[RPZ] Which 'options' section does the RPZ config go in?
Alan Doherty
dnsrpz at alandoherty.net
Fri Mar 29 22:24:52 UTC 2013
At 21:41 29/03/2013 Friday, ixloran at sent.at wrote:
>>From what I understand the zone provider you're using PUSHES the updates
>as master to your slave. I thought the "allow-transfer" is what's
>needed to allow/enable that push. No?
no with dns on an update to the masters zone
the master sends notifys (to those servers its configured to ONLY, i would guess RPZ providers do not send these to all external slaves)
on receiving a notify OR on a refresh (period defined in the soa of the zone)
(in the case of RPZ zones the most likely)
a slave/secondary server initiates an axfr or ixfr , pull of the zone
so basically your server would pull only (unless other downstream internals wish to axfr/ixfr from it to save external bandwith)
>> as cricket said, the rpz configuration elements belong in your recursive view.
>
>OK. If I were to ever turn on recursive for BOTH internal & external
>views, would the config go best in EACH recursive view at that point?
>Or can I put it in the global options stanza?
in each
(but why you would want to resolve dns for the general public i dare not guess)
(as opposed to serving your own domains authoritivly)
>-Izzy
>_______________________________________________
>dnsrpz-interest mailing list
>dnsrpz-interest at lists.isc.org
>https://lists.isc.org/mailman/listinfo/dnsrpz-interest
More information about the DNSfirewalls
mailing list