Hello Alex,
> Is this expected behaviour? Is there any way to make the server avoid
> proceeding with the resolution, when the initial client requests is
> blocked?
Yes, this is expected behavior. You need "qname-wait-recurse no" to
change the behavior:
response-policy {
zone "rpz-whitelist-lan";
zone "rpz-blackhole";
} qname-wait-recurse no;
Be aware of the following limitation:
> The option does not affect QNAME or client-IP triggers in policy
> zones listed after other zones containing IP, NSIP and NSDNAME
> triggers, because those may depend on the A, AAAA, and NS records
> that would be found during recursive resolution.
Source:
https://ftp.isc.org/isc/bind9/9.10.3/doc/arm/Bv9ARM.ch06.html#Configuration_File_Grammar
Daniel
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
