RPZ - how to modify NS records in answer?
John Horne
john.horne at plymouth.ac.uk
Fri Jun 21 16:11:02 UTC 2013
Hello,
Using BIND 9.9.3 I have been trying to do a little testing to see if we
can modify the response for NS records. I have a test server which is a
stealth secondary for our 'plymouth.ac.uk' zone. The name servers for
the zone are 'dns0.plymouth.ac.uk' and 'dns1.plymouth.ac.uk'.
So, 'dig plymouth.ac.uk ns' will show you the above two name servers in
the answer section as NS records. (It will include our two remote
secondaries as well.)
What I wanted to try and do was cause the reply to not show
'dns1.plymouth.ac.uk' at all. So the reply to the above 'dig' command
should answer with 'dns0.plymouth.ac.uk' and the two remote name
servers. However, trying to get RPZ to do that is causing me a problem.
My understanding is that RPZ can do this, but I just cannot seem to
configure the RPZ zone file to enable this. The zone file contains:
=====
$TTL 1H
@ SOA LOCALHOST. hostmaster.plymouth.ac.uk (1 1h
15m 30d 2h)
NS LOCALHOST.
dns1.plymouth.ac.uk.rpz-nsdomain CNAME *.
=====
However, the above seems to have no effect as the above 'dig' command
still returns both 'dns0' and 'dns1'. Likewise using just '.' as the
rdata made no difference.
So, I'm wondering what the RPZ zone file should contain to enable an NS
record to be omitted from the reply?
Thanks,
John.
--
John Horne, Plymouth University, UK
Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001
More information about the bind-users
mailing list