On 3/24/22 3:50 PM, Carl Byington via bind-users wrote:
In general, the domain exists with a bunch of existing names - www, mail, etc. We just need to add one more (outbound) and tie it to the ip address of their outbound mail server. I don't want to take over their entire domain.
Fair enough. But there seems to be a disconnect.I was talking about adding a domain that is outbound.example.com. and put the A / AAAA records in that domain's apex. Thus you are only overriding outbound.example.com and nothing else in the example.com domain.
Rather than updating /etc/hosts on a bunch of customer mail servers, their dns server just zone transfers the rpz zone using notify/ixfr.
ACK Using standard zone transfers for RPZ(s) is one of the many features of RPZ.
And many times, their error is in an incorrect or missing PTR record, so /etc/hosts does not help there.
We must have different experiences and / or have used different MTAs. I've routinely been able to address one offs do to lack of PTR via /etc/hosts entries.
But this is one rpz file to maintain, rather than adding a few hundred zones to the dns servers.
Fair enough. -- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
