On 28/02/2014 17:57, Chris Buxton wrote: > On Feb 28, 2014, at 2:12 AM, Jason Brown <jason.br...@kcom.com > <mailto:jason.br...@kcom.com>> wrote: > >> But, it will respond with a valid response (your choice) and therefore >> not create a servfail due to trying.. that’s my point. >> >> ** >> > > Nope. RPZ only alters responses as they're on their way back to the > requestor. The query is still resolved normally first. It does not > short-circuit recursion. > > Chris Buxton
FYI there's a new option being introduced in 9.10 that allows you to apply RPZ rules ahead of recursion (you still need to know the names that you want to rewrite though): "qname-wait-recurse no;" Cathy _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
