RPZ zone is this config correct?

RayG · October 12, 2020, 2:13pm

I have created the following RPZ entry for unbound and added respip to the module configuration.

rpz:

zonefile: “c:\programdata\unbound\logs\URLHaus.rpz”

url: https://urlhaus.abuse.ch/downloads/rpz

rpz-log: yes

rpz-log-name: “URLHausRPZ”

If I understand things correctly unbound should fetch the zone file using the URL and store the data in the zonefile. I created an empty zone file but it is not being populated by unbound. I cannot see any relevant issues in the log file. I also have not (yet) seen any entries in the log file with the appended log name item.

Do I have the correct configuration and understanding?

Following on would it be correct to add these masters to the configuration:

master: 151.101.130.49

master: 151.101.66.49

master: 151.101.194.49

master: 151.101.2.49

C:>dig urlhaus.abuse.ch.

; <<>> DiG 9.16.6 <<>> urlhaus.abuse.ch.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1870

;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;urlhaus.abuse.ch. IN A

;; ANSWER SECTION:

urlhaus.abuse.ch. 3037 IN CNAME p2.shared.global.fastly.net.

p2.shared.global.fastly.net. 29 IN A 151.101.130.49

p2.shared.global.fastly.net. 29 IN A 151.101.194.49

p2.shared.global.fastly.net. 29 IN A 151.101.2.49

p2.shared.global.fastly.net. 29 IN A 151.101.66.49

Thanks

RayG

RayG · October 14, 2020, 2:46pm

I have created the following RPZ entry for unbound and added respip to the module configuration.

rpz:

zonefile: “c:\programdata\unbound\logs\URLHaus.rpz”

url: https://urlhaus.abuse.ch/downloads/rpz

rpz-log: yes

rpz-log-name: “URLHausRPZ”

If I understand things correctly unbound should fetch the zone file using the URL and store the data in the zonefile. I created an empty zone file but it is not being populated by unbound. I cannot see any relevant issues in the log file. I also do not (have not yet) seen any entries in the log file with the appended log name item.

Do I have the correct configuration and understanding?

Following on would it be correct to add these masters to the configuration:

master: 151.101.130.49

master: 151.101.66.49

master: 151.101.194.49

master: 151.101.2.49

C:>dig urlhaus.abuse.ch.

; <<>> DiG 9.16.6 <<>> urlhaus.abuse.ch.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1870

;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;urlhaus.abuse.ch. IN A

;; ANSWER SECTION:

urlhaus.abuse.ch. 3037 IN CNAME p2.shared.global.fastly.net.

p2.shared.global.fastly.net. 29 IN A 151.101.130.49

p2.shared.global.fastly.net. 29 IN A 151.101.194.49

p2.shared.global.fastly.net. 29 IN A 151.101.2.49

p2.shared.global.fastly.net. 29 IN A 151.101.66.49

The URL Returns data like this:

$TTL 30

@ SOA rpz.urlhaus.abuse.ch. hostmaster.urlhaus.abuse.ch. 2010141440 300 1800 604800 30

NS localhost.

;

; abuse.ch URLhaus Response Policy Zones (RPZ)

; Last updated: 2020-10-14 14:40:12 (UTC)

;

; Terms Of Use: https://urlhaus.abuse.ch/api/

; For questions please contact urlhaus [at] abuse.ch

;

testentry.rpz.urlhaus.abuse.ch CNAME . ; Test entry for testing URLhaus RPZ

1am.co.nz CNAME . ; Malware download (2020-08-17), see https://urlhaus.abuse.ch/host/1am.co.nz/

1ca.co.za CNAME . ; Malware download (2020-08-28), see https://urlhaus.abuse.ch/host/1ca.co.za/

1med.kiev.ua CNAME . ; Malware download (2020-10-14), see https://urlhaus.abuse.ch/host/1med.kiev.ua/

21robo.com CNAME . ; Malware download (2019-02-20), see https://urlhaus.abuse.ch/host/21robo.com/

Regards

Ray

RayG · October 15, 2020, 9:19pm

I have created the following RPZ entry for unbound and added respip to the module configuration.

rpz:

zonefile: “c:\programdata\unbound\logs\URLHaus.rpz”

url: https://urlhaus.abuse.ch/downloads/rpz

rpz-log: yes

rpz-log-name: “URLHausRPZ”

If I understand things correctly unbound should fetch the zone file using the URL and store the data in the zonefile. I created an empty zone file but it is not being populated by unbound. I cannot see any relevant issues in the log file. I also do not (have not yet) seen any entries in the log file with the appended log name item.

