Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 565
    • Issues 565
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 93
    • Merge requests 93
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source ProjectsISC Open Source Projects
  • BINDBIND
  • Issues
  • #1138
Closed
Open
Issue created Jul 09, 2019 by Cathy Almond@cathyaDeveloper

From Bugs (#43718) : extend nsip-wait-recurse or add nsdname-wait-recurse

From BUGS feature request #43718

tl;dr - we should expect there to be similar need with NSDNAME triggers as there was with NSIP triggers, even if no one has asked for it yet.

On 2016-11-23 08:41, vjs wrote:

On the other hand, NSDNAME wasn't requested and I don't think I've ever seen an NSDNAME rule outside of an example..

What about many of the wildcards in rpz.spamhaus.org?

The only rpz.spamhaus.org zone I've seen in detail is dbl, and it didn't have any at the time.

The Spamhaus RPZ zone published as the rpz.spamhaus.org contains about 3.8 million pairs of domains and wildcards. While none of those records are NSDNAME RPZ triggers, they all seem to me prime candidates for being additionally written as NSDNAME triggers.

It would be unconfortable to double the current 192 MByte text size of that zone by adding all of those NSDNAME RPZ rules. However, Fastrpz supports two directives that help. "ip-as-ns yes_or_no" and especially "qname-as-ns yes_or_no" do what I hope their names suggest. As might be guessed, I think those two directives should be added to BIND RPZ.

I should also mention that I did not invent NSDNAME, but added it at the explicit request of RPZ users. Maybe over the years those who asked have stopped using NSDNAME, but I doubt it.

DO we need this?

( Interest expressed in Support ticket #14957 )

Assignee
Assign to
Time tracking