[DNSfirewalls] NSDNAME inconsistency

Vernon Schryver vjs at rhyolite.com
Thu Jul 18 00:16:06 UTC 2013

> From: Vincent Stoffer <vstoffer at lbl.gov>

> So I had been encoding NS entries as:
> ns1.example.com.rpz-nsdomain.rpz.foo.bar
> but it appears that the only correct syntax is:
> ns1.example.com.rpz-nsdname.rpz.foo.bar
> Are they both supposed to work or is rpz-nsdomain an oversight in the
> documentation?  Can someone clear this up for me?  I thought I had tested
> these triggers as working before (with rpz-nsdomain), so possibly something
> changed between versions?  Our bind version is BIND 9.8.5-rpz2+rl.156.01-P1.

rpz-nsdname is correct and the other is my error in the ARM text.

irrelevant rant:  This issue has been mentioned in the BIND-users
mailing list, so why does 
hide the one right hit among floods of search-spam noise gmane.org,
mail-archive.com, and other mailing list parasites?  Why did Google
kill the ability to exclude those and other useless mailing list
search-spam parasites from search results?  Why don't more mailing
list operators take steps to un-subscribe the search-spam mailing list

Vernon Schryver    vjs at rhyolite.com

More information about the DNSfirewalls mailing list