[RPZ] Promoting RPZ: feedback request
Fred Morris
m3047 at m3047.net
Fri Jun 28 17:04:59 UTC 2013
On Fri, 28 Jun 2013, Vernon Schryver wrote:
> [...] Users
> who find that their recursive server operator lies too much (has too
> many or the wrong RPZ records) should change recursive servers.
Or run their own. ;-)
BIND really doesn't lie, it tells you exactly what's going on, just look
at the SOA in the Authority section:
m3047 at athena:/etc/namedb> dig info.dulceleloir.com.ar
; <<>> DiG 9.9.2-P1 <<>> info.dulceleloir.com.ar
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26288
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;info.dulceleloir.com.ar. IN A
;; AUTHORITY SECTION:
foo.nx.rpz.example.net. 600 IN SOA DEV.NULL.
ACCOUNT_MANAGEMENT.EXAMPLE.COM. 51353 900 300 86400 600
;; Query time: 2192 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jun 28 09:49:17 2013
;; MSG SIZE rcvd: 159
... where foo.nx.rpz.example.net is the RPZ (the *zone*).
--
Fred Morris
More information about the DNSfirewalls
mailing list