- Original Message -
From: Lawrence K. Chen, P.Eng. lkc...@ksu.edu
... So, being able to filter out these 'bad' things when responding
queries against that data might be a good thing.
RPZ might be used for such things. However, by design RPZ rewrites
entire responses. It is
From: Lawrence K. Chen, P.Eng. lkc...@ksu.edu
First thing that got my attention was that The rules encoded in a
response policy zone (RPZ) are applied only to responses to queries
that ask for recursion. But, these are authoritative only nameservers
So, would RPZ work in this case?
King, Harold Clyde (Hal) h...@utk.edu wrote:
Is there an option for bind like the allow-recursion { network-acl }
For blocking out going records of 10.0.0.0/8 and 192.168.0.0/16 so I could do
a view like:
I'm not sure what you mean by blocking out going records but there are a
couple of
On Mar 14, 2013, at 3:29 AM, Tony Finch wrote:
King, Harold Clyde (Hal) h...@utk.edu wrote:
Is there an option for bind like the allow-recursion { network-acl }
For blocking out going records of 10.0.0.0/8 and 192.168.0.0/16 so I could
do a view like:
I'm not sure what you mean by
On 14 Mar 2013, at 15:57, Chris Buxton wrote:
No, I'm pretty sure the OP wants to strip records from responses if the
records are A records referring to private address space (RFC 1918).
I've no idea how you would do this.
Other than separate views, with a trimmed zone in the
On Mar 14, 2013, at 9:07 AM, Niall O'Reilly wrote:
On 14 Mar 2013, at 15:57, Chris Buxton wrote:
No, I'm pretty sure the OP wants to strip records from responses if the
records are A records referring to private address space (RFC 1918).
I've no idea how you would do this.
On 14 Mar 2013, at 16:22, Chris Buxton wrote:
Well, yes, if the server in question is authoritative for all the data in
question. But if it's just a resolver, that may be more difficult.
Fair comment.
I was (perhaps naïvely) being led by my aversion to open resolvers
Is there an option for bind like the allow-recursion { network-acl }
For blocking out going records of 10.0.0.0/8 and 192.168.0.0/16 so I could do a
view like:
View outsiders {
block-private { other-networks };
…
}
Thanks!
--
Hal King - h...@utk.edumailto:h...@utk.edu
Systems Administrator
8 matches
Mail list logo
