I'm trying to use rpz functionalities from bind to overlay some local
dns entries onto a public dns zone.
The problem is that while this works okay for regular records
(A/AAAA/CNAME) this blocks other record type requests (mainly TXT/MX).
I say "blocks" as in "it has no local data for such kind of records and
thus will respond with NODATA/NXDOMAIN".
Has anyone faced this problem before ? Any hints or suggestions ?
Thanks in advance,
p.s: I have read the rpz spec and the bind documentation, plus various
webpages here and there. There are many policy triggers (RPZ-CLIENT-IP,
QNAME, RPZ-IP, RPZ-NSIP) to differentiate the requests in order to have
different behaviors in different situation.
Something like a QTYPE policy trigger (query type, as in MX or TXT or A
or other) would be ideal, so that it would be possible to write
; let txt queries pass through
txt.example.com.rpz-qtype CNAME rpz-passthru.