Merge branch '1110-clarify-relationship-between-acls-and-rpz' into 'master'

Clarify relationship between ACLs and RPZ Closes #1110 See merge request isc-projects/bind9!2255
2019-08-12 03:50:18 -04:00
parent ed10608663 33bddbb5d1
commit 403cc1fa12
1 changed files with 8 additions and 0 deletions
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -9645,6 +9645,14 @@ deny-answer-aliases { "example.net"; };
 	    than that is a configuration error.
 	  </para>

+	  <para>
+	    Rules encoded in response policy zones are processed after
+	    <link linkend="access_control">Access Control Lists
+	    (ACLs)</link>.  All queries from clients which are not
+	    permitted access to the resolver will be answered with a
+	    status code of REFUSED, regardless of configured RPZ rules.
+	  </para>
+
 	  <para>
 	    Five policy triggers can be encoded in RPZ records.
 	    <variablelist>