rpz depending on query type

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

rpz depending on query type

Erich Eckner
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

I'm running bind as a recursive dns server. I wonder, if it's possible to
modify responses via rpz for some query type only - e.g.: I want to return
NODATA for "example.com AAAA", but the real answer for "example.com A"
(and all other record types). Currently, I do this, by adding a rpz rule
"example.com A 1.2.3.4". But obviously, I'm relying on

a) example.com's address not changing and
b) me knowing every possible record type, that might be queried for
example.com

btw: I do *not* want to disable AAAA responses.

The only way, I can currently think of, is to redirect all queries for
example.com via CNAME to a custom server (or just a view), that has AAAA
disabled.

regards,
Erich

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl/0lMIACgkQCu7JB1Xa
e1qGkQ/9E0j0MTq4Z8KDO//IIz7dd0iOnYTpSh91iAsU2DI1U3ZDkOkTeCNaxdkP
4DUoYj6xcNxQJWnMPRxKKmglaptP2Kkr0V5bzvyMqct12pyngv3o7xqabeqad640
ffVdhWYaX1y5eq2QiFQRY9jY9cQALeF5nGz9X1XZwfANhj0gsyBr9BEMPjNQRkIP
5Vhw/rbQWnfuA52/fVhLYfP3RPjdgcsUp/yeW2jodI7/o/1TLgR0IfGhM0ay7bxN
5vKsDd5R2XuPTXTpTmSX3UmtBav0dl1x++XxApb+TMyN5z84a6b0oqBxY7/hBsgX
iIRhKJjF8WJn5jpHg6PEjxO8GsL4uEZAmeVN074xMpkB9KRSOgwdjySUYu7D6uDI
LWrhz924gsWmfybktMY8LQNErcnxx07DevEsUKTxrdAjR2eFqsnACvDPSoYj9OHH
wvzTxPGldmxRNTwPCqz5RrZAYK4p7NBIORzFo/fHDArnZL13DRp5XZjNz6pE34fl
OAIuX0vgwuDb5r6108rzEPB+qvLd+0WG3GXLy/WHX5Lh+SaLnw0NUiCxzarT4/jJ
L+x/x48pfgU7aAAs0OcjdH9ox6dEH/uX14vuH+6ZjDzKwSMB2rzjD2H/dUQZ7qY8
pFUhdclDxFNn0HXzjTRCIz6tnQi4Ke+N3Lo6R5Q1azNbmgtWm04=
=Xyu+
-----END PGP SIGNATURE-----
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users