[DNSfirewalls] Drop queries for root (.) is it possible?

ko-zu causeless at gmail.com
Thu May 22 12:58:47 UTC 2014


Hi,

I'm trying to drop queries for root s.t. "dig . ANY".  Most of
resolvers do not need such queries.

There is rpz-drop policy in RPZ2 patch but
@ CNAME rpz-drop.
cannot be used as valid zone apex cannot be cname.

*.root-servers.net.rpz-nsdname CNAME rpz-drop.
also do not work. rpz-nsdname trigger requires atleast one label.

Is there any way to use rpz2 policies on root?


Thanks,
ko-zu <causeless at gmail.com>


More information about the DNSfirewalls mailing list