Do I have the correct configuration and understanding?

Following on would it be correct to add these masters to the configuration:

master: 151.101.130.49

master: 151.101.66.49

master: 151.101.194.49

master: 151.101.2.49

C:>dig urlhaus.abuse.ch.

; <<>> DiG 9.16.6 <<>> urlhaus.abuse.ch.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1870

;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;urlhaus.abuse.ch. IN A

;; ANSWER SECTION:

urlhaus.abuse.ch. 3037 IN CNAME p2.shared.global.fastly.net.

p2.shared.global.fastly.net. 29 IN A 151.101.130.49

p2.shared.global.fastly.net. 29 IN A 151.101.194.49

p2.shared.global.fastly.net. 29 IN A 151.101.2.49

p2.shared.global.fastly.net. 29 IN A 151.101.66.49

Thanks

RayG

RayG · October 15, 2020, 10:53pm

I have created the following RPZ entry for unbound and added respip to the module configuration.

rpz:

zonefile: “c:\programdata\unbound\logs\URLHaus.rpz”

url: https://urlhaus.abuse.ch/downloads/rpz

rpz-log: yes

rpz-log-name: “URLHausRPZ”

If I understand things correctly unbound should fetch the zone file using the URL and store the data in the zonefile. I created an empty zone file but it is not being populated by unbound. I cannot see any relevant issues in the log file. I also do not (have not yet) seen any entries in the log file with the appended log name item.

Do I have the correct configuration and understanding?

Following on would it be correct to add these masters to the configuration:

master: 151.101.130.49

master: 151.101.66.49

master: 151.101.194.49

master: 151.101.2.49

C:>dig urlhaus.abuse.ch.

; <<>> DiG 9.16.6 <<>> urlhaus.abuse.ch.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1870

;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;urlhaus.abuse.ch. IN A

;; ANSWER SECTION:

urlhaus.abuse.ch. 3037 IN CNAME p2.shared.global.fastly.net.

p2.shared.global.fastly.net. 29 IN A 151.101.130.49

p2.shared.global.fastly.net. 29 IN A 151.101.194.49

p2.shared.global.fastly.net. 29 IN A 151.101.2.49

p2.shared.global.fastly.net. 29 IN A 151.101.66.49

Regards

Ray

RayG · October 16, 2020, 8:35am

I have created the following RPZ entry for unbound and added respip to the module configuration.

rpz:

zonefile: “c:\programdata\unbound\logs\URLHaus.rpz”

url: https://urlhaus.abuse.ch/downloads/rpz

rpz-log: yes

rpz-log-name: “URLHausRPZ”

If I understand things correctly unbound should fetch the zone file using the URL and store the data in the zonefile. I created an empty zone file but it is not being populated by unbound. I cannot see any relevant issues in the log file. I also do not (have not yet) seen any entries in the log file with the appended log name item.

Do I have the correct configuration and understanding?

Following on would it be correct to add these masters to the configuration:

master: 151.101.130.49

master: 151.101.66.49

master: 151.101.194.49

master: 151.101.2.49

C:>dig urlhaus.abuse.ch.

; <<>> DiG 9.16.6 <<>> urlhaus.abuse.ch.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1870

;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;urlhaus.abuse.ch. IN A

;; ANSWER SECTION:

urlhaus.abuse.ch. 3037 IN CNAME p2.shared.global.fastly.net.

p2.shared.global.fastly.net. 29 IN A 151.101.130.49

p2.shared.global.fastly.net. 29 IN A 151.101.194.49

p2.shared.global.fastly.net. 29 IN A 151.101.2.49

p2.shared.global.fastly.net. 29 IN A 151.101.66.49

Thanks

RayG

RayG · October 16, 2020, 10:35am

All,

There has been a problem with the mail server at nlnetlabs it seems. If you look at the date of the item below you will see it was sent on the 19^th September, it has only just arrived at the list.

So apologies for any others that have just arrived in the list.

It seems that whatever was causing the issue has now been fixed.

I understand that nlnetlabs also changed their e-mail provider recently so there may have been some teething issues.

RayG

Benno · October 16, 2020, 10:52am

Hi RayG,

Indeed, the problem was on our side. Our mailing list software (mailman and postfix) incorrectly marked the email as spam (it scored high on some indicators).

We did move to an email provider, but not for our mailing list. They are still managed by us on NLnet Labs servers.

And I would like to thank you for your contributions to the mailing list and to Unbound.

Cheers,

— Benno