On 05/02/13 15:16, funky monkey wrote:
But to get back to what I'm often asked for, more as a tactical solution, is there any way of being able to subvert specific DNS names with alternate responses, whilst leaving the rest of the resolution to be obtained in the normal way - I know that doesn't follow the normal looking for authority for a domain name, then asking the correct question there.
RPZ. It's present in bind 9.8 and 9.9, and can filter queries and responses to an (intentionally) limited degree.
Basically you define a response-policy statement in the config. That statement lists one or more zones e.g. "rpz.yoursite.org". Queries and answers are passed through that zone looking for specially formatted records, and answers rewritten or turned into NODATA/NXDOMAIN as required.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
