Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
RPZ policy for unbound - transform RPZ zone into local zone statements
#!/bin/bash
RPZ_ZONE="rpz.cesnet.cz"
RPZ_SERVER="nsa.cesnet.cz"
OUTPUT_FILE="unbound_$RPZ_ZONE.conf"
function resolve_target() {
local domain="$1"
shift
local target=$@
dig +noauthority +noadditional +noquestion $target | sed -rn 's_^.*(\s+IN\s+A(AAA)?\s+.*)$_'$domain'\1_p'
}
function get_local_data() {
while read domain target; do
if [[ "${target}" = "." ]]; then #just block - we do nothing
echo -e "$domain\tIN\tCNAME\t$target"
else #try to resolve the target
resolve_target "${domain}" "${target}" -t A
resolve_target "${domain}" "${target}" -t AAAA
fi
done
}
set -e
rawrpz=$(dig -t axfr "$RPZ_ZONE" @"$RPZ_SERVER")
rpz=$(sed -rn 's_^(.*)\.'"$RPZ_ZONE"'\.\s.*IN\s+CNAME\s+(.*)$_\1\t\2_p' <<<"$rawrpz")
local_data=$(get_local_data <<<"$rpz")
echo "server:" > "${OUTPUT_FILE}"
while read line; do
[[ -n "$line" ]] && \
echo -e "\tlocal-data: \"$line\"" >> "${OUTPUT_FILE}"
done <<< "${local_data}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment