RPZ Question

Mukund Sivaraman muks at isc.org
Thu Apr 16 17:40:21 UTC 2015

Hi Bob

On Thu, Apr 16, 2015 at 12:26:41PM -0500, Bob McDonald wrote:
> I'm using RPZ to return "fake" addresses for hosts. Although it seems
> to work well for A records, I'm questioning the way it processes CNAME
> records.
> Shown below is the output from DIG. Both records are in RPZ. However,
> you'll notice that the first DIG returns a NXDOMAIN response.  The CNAME
> target is also in RPZ (As shown in the second DIG)
> Is this normal behaviour?

Please send the contents of your policy zones, and their order in

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150416/57676c64/attachment.bin>

More information about the bind-users mailing list