On 04/04/2013 12:50 AM, Chris Buxton wrote:
Thanks for the explanation. It seems to me this is a gap in coverage of RPZ -- the algorithm should be updated, in my opinion, to cover the case of a negative answer.
AIUI it's a deliberately limited mechanism aimed at preventing resolution of harmful domains; NODATA/NXDOMAIN rewriting has caused enough controversy in the recent past that I can understand there being reluctance to extend RPZ to do it.
Can you comment on the use-case? _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
