<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:"Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">At least I don’t think it’s an RPZ question because I don’t believe it is part of the spec.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Is it possible in Bind or other DNS servers to filter based on RRTYPE e.g. always replying NXDOMAIN to TXT queries or for that matter to other arbitrary TYPEXX queries? We have some customers who are seeing their public recursive DNS servers
being abused by queries of this sort. It’s possibly DDOS, it’s possible DNS Tunnelling, it may be some other abuse but either way they want it to stop – at least from certain users of their servers. Unfortunately neither they, nor I, can think of a good way
to do this<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Regards<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Francis<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="background:white"><b><span style="font-size:12.0pt;color:#595959">Francis Turner
</span></b><o:p></o:p></p>
<p class="MsoNormal" style="background:white"><span style="color:black">Threat STOP Global SE</span><o:p></o:p></p>
<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;color:#595959">JP Cell: +81-8080404701 | US Cell: +1-760-402-7676</span><o:p></o:p></p>
<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;color:#595959">Office: +1-760-542-1550 | Skype: francis.turner.threatstop<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;color:black"><a href="mailto:francis@threatstop.com"><span style="color:#0563C1">francis@threatstop.com</span></a> | </span><span style="color:black"><a href="http://www.threatstop.com/"><span style="font-size:12.0pt;color:#0070C0">www.threatstop.com</span></a></span><o:p></o:p></p>
<p class="MsoNormal" style="background:white"><b><span style="font-size:12.0pt;color:#595959">Weaponize Your Threat Intelligence</span></b><b><span style="font-size:12.0pt;color:black">
</span></b><o:p></o:p></p>
<p class="MsoNormal" style="background:white"><span style="color:black">“If You Don’t Build It, They Definitely Will Not Come” – P. Vixie</span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>