On Fri, Feb 28, 2014 at 09:38:23PM +0000, Phil Mayers wrote: > I think Chris is right here. IIRC even qname policies perform an upstream > query - we've seen this reflected in response times. > > I don't know what it does for servfail but it would certainly be > reasonable to pass them unchanged. Remember rpz is deliberately limited.
As Cathy mentioned, it's possible to bypass the recursion in RPZ now. The feature is in the rpz2 patches, which are included with BIND 9.10 and are also built into some packaged versions of BIND. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
