On Thu, Nov 06, 2025 at 05:45:55PM +0100, Matus UHLAR - fantomas wrote: > RPZ looks like possibility to do that, I'm just trying to find best way
I don't know a way to use RPZ in BIND to pass through the A respones from the original authority, but block AAAA. RPZ works on the level of the name, not the type. But, you could set up an RPZ that answers for soratool.ch, and only has an A record. Queries for AAAA (and any other type) would then get NODATA responses: | $TTL 3600 | @ IN SOA @ hostmaster 1 3600 3600 604800 86400 | @ IN NS . | soratool.ch IN A 160.85.67.44 Note that if they change their address at some point, you'll have to update the RPZ as well. -- Evan Hunt -- [email protected] Internet Systems Consortium, Inc. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.
