Re: replace "SERVFAIL" to "NXDOMAIN" with rpz
8. Configuration Reference — BIND 9 9.18.13 documentationbind9.readthedocs.ioI would certainly recommend reading the docs… especially the sections on break-dnssec and qname-wait-recurse.--Ondřej Surý — ISC (He/Him)My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.On 17. 6. 2023, at 6:40, Fred Morris wrote:Admittedly, since I'm writing software to do "off label" stuff with DNS I make mistakes. But I have seen things along this line (interactions between RPZ and regular resolution in the context of "broken" domains): in some cases it has seemed impossible to ameliorate / mitigate SERVFAIL utilizing RPZ.I'll try to pay more attention and see if I can isolate a test case if the problem recurs. (I was kind of hoping someone would have a solution!)--Fred MorrisOn Fri, 16 Jun 2023, Crist Clark wrote:That should return a NXDOMAIN. Returning SERVFAIL is never a normal RPZaction. Something is wrong with your configuration.On Fri, Jun 16, 2023 at 1:39 PM wrote:For monitoring reasons I try to change the return code of a domain namefrom "SERVFAIL" to "NXDOMAIN" with the rpz classic configuration ofBIND9.16.42 as follows:example.com IN CNAME.*.example.com IN CNAME .But it still doesn't work, I still have the message " SERVFAIL", is itfeasible or not please ?-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this listISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.bind-users mailing listbind-users@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: replace "SERVFAIL" to "NXDOMAIN" with rpz
Admittedly, since I'm writing software to do "off label" stuff with DNS I make mistakes. But I have seen things along this line (interactions between RPZ and regular resolution in the context of "broken" domains): in some cases it has seemed impossible to ameliorate / mitigate SERVFAIL utilizing RPZ. I'll try to pay more attention and see if I can isolate a test case if the problem recurs. (I was kind of hoping someone would have a solution!) -- Fred Morris On Fri, 16 Jun 2023, Crist Clark wrote: That should return a NXDOMAIN. Returning SERVFAIL is never a normal RPZ action. Something is wrong with your configuration. On Fri, Jun 16, 2023 at 1:39 PM wrote: For monitoring reasons I try to change the return code of a domain name from "SERVFAIL" to "NXDOMAIN" with the rpz classic configuration of BIND9.16.42 as follows: example.com IN CNAME. *.example.com IN CNAME . But it still doesn't work, I still have the message " SERVFAIL", is it feasible or not please ? -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: replace "SERVFAIL" to "NXDOMAIN" with rpz
That should return a NXDOMAIN. Returning SERVFAIL is never a normal RPZ action. Something is wrong with your configuration. On Fri, Jun 16, 2023 at 1:39 PM wrote: > > > Hello > > For monitoring reasons I try to change the return code of a domain name > from "SERVFAIL" to "NXDOMAIN" with the rpz classic configuration of > BIND9.16.42 as follows: > > example.com IN CNAME. > > *.example.com IN CNAME . > > But it still doesn't work, I still have the message " SERVFAIL", is it > feasible or not please ? > > Kind regards > > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
replace "SERVFAIL" to "NXDOMAIN" with rpz
Hello For monitoring reasons I try to change the return code of a domain name from "SERVFAIL" to "NXDOMAIN" with the rpz classic configuration of BIND9.16.42 as follows: example.com IN CNAME. *.example.com IN CNAME . But it still doesn't work, I still have the message " SERVFAIL", is it feasible or not please ? Kind regards -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
