Blocking private addresses with a optionq
Vernon Schryver
vjs at rhyolite.com
Wed Apr 3 22:56:23 UTC 2013
> From: "Lawrence K. Chen, P.Eng." <lkchen at ksu.edu>
> First thing that got my attention was that "The rules encoded in a
> response policy zone (RPZ) are applied only to responses to queries
> that ask for recursion". But, these are authoritative only nameservers....
> So, would RPZ work in this case?
This is some more complete text from the 9.8.4-P1 ARM without patches:
By default, the actions encoded in an RPZ are applied
only to queries that ask for recursion (RD=1).
That default can be changed for a single RPZ or all RPZs in a view
with a <command>recursive-only no</command> clause.
Vernon Schryver vjs at rhyolite.com
More information about the bind-users
mailing list