There are several 'special-use' domain names I'm pondering
* invalid.
* test.
* onion.
My read of the RFCs indicate they should result in NXDOMAIN, and not be
passed for resolution.
RFC 6761 (test. Section 6.2.4 / invalid. Section 6.4.4)
caching DNS servers SHOULD, by default, generate immediate negative
responses for all such queries.
RFC 7686 (onion. Section 2.4)
where not explicitly adapted to interoperate with Tor, SHOULD NOT
attempt to look up records for .onion names. They MUST generate
NXDOMAIN for all such queries.
Is there some reason these should not just be hammered into our RPZ ?
--
--
Do things because you should, not just because you can.
John Thurston 907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users