We could also use zrsh as a workaround, but kindly take note this is not officially supported by F5 Technical support and we don’t have official document published for this tool.

*******************************************
There’re two types of DNS records in the customer’s RPZ blacklist zone

– normal DNS record
– wildcard DNS record

Example in BIND zone file

normal DNS record:

$ORIGIN com.blacklist.org.
camscanner CNAME restricted.blacklist.org.

wildcard DNS record:

$ORIGIN camscanner.com.blacklist.org.
* CNAME restricted.blacklist.org.

To manage the zone using zrsh, run zrsh in bash

# zrsh

Then run help to display all avaialbe commands:

% help

To display all zones:

% listzones

To display records in a zone (may take very long time if the zone is huge):

% displayzone blacklist.org.

To add a resource record (normal)

% addrr blacklist.org. camscanner.com.blacklist.org. 3600 CNAME restricted.blacklist.org

To add a resource record (wildcard)

% addrr blacklist.org. “*.camscanner.com.blacklist.org.” 3600 CNAME restricted.blacklist.org

To delete a resource record (normal)

% delrr blacklist.org. camscanner.com.blacklist.org. 3600 CNAME restricted.blacklist.org

To delte a resource record (wildcard)

% delrr blacklist.org. “*.camscanner.com.blacklist.org.” 3600 CNAME restricted.blacklist.org

If need to verify the modified records in the zone file, exit zrsh and use the following commands in bash to force flush the journal into zone file:

# rndc freeze
# rndc thaw