• Can we use rndc addzone to add zone in rpz configuration?

    From Blason R@blason16@gmail.com to bind-users on Wed May 27 09:32:19 2020
    From Newsgroup: comp.protocols.dns.bind

    --000000000000074d8f05a69948b7
    Content-Type: text/plain; charset="UTF-8"

    Hi,

    Keen to know if rndc addzone functionality can be used to add zones in bind serving response-policy? If so then what would be my view? Do I need to
    define my view to make it work?

    I tried this and its failing hence wondering if rndc can be used to add
    zone or delete zone on the fly?

    Here is my config

    ******************************
    options {
    version "xxxxx";
    allow-query { localhost;subnets; };
    directory "/var/cache/bind";
    recursion yes;
    * allow-new-zones yes;*
    querylog yes;
    forwarders {
    9.9.9.9
    };
    // dnssec-validation auto;
    request-ixfr yes;
    auth-nxdomain no; # conform to RFC1035
    // listen-on-v6 { any; };
    listen-on port 53 { any; };
    response-policy { zone "whitlist.allow" policy passthru;
    zone "immediate.block";
    zone "malware.trap";
    zone "block.tld";
    zone "cryptojack.block";
    zone "ransomwareips.block"; };
    };

    And I wanted to add lets say porn.block zone

    --000000000000074d8f05a69948b7
    Content-Type: text/html; charset="UTF-8"
    Content-Transfer-Encoding: quoted-printable

    <div dir=3D"ltr"><div>Hi,</div><div><br></div><div>Keen to know if rndc add= zone functionality can be used to add zones in bind serving response-policy=
    ? If so then what would be my view? Do I need to define my view to make it = work?</div><div><br></div><div>I tried this and its failing hence wondering=
    if rndc can be used to add zone or delete zone on the fly?</div><div><br><= /div><div>Here is my config</div><div><br></div><div>**********************= ********</div><div>options {<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 version &quot;x= xxxx&quot;;<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 allow-query =C2=A0 =C2=A0 { loca= lhost;subnets; };<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 directory &quot;/var/cache= /bind&quot;;<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 recursion yes;<br>=C2=A0 =C2=A0=
    =C2=A0 =C2=A0<b> allow-new-zones yes;</b><br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 q= uerylog yes;<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 forwarders {<br>=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 9.9.9.9<br>=C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0};<br>// =C2=A0 =C2=A0 =C2=A0dnssec-validation auto;<br>=C2=A0=
    =C2=A0 =C2=A0 =C2=A0 request-ixfr yes;<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 auth= -nxdomain no; =C2=A0 =C2=A0# conform to RFC1035<br>// =C2=A0 =C2=A0 =C2=A0l= isten-on-v6 { any; };<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 listen-on port 53 { an=
    y; };<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 response-policy { zone &quot;whitlist.= allow&quot; policy passthru;<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 zone &quot;immediate.block&quot;;= <br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 zone &quot;malware.trap&quot;;<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0=
    =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 zone &quot;block.t= ld&quot;;<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
    =C2=A0 =C2=A0 =C2=A0 zone &quot;cryptojack.block&quot;;<br>=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 zone = &quot;ransomwareips.block&quot;; =C2=A0};<br>};<br></div><div><br></div><di= v>And I wanted to add lets say porn.block zone<br></div></div>

    --000000000000074d8f05a69948b7--
    --- Synchronet 3.18a-Linux NewsLink 1.113