[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bind-users
Subject:    Re: v9.12.1 RPZ 'map' format returns fatal error:  incompatible masterfile-format or database for a 
From:       aclion () yepmail ! net
Date:       2018-04-23 1:51:07
Message-ID: 1524448267.4110869.1347004008.28600503 () webmail ! messagingengine ! com
[Download RAW message or body]

> Can you point to where in the docs/ARM/wiki/whatever it says that?

Found it!

ftp://ftp.isc.org/isc/bind9/9.11.2b1/doc/arm/Bv9ARM.ch06.html


Response Policy Zone (RPZ) Rewriting

BIND 9 includes a limited mechanism to modify DNS responses for requests analogous to \
email anti-spam DNS blacklists. Responses can be changed to deny the existence of \
domains (NXDOMAIN), deny the existence of IP addresses for domains (NODATA), or \
contain other IP addresses or data.

Response policy zones are named in the response-policy option for the view or among \
the global options if there is no response-policy option for the view. Response \
policy zones are ordinary DNS zones containing RRsets that can be queried normally if \
allowed. It is usually best to restrict those queries with something like allow-query \
{ localhost; };.  Note that zones using masterfile-format map cannot be used as \
policy zones.  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

I paid attention to the "Response policy zones are ordinary DNS zones", thought that \
meant 'in all ways', and didn't read on apparently :-/

AC
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from \
this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


[prev in list] [next in list] [prev in thread] [next in thread]