I'm attempting to set up a response policy zone on a pair of forwarders running BIND, version 9.8.1 on the master for the zone, and version 9.9.5 on the slave.
The forwarding requests are coming from a pair of Microsoft DNS servers, running Server 2012. If the Microsoft DNS server is configured to forward to the master, the clients get the correct responses, e.g. "evil.example.com" resolves to 127.0.0.1, just as I have it set up in the zone file for the RPZ. However, if the Microsoft DNS server is configured to use the slave server as a forwarder, the client gets an NXDOMAIN response. Clients that query the BIND servers (master or slave) directly get the correct 127.0.0.1 response. I've confirmed that changing the slave into a master for the RPZ fixes the problem. It seems like the Microsoft DNS servers for some reason don't regard the BIND server configured as a slave as authoritative, but I'm not sure why that might be. Any thoughts? -- Brock Sides philar...@gmail.com
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users