[RPZ] marking packets modified by DNS-RPZ-policy
vixie at isc.org
Sat Aug 7 15:57:31 UTC 2010
i can't think of a way to do this marking that won't look like a kashpureff
attack to any downstream recursives that use the rpz server as a forwarder.
so, putting an RR into the additional section, like
"HIT._RPZ. 0 IN RP 0 RPZ.VIX.COM."
seems like an obvious and wonderful thing until you look at the syslog files
on the people downstream of you.
More information about the DNSfirewalls