Admittedly, since I'm writing software to do "off label" stuff with DNS I
make mistakes. But I have seen things along this line (interactions
between RPZ and regular resolution in the context of "broken" domains): in
some cases it has seemed impossible to ameliorate / mitigate SERVFAIL
utilizing RPZ.
I'll try to pay more attention and see if I can isolate a test case if the
problem recurs. (I was kind of hoping someone would have a solution!)
--
Fred Morris
On Fri, 16 Jun 2023, Crist Clark wrote:
That should return a NXDOMAIN. Returning SERVFAIL is never a normal RPZ
action. Something is wrong with your configuration.
On Fri, Jun 16, 2023 at 1:39 PM <sami.ra...@sofrecom.com> wrote:
For monitoring reasons I try to change the return code of a domain name
from "SERVFAIL" to "NXDOMAIN" with the rpz classic configuration of
BIND9.16.42 as follows:
example.com IN CNAME.
*.example.com IN CNAME .
But it still doesn't work, I still have the message " SERVFAIL", is it
feasible or not please ?
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
