Hi Wolfgang On Thu, Oct 08, 2015 at 11:25:14PM +0200, Wolfgang Riedel [CISCO] wrote: > Hi Folks, > > I am currently struggling with using RPZ for inserting or overriding TXT > resource records. > > This is my goal: > > ; do not rewrite www.cisco.com (so, PASSTHRU) and add or override > missing metadata > www.cisco.com CNAME rpz-passthru. > www.cisco.com TXT "CISCO-CLS=app-name:HTTP|app-class:TD" > > What work's is that I can do one or the other but not both at the same time > if I need to use a CNAME. > > This works: > > wolfgang.dns-as.org A 193.34.28.108 > wolfgang.dns-as.org TXT "CISCO-CLS=app-name:RPZ|app-class:TD" > > but in reality this will not work for CDN or load-balanced sites which don't > have fixed IP address. > > Any hint's what I am doing wrong?
You aren't doing anything wrong. Yours is a corner case.
I hope I understood what you're trying to do correctly: From the zone
comment, perhaps you want the TXT query type to return the TXT RDATA
you've supplied and everything else passthru to regular processing. It
can't be done as triggers don't use the question's TYPE field.
An alternative is to include all the RRs for that QNAME in the answer
(your second example). Yours is a weird case, because you can't use the
following in the policy zone which named wouldn't allow loading (it
won't allow CNAME to coexist):
www.cisco.com CNAME www.cisco.com.akadns.net.
www.cisco.com TXT "CISCO-CLS=app-name:HTTP|app-class:TD"
So using the A record (your second example) or adding triggers for the
target of the CNAME record chain are your best bet. As the latter
varies, perhaps the former for your region would be best.
Mukund
signature.asc
Description: PGP signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
