[RPZ] Promoting RPZ: feedback request

Patrick, Robert (CONTR) Robert.Patrick at hq.doe.gov
Fri Jun 28 01:33:12 UTC 2013

...waiting on RPZ in BIND to support DNSSEC-signed domains, in that operators need an (optional) method to prevent users/customers from accessing signed domains that are being used for nefarious purposes.

I understood the original implementation does not intercept/block/filter any domain that is DNSSEC-signed.

If RPZ is going to allow DNSSEC-signed domains to bypass the blocking process, manual blocking by the operator is still required, yes?

More information about the DNSfirewalls mailing list