Can an RPZ record be used for a non-existed domain?
Grant Taylor
gtaylor at tnetconsulting.net
Thu Mar 24 22:13:37 UTC 2022
On 3/24/22 3:50 PM, Carl Byington via bind-users wrote:
> In general, the domain exists with a bunch of existing names - www,
> mail, etc. We just need to add one more (outbound) and tie it to the
> ip address of their outbound mail server. I don't want to take over
> their entire domain.
Fair enough.
But there seems to be a disconnect.
I was talking about adding a domain that is outbound.example.com. and
put the A / AAAA records in that domain's apex. Thus you are only
overriding outbound.example.com and nothing else in the example.com domain.
> Rather than updating /etc/hosts on a bunch of customer mail servers,
> their dns server just zone transfers the rpz zone using notify/ixfr.
ACK Using standard zone transfers for RPZ(s) is one of the many
features of RPZ.
> And many times, their error is in an incorrect or missing PTR record,
> so /etc/hosts does not help there.
We must have different experiences and / or have used different MTAs.
I've routinely been able to address one offs do to lack of PTR via
/etc/hosts entries.
> But this is one rpz file to maintain, rather than adding a few hundred
> zones to the dns servers.
Fair enough.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220324/3ae8fb29/attachment-0001.bin>
More information about the bind-users
mailing list