response-policy zones from spamhaus.org
Hans.Mayer at iiasa.ac.at
Mon Oct 9 11:38:41 UTC 2017
Many thanks for the hint.
My mistake: no dot at the end in the domain name for the passthru statement.
From: Tony Finch [mailto:dot at dotat.at]
Sent: Monday, October 9, 2017 12:09 PM
To: MAYER Hans <Hans.Mayer at iiasa.ac.at>
Cc: bind-users at isc.org
Subject: Re: response-policy zones from spamhaus.org
MAYER Hans <Hans.Mayer at iiasa.ac.at> wrote:
> I also tried to define these records in my own RPZ and hoping it has
> higher priorities.
It should work if you put your passthru RPZ before any blocking RPZs.
A tangential aside...
The ordering in a response-policy section can affect performance, as well as which policies take priority. I set `qname-wait-recurse no`, and I list RPZs that do not require recursion (because they only contain `qname` and `rpz-client-ip` triggers) before RPZs with unrestricted triggers.
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Fitzroy: Easterly or northeasterly 4 or 5 in southeast, otherwise variable 3 or 4. Slight or moderate. Fair. Good.
More information about the bind-users