Since one of the corner cases where RPZ is used is for mitigation of failures of legitimate resources, I have a question...

On Sat, 8 Apr 2023, Ondřej Surý wrote: is currently broken - I am guessing this is the reason why are you 
trying to rewrite the answers.

RPZ does try to resolve the name first, and it fails, so there’s nothing to 

Does this mean that in the default configuration an e.g. A record in an RPZ overriding brokenness in the global DNS with a QNAME override might fail due to the same brokenness? As far as I know I've never experienced that.

Going forward, what is anticipated to be the proper configuration for that scenario?



Fred Morris
Visit to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at for more information.

bind-users mailing list

Reply via email to