[DNSfirewalls] Can RPZ respond/filter the outbound query?
Paul Vixie
paul at redbarn.org
Mon Nov 28 03:09:28 UTC 2016
Davey Song(宋林健) wrote:
> I know RPZ is designed to provide alternate responses to inbound
> queries. Can RPZ respond or filter the outbound queries? I would like to
> apply action and trigger policy to the outbound queries. For example: to
> PASSTHRU or Drop all outbound queries whose qtype==2 and dst is
> ‘xx.xx.xx.xx’.
no. rpz is intended to control the response seen by the stub resolver,
it has no effect at all on the upstream query activities of the full
resolver ("recursive nameserver") which runs rpz and serves those stubs.
> I’m not sure I make the question clear. If RPZ does not fit for this,
> may I ask, is there any other tool can help ?
in BIND you would use the bogus-ns feature.
--
P Vixie
More information about the DNSfirewalls
mailing list