[RPZ] Promoting RPZ: feedback request
Patrick, Robert (CONTR)
Robert.Patrick at hq.doe.gov
Fri Jun 28 01:33:12 UTC 2013
...waiting on RPZ in BIND to support DNSSEC-signed domains, in that operators need an (optional) method to prevent users/customers from accessing signed domains that are being used for nefarious purposes.
I understood the original implementation does not intercept/block/filter any domain that is DNSSEC-signed.
If RPZ is going to allow DNSSEC-signed domains to bypass the blocking process, manual blocking by the operator is still required, yes?
More information about the DNSfirewalls