[DNSfirewalls] Offlabel use: suppressing backscatter and leakage, tracking misbehaving devices

m3047 m3047 at m3047.net
Tue Nov 19 17:09:18 UTC 2019

(In regards to using RPZ to track / block attempts to resolve things like 

I see some other practical person discovered it as well... (*waves* 
towards Vadim)

On Mon, 18 Nov 2019, Paul Vixie wrote:
> fred, this is brilliant. i've long wished that postfix (the smtp server) 
> would call res_query rather than res_search, but this is a "wontfix" due to 
> portability concerns. solving this with RPZ is a brilliant idea and i hope 
> you will blog it somewhere so that dnsrpz.info can link to it. --paul

Paul, I don't really blog, outside of the occasional post on LinkedIn or 
Hacker News. ;-) I don't have a blog.

I know Farsight has a blog, and I used to work for Farsight, and I enjoyed 
playing with the NX SIE channel (which helped make me aware of the scope 
of the issue). May I interest you in a guest blog post? Or maybe Vadim 
will oblige?

Regarding postfix, I'm trying to improve email, too. Good point. However I 
was thinking about web browsers and a particular wifi repeater which has 
been possessed by the devil since I first plugged it in. I'm glad I 
brought this up!



More information about the DNSfirewalls mailing list