Hi Daniel,
Thank you very much!
It was exactly what I was looking for.
On Tue, Feb 12, 2019 at 4:03 PM Daniel Stirnimann <
daniel.stirnim...@switch.ch> wrote:
>
> Hello Alex,
>
> > Is this expected behaviour? Is there any way to make the server avoid
> > proceeding with the resolution, when the initial client requests is
> > blocked?
>
> Yes, this is expected behavior. You need "qname-wait-recurse no" to
> change the behavior:
>
> response-policy {
> zone "rpz-whitelist-lan";
> zone "rpz-blackhole";
> } qname-wait-recurse no;
>
> Be aware of the following limitation:
>
> > The option does not affect QNAME or client-IP triggers in policy
> > zones listed after other zones containing IP, NSIP and NSDNAME
> > triggers, because those may depend on the A, AAAA, and NS records
> > that would be found during recursive resolution.
> Source:
>
> https://ftp.isc.org/isc/bind9/9.10.3/doc/arm/Bv9ARM.ch06.html#Configuration_File_Grammar
>
> Daniel
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
