Hi all We maintain a block list with RPZ on our BIND resolvers. I noticed that the RPZ policy action does not apply for domain names which SERVFAIL (i.e. cannot be resolved by the resolver because of a timeout, lame delegation etc.).
This happens on both BIND 9.11.0rc1 and 9.9.9-P2. Our default RPZ policy is to redirect to a landing page. This has the advantage that we can log additional information. If the RPZ policy does not take place, we lose this information. Example domain name which servfails. Dead CnC secpressnetwork[.]com [1] Is this a bug in the RPZ processing or is there a logical explanation I'm missing? Daniel [1] https://www.proofpoint.com/tw/threat-insight/post/panda-banker-new-banking-trojan-hits-the-market _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
