use RPZ to override AAAA record
Evan Hunt
each at isc.org
Thu Nov 6 19:05:35 UTC 2025
On Thu, Nov 06, 2025 at 05:45:55PM +0100, Matus UHLAR - fantomas wrote:
> RPZ looks like possibility to do that, I'm just trying to find best way
I don't know a way to use RPZ in BIND to pass through the A respones from
the original authority, but block AAAA. RPZ works on the level of the
name, not the type.
But, you could set up an RPZ that answers for soratool.ch, and only
has an A record. Queries for AAAA (and any other type) would then get
NODATA responses:
| $TTL 3600
| @ IN SOA @ hostmaster 1 3600 3600 604800 86400
| @ IN NS .
| soratool.ch IN A 160.85.67.44
Note that if they change their address at some point, you'll have to
update the RPZ as well.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list