[RPZ] marking packets modified by DNS-RPZ-policy

Paul Vixie vixie at isc.org
Sat Aug 7 15:57:31 UTC 2010

Previous message: [RPZ] marking packets modified by DNS-RPZ-policy
Next message: [RPZ] marking packets modified by DNS-RPZ-policy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

i can't think of a way to do this marking that won't look like a kashpureff
attack to any downstream recursives that use the rpz server as a forwarder.

so, putting an RR into the additional section, like

"HIT._RPZ. 0 IN RP 0 RPZ.VIX.COM."

seems like an obvious and wonderful thing until you look at the syslog files
on the people downstream of you.

Previous message: [RPZ] marking packets modified by DNS-RPZ-policy
Next message: [RPZ] marking packets modified by DNS-RPZ-policy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the DNSfirewalls mailing list