Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

error: RPZ: name of record (drop.spamhaus.org.rpz.local.) to insert into RPZ #536

Closed
UnveilTech opened this issue Aug 25, 2021 · 4 comments
Closed

error: RPZ: name of record (drop.spamhaus.org.rpz.local.) to insert into RPZ #536

UnveilTech opened this issue Aug 25, 2021 · 4 comments

Comments

@UnveilTech
Copy link

Describe the bug
error: RPZ: name of record (drop.spamhaus.org.rpz.local.) to insert into RPZ is not a subdomain of the configured name of the RPZ zone (spamhaus-drop.rpz.local.)

To reproduce
Steps to reproduce the behavior:

  1. use and apply the special script to download and convert Spamhaus RPZ file
  2. apply the Unbound part of RPZ in settings as explained from Drop2rpz (https://github.com/NLnetLabs/unbound/blob/master/contrib/drop2rpz)
  3. restart Unbound

Expected behavior
expectation to see the Spamhaus RPZ working

System:

  • Unbound version: 1.13.2
  • OS: Debian 9
  • unbound -V output:
    Version 1.13.2
    Configure line: --prefix=/usr/local/unbound --sysconfdir=/etc --with-pidfile=/var/run/unbound.pid --with-rootkey-file=/usr/local/unbound/key/root.key --with-username=unbound --with-libevent --with-pythonmodule --with-libnghttp2 --enable-cachedb --with-libhiredis=/usr
    Linked libs: libevent 2.0.21-stable (it uses epoll), OpenSSL 1.1.0l 10 Sep 2019
    Linked modules: dns64 python cachedb respip validator iterator

BSD licensed, see LICENSE in source package for details.
Report bugs to unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues

Additional information
Spamhaus RPZ works with Unbound 1.10 but errors with the 1.13.x
Errors in the unbound.log:
[1629880588] unbound[20641:0] error: RPZ: name of record (drop.spamhaus.org.rpz.local.) to insert into RPZ is not a subdomain of the configured name of the RPZ zone (spamhaus-drop.rpz.local.)
[1629880588] unbound[20641:0] error: /etc/unbound/spamhaus-drop.rpz.local:2 cannot insert RR of type SOA
[1629880588] unbound[20641:0] error: error parsing zonefile /etc/unbound/spamhaus-drop.rpz.local for spamhaus-drop.rpz.local.
[1629880588] unbound[20641:0] fatal error: auth_zones could not be setup
@wcawijngaards
Copy link
Member

The drop2rpz contrib script was used for other stuff, the rpz code that is currently in unbound can use spamhaus files directly. I think there is no need for the conversion step.

@wcawijngaards
Copy link
Member

Sorry that is for the spamhaus RPZ contents. The drop.txt file is its own thing I see. We already tested with the RPZ contents from Spamhaus, and that should work.

@wcawijngaards
Copy link
Member

The issue is that the name of the rpz zone has to be "drop.spamhaus.org.rpz.local."

This is wrong in the drop2rpz documentation. I fixed that in the commit that closed the issue.

So the config is:

#  rpz:
#    name: "drop.spamhaus.org.rpz.local."
#    zonefile: "/path/tp/spamhaus-drop.rpz.local"
#    rpz-log: yes
#    rpz-log-name: "spamhaus-drop"

@UnveilTech
Copy link
Author

Hi wcawijngaards,
ok, I confirm, we need the converter Drop2rpz and use "drop.spamhaus.org.rpz.local." as name in the "rpz" zone.
now it works with no error...

thanks for your great help, appreciated :o)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wcawijngaards @UnveilTech