Commit 33bddbb5 authored by Michał Kępień's avatar Michał Kępień
Browse files

Clarify relationship between ACLs and RPZ

In the ARM section about RPZ, add text explicitly stating that ACLs take
precedence over RPZ to prevent users from expecting RPZ actions to be
applied to queries coming from clients which are not permitted access to
the resolver by ACLs.
parent ed106086
Pipeline #19522 canceled with stages
in 1 minute and 21 seconds
......@@ -9645,6 +9645,14 @@ deny-answer-aliases { "example.net"; };
than that is a configuration error.
</para>
<para>
Rules encoded in response policy zones are processed after
<link linkend="access_control">Access Control Lists
(ACLs)</link>. All queries from clients which are not
permitted access to the resolver will be answered with a
status code of REFUSED, regardless of configured RPZ rules.
</para>
<para>
Five policy triggers can be encoded in RPZ records.
<variablelist>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment