[RPZ] something_else.pseudotld.tld and BIND and DNS in the wild

Paul Vixie vixie at isc.org
Thu Apr 21 14:12:11 UTC 2011

fred, this is an excellent catch.  we avoided as much as possible any
necessary encoding in RPZ's metadata structure that would trigger any
'check-names' warnings or failures.  however, if the names underlying
the triggers contain unusual characters then there's no way to avoid
having the RPZ provider (zone masters) turn off check-names and there's
a strong incentive to have RPZ consumers (zone slaves) do likewise.

More information about the DNSfirewalls mailing list