- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page

Inconsistent RPZ Results
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
05-22-2018 08:37 AM
I configured some test local RPZ rules, however it seems it only works for some of the sites listed.
For example, I set it to block cnn.com, facebook.com, and boardgames.com.
But the only one that's blocked effectively is boardgames.com.
If I attempt an nslookup for any of the blocked sites it comes back "Non-existent domain".
But I'm able to browse to facebook and cnn. I did an ipconfig /flushdns and cleared the browser cache, as well. No change.
Any ideas?
Solved! Go to Solution.
Re: Inconsistent RPZ Results
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
05-22-2018 10:53 AM
If you make a packet trace what do you see there?

Re: Inconsistent RPZ Results
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
05-22-2018 11:26 AM
RPZ can be a little confusing because it gives you control over whether to act on the domain name, or everything that falls underneath the domain. In the example that you provided, your policy is set to act on the domain name only and to block everything else underneath, you would add a second rule with a wildcard character- *.boardgames.com.
As a result, you will have two rules for every domain name. Doing this through the GUI is fine for small updates but if you are setting a large number of rules, I would recommend using the CSV import feature. This would allow you to simplify the process using your standard spreadsheet application before uploading it into NIOS.
Regards,
Tony
Re: Inconsistent RPZ Results
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
05-23-2018 08:34 AM
Looks like that did the trick. (adding *.site.com)
Thanks Tony.