[RPZ] Trojan.Spachanel - Using SPF records for malware signaling (problem for RPZ sinkholing?)
Alan Doherty
alan at alandoherty.net
Wed Jan 30 00:06:47 UTC 2013
At 23:49 29/01/2013 Tuesday, Vernon Schryver wrote:
>> From: Alan Doherty <dnsrpz at alandoherty.net>
>
>> ...
>> its not a sinkhole issue, its a type of data transmission RPZ can
>> never handle (new domains)
>
>What if the new domains have NS RRs with old names listed with NSDNAME
>records or new names with old IP addresses with NSIP records in RPZ zones?
thats the job!
(english: that is the very feature I had meant to elude to [badly])
>There were recent references to NSIP and NSDNAME in this mailing
>list in the thread ending with
>https://lists.isc.org/pipermail/dnsrpz-interest/2013-January/000179.html
>including mention of public RPZ zones with NSDNAME and NSIP records.
thats the bit I must have missed checking out those RPZ zones now
and glad to hear the feature will be on-by-default soon
More information about the DNSfirewalls
mailing list