Hi all,
I recently raised a PR to add support for per-local-zone ipset specification, allowing for more than one ipset to be used and set TTLs on the ipset entries based on RRSet timeout field values which can be conditionally enabled (implementation details, config examples and reasoning can be found on the PR): https://github.com/NLnetLabs/unbound/pull/1162
I wanted to discuss a few things here:
Hi all,
It’s been a few months and I just want to check in on this and see if anyone has thought about the proposed changes for per-local zone ipsets.
I also noticed that there are some changes in PR for nftables support by buevsan: https://github.com/NLnetLabs/unbound/pull/1196. Which makes me wonder about support between the two. I.e. refactoring my changes post-merge of nftables support to ensure compatibility. Otherwise in the inverse case of merging these changes and refactoring the nftables work to conform.
Cheers,
Jack