[RPZ] Getting distros to enable RPZ in Bind packages?

Tom Byrnes tomb at threatstop.com
Sun Jan 27 01:42:49 UTC 2013


ThreatSTOP, and therefore by extension, Infoblox, RPZ zones DO include NSDNAME and NSIP records.

So, while the number of providers may be limited, the reach of customers who may use it is not.

> -----Original Message-----
> From: dnsrpz-interest-bounces+tomb=threatstop.com at lists.isc.org
> [mailto:dnsrpz-interest-bounces+tomb=threatstop.com at lists.isc.org] On
> Behalf Of Paul Vixie
> Sent: Wednesday, January 16, 2013 4:38 PM
> To: Augie Schwer
> Cc: dnsrpz-interest at lists.isc.org
> Subject: Re: [RPZ] Getting distros to enable RPZ in Bind packages?
> 
> 
> 
> Augie Schwer wrote:
> > Oh, my apologies -- I thought Bind had to be built with
> > " --enable-rpz-nsip --enable-rpz-nsdname" to enable RPZ; I just tested
> > the stock named that ships with RH6 and RPZ does indeed work.
> 
> what you won't get by default is the NSDNAME and NSIP rule support.
> which almost nobody uses yet.
> 
> this will likely become the default in 9.10.
> 
> _______________________________________________
> dnsrpz-interest mailing list
> dnsrpz-interest at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dnsrpz-interest



More information about the DNSfirewalls mailing list