Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #15771
| Path | csiph.com!news.uzoreto.com!news.etla.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Emanuele Santoro <manu@santoro.tk> |
| Newsgroups | comp.protocols.dns.bind |
| Subject | Bind, rpz and TXT/MX records |
| Date | Sat, 23 May 2020 13:34:38 +0200 |
| Lines | 38 |
| Approved | bind-users@lists.isc.org |
| Message-ID | <mailman.430.1590233671.942.bind-users@lists.isc.org> (permalink) |
| References | <d890db20-2884-5986-0a54-6ca2f2449d43@santoro.tk> |
| NNTP-Posting-Host | lists.isc.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=utf-8 |
| Content-Transfer-Encoding | 7bit |
| X-Trace | usenet.stanford.edu 1590233691 32485 149.20.1.60 (23 May 2020 11:34:51 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | bind-users@lists.isc.org |
| Return-Path | <manu@santoro.tk> |
| X-Original-To | bind-users@lists.isc.org |
| Delivered-To | bind-users@lists.isc.org |
| User-Agent | Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 |
| Content-Language | en-US |
| X-Spam-Status | No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_HELO_NONE, SPF_PASS autolearn=disabled version=3.4.2 |
| X-Spam-Checker-Version | SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org |
| X-BeenThere | bind-users@lists.isc.org |
| X-Mailman-Version | 2.1.29 |
| Precedence | list |
| List-Id | BIND Users Mailing List <bind-users.lists.isc.org> |
| List-Unsubscribe | <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe> |
| List-Archive | <https://lists.isc.org/pipermail/bind-users/> |
| List-Post | <mailto:bind-users@lists.isc.org> |
| List-Help | <mailto:bind-users-request@lists.isc.org?subject=help> |
| List-Subscribe | <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe> |
| X-Mailman-Original-Message-ID | <d890db20-2884-5986-0a54-6ca2f2449d43@santoro.tk> |
| Xref | csiph.com comp.protocols.dns.bind:15771 |
Show key headers only | View raw
Hello there!
I'm trying to use rpz functionalities from bind to overlay some local
dns entries onto a public dns zone.
The problem is that while this works okay for regular records
(A/AAAA/CNAME) this blocks other record type requests (mainly TXT/MX).
I say "blocks" as in "it has no local data for such kind of records and
thus will respond with NODATA/NXDOMAIN".
Has anyone faced this problem before ? Any hints or suggestions ?
Thanks in advance,
Emanuele Santoro
p.s: I have read the rpz spec and the bind documentation, plus various
webpages here and there. There are many policy triggers (RPZ-CLIENT-IP,
QNAME, RPZ-IP, RPZ-NSIP) to differentiate the requests in order to have
different behaviors in different situation.
Something like a QTYPE policy trigger (query type, as in MX or TXT or A
or other) would be ideal, so that it would be possible to write
something like:
; let txt queries pass through
txt.example.com.rpz-qtype CNAME rpz-passthru.
; block mx queries
mx.example.com.rpz-qtype CNAME *.
Also: the dns-rpz spec at
https://tools.ietf.org/id/draft-vixie-dnsop-dns-rpz-00.html#overrides
specifies a specific action override:
LOCAL-DATA-OR-PASSTHRU. I haven't found any reference about this in the
bind documentation. Did I miss something ?
Back to comp.protocols.dns.bind | Previous | Next | Find similar | Unroll thread
Bind, rpz and TXT/MX records Emanuele Santoro <manu@santoro.tk> - 2020-05-23 13:34 +0200
csiph-web