Security

Reply

Block DNS resolution with RPZ policy for not DNSSEC validated sites

Expert
Posts: 28
2888     0

Is there a way to block DNS resolution with RPZ policy for not DNSSEC validated sites within .gov zone

Re: Block DNS resolution with RPZ policy for not DNSSEC validated sites

Adviser
Posts: 147
2889     0

No, there is not an RPZ policy that can accomplish this.

 

By default, RPZ will only process queries that do not request DNSSEC or when DNSSEC records are not available. This policy can be changed to apply RPZ to DNSSEC but effectively breaks DNSSEC as anything re-written by RPZ can not be verified.

Check out our new Tech docs website at http://docs.infobox.com for latest documentation on Infoblox products
Showing results for 
Search instead for 
Do you mean 

Recommended for You