RPZ and negative answers
Noel Butler
noel.butler at ausics.net
Fri Apr 5 07:05:17 UTC 2013
On Fri, 2013-04-05 at 08:51 +0200, Torsten Segner wrote:
> $TTL 43200
> @ IN SOA a.prim-ns.de. hostmaster.de.easynet.net. (
> 2012041802 ;
> 28800 ;
> 7200 ;
> 604800 ;
> 1200 ;
> )
>
> IN NS localhost.
>
> subdomain.domain.de 60 A 172.26.30.231
>
>
>
>
>
> The above setting is rewriting NXDOMAIN answers for subdomain.domain.de to the above IP address while every other host still has the information of the customers outside zone.
>
> Am I doing something substantially wrong here RPZ wise?
>
to cover the domain and its sub domains you need to enter it twice, once
as absolute and once as dot.domain
using your example it would then be:
subdomain.domain.de 60 A 172.26.30.231
.subdomain.domain.de 60 A 172.26.30.231
or if you want higher,
domain.de 60 A 172.26.30.231
.domain.de 60 A 172.26.30.231
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130405/d78de60f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130405/d78de60f/attachment-0001.bin>
More information about the bind-users
mailing list