On Tue, May 14, 2024 at 2:34 PM John Thurston wrote: > > There are several 'special-use' domain names I'm pondering > > invalid. > test. > onion. > > My read of the RFCs indicate they should result in NXDOMAIN, and not be > passed for resolution. > > RFC 6761 (test. Section 6.2.4 / invalid. Section 6.4.4) > > caching DNS servers SHOULD, by default, generate immediate negative responses > for all such queries. > > RFC 7686 (onion. Section 2.4) > > where not explicitly adapted to interoperate with Tor, SHOULD NOT attempt to > look up records for .onion names. They MUST generate NXDOMAIN for all such > queries. > > Is there some reason these should not just be hammered into our RPZ ?
If RFCspeek SHOULD and SHOULD NOT mean "do whatever you feel like doing" (ref RFC 2119 Key words for use in RFCs to Indicate Requirement Levels) So if you feel like adding them to your RPZ file go right ahead :) Regards, Lee -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users