From Newsgroup: comp.protocols.dns.bind
Hello there!
I'm trying to use rpz functionalities from bind to overlay some local
dns entries onto a public dns zone.
The problem is that while this works okay for regular records
(A/AAAA/CNAME) this blocks other record type requests (mainly TXT/MX).
I say "blocks" as in "it has no local data for such kind of records and
thus will respond with NODATA/NXDOMAIN".
Has anyone faced this problem before ? Any hints or suggestions ?
Thanks in advance,
Emanuele Santoro
p.s: I have read the rpz spec and the bind documentation, plus various
webpages here and there. There are many policy triggers (RPZ-CLIENT-IP,
QNAME, RPZ-IP, RPZ-NSIP) to differentiate the requests in order to have different behaviors in different situation.
Something like a QTYPE policy trigger (query type, as in MX or TXT or A
or other) would be ideal, so that it would be possible to write
something like:
; let txt queries pass through
txt.example.com.rpz-qtype CNAME rpz-passthru.
; block mx queries
mx.example.com.rpz-qtype CNAME *.
Also: the dns-rpz spec at
https://tools.ietf.org/id/draft-vixie-dnsop-dns-rpz-00.html#overrides
specifies a specific action override:
LOCAL-DATA-OR-PASSTHRU. I haven't found any reference about this in the
bind documentation. Did I miss something ?
--- Synchronet 3.18a-Linux NewsLink 1.113