Re: Is it possible to filter (*.)wpad.* with RPZ?

I doubt you can use RPZ for that. We use https://dnsdist.org/ for that, our rule: -- WPAD Name Collission Vulnerability -- US-CERT TA16-144A. Redirect to landing page addAction(RegexRule("^wpad\\."),SpoofAction("192.168.1.2", "2001:DB8::2")) Daniel On 29.11.17 19:12, Grant Taylor via

Re: Questions about DNS64 operation

Why is preventing 127.0.0.1 being mapped to a not enough? Why do you want it mapped to ::1? Such a mapping is NOT part of DNS64. > On 30 Nov 2017, at 3:04 pm, Sukmoon Lee wrote: > >> >> Why not just exclude 127.0.0.1 and not map to at all? > > > If it is answer

RE: Questions about DNS64 operation

> > Why not just exclude 127.0.0.1 and not map to at all? If it is answer 127.0.0.1 for test.com/IN/A in an IPv4, the client will not attempt to connect to the network (only attempt to connect to loopback). However, if it is query test.com/IN/ in an IPv6, DNS64 will answer

Is it possible to filter (*.)wpad.* with RPZ?

Is it possible to filter (*.)wpad.* with RPZ? Or do I need to look into Response Policy Service and try to filter that way? I've used RPZ for various different things over the years, but I don't quite know how to match a wild card on the right hand side. Context: I'd like to prevent

Re: Questions about DNS64 operation

Why not just exclude 127.0.0.1 and not map to at all? > On 29 Nov 2017, at 7:32 pm, Sukmoon Lee wrote: > > Hello. > > I testing DNS64 using 64:ff9b::/96(prefix). > Some domain(IN/A) is responses to 127.0.0.1/IN/A. > Under DNS64, this domain(IN/) is working

Questions about DNS64 operation

Hello. I testing DNS64 using 64:ff9b::/96(prefix). Some domain(IN/A) is responses to 127.0.0.1/IN/A. Under DNS64, this domain(IN/) is working 64:ff9b::7f00:1. I want to response ::1 under DNS64. Is there any way? Thanks. ___ Please visit