On Tue, Jan 22, 2019 at 9:41 AM Mik J via bind-users < bind-users@lists.isc.org> wrote:
> Hello, > > I tried to dissociate roles and have: > - 1 set of authoritative master/slave server > - 1 set of recursive servers > > For a zone that I owned, the "recursive" servers forwards the request to > the authoritative server. Otherwise the server resolves the query directly > on the Internet. > The authoritative servers hold my zones and recursion is disabled. > > I was reading about RPZ zones but it seems to me these are implemented on > authoritative servers ? > I'm interested in RPZ zone in order to intercept some queries aiming to > the internet youp*rn or wannacry. > > As I explained, my authoritative servers are not on the path to Internet, > only my forward servers are, should I implement the RPZ functionality on > these forward only servers ? > > Any thoughts on this ? > > Thank you > The RPZ function only runs on the Recursive DNS servers. The RPZ zone could be mastered on an Authoritative server, but it should not be visible to the public. Better to keep it only on internal servers, like only on the resolvers. -- Bob Harold
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
