[RPZ] RPZ performance?
Eivind Olsen
eivind at aminor.no
Fri Mar 11 16:25:18 UTC 2011
Now that BIND 9.8.0 is out with RPZ support, I thought it was time to look
into RPZ a bit more.
I'm curious as to what kind of performance impact it will have (if any).
Will usage of 1 policy zone result in multiple lookups in memory, like
this?
1) Check to see if request matches the policy zone (and give reply if it
does)
2) If it passed the policy zone lookup (wasn't in the list), do a normal
lookup as if RPZ wasn't used (check cache, do external lookups if needed,
etc)
Also, have anyone noticed any unexpected behaviour with BIND 9.8.0 using
RPZ? I'll do some testing myself before I eventually might put it to use,
but thought I might as well ask - in case someone have discovered
something which might not show up in my own tests.
Regards
Eivind Olsen
More information about the DNSfirewalls
mailing list