[RPZ] Errata in the BIND ARM discussing RPZ?
Fred Morris
m3047 at m3047.net
Wed Apr 13 21:20:30 UTC 2011
Section 6.2.16.20 of the BIND ARM for 9.8.0 contains this example of ip
matching:
; IP rules rewriting all answers for 127/8 except 127.0.0.1
8.0.0.0.127.ip CNAME .
32.1.0.0.127.ip CNAME 32.1.0.0.127.
However a few paragraphs earlier it states "IP rules are expressed in RRsets
with owner names that are subdomains of rpz-ip..."
Looking at the source code in lib/dns/include/dns/rpz.h I see:
#define DNS_RPZ_IP_ZONE "rpz-ip"
#define DNS_RPZ_NSIP_ZONE "rpz-nsip"
#define DNS_RPZ_NSDNAME_ZONE "rpz-nsdname"
So I'm guessing the example is incorrect.
--
Fred Morris
More information about the DNSfirewalls
mailing list