RPZ Still Doing Recursive Lookups
Crist Clark
cjc+bind-users at pumpky.net
Tue Feb 24 23:30:01 UTC 2015
I am seeing that even with a zone included in an RPZ, the BIND server is
still going out to the Internet to resolve the name. I was hoping the RPZ
entry would stop processing short of that.
I have "some.bad.domain.tld" returning NODATA. The client is getting the
response I expect. The SOA is for the RPZ. I see it being logged as an RPZ
response. That's all good.
But what is not good is that the server is still sending a query for
"some.bad.domain.tld" upstream to its forwarder. I do not want that. I
expected the RPZ to stop that.
Is this expected behavior? Why is it doing it? Is there a way to stop it?
BIND 9.9.2.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150224/09fd8aaf/attachment.html>
More information about the bind-users
mailing list