[FR] add unbound-checkzone to check syntax of response policy zones (RPZ)

[jpgpi250]

first of all thanks to @gthess for his help to find very useful link (see here - closed)

I was having some trouble with converting an IPv6 address into a valid rpz entry, but succeeded

hapy to share the bash conversions, I've been using:

convert IPv4 address:

entry=$(echo "${addressArray[$j]}" | awk -F. '{OFS="."; print "32",$4,$3,$2,$1,"rpz-ip CNAME ."}')

result (example):

32.249.248.16.104.rpz-ip CNAME .

convert IPv6 address:

addr=$(echo "${addressArray[$j]}" | sed 's/::/:zz:/')
# need to remove trailing : if address ends with :zz: thus ${addr%:}
entry="128."$(echo "${addr%:}" | awk -F: '{for (i=NF; i>1; i--) printf("%s.",$i); print $1; }')".rpz-ip CNAME ."

result (example):

128.f8f9.6810.zz.4700.2606.rpz-ip CNAME .

The question: (FR): after looking around (duckduckgo), I was made aware of several programs, able to check zonefiles. this includes NSD, another great NLnetLabs product! I'm lucky to have NSD installed, thus can use /usr/local/sbin/nsd-checkzone rpz file, but assume not all unbound users also run NSD.

Would it be possible to make unbound-checkzone available, this to check rpz (and other zone files), since zone files are used by several unbound users.

Thank you for your time and effort.

[SaintBol]

I guess that one can use ldns-read-zone, in ldnsutils, from nlnetlabs, that doesn't run any additional stuff.