[dns-operations] use-application-dns.net

Vladimír Čunát vladimir.cunat+ietf at nic.cz
Mon Sep 9 16:27:58 UTC 2019

On 9/9/19 12:50 PM, Thomas Mieslinger wrote:
> Is there any documentation how the mozilla guys did it with which
> recursive/authoritative Software

I'm not aware of any, but I think it's like usual DNS filtering. That 
zone is currently signed, so making it NXDOMAIN will inevitably cause a 
problem for validators "below", though that's probably not a significant 
concern for you.

With Knot Resolver this kind of filtering is fortunately quite easy:

policy.add(policy.suffix(policy.DENY, {todname('use-application-dns.net.')}))

More knowledgeable people will surely soon write howtos for others.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190909/278f5e18/attachment.html>

More information about the dns-operations mailing list