> Can you point to where in the docs/ARM/wiki/whatever it says that? Found it!
ftp://ftp.isc.org/isc/bind9/9.11.2b1/doc/arm/Bv9ARM.ch06.html Response Policy Zone (RPZ) Rewriting BIND 9 includes a limited mechanism to modify DNS responses for requests analogous to email anti-spam DNS blacklists. Responses can be changed to deny the existence of domains (NXDOMAIN), deny the existence of IP addresses for domains (NODATA), or contain other IP addresses or data. Response policy zones are named in the response-policy option for the view or among the global options if there is no response-policy option for the view. Response policy zones are ordinary DNS zones containing RRsets that can be queried normally if allowed. It is usually best to restrict those queries with something like allow-query { localhost; };. Note that zones using masterfile-format map cannot be used as policy zones. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I paid attention to the "Response policy zones are ordinary DNS zones", thought that meant 'in all ways', and didn't read on apparently :-/ AC _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
