Queries regarding forwarders
Lee
ler762 at gmail.com
Thu Aug 9 07:01:56 UTC 2018
On 8/9/18, Grant Taylor via bind-users <bind-users at lists.isc.org> wrote:
> On 08/08/2018 10:02 PM, Blason R wrote:
>> Due to the architecture since I have my internal DNS RPZ built I wanted
>> my other internal DNS servers should send traffic to RPZ server and
>> then RPZ would resolve on behalf of client.
>
> Speaking of PRZ and forwarding…
>
> Does anyone know off hand if BIND, with RPZ configured to filter answers
> that resolve to private IPs, can actually respond with private answers
> from a local authoritative zone?
yes, it works just fine
> My long standing fear is that RPZ would filter replies from local
> authoritative zones.
it does, so you have to flag your local zones as rpz-passthru. eg:
*.home.net CNAME rpz-passthru.
localhost CNAME rpz-passthru.
8.0.0.0.127.rpz-ip CNAME . ; 127.0.0.0/8
8.0.0.0.10.rpz-ip CNAME . ; 10.0.0.0/8
12.0.0.16.172.rpz-ip CNAME . ; 172.16.0.0/12
16.0.0.168.192.rpz-ip CNAME . ; 192.168.0.0/16
Regards,
Lee
More information about the bind-users
mailing list