Limit Wildcard Entry with RPZ?

Stelzner, Tore tore.stelzner at
Mon Apr 23 09:07:14 UTC 2018

a department would like to use the application Sandstorm. This application needs a wildcard DNS entry. But with this every hostname would get an IP address, even such an entry as "we-dont-like-to-work-here". It seems to be possible to set a prefix to the random hostname created by Sandstorm (like "sandstorm-*").

And now to my questions:
- Would it be possible to limit the possible hostnames to something like "sandstorm-[a-z0-9]{32}" with a RPZ rule?
- Would DNSSEC still be possible?

Even so I read a lot about RPZ in this mailinglist I never used it myself so far. But I will start my investigation now.
Thank you, Tore

Tore Stelzner
Technische Universität Darmstadt, Kommunikationssysteme
Hochschulrechenzentrum, Hochschulstr. 1, 64289 Darmstadt
Tel. +49 6151 16-71037, Fax +49 6151 16-71188,

More information about the bind-users mailing list