Bind vs flood
Cathy Almond
cathya at isc.org
Fri Feb 28 20:28:56 UTC 2014
On 28/02/2014 17:57, Chris Buxton wrote:
> On Feb 28, 2014, at 2:12 AM, Jason Brown <jason.brown at kcom.com
> <mailto:jason.brown at kcom.com>> wrote:
>
>> But, it will respond with a valid response (your choice) and therefore
>> not create a servfail due to trying.. that’s my point.
>>
>> **
>>
>
> Nope. RPZ only alters responses as they're on their way back to the
> requestor. The query is still resolved normally first. It does not
> short-circuit recursion.
>
> Chris Buxton
FYI there's a new option being introduced in 9.10 that allows you to
apply RPZ rules ahead of recursion (you still need to know the names
that you want to rewrite though):
"qname-wait-recurse no;"
Cathy
More information about the bind-users
mailing list