RPZ and negative answers
Chris Buxton
clists at buxtonfamily.us
Tue Apr 2 21:16:17 UTC 2013
Can anyone explain this to me?
If a name exists in the response policy, and also exists in the real Internet namespace, the value from the policy is returned. But if it doesn't exist out on the Internet, then the value is not returned -- an NXDOMAIN (or SERVFAIL, or whatever) is returned instead.
I've known this for a while but haven't understood why it is thus. Today, it has become a problem for me. If I set a policy of "this name gets response X", I expect that policy to be used rather than "this name gets response X unless it doesn't exist out on the Internet or can't be resolved due to an error."
Chris Buxton
BlueCat Networks
More information about the bind-users
mailing list