5 : Supported Records and how they are processed

QUERIES:

• All record-types are checked against the quer-name (QNAME).
• Matching is done against the NAME field (query name).
• Returns redirected address (if used/configured) for A, CNAME, MX, NS, PTR, SRV and ANY.
  • AAAA is not supported for redirection yet, will result in a REFUSED when matched against blacklist.
  • For CNAME, MX, NS, PTR and SRV returns a canonical name which is fabricated/generated (dns-firewall.redirected), pointing to a fabricated/generated A record (with redirected address).
  • returns REFUSED for any other type not supported when matching blacklist.
• If TXT record, it will return "BLOCKED BY DNS-FIREWALL" as response if query is matched against blacklist.

RESPONSES:

• Responses are only processed if NOT catched already in the query process.
• Exact same process as for Queries (but then for answers), but also includes matching of IP-Address answers.
  • Returns redirected/fabricated/generated responses as in the query process.
• Matching is done against the DATA field (target name). It will only use the IP-address or Domain-name and skips any other values (as in MX, SOA and SRV records).
• All other record-types are ignored and not processed (e.g. normal DNS resolution process will happen). Normally these are (or can be) catched during the query process if needed.