RPZ Zone

RPZ uses zone files with normal RRs to define Policy Actions and Policy Triggers. The zone is defined in a normal zone clause which may be inside a view clause. RPZ zones may be queried (if a master only by a slave to read its SOA RR, if a slave, never) so their infrastructure records (SOA and NS) have to satisfy minimal zone validation rules, that is the SOA RR must exist, but since no delegation will result from, or any delegation be referred to, RPZ zones only a single NS RR is required which can take the name of localhost (further discussion at RPZ Domain Names) obviating the need for any corresponding A/AAAA RR (localhost is out-of-zone). RPZ zones can be masters or slaves in the normal manner, indeed the designers of RPZ envisaged that RPZ zone files may be distributed (using zone transfer) by commercial enterprises, affinity groups or other such organizations.