[RPZ] Subject: Re: DNSRPZ TTL Feature
nudge
nudgemac at fastmail.fm
Mon Apr 22 22:41:39 UTC 2013
On Sun, Apr 21, 2013, at 03:26 PM, Hugo Maxwell Connery wrote:
> RPZ seems to be about lying in *complete* ways for *specific* reasons.
>
> e.g I wish to NXDOMAIN or CNAME domains X, Y and Z.
>
> These are a *complete* replacement of the response from the authoritative
> resolver. Auth said PPPP and I choose to say QQQQ (not PPQP; some subtle
> change).
A lie is a lie and you can already use RPZ to lie most anyway you wish.
That's the new reality. How nimble should RPZ be at that ? The perceived
wisdom is to make some things easier than others. That's fine, but
please don't suggest we're playing with white lies when there's nothing
but damn lies here.
More information about the DNSfirewalls
mailing list