Special-use names and RPZ
John Thurston
john.thurston at alaska.gov
Tue May 14 18:34:16 UTC 2024
There are several 'special-use' domain names I'm pondering
* invalid.
* test.
* onion.
My read of the RFCs indicate they should result in NXDOMAIN, and not be
passed for resolution.
RFC 6761 (test. Section 6.2.4 / invalid. Section 6.4.4)
> caching DNS servers SHOULD, by default, generate immediate negative
> responses for all such queries.
RFC 7686 (onion. Section 2.4)
> where not explicitly adapted to interoperate with Tor, SHOULD NOT
> attempt to look up records for .onion names. They MUST generate
> NXDOMAIN for all such queries.
Is there some reason these should not just be hammered into our RPZ ?
--
--
Do things because you should, not just because you can.
John Thurston 907-465-8591
John.Thurston at alaska.gov
Department of Administration
State of Alaska
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240514/2e981ded/attachment.htm>
More information about the bind-users
mailing list