Queries regarding forwarders
ler762 at gmail.com
Thu Aug 9 07:01:56 UTC 2018
On 8/9/18, Grant Taylor via bind-users <bind-users at lists.isc.org> wrote:
> On 08/08/2018 10:02 PM, Blason R wrote:
>> Due to the architecture since I have my internal DNS RPZ built I wanted
>> my other internal DNS servers should send traffic to RPZ server and
>> then RPZ would resolve on behalf of client.
> Speaking of PRZ and forwarding…
> Does anyone know off hand if BIND, with RPZ configured to filter answers
> that resolve to private IPs, can actually respond with private answers
> from a local authoritative zone?
yes, it works just fine
> My long standing fear is that RPZ would filter replies from local
> authoritative zones.
it does, so you have to flag your local zones as rpz-passthru. eg:
*.home.net CNAME rpz-passthru.
localhost CNAME rpz-passthru.
22.214.171.124.127.rpz-ip CNAME . ; 127.0.0.0/8
126.96.36.199.10.rpz-ip CNAME . ; 10.0.0.0/8
188.8.131.52.172.rpz-ip CNAME . ; 172.16.0.0/12
184.108.40.206.192.rpz-ip CNAME . ; 192.168.0.0/16
More information about the bind-users