[RPZ] Trojan.Spachanel - Using SPF records for malware signaling (problem for RPZ sinkholing?)

Alan Doherty alan at alandoherty.net
Wed Jan 30 00:06:47 UTC 2013

At 23:49 29/01/2013  Tuesday, Vernon Schryver wrote:
>> From: Alan Doherty <dnsrpz at alandoherty.net>
>> ...
>> its not a sinkhole issue, its a type of data transmission RPZ can
>> never handle (new domains)
>What if the new domains have NS RRs with old names listed with NSDNAME
>records or new names with old IP addresses with NSIP records in RPZ zones?

thats the job!
(english: that is the very feature I had meant to elude to [badly])

>There were recent references to NSIP and NSDNAME in this mailing
>list in the thread ending with
>including mention of public RPZ zones with NSDNAME and NSIP records.

thats the bit I must have missed checking out those RPZ zones now

and glad to hear the feature will be on-by-default soon 

More information about the DNSfirewalls mailing list