On 18/05/2024 09:11, J Doe wrote:
Hello,
When using RPZ with BIND 9.18.27 and rpz-ip, can any CIDR prefix be used
or must they be either: /8, /16, /24, /32 for IPv4 ?
For example, if I want to block records with an A address of
192.168.10.1, I know I can write:
32.1.10.168.192.rpz-ip IN CNAME .
... and records like A, MX, etc. that have an A value of: 192.168.10.1
will receive a NXDOMAIN response.
But am I able to block any CIDR ? For instance, if I wanted to block
records like A, MX, etc. that have A values in: 192.168.10.1/22 can I
use the following:
22.1.10.168.192.rpz-ip IN CNAME .
Thanks,
- J
Hi J.
Yes you can specify a CIDR network length that isn't on an 8-bit boundary.
In your example the /22 network address for 192.168.10.1 is actually
192.168.8.0, so you'd specify:
22.0.8.168.192.rpz-ip IN CNAME .
Nick.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
