Selective resolution in a corporate environment
Phil Mayers
p.mayers at imperial.ac.uk
Tue Feb 5 15:25:43 UTC 2013
On 05/02/13 15:16, funky monkey wrote:
> But to get back to what I'm often asked for, more as a tactical
> solution, is there any way of being able to subvert specific DNS names
> with alternate responses, whilst leaving the rest of the resolution to
> be obtained in the normal way - I know that doesn't follow the normal
> looking for authority for a domain name, then asking the correct
> question there.
RPZ. It's present in bind 9.8 and 9.9, and can filter queries and
responses to an (intentionally) limited degree.
Basically you define a response-policy statement in the config. That
statement lists one or more zones e.g. "rpz.yoursite.org". Queries and
answers are passed through that zone looking for specially formatted
records, and answers rewritten or turned into NODATA/NXDOMAIN as required.
More information about the bind-users
mailing list