RPZ Question

Bob McDonald Thu, 16 Apr 2015 10:28:07 -0700

I'm using RPZ to return "fake" addresses for hosts. Although it seems to
work well for A records, I'm questioning the way it processes CNAME records.


Shown below is the output from DIG. Both records are in RPZ. However,
you'll notice that the first DIG returns a NXDOMAIN response.  The CNAME
target is also in RPZ (As shown in the second DIG)

Is this normal behaviour?

I'd also like to know if it's possible to generate "fake" resposes for MX,
NS, and/or SRV records.

Regards,

Bob

operator@sapphire-x5-agent:/home/operator >/opt/incontrol/dns/bin/dig @
127.0.0.1 www.arqiva.com.

; <<>> DiG 9.9.6-P2 <<>> @127.0.0.1 www.arqiva.com.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64951
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.arqiva.com.                        IN      A

;; ANSWER SECTION:
www.arqiva.com.         28800   IN      CNAME   www.arqiva-integration.com.

;; AUTHORITY SECTION:
com.                    361     IN      SOA     a.gtld-servers.net.
nstld.verisign-grs.com. 1429203602 1800 900 604800 86400

;; Query time: 90 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Apr 16 13:09:19 EDT 2015
;; MSG SIZE  rcvd: 153

operator@sapphire-x5-agent:/home/operator >/opt/incontrol/dns/bin/dig @
127.0.0.1 www.arqiva-integration.com.

; <<>> DiG 9.9.6-P2 <<>> @127.0.0.1 www.arqiva-integration.com.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 506
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.arqiva-integration.com.    IN      A

;; ANSWER SECTION:
www.arqiva-integration.com. 28800 IN    A       83.138.41.100

;; AUTHORITY SECTION:
rpz-zone02.             28800   IN      NS      sapphire-agent-00.pcn.local.
rpz-zone02.             28800   IN      NS      sapphire-x5-agent.pcn.local.

;; Query time: 87 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Apr 16 13:16:50 EDT 2015
;; MSG SIZE  rcvd: 154

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RPZ Question

Reply via email to