Reply

Block DNS resolution with RPZ policy for not DNSSEC validated sites

Expert
Posts: 38
3917     0

Is there a way to block DNS resolution with RPZ policy for not DNSSEC validated sites within .gov zone

Re: Block DNS resolution with RPZ policy for not DNSSEC validated sites

Adviser
Posts: 139
3918     0

No, there is not an RPZ policy that can accomplish this.

 

By default, RPZ will only process queries that do not request DNSSEC or when DNSSEC records are not available. This policy can be changed to apply RPZ to DNSSEC but effectively breaks DNSSEC as anything re-written by RPZ can not be verified.

Steve S.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You