Inconsistent RPZ Results

gleeson · ‎05-22-2018

I configured some test local RPZ rules, however it seems it only works for some of the sites listed.

For example, I set it to block cnn.com, facebook.com, and boardgames.com.

But the only one that's blocked effectively is boardgames.com.

If I attempt an nslookup for any of the blocked sites it comes back "Non-existent domain".

But I'm able to browse to facebook and cnn. I did an ipconfig /flushdns and cleared the browser cache, as well. No change.

Any ideas?

harrys · ‎05-22-2018

If you make a packet trace what do you see there?

TTiscareno · ‎05-22-2018

RPZ can be a little confusing because it gives you control over whether to act on the domain name, or everything that falls underneath the domain. In the example that you provided, your policy is set to act on the domain name only and to block everything else underneath, you would add a second rule with a wildcard character- *.boardgames.com.

As a result, you will have two rules for every domain name. Doing this through the GUI is fine for small updates but if you are setting a large number of rules, I would recommend using the CSV import feature. This would allow you to simplify the process using your standard spreadsheet application before uploading it into NIOS.

Regards,

Tony

gleeson · ‎05-23-2018

Looks like that did the trick. (adding *.site.com)

Thanks Tony.

DNS DHCP IPAM

Inconsistent RPZ Results

Re: Inconsistent RPZ Results

Re: Inconsistent RPZ Results

Re: Inconsistent RPZ Results