[RPZ] RPZ seen at MAAWG
Paul Vixie
vixie at isc.org
Sat Oct 9 21:22:47 UTC 2010
> Date: Sat, 9 Oct 2010 16:24:02 -0400
> From: Robert Edmonds <edmonds at isc.org>
>
> there is no "wildcard capability in zone file specifications that
> matches _all_ sub-domains" [emphasis mine]. wildcards do not match
> subdomains of themselves.
>
> if RPZ is "just DNS", then i see no way to create an RPZ rule that can
> match the following name, short of setting the RPZ origin name to ".":
>
> *.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.bad.com.
understood, but i'm not worried about the bad guys doing that. yet.
More information about the DNSfirewalls
mailing list