On Wed, Apr 20, 2022 at 8:39 AM William Herrin <b...@herrin.us> wrote: > On Wed, Apr 20, 2022 at 8:00 AM Antonia Affinito > <antoniaaffinit...@gmail.com> wrote: >> >> I noticed that, in case of a malicious domain name, some local resolvers >> send an NXDOMAIN and others a courtesy page address. Do you know if the >> resolvers (for example TIM, Wind or Fastweb) can return an NXDomain in order >> to protect their clients? > > From a network engineering perspective, any resolver that responds to an > authoritative NXDOMAIN by generating an address for a courtesy page -is- the > malicious actor. Doubly so if they lie about the DNSSEC status in the > response.
Nevermind; I misunderstood your question. The domain name exists but the resolver has blocked it. How should the resolver alter its response: NXDOMAIN or the IP address of a courtesy web page explaining the block. Regards, Bill Herrin -- William Herrin b...@herrin.us https://bill.herrin.us/
