Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.protocols.dns.bind > #15771 > unrolled thread

Bind, rpz and TXT/MX records

Back to article view | Back to comp.protocols.dns.bind

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.

Contents

  Bind, rpz and TXT/MX records Emanuele Santoro <manu@santoro.tk> - 2020-05-23 13:34 +0200

#15771 — Bind, rpz and TXT/MX records

Hello there!

I'm trying to use rpz functionalities from bind to overlay some local
dns entries onto a public dns zone.

The problem is that while this works okay for regular records
(A/AAAA/CNAME) this blocks other record type requests (mainly TXT/MX).
I say "blocks" as in "it has no local data for such kind of records and
thus will respond with NODATA/NXDOMAIN".

Has anyone faced this problem before ? Any hints or suggestions ?


Thanks in advance,
Emanuele Santoro



p.s: I have read the rpz spec and the bind documentation, plus various
webpages here and there. There are many policy triggers (RPZ-CLIENT-IP,
QNAME, RPZ-IP, RPZ-NSIP) to differentiate the requests in order to have
different behaviors in different situation.

Something like a QTYPE policy trigger (query type, as in MX or TXT or A
or other) would be ideal, so that it would be possible to write
something like:

    ; let txt queries pass through
    txt.example.com.rpz-qtype        CNAME    rpz-passthru.

    ; block mx queries
    mx.example.com.rpz-qtype        CNAME    *.

Also: the dns-rpz spec at
https://tools.ietf.org/id/draft-vixie-dnsop-dns-rpz-00.html#overrides
specifies a specific action override:
LOCAL-DATA-OR-PASSTHRU. I haven't found any reference about this in the
bind documentation. Did I miss something ?

[toc] | [standalone]

Back to top | Article view | comp.protocols.dns.bind

csiph-web