> On 2 May 2022, at 12:28, J Doe wrote:
>
> On 2022-04-29 01:18, Mark Andrews wrote:
>
>> break-dnssec is about if the client could detect the re-write or not using
>> DNSSEC. If the client has DO=1 in the request and the normal response is
>> signed then rewrites can be detected. If
On 2022-04-29 01:18, Mark Andrews wrote:
break-dnssec is about if the client could detect the re-write or not using
DNSSEC. If the client has DO=1 in the request and the normal response is
signed then rewrites can be detected. If break-dnssec is ’no’ the rewrite will
be prevented. If
break-dnssec is about if the client could detect the re-write or not using
DNSSEC. If the client has DO=1 in the request and the normal response is
signed then rewrites can be detected. If break-dnssec is ’no’ the rewrite will
be prevented. If break-dnssec is ‘yes’ then the rewrite will
Hi,
I am configuring an RPZ for a validating resolver. I read in the BIND
9.18.2 ARM that there is a boolean option for RPZ zones called:
break-dnssec.
The ARM states:
...In that case, RPZ actions are applied regardless of DNSSEC.
The name of the clause option reflects the fact
4 matches
Mail list logo
