RPZ and negative answers
Noel Butler
noel.butler at ausics.net
Wed Apr 3 22:22:49 UTC 2013
On Tue, 2013-04-02 at 14:16 -0700, Chris Buxton wrote:
> Can anyone explain this to me?
>
> If a name exists in the response policy, and also exists in the real Internet namespace, the value from the policy is returned. But if it doesn't exist out on the Internet, then the value is not returned -- an NXDOMAIN (or SERVFAIL, or whatever) is returned instead.
>
> I've known this for a while but haven't understood why it is thus. Today, it has become a problem for me. If I set a policy of "this name gets response X", I expect that policy to be used rather than "this name gets response X unless it doesn't exist out on the Internet or can't be resolved due to an error."
>
Perhaps because it is a "response" zone, not an actual authoritative
"zone"?
Sounds strange, but makes sense to me.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130404/02153e74/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130404/02153e74/attachment.bin>
More information about the bind-users
mailing list