Bind vs flood
Evan Hunt
each at isc.org
Fri Feb 28 21:47:21 UTC 2014
On Fri, Feb 28, 2014 at 09:38:23PM +0000, Phil Mayers wrote:
> I think Chris is right here. IIRC even qname policies perform an upstream
> query - we've seen this reflected in response times.
>
> I don't know what it does for servfail but it would certainly be
> reasonable to pass them unchanged. Remember rpz is deliberately limited.
As Cathy mentioned, it's possible to bypass the recursion in RPZ now.
The feature is in the rpz2 patches, which are included with BIND 9.10
and are also built into some packaged versions of BIND.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list