Re: Queries regarding forwarders

Grant Taylor via bind-users Thu, 09 Aug 2018 12:03:25 -0700

On 08/09/2018 01:01 AM, Lee wrote:

yes, it works just fine


Good.

it does, so you have to flag your local zones as rpz-passthru.  eg:
*.home.net              CNAME   rpz-passthru.
localhost               CNAME   rpz-passthru.
8.0.0.0.127.rpz-ip      CNAME   .       ;  127.0.0.0/8
8.0.0.0.10.rpz-ip       CNAME   .       ;   10.0.0.0/8
12.0.0.16.172.rpz-ip    CNAME   .       ;  172.16.0.0/12
16.0.0.168.192.rpz-ip   CNAME   .       ;  192.168.0.0/16

That makes sense. RPZ would filter the private IPs by default, but zones with said records can be told to not be blocked by RPZ.


Thank you for the clarification Lee.



--
Grant. . . .
unix || die

smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Queries regarding forwarders

Reply via email to