[RPZ] RPZ performance?

Eivind Olsen eivind at aminor.no
Fri Mar 11 16:25:18 UTC 2011

Now that BIND 9.8.0 is out with RPZ support, I thought it was time to look
into RPZ a bit more.

I'm curious as to what kind of performance impact it will have (if any).
Will usage of 1 policy zone result in multiple lookups in memory, like

1) Check to see if request matches the policy zone (and give reply if it
2) If it passed the policy zone lookup (wasn't in the list), do a normal
lookup as if RPZ wasn't used (check cache, do external lookups if needed,

Also, have anyone noticed any unexpected behaviour with BIND 9.8.0 using
RPZ? I'll do some testing myself before I eventually might put it to use,
but thought I might as well ask - in case someone have discovered
something which might not show up in my own tests.

Eivind Olsen

More information about the DNSfirewalls mailing list