Can an RPZ record be used for a non-existed domain?
Carl Byington
carl at byington.org
Thu Mar 24 21:50:16 UTC 2022
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Thu, 2022-03-24 at 12:16 -0600, Grant Taylor via bind-users wrote:
> What advantage does RPZ have in this case over just hosting the
> domain(s) locally?
In general, the domain exists with a bunch of existing names - www,
mail, etc. We just need to add one more (outbound) and tie it to the ip
address of their outbound mail server. I don't want to take over their
entire domain. Rather than updating /etc/hosts on a bunch of customer
mail servers, their dns server just zone transfers the rpz zone using
notify/ixfr. And many times, their error is in an incorrect or missing
PTR record, so /etc/hosts does not help there.
I have many other cases where we do take over the entire domain, like
princetonprivacystudy.org A 127.0.0.2
*.princetonprivacystudy.org A 127.0.0.2
which makes any host name like abc.princetonprivacystudy.org appear to
be listed on Zen.
But this is one rpz file to maintain, rather than adding a few hundred
zones to the dns servers.
-----BEGIN PGP SIGNATURE-----
iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYjznjBUcY2FybEBmaXZl
LXRlbi1zZy5jb20ACgkQL6j7milTFsE8PwCeJRLLeGhQE9E51mreW3Yuq2g0Ig0A
n29Nl0oy3X0503WD3h9Udg1rEBoW
=DwNb
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list