What's new

Unbound RPZ loading with URL

  • Thread starter Deleted member 62525
  • Start date
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

D

Deleted member 62525

Guest
@juched and @Martineau do you guys know if this issue with Unbound loading rpz with url has been resolved? I checked the link @juched posted some 6 months ago https://github.com/NLnetLabs/unbound/issues/193 and the issue has been closed. However, I tried enabling unbound rpz loading with url and it still fails. I am wondering if by chance there is something else that I am missing in the config. Also, another question I have is about current setup. Is you script capable to load multiple rpz configurations if they are described in the same unbound.local.firewall file?
 
This was only an issue when using https. I haven't tried it since. What URL are you using and what error are you seeing?

You should be able to load more than one rpz, but i could ever only source 1, which is what is there.
 
This was only an issue when using https. I haven't tried it since. What URL are you using and what error are you seeing?

You should be able to load more than one rpz, but i could ever only source 1, which is what is there.
Thanks. I was getting tls errors but will try with http. Thanks.
 
Last edited by a moderator:
This was only an issue when using https. I haven't tried it since. What URL are you using and what error are you seeing?

You should be able to load more than one rpz, but i could ever only source 1, which is what is there.
Check https://block.energized.pro/ - there are a lot of rpz files to choose from depending how much and what level of protection for ads you require. Also, StevenBlack list is also available as RPZ file.

I have transitioned to use RPZ files exclusively including my own block list and whitelistings. As I started reading more about RPZ I found that it offers a lot of capabilities and functionality. For example, I have 2 separate rpz files, separating domains based on different Policy Actions. In the future I hope unbound team will introduce and support more policy triggers which would allow finer control of blocking based on client IP.
 
Tried rpz with url using http and https with the same results - both fail. Here is the log,
it looks like it is entware relates as I understand it works on Linux OS.

Code:
Apr 09 12:40:37 unbound[24652:0] debug: auth zone rpz.urlhaus.abuse.ch. transfer next HTTP fetch from 151.101.54.49 started
Apr 09 12:40:37 unbound[24652:0] info: mesh_run: end 0 recursion states (0 with reply, 0 detached), 0 waiting replies, 1 recursion replies sent>
Apr 09 12:40:37 unbound[24652:0] info: average recursion processing time 0.341480 sec
Apr 09 12:40:37 unbound[24652:0] info: histogram of recursion processing times
Apr 09 12:40:37 unbound[24652:0] info: [25%]=0 median[50%]=0 [75%]=0
Apr 09 12:40:37 unbound[24652:0] info: lower(secs) upper(secs) recursions
Apr 09 12:40:37 unbound[24652:0] info:    0.262144    0.524288 1
Apr 09 12:40:37 unbound[24652:0] debug: auth zone rpz.urlhaus.abuse.ch. transfer next target lookup
Apr 09 12:40:37 unbound[24652:0] debug: comm point stop listening 15
Apr 09 12:40:37 unbound[24652:0] debug: comm point start listening 15 (-1 msec)
Apr 09 12:40:37 unbound[24652:0] debug: http header: HTTP/1.1 301 Moved Permanently
Apr 09 12:40:37 unbound[24652:0] debug: http bad status 301 Moved Permanently
Apr 09 12:40:37 unbound[24652:0] debug: close fd 15
Apr 09 12:40:37 unbound[24652:0] debug: auth zone transfer http callback
Apr 09 12:40:37 unbound[24652:0] debug: http stopped, connection lost to urlhaus.abuse.ch
Apr 09 12:40:37 unbound[24652:0] debug: auth zone rpz.urlhaus.abuse.ch. transfer failed, wait
Apr 09 12:40:37 unbound[24652:0] debug: auth zone rpz.urlhaus.abuse.ch. timeout in 6 seconds
 
Last edited by a moderator:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top