-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Thu, 2022-03-24 at 12:16 -0600, Grant Taylor via bind-users wrote: > What advantage does RPZ have in this case over just hosting the > domain(s) locally?
In general, the domain exists with a bunch of existing names - www, mail, etc. We just need to add one more (outbound) and tie it to the ip address of their outbound mail server. I don't want to take over their entire domain. Rather than updating /etc/hosts on a bunch of customer mail servers, their dns server just zone transfers the rpz zone using notify/ixfr. And many times, their error is in an incorrect or missing PTR record, so /etc/hosts does not help there. I have many other cases where we do take over the entire domain, like princetonprivacystudy.org A 127.0.0.2 *.princetonprivacystudy.org A 127.0.0.2 which makes any host name like abc.princetonprivacystudy.org appear to be listed on Zen. But this is one rpz file to maintain, rather than adding a few hundred zones to the dns servers. -----BEGIN PGP SIGNATURE----- iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYjznjBUcY2FybEBmaXZl LXRlbi1zZy5jb20ACgkQL6j7milTFsE8PwCeJRLLeGhQE9E51mreW3Yuq2g0Ig0A n29Nl0oy3X0503WD3h9Udg1rEBoW =DwNb -----END PGP SIGNATURE----- -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users