New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RPZ: put SOA in modified responses #8232
Comments
This would likely also help dnsdist to cache these answers (when running in front) ... |
Hi ! Do you have anything specific in mind ? As far as I know, dnsdist doesn't care about the content of the response regarding caching it or not. |
dnsdist kind of does, because it tries to get the minimum TTL of the response to determine how long it can cache it, and at the moment it refuses to cache an answer without any TTL at all to prevent caching a response forever. What we could do would be to use |
Short description
When Recursor modifies a response as instructed by an RPZ, it should include the SOA of the RPZ zone in the Additional section of the response, as instructed by the last paragraph of https://tools.ietf.org/html/draft-vixie-dnsop-dns-rpz-00#section-6
Environment
Steps to reproduce
foo.2o7.net
) that would be modified by the RPZExpected behaviour
NXDOMAIN + SOA in additional.
Actual behaviour
NXDOMAIN without SOA.
Other information
Usecase
Description
The text was updated successfully, but these errors were encountered: