[DNSfirewalls] A non RPZ DNS firewall question
Fred Morris
m3047 at m3047.net
Sat Jul 30 02:51:44 UTC 2022
On Fri, 29 Jul 2022, Francis Turner via DNSfirewalls wrote:
> At least I don’t think it’s an RPZ question because I don’t believe it is part of the spec.
Agree with Paul, although policywise it makes sense I think the spec was
guided by technical constraints.
(I suspect Francis knows this) you can set up an RPZ to return records of
a certain type if that type is queried for.
> Is it possible in Bind or other DNS servers to filter based on RRTYPE e.g. always replying NXDOMAIN to TXT queries or for that
> matter to other arbitrary TYPEXX queries?
This actually doesn't sound like eye-rollingly bad deep packet inspection
to me. Why not just route them to a properly bodged server behind the
"load balancer" (that would be the place to use RPZ)?
--
Fred Morris
More information about the DNSfirewalls
mailing list