You need BIND 9.14.0 or later.
5177. [func] Add the ability to specify in named.conf whether a
response-policy zone's SOA record should be added
to the additional section (add-soa yes/no). [GL #865]
That said the rpz SOA is “unrelated” to the query so it doesn’t belong in the
authority section as there is no automated way to process it. Additionally
the server is permitted to put anything it thinks may be useful in the
additional
section.
RFC 1034, 4.3.2. Algorithm
6. Using local data only, attempt to add other RRs which may be
useful to the additional section of the query. Exit.
Also why is the machine getting a rpz modified response in the first place?
Mark
> On 30 Nov 2019, at 00:16, Ict Security <ict.security....@gmail.com> wrote:
>
> Dear guys,
>
> we use RPZ zone in Bind 9 to protect some users against possible
> malwares and to force Google safe search changing resolution to
> Google's safe IP address server.
>
> We have an industrial machine which, for some reason, if "complaining"
> about the SOA information, visible in the additional info of the DNS
> query.
>
> Is it possible to obfuscate/remove the SOA information for a specific RPZ
> zone?
>
> Thank you so much,
> Frank
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
