DNS Blackholing

Phil Mayers p.mayers at imperial.ac.uk
Wed Dec 5 09:11:50 UTC 2012


On 12/05/2012 06:10 AM, Nick Edwards wrote:
> Hi All,
>
> Is there a way for RPZ zone file to act on  domain AND subdomains
> without using two separate entries?
>
> At present I can only get them to match on one or the other unless I do
> example.com        blah
> *.example.com      blah
>
> I'm sure I've missed the obvious, but thought I'd ask

I don't think so. I think you need two entries.

AFAICT the expectation is that (much) higher-level tooling will be used 
to generate and update the RPZ zonefile, and handle the expansion of 
"name-or-suffix" into two entries.



More information about the bind-users mailing list