upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-08 18:42:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Clarify relationship between ACLs and RPZ

Browse source 
In the ARM section about RPZ, add text explicitly stating that ACLs take
precedence over RPZ to prevent users from expecting RPZ actions to be
applied to queries coming from clients which are not permitted access to
the resolver by ACLs.
This commit is contained in:
Michał Kępień 2019-08-12 09:46:12 +02:00
parent ed10608663
commit 33bddbb5d1
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
doc/arm/Bv9ARM-book.xml
View file

@ -9645,6 +9645,14 @@ deny-answer-aliases { "example.net"; };
than that is a configuration error.
</para>
<para>
Rules encoded in response policy zones are processed after
<link linkend="access_control">Access Control Lists
(ACLs)</link>. All queries from clients which are not
permitted access to the resolver will be answered with a
status code of REFUSED, regardless of configured RPZ rules.
</para>
<para>
Five policy triggers can be encoded in RPZ records.
<variablelist>