On Wednesday, March 19, 2025 3:01:48 PM CET Bob McDonald wrote:
> Maybe I'm not understanding all the nuances of the stated goal but doesn't
> RPZ handle this?
Was my first thought as well, works fine for me.
In named.conf:
options {
// RPZ zone
// Source: https://deteque.com/m3aawg-bind-training/named.conf
response-policy {
zone "rpz.local";
};
};
// Response Policy Zone
zone "rpz.local" {
type primary;
file "/path/to/rpz.local.db";
};
----
In rpz.local.db:
$TTL 300
@ IN SOA localhost. admin.localhost. (
1 ; Serial number
60 ; Refresh every minute
60 ; Retry every minute
43200 ; Expire in 5 days
60 ) ; Negative cache TTL 1 minute
IN NS LOCALHOST.
; Examples
example.net IN CNAME localhost.
----
Note that the public domain name records to be redirected via RPZ cannot have a
trailing
dot.
--
Met vriendelijke groet,
Michael De Roover
Mail: [email protected]
Web: michael.de.roover.eu.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
