Clarification on what DNS is...
On Sun, 25 Aug 2019, m3047 wrote:
On Sat, 24 Aug 2019, J Doe wrote:
[...] Is it possible to re-write a response on a reverse lookup ? For
instance, if I considered example.com a “bad domain”, can I write a RPZ
policy so that a reverse lookup of IP’s that map to example.com fails or
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
is blocked ?
[...]
proposed actions local in scope? Do you run a local passive DNS oracle?)
Strictly speaking, in DNS-speak the "reverse lookup of an IP..." is a PTR
lookup. The "reverse lookup of an IP mapping to example.com" is doing a
PTR lookup and matching it against example.com. I could be wrong
generally, but at least none of the RPZ features which I use generate
additional DNS traffic; an RPZ implementation which did would exceed my
personal threshold of least surprise.
You might consider taking discussion of this to the RPZ interest list or
searching the archives: http://lists.redbarn.org/mailman/listinfo/dnsfirewalls
--
Fred Morris
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
