Bind, rpz and TXT/MX records

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Bind, rpz and TXT/MX records

Emanuele Santoro
Hello there!

I'm trying to use rpz functionalities from bind to overlay some local
dns entries onto a public dns zone.

The problem is that while this works okay for regular records
(A/AAAA/CNAME) this blocks other record type requests (mainly TXT/MX).
I say "blocks" as in "it has no local data for such kind of records and
thus will respond with NODATA/NXDOMAIN".

Has anyone faced this problem before ? Any hints or suggestions ?


Thanks in advance,
Emanuele Santoro



p.s: I have read the rpz spec and the bind documentation, plus various
webpages here and there. There are many policy triggers (RPZ-CLIENT-IP,
QNAME, RPZ-IP, RPZ-NSIP) to differentiate the requests in order to have
different behaviors in different situation.

Something like a QTYPE policy trigger (query type, as in MX or TXT or A
or other) would be ideal, so that it would be possible to write
something like:

    ; let txt queries pass through
    txt.example.com.rpz-qtype        CNAME    rpz-passthru.

    ; block mx queries
    mx.example.com.rpz-qtype        CNAME    *.

Also: the dns-rpz spec at
https://tools.ietf.org/id/draft-vixie-dnsop-dns-rpz-00.html#overrides
specifies a specific action override:
LOCAL-DATA-OR-PASSTHRU. I haven't found any reference about this in the
bind documentation. Did I miss something ?
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users