I realised no BIND stubs exist, the configurations in /etc/bind are created from the DNS stubs in /usr/share/zentyal/stubs/dns/. I kludged a solution borrowing Ubuntu tips from -> https://www.redpill-linpro.com/sysadvent/2015/12/08/dns-rpz.html
Create in there a file called db.rpz with the following contents:
$TTL 60
@ IN SOA localhost. root.localhost. (
2015112501 ; serial
1h ; refresh
30m ; retry
1w ; expiry
30m) ; minimum
IN NS localhost.
localhost A 127.0.0.1
www.some-website.com A 127.0.0.1
www.other-website.com CNAME fake-hostname.com.
make a "dns" directory in /etc/zentyal/stubs
sudo mkdir /etc/zentyal/stubs/dns
Copy "named.conf.local.mas" and "named.conf.options.mas" from "/usr/share/zentyal/stubs/dns/" to "etc/zentyal/stubs/dns" to
cd /usr/share/zentyal/stubs/dns/
sudo cp named.conf.local.mas /etc/zentyal/stubs/dns
sudo cp named.conf.options.mas /etc/zentyal/stubs/dns
Edit named.conf.local.mas (inside /etc/zentyal/stubs/dns) and add this section:
zone "rpz" {
type master;
file "/etc/bind/db.rpz";
};
Edit named.conf.options.mas (inside /etc/zentyal/stubs/dns) and somewhere in the options { } section add the response-policyoption:
options {
// bunch
// of
// stuff
// please
// ignore
response-policy { zone "rpz"; };
}
Restart the DNS module in Zentyal.
sudo sudo zs dns restart
This will rewrite the "named.conf.options" and "named.conf.local" files in side "/etc/bind" each time the module is restarted (e.g on reboot or module restart). The changes should persist across reboots and Zentyal upgrades.
