[RPZ] RPZ Findings.

Raymond Dijkxhoorn raymond at prolocation.net
Thu Dec 20 21:13:48 UTC 2012


So if i create a RPZ with random ip's on the list and it scores best in 'this test' its good? Doesnt make much sense.

While i do understand your point of view i dont understand that you are missing the point of a checked corpus. I do understand this is also subject to point of view but without more input i dont understand what this scoring tells me at all. 

If people do execute test, setpoints and guidelines should be clear. If its the idea that it doesnt matter at all thats also fine. But then forget my first reply and i'll just silence here.

Then i post tomorrow things like 'beautifull weather' since that does tell as much as this test. 

Raymond Dijkxhoorn, Prolocation

Op 20 dec. 2012 om 21:02 heeft Vernon Schryver <vjs at rhyolite.com> het volgende geschreven:

>> Date: Thu, 20 Dec 2012 21:44:52 +0100
>> What do you mean with effective?
>> No info about fp ratio so this personally doesnt tell me much.
>> Is there more detail available?
>> Just counting hits doesnt tell much.
> Because a site's false and true positives are as unique as the site's
> views about excessive false positives and sufficent true positives, I
> wouldn't use someone else's counts or detailed data as more than vague
> hints.
> If the override policy for a response policy zone is set to "passthru",
> then hits are only logged.  For example,
>    response-policy { zone "rpz.example.com" policy passthru; };
> would log hits by that policy zone in the "rpz" logging category but
> not change responses from the DNS server.  One might use those log
> entries to consider policy zone's false and true positives before
> making the zone effective.
> Vernon Schryver    vjs at rhyolite.com
> _______________________________________________
> dnsrpz-interest mailing list
> dnsrpz-interest at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dnsrpz-interest

More information about the DNSfirewalls mailing list