First of all, congratulations for the new Unbound 1.10.0, that's great :o)
We're testing that new build and we face 2 issues:
1. RPZ only checks the exact domain we indicate in the zone file, not the main domain + subdomains
Ex: if we declare "xvideos.com" as CNAME it'll take care "xvideos.com" only, and not "www.xvideos.com"
Maybe we missed a point here, if anyone has a trick it'll be nice...
2. RPZ module seems not compatible with python module:
We define "respip" in the "module-config" also including "python" but at the restart we get that "fatal error: RPZ requires the respip module"
If we delete "python" from the module-config we then have no error in the log file
Ex: module-config: "respip python validator iterator" -> fatal error
Ex: module-config: "respip validator iterator" -> no error
First of all, congratulations for the new Unbound 1.10.0, that's great :o)
Thanks!
We're testing that new build and we face 2 issues:
1. RPZ only checks the exact domain we indicate in the zone file, not the main domain + subdomains
Ex: if we declare "xvideos.com" as CNAME it'll take care "xvideos.com" only, and not "www.xvideos.com"
Maybe we missed a point here, if anyone has a trick it'll be nice...
You can make an rpz entry for the subdomains with a *.xvideos.com entry
CNAME. So for the domain and subdomains, you make two entries, one for
xvideos.com and one for *.xvideos.com.
2. RPZ module seems not compatible with python module:
We define "respip" in the "module-config" also including "python" but at the restart we get that "fatal error: RPZ requires the respip module"
If we delete "python" from the module-config we then have no error in the log file
Ex: module-config: "respip python validator iterator" -> fatal error
Ex: module-config: "respip validator iterator" -> no error
You need to change the order to please the check conf. It puts the
python module at the start so that it sees the final message and can
edit that.
module-config: "python respip iterator"
or
module-config: "python respip validator iterator"
should be accepted by the configuration checks in unbound-checkconf.
If the other module order works, we can add it to the accept list for
the configuration checks, to the list of known working module lists.