On 28/02/2014 17:57, Chris Buxton wrote: > On Feb 28, 2014, at 2:12 AM, Jason Brown <[email protected] > <mailto:[email protected]>> wrote: > >> But, it will respond with a valid response (your choice) and therefore >> not create a servfail due to trying.. that’s my point. >> >> ** >> > > Nope. RPZ only alters responses as they're on their way back to the > requestor. The query is still resolved normally first. It does not > short-circuit recursion. > > Chris Buxton
FYI there's a new option being introduced in 9.10 that allows you to apply RPZ rules ahead of recursion (you still need to know the names that you want to rewrite though): "qname-wait-recurse no;" Cathy _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
