RPZ and negative answers
Phil Mayers
p.mayers at imperial.ac.uk
Thu Apr 4 08:42:12 UTC 2013
On 04/04/2013 12:50 AM, Chris Buxton wrote:
> Thanks for the explanation. It seems to me this is a gap in coverage
> of RPZ -- the algorithm should be updated, in my opinion, to cover
> the case of a negative answer.
AIUI it's a deliberately limited mechanism aimed at preventing
resolution of harmful domains; NODATA/NXDOMAIN rewriting has caused
enough controversy in the recent past that I can understand there being
reluctance to extend RPZ to do it.
Can you comment on the use-case?
More information about the bind-users
mailing list