Commit 4a04fb68 authored by Suzanne Goldlust's avatar Suzanne Goldlust Committed by Ondřej Surý
Browse files

Update logging-categories.rst and reference.rst

Remove references to "blacklist" and "whitelist"
parent 3210a427
Pipeline #44517 failed with stages
in 3 minutes and 50 seconds
...@@ -96,7 +96,7 @@ ...@@ -96,7 +96,7 @@
Information about errors in response policy zone files, rewritten responses, and, at the highest ``debug`` levels, mere rewriting attempts. Information about errors in response policy zone files, rewritten responses, and, at the highest ``debug`` levels, mere rewriting attempts.
``rpz-passthru`` ``rpz-passthru``
Information about RPZ PASSTHRU policy activity. This category allows whitelist policy activity to be logged into a dedicated channel. Information about RPZ PASSTHRU policy activity. This category allows pre-approved policy activity to be logged into a dedicated channel.
``security`` ``security``
Approval and denial of requests. Approval and denial of requests.
......
...@@ -3779,7 +3779,7 @@ Response Policy Zone (RPZ) Rewriting ...@@ -3779,7 +3779,7 @@ Response Policy Zone (RPZ) Rewriting
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
BIND 9 includes a limited mechanism to modify DNS responses for requests BIND 9 includes a limited mechanism to modify DNS responses for requests
analogous to email anti-spam DNS blacklists. Responses can be changed to analogous to email anti-spam DNS rejection lists. Responses can be changed to
deny the existence of domains (NXDOMAIN), deny the existence of IP deny the existence of domains (NXDOMAIN), deny the existence of IP
addresses for domains (NODATA), or contain other IP addresses or data. addresses for domains (NODATA), or contain other IP addresses or data.
...@@ -3910,12 +3910,12 @@ be used with any type of trigger to force the use of TCP for responses ...@@ -3910,12 +3910,12 @@ be used with any type of trigger to force the use of TCP for responses
with owner names in a zone. with owner names in a zone.
``PASSTHRU`` ``PASSTHRU``
The whitelist policy is specified by a CNAME whose target is The policy is specified by a CNAME whose target is
``rpz-passthru``. It causes the response to not be rewritten and is ``rpz-passthru``. It causes the response to not be rewritten and is
most often used to "poke holes" in policies for CIDR blocks. most often used to "poke holes" in policies for CIDR blocks.
``DROP`` ``DROP``
The blacklist policy is specified by a CNAME whose target is The policy is specified by a CNAME whose target is
``rpz-drop``. It causes the response to be discarded. Nothing is sent ``rpz-drop``. It causes the response to be discarded. Nothing is sent
to the DNS client. to the DNS client.
...@@ -4076,7 +4076,7 @@ with this zone file: ...@@ -4076,7 +4076,7 @@ with this zone file:
ns.domain.com.rpz-nsdname CNAME . ns.domain.com.rpz-nsdname CNAME .
48.zz.2.2001.rpz-nsip CNAME . 48.zz.2.2001.rpz-nsip CNAME .
; blacklist and whitelist some DNS clients ; disapprove and approve some DNS clients
112.zz.2001.rpz-client-ip CNAME rpz-drop. 112.zz.2001.rpz-client-ip CNAME rpz-drop.
8.0.0.0.127.rpz-client-ip CNAME rpz-drop. 8.0.0.0.127.rpz-client-ip CNAME rpz-drop.
...@@ -4165,7 +4165,7 @@ identical regardless of query type. They are limited by ...@@ -4165,7 +4165,7 @@ identical regardless of query type. They are limited by
``nxdomains-per-second`` (default ``responses-per-second``). This ``nxdomains-per-second`` (default ``responses-per-second``). This
controls some attacks using random names, but can be relaxed or turned controls some attacks using random names, but can be relaxed or turned
off (set to 0) on servers that expect many legitimate NXDOMAIN off (set to 0) on servers that expect many legitimate NXDOMAIN
responses, such as from anti-spam blacklists. Referrals or delegations responses, such as from anti-spam rejection lists. Referrals or delegations
to the server of a given domain are identical and are limited by to the server of a given domain are identical and are limited by
``referrals-per-second`` (default ``responses-per-second``). ``referrals-per-second`` (default ``responses-per-second``).
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment