Hi Daniel
Thank you for your feedback. This could be a solution.
It seems, that unbound can do this (not verified) and BIND-RPZ can't do
this actually:
https://serverfault.com/questions/18748/overriding-some-dns-entries-in-bind-for-internal-networks
Any plans for BIND?
Tom
On 12.11.18 08:14, Daniel Stirnimann wrote:
Hello Tom,
My feeded RPZ blocks othercompany.com and *.othercompany.com. Therefore
any qtype (MX, A, AAAA...) are blocked for this domain. Is there a way
with BIND just to whitelist the MX for othercompany.com and the
consequent A-Record (ex. mail.othercompany.com) that we are able to send
mail to othercompany.com?
If the action of your RPZ policy is a CNAME redirecting the user to a
walled garden and that walled garden runs an MTA you could configure it
as a relay server.
We have a similar setup where the MTA on the walled garden rejects the
email so that the sending MTA immediately gets a feedback.
Daniel
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
