Queries regarding forwarders
blason16 at gmail.com
Fri Aug 10 02:31:13 UTC 2018
Well this is valid when users are directly talking to RPZ servers. What if
there is one more resolver in between like Active Directory which itself
acts as a DNS server? In that case I believe you don't need to do that,
On Fri, Aug 10, 2018 at 12:33 AM Grant Taylor via bind-users <
bind-users at lists.isc.org> wrote:
> On 08/09/2018 01:01 AM, Lee wrote:
> > yes, it works just fine
> > it does, so you have to flag your local zones as rpz-passthru. eg:
> > *.home.net CNAME rpz-passthru.
> > localhost CNAME rpz-passthru.
> > 188.8.131.52.127.rpz-ip CNAME . ; 127.0.0.0/8
> > 184.108.40.206.10.rpz-ip CNAME . ; 10.0.0.0/8
> > 220.127.116.11.172.rpz-ip CNAME . ; 172.16.0.0/12
> > 18.104.22.168.192.rpz-ip CNAME . ; 192.168.0.0/16
> That makes sense. RPZ would filter the private IPs by default, but
> zones with said records can be told to not be blocked by RPZ.
> Thank you for the clarification Lee.
> Grant. . . .
> unix || die
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users