I doubt you can use RPZ for that.
We use https://dnsdist.org/ for that, our rule:
-- WPAD Name Collission Vulnerability
-- US-CERT TA16-144A. Redirect to landing page
addAction(RegexRule("^wpad\\."),SpoofAction("192.168.1.2", "2001:DB8::2"))
Daniel
On 29.11.17 19:12, Grant Taylor via bind-users
Why is preventing 127.0.0.1 being mapped to a not enough?
Why do you want it mapped to ::1? Such a mapping is NOT part of DNS64.
> On 30 Nov 2017, at 3:04 pm, Sukmoon Lee wrote:
>
>>
>> Why not just exclude 127.0.0.1 and not map to at all?
>
>
> If it is answer 127.0.0.1 for test.
>
> Why not just exclude 127.0.0.1 and not map to at all?
If it is answer 127.0.0.1 for test.com/IN/A in an IPv4, the client will not
attempt to connect to the network (only attempt to connect to loopback).
However, if it is query test.com/IN/ in an IPv6, DNS64 will answer
64:ff9b::7
Is it possible to filter (*.)wpad.* with RPZ? Or do I need to look into
Response Policy Service and try to filter that way?
I've used RPZ for various different things over the years, but I don't
quite know how to match a wild card on the right hand side.
Context: I'd like to prevent ""misco
Why not just exclude 127.0.0.1 and not map to at all?
> On 29 Nov 2017, at 7:32 pm, Sukmoon Lee wrote:
>
> Hello.
>
> I testing DNS64 using 64:ff9b::/96(prefix).
> Some domain(IN/A) is responses to 127.0.0.1/IN/A.
> Under DNS64, this domain(IN/) is working 64:ff9b::7f00:1.
>
> I want
Hello.
I testing DNS64 using 64:ff9b::/96(prefix).
Some domain(IN/A) is responses to 127.0.0.1/IN/A.
Under DNS64, this domain(IN/) is working 64:ff9b::7f00:1.
I want to response ::1 under DNS64.
Is there any way?
Thanks.
___
Please visit https://li
6 matches
Mail list logo