[DNSfirewalls] Drop queries for root (.) is it possible?
causeless at gmail.com
Wed May 21 18:05:20 UTC 2014
I'm trying to drop queries for root s.t. "dig . ANY". Most of
resolvers do not need such queries.
There is rpz-drop policy introduced in RPZ2 patch but
@ CNAME rpz-drop.
cannot be used as valid zone apex cannot be cname.
*.root-servers.net.rpz-nsdname CNAME rpz-drop.
also do not work. rpz-nsdname trigger requires atleast one label.
Is there any way to use rpz2 policies on root?
ko-zu <causeless at gmail.com>
More information about the DNSfirewalls