Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rpz url notify issue #688

Merged
merged 3 commits into from
Jun 14, 2022
Merged

Rpz url notify issue #688

merged 3 commits into from
Jun 14, 2022

Conversation

Philip-NLnetLabs
Copy link
Member

Fix for issue #679

@gthess gthess linked an issue Jun 14, 2022 that may be closed by this pull request
Copy link
Member

@gthess gthess left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM and all tests pass locally.

@gthess gthess merged commit 90767fc into master Jun 14, 2022
gthess added a commit that referenced this pull request Jun 14, 2022
- Merge PR #688: Rpz url notify issue.
@Philip-NLnetLabs Philip-NLnetLabs deleted the rpz-url-notify-issue branch June 21, 2022 13:37
jedisct1 added a commit to jedisct1/unbound that referenced this pull request Jun 23, 2022
* nlnet/master:
  Fix use after free issue with edns options (NLnetLabs#663)
  Change log entry for lines with blanks issue
  - Remove unused LDNS function check for GOST Engine unloading.
  - Note in the unbound.conf text that NOTIFY is allowed from the url:   addresses for auth and rpz zones.
  Changelog entry for NLnetLabs#688 - Merge PR NLnetLabs#688: Rpz url notify issue.
  - Add testcase for allowing NOTIFY on URL addresses.
  Test loading a zone with blank lines over https
  Avoid network traffic during test, a bit of cleanup
  Fix issue with lines that only consist of blanks with optional comment
  Test loading a cached zone that has lines consisting of blanks
  Add url 'master' to allow notify list
  allow-notify doesn't work for url on rpz zones (NLnetLabs#679)
@SaintBol
Copy link

SaintBol commented Aug 14, 2022

With unbound 1.16.2, using
url: http://some.IP.v.4/path/filename.stuff
I can observe that this doesn't work and that I am still obliged to include an allow-notify line in the config for the rpz zone.

@gthess
Copy link
Member

gthess commented Aug 30, 2022

This should work without specifying an allow-notify if the IP the NOTIFY comes from is the same IP as "some.IP.v.4".
Also the qname of the NOTIFY needs to match the configured rpz zone name (I believe that is not your problem).
The testcase for this issue still works btw.

With verbosity 2 and above you would see something like the following in the log that may shed more light:

info: received NOTIFY for rpz. from 127.0.0.1 port 35684
info: refused NOTIFY for . from 127.0.0.1 port 34962

@SaintBol
Copy link

SaintBol commented Aug 30, 2022

This is what I had in the config: url: http://a.b.c.d/mypath/myfile
Received a REJECT for the notify I sent from the same IP a.b.c.d.
Added an allow-notify: no error and the file was downloaded.

@gthess
Copy link
Member

gthess commented Aug 30, 2022

Do you mean REFUSE instead of REJECT?
Also could you post the relative unbound log entry?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

allow-notify doesn't work for url on rpz zones
3 participants