| CARVIEW |
Navigation Menu
-
-
Notifications
You must be signed in to change notification settings - Fork 397
Description
Describe the bug
After upgrade from 1.19.3 to 1.20.0 tagged rpz zones are always used.
To reproduce
Steps to reproduce the behavior:
- Starting unbound with unbound.conf.txt
- Add the following entry to rpz.test.intern:
archive.ubuntu.com.rpz.test.intern. 300 IN CNAME install.intern. - Query ::1 and 127.0.0.1, both return rpz modified data.
Expected behavior
dig @127.0.0.1 archive.ubuntu.com +nocomment shouldn't return rpz modified data but it does.
with unbound 1.19.3:
dig @127.0.0.1 archive.ubuntu.com +nocomment
; <<>> DiG 9.11.36-RedHat-9.11.36-11.el8_9.1 <<>> @127.0.0.1 archive.ubuntu.com +nocomment
; (1 server found)
;; global options: +cmd
;archive.ubuntu.com. IN A
archive.ubuntu.com. 17 IN A 91.189.91.81
archive.ubuntu.com. 17 IN A 91.189.91.82
archive.ubuntu.com. 17 IN A 185.125.190.39
archive.ubuntu.com. 17 IN A 185.125.190.36
archive.ubuntu.com. 17 IN A 91.189.91.83
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu May 30 09:56:59 CEST 2024
;; MSG SIZE rcvd: 127
However with unbound 1.20.0 the following answer is returned:
dig @127.0.0.1 archive.ubuntu.com +nocomment
; <<>> DiG 9.11.36-RedHat-9.11.36-14.el8_10 <<>> @127.0.0.1 archive.ubuntu.com +nocomment
; (1 server found)
;; global options: +cmd
;archive.ubuntu.com. IN A
archive.ubuntu.com. 300 IN CNAME install.intern.
install.intern. 60 IN A 192.0.2.2
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu May 30 09:59:12 CEST 2024
;; MSG SIZE rcvd: 97
System:
- Unbound version: 1.20.0
- OS: Almalinux 8.10
- Version 1.20.0
Configure line: --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --program-prefix= --disable-dependency-tracking --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --with-pythonmodule --with-pyunbound PYTHON=/usr/libexec/platform-python --with-libevent --with-pthreads --with-ssl --disable-rpath --disable-static --enable-relro-now --enable-pie --enable-subnet --enable-ipsecmod --with-conf-file=/etc/unbound/unbound.conf --with-pidfile=/var/run/unbound/unbound.pid --enable-sha2 --disable-gost --enable-ecdsa --enable-dnstap --with-rootkey-file=/var/lib/unbound/root.key
Linked libs: libevent 2.1.8-stable (it uses epoll), OpenSSL 1.1.1k FIPS 25 Mar 2021
Linked modules: dns64 python ipsecmod subnetcache respip validator iterator
BSD licensed, see LICENSE in source package for details.
Report bugs to unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues
Additional information
The same happens if using access-control-tags.