Re: Selective resolution in a corporate environment

2013-02-05 Thread Phil Mayers
On 05/02/13 15:16, funky monkey wrote: But to get back to what I'm often asked for, more as a tactical solution, is there any way of being able to subvert specific DNS names with alternate responses, whilst leaving the rest of the resolution to be obtained in the normal way - I know that

Re: Selective resolution in a corporate environment

2013-02-05 Thread Emil Natan
Look for my answer below. On Tue, Feb 5, 2013 at 5:16 PM, funky monkey wongsky.mon...@gmail.comwrote: One of my responsibilities has been general DNS (across platform) expertise in the organisation I currently work for. Over a fair amount of time, one thing that's repeatedly cropped up, has

Re: Selective resolution in a corporate environment

2013-02-05 Thread funky monkey
sorry, left the subject blank on my previous reply From: Phil Mayers p.may...@imperial.ac.uk To: bind-users@lists.isc.org, Date: 05/02/2013 15:26 Subject: Re: Selective resolution in a corporate environment On 05/02/13 15:16, funky monkey wrote: But to get back to what I'm often asked

Re: Selective resolution in a corporate environment

2013-02-05 Thread Phil Mayers
On 05/02/13 15:36, funky monkey wrote: Could you sandwich that in a forwarding chain - say have a bind 9.compliant version in between your normal forwarders to internet, and does it just look fo rthe entries you've specified as either alternate data or does not exist, but otherwise, carries on

Re: Selective resolution in a corporate environment

2013-02-05 Thread funky monkey
From: Phil Mayers p.may...@imperial.ac.uk To: bind-users@lists.isc.org, Date: 05/02/2013 15:44 Subject: Re: Selective resolution in a corporate environment On 05/02/13 15:36, funky monkey wrote: Could you sandwich that in a forwarding chain - say have a bind 9.compliant version

RE: Selective resolution in a corporate environment

2013-02-05 Thread Shawn Bakhtiar
Subject: Re: Selective resolution in a corporate environment From: wongsky.mon...@gmail.com To: bind-users@lists.isc.org From: Phil Mayers p.may...@imperial.ac.uk To: bind-users@lists.isc.org, Date: 05/02/2013 15:44 Subject: Re: Selective resolution in a corporate environment On 05/02/13 15:36

RE: Selective resolution in a corporate environment

2013-02-05 Thread Vernon Schryver
From: Shawn Bakhtiar shashan...@hotmail.com (about RPZ) IMHO (and I am really nobody) THIS IS WRONG! BAD BAD BAD! Your giving compa= nies the ability to selective lie about DNS without the end user knowing it= . Unfortunately (and I have the heights and greatest respect for Paul) but =

Re: Selective resolution in a corporate environment

2013-02-05 Thread Evan Hunt
IMHO (and I am really nobody) THIS IS WRONG! BAD BAD BAD! Your giving compa= nies the ability to selective lie about DNS without the end user knowing it= Unless DNSSEC is in use, in which case the end user can figure it out, so RPZ doesn't bother lying. (I've wished before that there were

Re: Selective resolution in a corporate environment

2013-02-05 Thread Vernon Schryver
From: Evan Hunt e...@isc.org IMHO (and I am really nobody) THIS IS WRONG! BAD BAD BAD! Your giving compa= nies the ability to selective lie about DNS without the end user knowing it= Unless DNSSEC is in use, in which case the end user can figure it out, so RPZ doesn't bother lying.