Rewrite/Override QTYPE with RPZ
Tom
tomtux007 at gmail.com
Mon Nov 12 07:52:32 UTC 2018
Hi Daniel
Thank you for your feedback. This could be a solution.
It seems, that unbound can do this (not verified) and BIND-RPZ can't do
this actually:
https://serverfault.com/questions/18748/overriding-some-dns-entries-in-bind-for-internal-networks
Any plans for BIND?
Tom
On 12.11.18 08:14, Daniel Stirnimann wrote:
> Hello Tom,
>
>> My feeded RPZ blocks othercompany.com and *.othercompany.com. Therefore
>> any qtype (MX, A, AAAA...) are blocked for this domain. Is there a way
>> with BIND just to whitelist the MX for othercompany.com and the
>> consequent A-Record (ex. mail.othercompany.com) that we are able to send
>> mail to othercompany.com?
>
> If the action of your RPZ policy is a CNAME redirecting the user to a
> walled garden and that walled garden runs an MTA you could configure it
> as a relay server.
>
> We have a similar setup where the MTA on the walled garden rejects the
> email so that the sending MTA immediately gets a feedback.
>
> Daniel
>
More information about the bind-users
mailing list