Saurabh: Not getting the answer with AAAA record. Error FORMERR resolving 'gim8.pl/AAAA/IN comes.

[Tony Finch]

Cathy Almond <cathya at isc.org> wrote:
>
> My understanding of why RPZ by default queries for names that it's going
> to rewrite anyway, is that the lack of regular queries to the
> authoritative servers alerts the zone owners (who we assume are
> malicious or similar) to the fact that their zone is being blocked and
> queries for it are being rewritten - thus encouraging them to move
> sooner rather than later to a new name/zone.

Thinking about it further, the way this kind of leak can occur is if a
user visits a malicious web site which is only partially blocked; the bad
guys might then be able to work out that blocking has occurred - whether
by Safe Browsing blocks, or AV blocks, or RPZ blocks, etc. usw.

I think I prefer not to send traffic to malicious DNS servers if I can
avoid it, and rely on the threat intelligence bods to keep on top of
things (that's why we pay them the big bucks).

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
the quest for freedom and justice can never end