[RPZ] Promoting RPZ: feedback request

Patrick, Robert (CONTR) Robert.Patrick at hq.doe.gov
Fri Jun 28 03:43:25 UTC 2013

Yes, break-dnssec as an option for RPZ looks like a winner.


> Until the optional "recursive-only yes" phrase was added to the
> "response-policy{}" statement, RPZ would affect only unsigned responses.
> Server operators who want to rewrite DNSSEC signed responses can
> now do so by adding "break-dnssec yes;".

More information about the DNSfirewalls mailing list