Queries regarding forwarders
Blason R
blason16 at gmail.com
Fri Aug 10 02:31:13 UTC 2018
Well this is valid when users are directly talking to RPZ servers. What if
there is one more resolver in between like Active Directory which itself
acts as a DNS server? In that case I believe you don't need to do that,
right?
On Fri, Aug 10, 2018 at 12:33 AM Grant Taylor via bind-users <
bind-users at lists.isc.org> wrote:
> On 08/09/2018 01:01 AM, Lee wrote:
> > yes, it works just fine
>
> Good.
>
> > it does, so you have to flag your local zones as rpz-passthru. eg:
> > *.home.net CNAME rpz-passthru.
> > localhost CNAME rpz-passthru.
> > 8.0.0.0.127.rpz-ip CNAME . ; 127.0.0.0/8
> > 8.0.0.0.10.rpz-ip CNAME . ; 10.0.0.0/8
> > 12.0.0.16.172.rpz-ip CNAME . ; 172.16.0.0/12
> > 16.0.0.168.192.rpz-ip CNAME . ; 192.168.0.0/16
>
> That makes sense. RPZ would filter the private IPs by default, but
> zones with said records can be told to not be blocked by RPZ.
>
> Thank you for the clarification Lee.
>
>
>
> --
> Grant. . . .
> unix || die
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180810/30be1682/attachment.html>
More information about the bind-users
mailing list