[RPZ] Which 'options' section does the RPZ config go in?
ixloran at sent.at
ixloran at sent.at
Sat Mar 30 02:39:16 UTC 2013
Hi,
On Fri, Mar 29, 2013, at 07:26 PM, Vernon Schryver wrote:
> > "drop.rpz.spamhaus.org.zone.jnl" gets recreated, but still there's no "
> > "rpz.spamhaus.org.zone" file, and I see the same errors for that zone.
>
> My logs say that transfers of rpz.spamhaus.org have been timing out
> and that the last good transfer was on March 25. Transfers of
> drop.rpz.spamhaus.org seem fine.
An admin next door that's had Bind+RPZ up for a few weeks already just
emailed me that the last spamhaus rpz zone timestamp he sees is:
-rw-r--r-- 1 named named 236K Mar 25 14:01 rpz.spamhaus.org.zone
Nothing new after that for the rpz. zone. The drop.rpz.spamhaus.org are
current for him too.
> Perhaps the famous DoS is relevant.
> http://www.spamhaus.org/news/article/695/answers-about-recent-ddos-attack-on-spamhaus
Figuring that out if that's related is way above my pay grade! But the
timing sure looks good.
Is it safe to just let bind keep erroring out on these fails until the
zone automagically returns? Or is it best to disable that rpz zone
policy for now?
-Izzy
More information about the DNSfirewalls
mailing list