SERVFAIL takes precedence before RPZ policy action
Phil Mayers
p.mayers at imperial.ac.uk
Fri Sep 2 15:42:01 UTC 2016
On 02/09/16 15:22, Daniel Stirnimann wrote:
> Hi all
>
> We maintain a block list with RPZ on our BIND resolvers. I noticed that
> the RPZ policy action does not apply for domain names which SERVFAIL
> (i.e. cannot be resolved by the resolver because of a timeout, lame
> delegation etc.).
RPZ applies to responses not queries.
You can override this with "qname-wait-recurse" IIRC.
More information about the bind-users
mailing list