07-15-2016 08:22 AM
Is there a way to block DNS resolution with RPZ policy for not DNSSEC validated sites within .gov zone
07-28-2016 10:07 AM
No, there is not an RPZ policy that can accomplish this.
By default, RPZ will only process queries that do not request DNSSEC or when DNSSEC records are not available. This policy can be changed to apply RPZ to DNSSEC but effectively breaks DNSSEC as anything re-written by RPZ can not be verified.