPZ concurrently with DNS64

[Affan Basalamah]

Dear all,

We use BIND 9.8.1, and we already run RPZ on BIND, and we would like to
run DNS64 together.

This is our config snippet on DNS64:

dns64 64:FF9B::/96 {
                clients { any; };
                mapped { !rfc1918; any; };
                exclude { 64:FF9B::/96; ::ffff:0000:0000/96;};};

response-policy { zone "blacklist"; };


However I cannot activate DNS64 together with RPZ, named stopped with
the message "unexpected error" and the error log is below:


Nov 26 00:52:43 order named[20026]: query.c:5908: INSIST(!is_zone)
failed, back trace
Nov 26 00:52:43 order named[20026]: #0 0x805c4d2 in ??
Nov 26 00:52:43 order named[20026]: #1 0x81e1467 in ??
Nov 26 00:52:43 order named[20026]: #2 0x806af1e in ??
Nov 26 00:52:43 order named[20026]: #3 0x806bba3 in ??
Nov 26 00:52:43 order named[20026]: #4 0x81ff55c in ??
Nov 26 00:52:43 order kernel: pid 2
Nov 26 00:52:43 order kernel: 0<026 (named), uid 53: exited on signal 6
Nov 26 00:52:43 order kernel: 118>Nov 26 00:52:43 order named[20026]: #4
0x81ff55c in ??



Any suggestion?

Regards,



-affan