RPZ - override TXT records
John Miller
johnmill at brandeis.edu
Thu Oct 8 22:17:20 UTC 2015
Hi Wolfgang,
If you have a CNAME record, no other resource types can exist for the
same fqdn (label). A CNAME literally means: "look here instead for
every single record with this name." So if you want to override a
single TXT record for www.cisco.com, you'll need to include the other
resource records for www.cisco.com in your RPZ zone file as well.
John
On Thu, Oct 8, 2015 at 5:25 PM, Wolfgang Riedel [CISCO]
<wolfgang at cisco.com> wrote:
> Hi Folks,
>
> I am currently struggling with using RPZ for inserting or overriding TXT
> resource records.
>
> This is my goal:
>
> ; do not rewrite www.cisco.com (so, PASSTHRU) and add or override missing
> metadata
> www.cisco.com CNAME rpz-passthru.
> www.cisco.com TXT
> "CISCO-CLS=app-name:HTTP|app-class:TD"
>
> What work's is that I can do one or the other but not both at the same time
> if I need to use a CNAME.
>
> This works:
>
> wolfgang.dns-as.org A 193.34.28.108
> wolfgang.dns-as.org TXT
> "CISCO-CLS=app-name:RPZ|app-class:TD"
>
> but in reality this will not work for CDN or load-balanced sites which don't
> have fixed IP address.
>
> Any hint's what I am doing wrong?
>
> Many thanks,
> Wolfgang
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
John Miller
Systems Engineer
Brandeis University
johnmill at brandeis.edu
(781) 736-4619
More information about the bind-users
mailing list