use RPZ to override AAAA record

[Nick Tait]

On 08/11/2025 13:11, Lee wrote:
> On Fri, Nov 7, 2025 at 3:53 PM Crist Clark wrote:
>> I still don't understand why an RPZ entry of,
>>
>> 10.zz.fe80. IN CNAME *.
>>
>> Doesn't work for you.
> First
>>> DiG 9.10.6
> are you really running a 9.10 version of bind?!
>
> second,
> because it's missing rpz-ip?
>
> I've got
>
> ; return NXDOMAIN for any ipv6 link local address answer
> 10.zz.fe80.rpz-ip       CNAME   .       ;  FE80::/10
>
> and it doesn't work for me 🙁

This works for me (BIND 9.20.11):

10.zz.fe80.rpz-ip IN CNAME *.

(You need to rewrite using NODATA, rather than NXDOMAIN.)

Nick.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20251109/04b77ec4/attachment.htm>