[RPZ] DNS IDN service

Paul Vixie paul at redbarn.org
Sat Jun 2 13:13:34 UTC 2012

On 2012-06-02 4:55 AM, Pyae Phyo Wai wrote:
> Dear Paul
> Thanks for your concerns.
> How do you do?
> We are now using RPZ to protect blacklist URL.
> We filter those website in dns server using RPZ.

is this a home grown RPZ, created and maintained inside your
organization? or is it an external RPZ that you subscribe to? i'm really
interested in knowing more about what people are doing with this technology.

> For IDN issue, we want to deploy IDN services in our ccTLD nameservers.
> We are registrar of IANA for ccTLD.
> If we set up IDN service on existing ccTLD authoritative nameservers,
> 1. Shall we register our language-script to ICANN first ? (OR) Can we
> try it on our nameserver first ?

you can (and must) have this running on your name server first, but it
will be difficult to test until ICANN adds your new ccIDN to the root zone.

> 2. Do we need to change anything special on existing nameservers ?

possibly; see below.

> 3. How can we try it on existing my environment ?

testing could take the form of telling your recursive BIND server to
load the ccIDN zone as a "secondary".

> Please support me if you have any advice upon it.

since this part of our conversation is not about RPZ, i suggest that we
communicate 1x1 on matters related to ccIDN support.


More information about the DNSfirewalls mailing list