RCODE 5 (REFUSED) as response type

oznu / dns-zone-blacklist

This project generates dnsmasq, bind and unbound zone files to be used in DNS based AD Blockers.

https://hub.docker.com/r/oznu/dns-ad-blocker

MIT License

169 stars 24 forks source link

RCODE 5 (REFUSED) as response type #9

Open shaanen opened 5 years ago

shaanen commented 5 years ago

Wouldn't it be better to use RCODE 5 "REFUSED" as response type rather than NXDOMAIN, since we are filtering DNS requests?

e.g. for Unbound: local-zone: evil.invalid refuse

montyubuntu commented 5 years ago

A dns client that receives a REFUSED answer will forward the request to the next server in the network configuration. While a client thet receives NXDOMAIN answer from the DNS query the client wil stop querying the dns servers known in the network. Thus making the 'static' black list solution more rigid and faster.