Re: Blocking private addresses with a optionq

> From: "Lawrence K. Chen, P.Eng." > First thing that got my attention was that "The rules encoded in a > response policy zone (RPZ) are applied only to responses to queries > that ask for recursion". But, these are authoritative only nameservers > So, would RPZ work in this case? This is s

Re: Blocking private addresses with a optionq

- Original Message - > > From: "Lawrence K. Chen, P.Eng." > > > ... So, being able to filter out these 'bad' things when responding > > queries against that data might be a good thing. > > RPZ might be used for such things. However, by design RPZ rewrites > entire responses. It is tr

Re: Blocking private addresses with a optionq

> From: "Lawrence K. Chen, P.Eng." > ... So, being able to filter out these 'bad' things when responding > queries against that data might be a good thing. RPZ might be used for such things. However, by design RPZ rewrites entire responses. It is triggered by individual records in a response,

Re: Blocking private addresses with a optionq

- Original Message - > On Mar 14, 2013, at 3:29 AM, Tony Finch wrote: > > > King, Harold Clyde (Hal) wrote: > > > >> Is there an option for bind like the allow-recursion { > >> } > >> For blocking out going records of 10.0.0.0/8 and 192.168.0.0/16 so > >> I could do a view like: > >

Re: Blocking private addresses with a optionq

On 3/14/2013 6:29 AM, Tony Finch wrote: King, Harold Clyde (Hal) wrote: Is there an option for bind like the allow-recursion { } For blocking out going records of 10.0.0.0/8 and 192.168.0.0/16 so I could do a view like: I'm not sure what you mean by "blocking out going records" but there ar

Re: Blocking private addresses with a optionq

On 14 Mar 2013, at 16:22, Chris Buxton wrote: > Well, yes, if the server in question is authoritative for all the data in > question. But if it's just a resolver, that may be more difficult. Fair comment. I was (perhaps naïvely) being led by my aversion to open resolvers

Re: Blocking private addresses with a optionq

On Mar 14, 2013, at 9:07 AM, Niall O'Reilly wrote: > > On 14 Mar 2013, at 15:57, Chris Buxton wrote: > >> No, I'm pretty sure the OP wants to strip records from responses if the >> records are A records referring to private address space (RFC 1918). >> >> I've no idea how you would do this. >

Re: Blocking private addresses with a optionq

On 14 Mar 2013, at 15:57, Chris Buxton wrote: > No, I'm pretty sure the OP wants to strip records from responses if the > records are A records referring to private address space (RFC 1918). > > I've no idea how you would do this. Other than separate views, with a "trimmed" zone in the

Re: Blocking private addresses with a optionq

On Mar 14, 2013, at 3:29 AM, Tony Finch wrote: > King, Harold Clyde (Hal) wrote: > >> Is there an option for bind like the allow-recursion { } >> For blocking out going records of 10.0.0.0/8 and 192.168.0.0/16 so I could >> do a view like: > > I'm not sure what you mean by "blocking out going

Re: Blocking private addresses with a optionq

King, Harold Clyde (Hal) wrote: > Is there an option for bind like the allow-recursion { } > For blocking out going records of 10.0.0.0/8 and 192.168.0.0/16 so I could do > a view like: I'm not sure what you mean by "blocking out going records" but there are a couple of options that might do w

Blocking private addresses with a optionq

Is there an option for bind like the allow-recursion { } For blocking out going records of 10.0.0.0/8 and 192.168.0.0/16 so I could do a view like: View "outsiders" { block-private { }; … } Thanks! -- Hal King - h...@utk.edu Systems Administrator Office of Information T