| CARVIEW |
Select Language
HTTP/2 200
date: Sat, 19 Jul 2025 02:25:29 GMT
content-type: text/html; charset=utf-8
cache-control: max-age=0, private, must-revalidate
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
link: ; rel=preload; as=fetch; crossorigin=use-credentials
referrer-policy: no-referrer-when-downgrade
server-timing: issue_layout-fragment;desc="issue_layout fragment";dur=190.5481,issue_conversation_content-fragment;desc="issue_conversation_content fragment";dur=473.466052,issue_conversation_sidebar-fragment;desc="issue_conversation_sidebar fragment";dur=47.632901,nginx;desc="NGINX";dur=0.596789,glb;desc="GLB";dur=95.7838
strict-transport-security: max-age=31536000; includeSubdomains; preload
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With, Accept,Accept-Encoding, Accept, X-Requested-With
x-content-type-options: nosniff
x-frame-options: deny
x-voltron-version: fd8fbbc
x-xss-protection: 0
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=vbQb%2BrXKoeQq8tGoY0tLs1x6XYFrqQdNbw%2BSlg5C218uxiSFYfcsbBL9z8facKu1kEOQN6rHWUolEwNZJ4cBsHGb5119Z8eZnboEmRqDyR%2FxCGvSN2Wv%2B2pgDpv41%2Fi5z9KFt%2FxSmK4H3nsxtCH4Tq8rAEO%2BnsDAkCDIPPLvqWoD50Vl1tUGNqSlOD%2BY7gZmmjMhvGJvuO6KVu%2BqiVpq%2BpS0RJeNYYnrHEG5vfTKFoG59Dm3Fo1PHSDaSzixJa%2B4WkE0W7CA310lgc7tiGS27g%3D%3D--mfNT4T%2BoZWB45t7I--1NnhnGbKBn7wpTZNZxpAMw%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.1360608058.1752891929; Path=/; Domain=github.com; Expires=Sun, 19 Jul 2026 02:25:29 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Sun, 19 Jul 2026 02:25:29 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: E7C0:21B12E:13CF:1E02:687B0219
RPZ tags aren't matched with interface-tag · Issue #1102 · NLnetLabs/unbound · GitHub
No labelsNo typeNo projectsNo milestoneNone yetNo branches or pull requests
Skip to content
Navigation Menu
{{ message }}
-
-
Notifications
You must be signed in to change notification settings - Fork 396
Closed
Assignees
Description
Describe the bug
According to the documentation RPZ tags are also matched against interface tags:
tags need to be matched either with the client IP prefix using access-control-tag: or the clients on a listening interface using interface-tag:
However, only access-control-tags appear to be applied.
To reproduce
Considering the configuration:
server:
module-config: "respip validator iterator"
interface: lo@5301
interface: lo@5302
define-tag: "malware social"
interface-tag: lo@5301 "malware"
interface-tag: lo@5302 "social"
rpz:
name: malware.rpz.example.com
zonefile: malware.rpz.example.com
tags: "malware"
rpz:
name: social.rpz.example.com
zonefile: social.rpz.example.com
tags: "social"
Both unbound v1.20.0 and v1.17.1 respond with the malware RPZ regardless of the interface used, while latest git (d43760a) uses no RPZ.
Expected behavior
Queries on port 5301 should be replied with "malware" RPZ, port 5302 with "social".
System:
- Unbound version: 1.20.0
- OS: Arch Linux
unbound -Voutput:
Version 1.20.0
Configure line: --prefix=/usr --sysconfdir=/etc --localstatedir=/var --sbindir=/usr/bin --disable-rpath --enable-dnscrypt --enable-dnstap --enable-pie --enable-relro-now --enable-subnet --enable-systemd --enable-tfo-client --enable-tfo-server --enable-cachedb --with-libhiredis --with-conf-file=/etc/unbound/unbound.conf --with-pidfile=/run/unbound.pid --with-rootkey-file=/etc/trusted-key.key --with-libevent --with-libnghttp2 --with-pyunbound
Linked libs: libevent 2.1.12-stable (it uses epoll), OpenSSL 3.3.1 4 Jun 2024
Linked modules: dns64 cachedb subnetcache respip validator iterator
DNSCrypt feature available
TCP Fastopen feature available
BSD licensed, see LICENSE in source package for details.
Report bugs to unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues
Metadata
Metadata
Assignees
Labels
No labels
Type
Projects
Milestone
Relationships
Development
Issue actions
You can’t perform that action at this time.