Hello,
Unbound does not currently provide support for Response Policy Zone
(RPZ) but it has been stated in the past on the list that support for it
is on the roadmap of development. Is there any update on when RPZ will
be implemented and if there is any alpha/beta version of Unbound with
RPZ that needs some testing done?
Regards,
Matt
Matthew Stith via Unbound-users:
Unbound does not currently provide support for Response Policy Zone
(RPZ) but it has been stated in the past on the list that support for it
is on the roadmap of development. Is there any update on when RPZ will
be implemented and if there is any alpha/beta version of Unbound with
RPZ that needs some testing done?
unbound source come with contrib/fastrpz.patch
That's a patch that you may apply if you compile unbound yourself.
It you do that, than unbound is able to talk to a fastrpz daemon
provided as commercial product by farsightsecurity.com
I currently build unbound with that patch enabled but don't use fastrpzd
on any resolver. So all I can say: it compiles and don't hurt.
Andreas
Andreas,
Thank you for the detail here regarding the fastrpz implementation.
Does anyone know if there is a plan for native support without the need
for a commercial license?
~Matt
as before, we have code that implements rpz for unbound. however, it is not open-source licensed. any unbound recursive server that operates a passive dns sensor and thus sends its cache miss traffic to SIE, is automatically licensed to be linked against and run alongside "fastrpz" which is our name for the rpz implementation for unbound (and also bind9 though that's rarely used.)
vixie
re: