On Tue, Feb 24, 2015 at 03:30:01PM -0800, Crist Clark wrote: > I am seeing that even with a zone included in an RPZ, the BIND server is > still going out to the Internet to resolve the name. I was hoping the RPZ > entry would stop processing short of that.
That's so named doesn't leak policy information by changing its upstream behavior. To an authoritative server, named seems to do the same thing whether it's running RPZ or not. In BIND 9.10, the "qname-wait-recurse" option was added to override this behavior. > BIND 9.9.2. BIND 9.9.2 is extremely outdated. 9.9.7 will be published this week. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
