Response Policy Zone returns servfail for time.in Trigger
Fred Morris
m3047 at m3047.net
Sat Apr 8 18:28:17 UTC 2023
Since one of the corner cases where RPZ is used is for mitigation of
failures of legitimate resources, I have a question...
On Sat, 8 Apr 2023, Ondřej Surý wrote:
> time.in is currently broken - I am guessing this is the reason why are you trying to rewrite the answers.
>
> RPZ does try to resolve the name first, and it fails, so there’s nothing to rewrite.
Does this mean that in the default configuration an e.g. A record in an
RPZ overriding brokenness in the global DNS with a QNAME override might
fail due to the same brokenness? As far as I know I've never experienced
that.
Going forward, what is anticipated to be the proper configuration for that
scenario?
Thanks...
--
Fred Morris
More information about the bind-users
mailing list