Special-use names and RPZ
Lee
ler762 at gmail.com
Wed May 15 01:54:40 UTC 2024
On Tue, May 14, 2024 at 2:34 PM John Thurston wrote:
>
> There are several 'special-use' domain names I'm pondering
>
> invalid.
> test.
> onion.
>
> My read of the RFCs indicate they should result in NXDOMAIN, and not be passed for resolution.
>
> RFC 6761 (test. Section 6.2.4 / invalid. Section 6.4.4)
>
> caching DNS servers SHOULD, by default, generate immediate negative responses for all such queries.
>
> RFC 7686 (onion. Section 2.4)
>
> where not explicitly adapted to interoperate with Tor, SHOULD NOT attempt to look up records for .onion names. They MUST generate NXDOMAIN for all such queries.
>
> Is there some reason these should not just be hammered into our RPZ ?
If RFCspeek SHOULD and SHOULD NOT mean "do whatever you feel like doing"
(ref RFC 2119 Key words for use in RFCs to Indicate Requirement Levels)
So if you feel like adding them to your RPZ file go right ahead :)
Regards,
Lee
More information about the bind-users
mailing list