[RPZ] RPZ Findings.
m3047 at m3047.net
Fri Dec 21 04:51:06 UTC 2012
On Thu, 20 Dec 2012, Raymond Dijkxhoorn wrote:
> So if i create a RPZ with random ip's on the list and it scores best in 'this test' its good? Doesnt make much sense.
> While i do understand your point of view i dont understand that you are missing the point of a checked corpus.
Ok, so I see your point, now do you mind if I restate it?
Seems like the question isn't how many hits there are on the RPZ(s), but
what the impact overall is on checking these other zones.
FTR, in a SOHO environment running several RPZs (at least one extremely
large) with various disposition rules (which I wouldn't expect to matter)
in a purely caching resolver.. impact is nil.
BTW, modern "the internet is the web" reality is that a lot more than "a
couple" of DNS lookups occur for practically anything. I'm not seeing any
latency... except for self-inflicted things where I'm blocking stuff that
the proud purveyors of content would otherwise deem that I must see.
More information about the DNSfirewalls