[RPZ] Errata in the BIND ARM discussing RPZ?
m3047 at m3047.net
Wed Apr 13 21:20:30 UTC 2011
Section 184.108.40.206 of the BIND ARM for 9.8.0 contains this example of ip
; IP rules rewriting all answers for 127/8 except 127.0.0.1
220.127.116.11.127.ip CNAME .
18.104.22.168.127.ip CNAME 22.214.171.124.127.
However a few paragraphs earlier it states "IP rules are expressed in RRsets
with owner names that are subdomains of rpz-ip..."
Looking at the source code in lib/dns/include/dns/rpz.h I see:
#define DNS_RPZ_IP_ZONE "rpz-ip"
#define DNS_RPZ_NSIP_ZONE "rpz-nsip"
#define DNS_RPZ_NSDNAME_ZONE "rpz-nsdname"
So I'm guessing the example is incorrect.
More information about the DNSfirewalls