Response Policy Zone returns servfail for time.in Trigger
Summary
RPZ Returns a servfail when the trigger is "time.in"
BIND version used
BIND 9.18.12-0ubuntu0.22.04.1-Ubuntu (Extended Support Version) id:
Steps to reproduce
Configure a RPZ rule with the trigger as time.in (the action does not seem to matter, I tried both CNAME . and A 1.1.1.1 both fail) Try to resolve time.in against the bind server using dig, nslookup, etc a servfail is returned
What is the current bug behavior?
Bind returns a servfail when the trigger for an RPZ rule is "time.in" RPZ works as expected for "tim.in" and "time.ind"
What is the expected correct behavior?
Bind should return the expected action (nxdomain, A record rewrite, etc)
Relevant configuration files
RPZ Zone File $TTL 86400 @ IN SOA localhost. root.localhost. ( 12 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 86400 ) ; Negative Cache TTL ; @ IN NS localhost.
time.in CNAME .
named.conf.local snippet zone "rpz.local" { type master; file "/var/lib/bind/rpz.local"; allow-query { localhost; }; allow-transfer { 1.1.1.1; }; also-notify { 1.1.1.1; }; };
named.conf.options snippet //enable response policy zone. response-policy { zone "rpz.local"; };
Relevant logs and/or screenshots
dig time.in @127.0.0.1
; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> time.in @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 25602 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: a197e43b329c51e701000000643028c76d5822e3f9c2bbcb (good) ;; QUESTION SECTION: ;time.in. IN A
;; Query time: 292 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Fri Apr 07 10:29:27 EDT 2023 ;; MSG SIZE rcvd: 64
LOG Apr 7 10:30:37 server named[941]: client @0x7f74a80d03b8 127.0.0.1#34415 (time.in): query failed (failure) for time.in/IN/A at query.c:7775
Possible fixes
Unknown