Internal CNAME in RPZ
julien soula
julien.soula at univ-lille2.fr
Wed Oct 23 18:49:02 UTC 2019
On Wed, Oct 23, 2019 at 10:21:08PM +0500, Andrey Geyn wrote:
> Hi, Fred!
>
> Thank for your reply and tests.
> The questions you ask are my questions too, just asked more professionally. Thanks for it :)
>
> .../...
> In my test (I have BIND 9.11.3-1ubuntu1.9-Ubuntu) I have following named.conf:
> """
> options {
> response-policy {zone "rpz"; };
> }
> zone "rpz" {
> type master;
> file "/etc/bind/rpz.zone";
> };
RPZ zone is only use internally to Bind. It doesn't need to be
resolvable outside. So you can skip the zone declaration.
If you need zone declaration (cause you have slaves for this zone),
you can restrict access to it by adding "allow-query { slaves... };"
on master and "allow-query {};" on slaves.
sincerly,
--
Julien
<< Vous n'avez rien a dire... Parlons-en! >>
More information about the bind-users
mailing list