[RPZ] Which 'options' section does the RPZ config go in?

Vernon Schryver vjs at rhyolite.com
Sat Mar 30 02:48:09 UTC 2013


> From: ixloran at sent.at

> Is it safe to just let bind keep erroring out on these fails until the
> zone automagically returns?  Or is it best to disable that rpz zone
> policy for now?

I don't see any plausible harm from continuing to use an empty policy
zone that has never been used when it was not empty.  However, I assume
you had reasons for watching what happens when the policies start being
applied.  Things outside BIND might not work as expected when records
finally do appear in the zone.

If I had never used it before, I'd probably set an overriding PASSTHRU
response policy on the zone, but otherwise leave the configuration
unchanged in the expectation that data will eventually appear in the zone.


Vernon Schryver    vjs at rhyolite.com



More information about the DNSfirewalls mailing list