Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Block DNS resolution with RPZ policy for not DNSSEC validated sites
Options
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
07-15-2016 08:22 AM
Is there a way to block DNS resolution with RPZ policy for not DNSSEC validated sites within .gov zone
Re: Block DNS resolution with RPZ policy for not DNSSEC validated sites
Options
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
07-28-2016 10:07 AM
No, there is not an RPZ policy that can accomplish this.
By default, RPZ will only process queries that do not request DNSSEC or when DNSSEC records are not available. This policy can be changed to apply RPZ to DNSSEC but effectively breaks DNSSEC as anything re-written by RPZ can not be verified.
Steve S.