[DNSfirewalls] Offlabel use: suppressing backscatter and leakage, tracking misbehaving devices
m3047
m3047 at m3047.net
Tue Nov 19 17:09:18 UTC 2019
(In regards to using RPZ to track / block attempts to resolve things like
DONT-RESOLVE.COM.EXAMPLE.COM..)
I see some other practical person discovered it as well... (*waves*
towards Vadim)
On Mon, 18 Nov 2019, Paul Vixie wrote:
> fred, this is brilliant. i've long wished that postfix (the smtp server)
> would call res_query rather than res_search, but this is a "wontfix" due to
> portability concerns. solving this with RPZ is a brilliant idea and i hope
> you will blog it somewhere so that dnsrpz.info can link to it. --paul
Paul, I don't really blog, outside of the occasional post on LinkedIn or
Hacker News. ;-) I don't have a blog.
I know Farsight has a blog, and I used to work for Farsight, and I enjoyed
playing with the NX SIE channel (which helped make me aware of the scope
of the issue). May I interest you in a guest blog post? Or maybe Vadim
will oblige?
Regarding postfix, I'm trying to improve email, too. Good point. However I
was thinking about web browsers and a particular wifi repeater which has
been possessed by the devil since I first plugged it in. I'm glad I
brought this up!
--
Fred
More information about the DNSfirewalls
mailing list